Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/Oznd7O4v0fl0yKCvpuYhUuQ7204.roa
File:                     Oznd7O4v0fl0yKCvpuYhUuQ7204.roa (raw, json)
Hash identifier:          ldWUtJPO/Fk5ou2pZE7B4or/0nqqkTNzZKegpBoxYyE=
Subject key identifier:   3B:39:DD:EC:EE:2F:D1:F9:74:C8:A0:AF:A6:E6:21:52:E4:3B:DB:4E
Certificate issuer:       /CN=c6a249a0eacd8abcbea0d82ef71016d386e8ef94
Certificate serial:       019CB934206DEAD77301E0BCF08C2D4D7712
Authority key identifier: C6:A2:49:A0:EA:CD:8A:BC:BE:A0:D8:2E:F7:10:16:D3:86:E8:EF:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/Oznd7O4v0fl0yKCvpuYhUuQ7204.roa
Signing time:             Wed 04 Mar 2026 14:15:26 +0000
ROA not before:           Wed 04 Mar 2026 14:15:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     137235
IP address blocks:        95.155.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 16:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b9:34:20:6d:ea:d7:73:01:e0:bc:f0:8c:2d:4d:77:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6a249a0eacd8abcbea0d82ef71016d386e8ef94
        Validity
            Not Before: Mar  4 14:15:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3b39ddecee2fd1f974c8a0afa6e62152e43bdb4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:7b:81:e2:c0:3e:a2:1b:cb:1c:82:21:62:29:
                    fd:6e:e5:bf:a4:2b:1a:c0:14:8b:bb:5f:75:60:a1:
                    92:ee:10:d3:a0:49:66:2b:b3:9a:2f:54:55:ee:31:
                    32:c9:e0:ed:96:45:e3:cd:12:07:00:eb:b9:95:cf:
                    70:16:a5:21:3b:37:36:a9:bb:38:bd:95:da:98:0a:
                    51:1a:ed:af:7e:74:50:99:e5:99:6e:00:2e:8a:22:
                    0a:30:97:74:90:e9:3c:54:81:28:22:c5:8f:00:d6:
                    1a:b1:99:ec:c1:6c:2e:ff:17:92:a1:c7:ba:09:38:
                    7f:3b:ff:24:cb:5f:77:fb:d1:86:93:a5:a0:78:f4:
                    b4:bf:0a:3a:e1:50:82:e7:b1:28:cb:08:99:33:a0:
                    32:5c:de:f5:60:27:38:98:7b:a6:fd:1c:1f:b7:5f:
                    19:f8:b3:db:d7:db:6a:fa:80:85:7c:df:1e:62:bc:
                    fd:a4:22:04:70:5a:ab:03:be:9c:e7:fc:86:45:cd:
                    d0:e9:14:41:1c:59:12:98:2b:b1:64:e0:ee:5a:f6:
                    1d:3e:e9:85:90:c9:5d:2f:0a:9f:1e:c4:bf:57:44:
                    c0:52:b5:d1:a4:04:7f:8d:2c:9b:22:d9:ef:3f:d2:
                    cc:f7:9b:e7:16:83:a6:9e:82:cd:bb:48:7f:92:5c:
                    f0:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:39:DD:EC:EE:2F:D1:F9:74:C8:A0:AF:A6:E6:21:52:E4:3B:DB:4E
            X509v3 Authority Key Identifier:
