Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/318a23-2876-46a2-af72-3497f7e2de62/1/XKs6KgfU6aQLIAOaUuz9aSWnClo.roa
File:                     XKs6KgfU6aQLIAOaUuz9aSWnClo.roa (raw, json)
Hash identifier:          vxBudXeCf0peWMd7lO7aysk2NB+ZqNxmrMni5vjOPPQ=
Subject key identifier:   5C:AB:3A:2A:07:D4:E9:A4:0B:20:03:9A:52:EC:FD:69:25:A7:0A:5A
Certificate issuer:       /CN=c7d91462c4dc1df6a8a3a97a1aee57a0cc14efba
Certificate serial:       019B7F857C1E2B4D2E152CA5D7F8C8387E72
Authority key identifier: C7:D9:14:62:C4:DC:1D:F6:A8:A3:A9:7A:1A:EE:57:A0:CC:14:EF:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x9kUYsTcHfaoo6l6Gu5XoMwU77o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/318a23-2876-46a2-af72-3497f7e2de62/1/XKs6KgfU6aQLIAOaUuz9aSWnClo.roa
Signing time:             Fri 02 Jan 2026 16:23:33 +0000
ROA not before:           Fri 02 Jan 2026 16:23:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200937
IP address blocks:        185.90.148.0/24 maxlen: 24
                          185.90.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/318a23-2876-46a2-af72-3497f7e2de62/1/x9kUYsTcHfaoo6l6Gu5XoMwU77o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/318a23-2876-46a2-af72-3497f7e2de62/1/x9kUYsTcHfaoo6l6Gu5XoMwU77o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x9kUYsTcHfaoo6l6Gu5XoMwU77o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:7c:1e:2b:4d:2e:15:2c:a5:d7:f8:c8:38:7e:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7d91462c4dc1df6a8a3a97a1aee57a0cc14efba
        Validity
            Not Before: Jan  2 16:23:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5cab3a2a07d4e9a40b20039a52ecfd6925a70a5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:7b:8d:70:35:37:dd:34:7c:40:f3:b8:cd:a6:
                    81:27:44:8e:b8:60:33:bb:92:3a:72:03:0c:31:66:
                    3e:fc:67:ad:90:59:06:6e:6a:98:35:0f:20:07:7d:
                    1a:1b:88:e3:5d:81:b8:23:a0:58:59:62:12:3c:32:
                    29:44:ce:43:ac:49:b9:ee:e8:54:3f:a1:6f:34:b2:
                    76:82:9b:47:3f:79:7d:37:61:be:5f:3a:98:c7:58:
                    24:e6:dc:bc:9f:e8:4a:20:cf:30:31:32:ca:fc:f8:
                    e1:7a:1a:8c:6e:c9:12:79:bc:83:96:0d:1c:48:1f:
                    3e:29:65:45:d1:6e:b6:f9:1d:18:04:6b:53:54:d2:
                    cf:94:0b:37:de:91:95:8b:12:52:9e:74:97:4d:a8:
                    93:3a:a0:7c:e7:c9:5f:66:d9:18:f9:da:46:69:4e:
                    77:73:ee:96:92:79:4a:1c:22:25:98:0a:c3:32:d1:
                    29:2a:0f:98:41:e7:25:b3:29:ff:be:76:2d:42:61:
                    0c:63:79:03:bc:f0:ef:a3:5d:d0:d0:9e:c5:dd:1d:
                    da:3f:b7:d0:d1:c0:60:ab:c7:08:10:de:ac:07:ba:
                    36:c2:83:d8:40:b5:84:f9:07:49:79:33:f2:3e:f7:
                    94:4c:01:7b:df:45:25:92:b0:0a:a7:75:7f:c4:d3:
                    cf:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:AB:3A:2A:07:D4:E9:A4:0B:20:03:9A:52:EC:FD:69:25:A7:0A:5A
            X509v3 Authority Key Identifier:
