Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/97ccab-d0c8-42e8-8725-a586b07add72/1/3Kmog7cWFs6s3S45GoXvhR3Efno.roa
File:                     3Kmog7cWFs6s3S45GoXvhR3Efno.roa (raw, json)
Hash identifier:          Iqqkv/IBYj5OUDfgj+1rxohlVAnDwSEOY17mdlZvfIw=
Subject key identifier:   DC:A9:A8:83:B7:16:16:CE:AC:DD:2E:39:1A:85:EF:85:1D:C4:7E:7A
Certificate issuer:       /CN=625b5cf9e29912448cbbbc86d20561899cdb104d
Certificate serial:       019E409B3FCF6B665235D6D46033F64F17F5
Authority key identifier: 62:5B:5C:F9:E2:99:12:44:8C:BB:BC:86:D2:05:61:89:9C:DB:10:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yltc-eKZEkSMu7yG0gVhiZzbEE0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/97ccab-d0c8-42e8-8725-a586b07add72/1/3Kmog7cWFs6s3S45GoXvhR3Efno.roa
Signing time:             Tue 19 May 2026 14:19:36 +0000
ROA not before:           Tue 19 May 2026 14:19:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201746
IP address blocks:        185.141.240.0/23 maxlen: 24
                          185.141.240.0/24 maxlen: 24
                          185.141.241.0/24 maxlen: 24
                          185.141.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/97ccab-d0c8-42e8-8725-a586b07add72/1/Yltc-eKZEkSMu7yG0gVhiZzbEE0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/97ccab-d0c8-42e8-8725-a586b07add72/1/Yltc-eKZEkSMu7yG0gVhiZzbEE0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yltc-eKZEkSMu7yG0gVhiZzbEE0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:40:9b:3f:cf:6b:66:52:35:d6:d4:60:33:f6:4f:17:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=625b5cf9e29912448cbbbc86d20561899cdb104d
        Validity
            Not Before: May 19 14:19:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dca9a883b71616ceacdd2e391a85ef851dc47e7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:3e:37:15:14:d2:a6:70:89:5a:50:c4:d4:91:
                    24:24:1a:66:f0:31:a3:03:92:a5:88:58:50:c0:f1:
                    0b:04:2a:58:b1:40:e9:ae:c2:87:78:c9:e9:37:b7:
                    7b:4a:93:00:61:8f:82:40:04:e1:49:7b:48:1c:51:
                    57:52:d4:41:b9:ce:4a:d0:ca:95:9b:31:bf:e9:d0:
                    2a:d0:e6:f7:bf:47:69:5b:8a:46:ea:d2:07:9c:22:
                    67:a8:dd:4e:d6:0e:de:c7:39:d3:8f:4b:58:d5:a4:
                    bb:61:06:1c:7c:a5:b0:79:92:a7:05:75:11:fb:c6:
                    5e:d3:95:67:9b:9d:aa:2c:ce:4a:16:b4:c6:1d:f6:
                    4c:0f:e0:47:57:c9:61:46:1c:d5:98:ed:a3:fd:a3:
                    b6:96:dc:18:73:f4:a1:1c:1d:fa:0d:2d:c7:ca:a4:
                    ff:73:55:55:a0:c9:c8:30:ce:ee:ff:c9:c8:9d:73:
                    04:cd:5e:44:cb:02:8a:e1:eb:30:ed:2c:09:f8:70:
                    f8:c6:a3:37:92:3a:ca:05:62:6b:96:2b:60:0f:1a:
                    6e:3b:fa:5c:a8:75:11:f7:c3:cd:ff:ed:d6:59:de:
                    b3:03:b9:8c:12:c8:3b:89:42:62:c0:7d:f1:79:69:
                    cc:5e:3b:56:92:e1:51:3c:e7:90:00:64:5b:9b:8f:
                    7a:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:A9:A8:83:B7:16:16:CE:AC:DD:2E:39:1A:85:EF:85:1D:C4:7E:7A
            X509v3 Authority Key Identifier:
                keyid:62:5B:5C:F9:E2:99:12:44:8C:BB:BC:86:D2:05:61:89:9C:DB:10:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yltc-eKZEkSMu7yG0gVhiZzbEE0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/97ccab-d0c8-42e8-8725-a586b07add72/1/3Kmog7cWFs6s3S45GoXvhR3Efno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/97ccab-d0c8-42e8-8725-a586b07add72/1/Yltc-eKZEkSMu7yG0gVhiZzbEE0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.240.0/23
                  185.141.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:5e:da:75:ce:77:fd:fb:78:b5:d8:68:71:d9:b2:b2:92:f7:
         87:68:d3:5c:9a:34:30:e2:a2:e5:42:25:ee:22:36:5c:91:4e:
         31:bf:e5:6d:0f:ff:38:4a:2d:1b:7a:5d:40:92:4d:e0:0d:8c:
         1c:fc:1e:dc:c4:37:9e:b6:df:81:59:6d:b6:31:51:72:57:ea:
         c1:14:05:28:e3:a3:60:17:2c:64:11:80:d0:14:a4:c0:65:04:
         93:40:24:07:a2:94:81:64:c1:1b:61:6c:39:57:2b:75:6c:d6:
         46:8b:29:cf:9f:13:ac:f3:f0:f6:1d:4c:9f:b0:60:67:d8:ed:
         f7:60:91:c9:32:b3:76:4d:5a:3d:77:79:3d:69:e9:3a:c0:01:
         7a:65:17:bd:4e:bf:6a:a2:cc:f5:10:0b:56:2b:69:aa:54:18:
         62:12:d8:4c:e2:d6:44:d3:71:df:48:14:b4:ab:1f:52:c9:3b:
         04:00:f4:fd:93:f7:51:c5:53:76:0b:37:a6:37:e0:27:82:85:
         cd:a2:72:5e:8c:b5:eb:4a:cd:c2:33:29:e8:6d:ce:8e:6f:c8:
         dc:75:51:9c:5c:0a:9d:57:b4:b5:cc:91:36:0b:09:77:cb:c9:
         5b:c5:ef:b3:96:de:12:73:a3:1b:40:0f:b6:bc:a7:49:eb:f5:
         c5:c7:94:87
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5Amz/Pa2ZSNdbUYDP2Txf1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNWI1Y2Y5ZTI5OTEyNDQ4Y2JiYmM4NmQyMDU2MTg5OWNk
YjEwNGQwHhcNMjYwNTE5MTQxOTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2E5YTg4M2I3MTYxNmNlYWNkZDJlMzkxYTg1ZWY4NTFkYzQ3ZTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoD43FRTSpnCJWlDE1JEkJBpm8DGj
A5KliFhQwPELBCpYsUDprsKHeMnpN7d7SpMAYY+CQAThSXtIHFFXUtRBuc5K0MqV
mzG/6dAq0Ob3v0dpW4pG6tIHnCJnqN1O1g7exznTj0tY1aS7YQYcfKWweZKnBXUR
+8Ze05Vnm52qLM5KFrTGHfZMD+BHV8lhRhzVmO2j/aO2ltwYc/ShHB36DS3HyqT/
c1VVoMnIMM7u/8nInXMEzV5EywKK4esw7SwJ+HD4xqM3kjrKBWJrlitgDxpuO/pc
qHUR98PN/+3WWd6zA7mMEsg7iUJiwH3xeWnMXjtWkuFRPOeQAGRbm4968wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNypqIO3FhbOrN0uORqF74UdxH56MB8GA1UdIwQY
MBaAFGJbXPnimRJEjLu8htIFYYmc2xBNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWx0Yy1lS1pFa1NNdTd5RzBnVmhpWnpiRUUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy85N2NjYWItZDBjOC00MmU4LTg3MjUt
YTU4NmIwN2FkZDcyLzEvM0ttb2c3Y1dGczZzM1M0NUdvWHZoUjNFZm5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy85N2NjYWItZDBjOC00MmU4LTg3MjUtYTU4NmIwN2FkZDcy
LzEvWWx0Yy1lS1pFa1NNdTd5RzBnVmhpWnpiRUUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuY3wAwQA
uY3zMA0GCSqGSIb3DQEBCwUAA4IBAQAiXtp1znf9+3i12Ghx2bKykveHaNNcmjQw
4qLlQiXuIjZckU4xv+VtD/84Si0bel1Akk3gDYwc/B7cxDeett+BWW22MVFyV+rB
FAUo46NgFyxkEYDQFKTAZQSTQCQHopSBZMEbYWw5Vyt1bNZGiynPnxOs8/D2HUyf
sGBn2O33YJHJMrN2TVo9d3k9aek6wAF6ZRe9Tr9qosz1EAtWK2mqVBhiEthM4tZE
03HfSBS0qx9SyTsEAPT9k/dRxVN2CzemN+AngoXNonJejLXrSs3CMynobc6Ob8jc
dVGcXAqdV7S1zJE2Cwl3y8lbxe+zlt4Sc6MbQA+2vKdJ6/XFx5SH
-----END CERTIFICATE-----