                keyid:C6:A2:49:A0:EA:CD:8A:BC:BE:A0:D8:2E:F7:10:16:D3:86:E8:EF:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/Oznd7O4v0fl0yKCvpuYhUuQ7204.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.155.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:dd:fe:fb:da:08:cc:df:75:bb:2d:87:c0:ae:73:59:16:89:
         ee:d9:f2:b8:c0:8a:3b:3e:2d:1a:ec:c8:29:85:e8:2e:2b:34:
         a3:1e:63:ee:5f:71:d7:a6:13:ec:b3:e5:b8:d9:0f:8f:fa:13:
         42:90:f1:28:fc:fd:da:1f:a0:72:5d:3a:33:d7:36:9f:57:69:
         c8:0f:2f:77:08:6e:c3:b5:a5:51:64:06:c0:44:6b:ae:28:f7:
         86:03:92:3c:1d:76:08:dd:b3:b1:f7:ba:75:d0:8d:e9:ad:78:
         b2:40:77:42:23:74:12:bd:7e:ee:f9:e5:05:40:5b:e3:6e:91:
         75:c6:dd:43:04:0c:16:59:aa:0c:32:6f:08:b3:b5:c8:98:16:
         8f:5a:c9:c7:42:94:98:5b:da:86:3d:c7:b0:8f:3a:39:2f:35:
         ab:d8:a2:ab:6e:7d:9b:e0:9f:c6:fb:a8:19:45:bd:df:e6:46:
         c2:05:63:1c:e6:05:0f:68:bb:ab:8d:d2:16:0c:9a:c6:ee:47:
         47:e9:1a:70:69:de:be:a4:6e:8e:61:1e:45:ab:57:6a:07:47:
         c6:22:a6:cf:db:2e:59:a6:21:23:6b:56:e3:32:ab:62:a1:31:
         86:7f:fa:ec:a7:cb:7a:16:4e:59:cc:64:72:86:f3:b9:9e:af:
         35:f0:34:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy5NCBt6tdzAeC88IwtTXcSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2YTI0OWEwZWFjZDhhYmNiZWEwZDgyZWY3MTAxNmQzODZl
OGVmOTQwHhcNMjYwMzA0MTQxNTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjM5ZGRlY2VlMmZkMWY5NzRjOGEwYWZhNmU2MjE1MmU0M2JkYjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonuB4sA+ohvLHIIhYin9buW/pCsa
wBSLu191YKGS7hDToElmK7OaL1RV7jEyyeDtlkXjzRIHAOu5lc9wFqUhOzc2qbs4
vZXamApRGu2vfnRQmeWZbgAuiiIKMJd0kOk8VIEoIsWPANYasZnswWwu/xeSoce6
CTh/O/8ky193+9GGk6WgePS0vwo64VCC57EoywiZM6AyXN71YCc4mHum/Rwft18Z
+LPb19tq+oCFfN8eYrz9pCIEcFqrA76c5/yGRc3Q6RRBHFkSmCuxZODuWvYdPumF
kMldLwqfHsS/V0TAUrXRpAR/jSybItnvP9LM95vnFoOmnoLNu0h/klzwXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDs53ezuL9H5dMigr6bmIVLkO9tOMB8GA1UdIwQY
MBaAFMaiSaDqzYq8vqDYLvcQFtOG6O+UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHFKSm9Pck5pcnktb05ndTl4QVcwNGJvNzVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8zMGYxODYtOTBlMi00Y2E2LTkxN2Ut
MjEwNTdkMjI4ZDA1LzEvT3puZDdPNHYwZmwweUtDdnB1WWhVdVE3MjA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC8zMGYxODYtOTBlMi00Y2E2LTkxN2UtMjEwNTdkMjI4ZDA1
LzEveHFKSm9Pck5pcnktb05ndTl4QVcwNGJvNzVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX5uLMA0G
CSqGSIb3DQEBCwUAA4IBAQAc3f772gjM33W7LYfArnNZFonu2fK4wIo7Pi0a7Mgp
heguKzSjHmPuX3HXphPss+W42Q+P+hNCkPEo/P3aH6ByXToz1zafV2nIDy93CG7D
taVRZAbARGuuKPeGA5I8HXYI3bOx97p10I3prXiyQHdCI3QSvX7u+eUFQFvjbpF1
xt1DBAwWWaoMMm8Is7XImBaPWsnHQpSYW9qGPcewjzo5LzWr2KKrbn2b4J/G+6gZ
Rb3f5kbCBWMc5gUPaLurjdIWDJrG7kdH6Rpwad6+pG6OYR5Fq1dqB0fGIqbP2y5Z
piEja1bjMqtioTGGf/rsp8t6Fk5ZzGRyhvO5nq818DRf
-----END CERTIFICATE-----