                keyid:C7:D9:14:62:C4:DC:1D:F6:A8:A3:A9:7A:1A:EE:57:A0:CC:14:EF:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x9kUYsTcHfaoo6l6Gu5XoMwU77o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/318a23-2876-46a2-af72-3497f7e2de62/1/XKs6KgfU6aQLIAOaUuz9aSWnClo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/318a23-2876-46a2-af72-3497f7e2de62/1/x9kUYsTcHfaoo6l6Gu5XoMwU77o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.90.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2d:1f:01:87:fd:07:ba:f8:37:c9:ff:b4:cc:b8:40:bb:cb:0f:
         68:ae:b9:e8:f7:1a:7d:9a:2a:75:03:24:40:f5:eb:a1:bd:86:
         f6:0c:9b:09:4c:23:bb:3a:40:b2:4e:b6:b7:a3:87:ef:2a:90:
         60:0a:00:e5:41:5f:a6:00:2d:00:57:8e:9b:e4:7c:e8:ba:e6:
         c9:a9:21:07:7c:d6:f2:a7:49:c5:d6:36:55:aa:5c:8c:c1:d6:
         a7:9b:3b:1f:33:c5:bc:9f:15:1e:a2:26:4d:a1:f3:82:e2:22:
         8a:a3:12:bf:27:b2:2a:58:11:5e:05:4b:66:d3:5c:9f:f8:42:
         41:71:b3:f9:40:e2:87:4e:49:9e:fa:43:b7:ce:d9:0d:12:4e:
         1e:95:67:87:a2:4a:62:b6:99:2e:35:da:85:4c:b9:0e:25:6e:
         62:af:36:af:d8:cf:3f:fa:cd:03:2c:1a:a9:f9:05:7b:6c:8e:
         21:20:14:a6:09:5e:bd:d4:84:50:ff:e4:6c:4e:02:be:88:77:
         cd:5c:0e:77:b8:40:b3:92:71:d8:2b:a9:47:65:65:dc:d5:f1:
         5d:db:14:0b:f2:91:d0:7c:dd:4f:ed:3c:5a:be:63:6c:8e:66:
         15:f1:62:7c:55:ac:e3:55:22:a3:7f:dc:a4:eb:00:65:9e:a8:
         19:c4:48:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hXweK00uFSyl1/jIOH5yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3ZDkxNDYyYzRkYzFkZjZhOGEzYTk3YTFhZWU1N2EwY2Mx
NGVmYmEwHhcNMjYwMTAyMTYyMzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2FiM2EyYTA3ZDRlOWE0MGIyMDAzOWE1MmVjZmQ2OTI1YTcwYTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1HuNcDU33TR8QPO4zaaBJ0SOuGAz
u5I6cgMMMWY+/GetkFkGbmqYNQ8gB30aG4jjXYG4I6BYWWISPDIpRM5DrEm57uhU
P6FvNLJ2gptHP3l9N2G+XzqYx1gk5ty8n+hKIM8wMTLK/PjhehqMbskSebyDlg0c
SB8+KWVF0W62+R0YBGtTVNLPlAs33pGVixJSnnSXTaiTOqB858lfZtkY+dpGaU53
c+6WknlKHCIlmArDMtEpKg+YQeclsyn/vnYtQmEMY3kDvPDvo13Q0J7F3R3aP7fQ
0cBgq8cIEN6sB7o2woPYQLWE+QdJeTPyPveUTAF730UlkrAKp3V/xNPPaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFyrOioH1OmkCyADmlLs/WklpwpaMB8GA1UdIwQY
MBaAFMfZFGLE3B32qKOpehruV6DMFO+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDlrVVlzVGNIZmFvbzZsNkd1NVhvTXdVNzdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy8zMThhMjMtMjg3Ni00NmEyLWFmNzIt
MzQ5N2Y3ZTJkZTYyLzEvWEtzNktnZlU2YVFMSUFPYVV1ejlhU1duQ2xvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy8zMThhMjMtMjg3Ni00NmEyLWFmNzItMzQ5N2Y3ZTJkZTYy
LzEveDlrVVlzVGNIZmFvbzZsNkd1NVhvTXdVNzdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuVqUMA0G
CSqGSIb3DQEBCwUAA4IBAQAtHwGH/Qe6+DfJ/7TMuEC7yw9orrno9xp9mip1AyRA
9euhvYb2DJsJTCO7OkCyTra3o4fvKpBgCgDlQV+mAC0AV46b5HzouubJqSEHfNby
p0nF1jZVqlyMwdanmzsfM8W8nxUeoiZNofOC4iKKoxK/J7IqWBFeBUtm01yf+EJB
cbP5QOKHTkme+kO3ztkNEk4elWeHokpitpkuNdqFTLkOJW5irzav2M8/+s0DLBqp
+QV7bI4hIBSmCV691IRQ/+RsTgK+iHfNXA53uECzknHYK6lHZWXc1fFd2xQL8pHQ
fN1P7TxavmNsjmYV8WJ8VazjVSKjf9yk6wBlnqgZxEj/
-----END CERTIFICATE-----