Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/PkLF5Qe23NpZ0qUxVzRcrTiMnQg.roa
File:                     PkLF5Qe23NpZ0qUxVzRcrTiMnQg.roa (raw, json)
Hash identifier:          WhFKLI35lPl0xgI1Abtq0FpDyLm3DVBgk69s+Al9tJ0=
Subject key identifier:   3E:42:C5:E5:07:B6:DC:DA:59:D2:A5:31:57:34:5C:AD:38:8C:9D:08
Certificate issuer:       /CN=505127723ea0cfd0724713b291734caa353e20ea
Certificate serial:       019D87A30243626E9F9F54C0FAC17C128288
Authority key identifier: 50:51:27:72:3E:A0:CF:D0:72:47:13:B2:91:73:4C:AA:35:3E:20:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UFEncj6gz9ByRxOykXNMqjU-IOo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/PkLF5Qe23NpZ0qUxVzRcrTiMnQg.roa
Signing time:             Mon 13 Apr 2026 16:18:20 +0000
ROA not before:           Mon 13 Apr 2026 16:18:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     142594
IP address blocks:        185.158.136.0/24 maxlen: 24
                          185.158.137.0/24 maxlen: 24
                          185.158.138.0/24 maxlen: 24
                          185.158.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/UFEncj6gz9ByRxOykXNMqjU-IOo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/UFEncj6gz9ByRxOykXNMqjU-IOo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UFEncj6gz9ByRxOykXNMqjU-IOo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 10:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:87:a3:02:43:62:6e:9f:9f:54:c0:fa:c1:7c:12:82:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=505127723ea0cfd0724713b291734caa353e20ea
        Validity
            Not Before: Apr 13 16:18:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3e42c5e507b6dcda59d2a53157345cad388c9d08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:b1:05:95:d1:a9:7c:5f:d6:f8:97:d9:f3:d4:
                    b0:f0:a1:0f:9d:d4:04:f4:b5:bf:5b:26:62:3a:15:
                    88:d5:57:ca:13:f8:0a:77:4a:a7:3d:e4:9f:21:98:
                    dd:3f:ca:65:17:cd:f4:ec:77:c2:9e:0f:4e:cb:aa:
                    f3:89:ca:b8:d3:34:75:2a:33:bd:e4:71:8b:55:7b:
                    ab:db:2b:b6:f7:b7:fc:19:b9:72:1d:6f:47:d8:29:
                    82:1f:6a:f2:86:98:b8:42:73:a2:bc:be:77:9a:0e:
                    d7:82:0f:b9:88:e2:59:dc:a8:ae:81:f7:4f:e0:81:
                    70:63:c4:f6:96:6f:0e:ae:8b:a1:3f:90:54:15:4a:
                    2e:4c:35:78:67:bf:ef:c1:85:4b:30:c4:c0:65:bb:
                    7f:81:8c:98:8b:04:e3:da:6d:f6:9f:5e:50:85:7e:
                    d9:8f:32:f2:ec:9e:66:92:95:26:41:4d:b9:1c:58:
                    54:42:c8:ff:85:54:bb:3d:76:72:a7:9b:34:91:08:
                    ea:d1:66:36:68:4a:15:f6:f8:44:c0:98:72:70:8c:
                    91:eb:e6:35:5a:cc:06:a3:f7:2a:ec:4f:e2:f6:75:
                    bd:25:17:f9:a5:5e:32:0e:00:8e:f2:a8:51:76:84:
                    3f:31:96:78:40:f9:af:c0:e0:af:99:84:16:b4:c3:
                    85:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:42:C5:E5:07:B6:DC:DA:59:D2:A5:31:57:34:5C:AD:38:8C:9D:08
            X509v3 Authority Key Identifier:
                keyid:50:51:27:72:3E:A0:CF:D0:72:47:13:B2:91:73:4C:AA:35:3E:20:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UFEncj6gz9ByRxOykXNMqjU-IOo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/PkLF5Qe23NpZ0qUxVzRcrTiMnQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/UFEncj6gz9ByRxOykXNMqjU-IOo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         31:42:7e:2b:7a:c5:18:64:12:40:35:4c:aa:97:f7:58:10:cd:
         20:a7:5e:bb:ab:bc:c1:11:65:36:fa:1d:0c:7d:32:45:ef:ff:
         d1:18:d5:77:dd:d8:47:9e:c2:43:30:9e:fd:8c:eb:fb:db:1c:
         74:90:b0:bd:43:1f:8f:0c:36:64:1a:6d:7f:cc:38:b8:0b:43:
         1b:57:56:cd:ed:bb:b8:f5:7d:72:42:dc:e8:5a:b9:ec:75:56:
         69:a2:5f:a0:5e:47:7c:8e:2e:55:81:99:e8:a2:ce:b3:13:11:
         3f:1d:e2:b0:eb:86:bc:85:cd:ed:f2:8d:a2:d1:bf:da:33:9c:
         95:0a:f5:7b:ea:a5:ea:12:dd:92:e1:e3:7b:5e:e2:30:99:1a:
         df:01:23:ae:46:19:a5:97:68:d5:43:28:9e:e3:6c:06:53:33:
         32:b3:81:01:4c:09:2e:5a:5e:48:39:ff:9d:e9:25:78:ac:1f:
         97:4c:45:c9:e2:c9:d1:87:f4:1c:6f:9d:34:95:ca:4c:40:7c:
         5c:0d:ca:e3:f2:9b:cb:bb:07:4b:5b:70:47:e8:6e:62:50:26:
         58:46:25:78:9f:c4:ad:ff:6c:2b:cf:e6:e7:0e:f4:a4:a1:04:
         f4:89:59:b9:26:4c:cc:e0:f3:a6:a6:28:f8:b2:5a:b9:ed:e8:
         f6:cc:db:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2HowJDYm6fn1TA+sF8EoKIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwNTEyNzcyM2VhMGNmZDA3MjQ3MTNiMjkxNzM0Y2FhMzUz
ZTIwZWEwHhcNMjYwNDEzMTYxODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTQyYzVlNTA3YjZkY2RhNTlkMmE1MzE1NzM0NWNhZDM4OGM5ZDA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrEFldGpfF/W+JfZ89Sw8KEPndQE
9LW/WyZiOhWI1VfKE/gKd0qnPeSfIZjdP8plF8307HfCng9Oy6rzicq40zR1KjO9
5HGLVXur2yu297f8GblyHW9H2CmCH2ryhpi4QnOivL53mg7Xgg+5iOJZ3KiugfdP
4IFwY8T2lm8OrouhP5BUFUouTDV4Z7/vwYVLMMTAZbt/gYyYiwTj2m32n15QhX7Z
jzLy7J5mkpUmQU25HFhUQsj/hVS7PXZyp5s0kQjq0WY2aEoV9vhEwJhycIyR6+Y1
WswGo/cq7E/i9nW9JRf5pV4yDgCO8qhRdoQ/MZZ4QPmvwOCvmYQWtMOFrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD5CxeUHttzaWdKlMVc0XK04jJ0IMB8GA1UdIwQY
MBaAFFBRJ3I+oM/QckcTspFzTKo1PiDqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUZFbmNqNmd6OUJ5UnhPeWtYTk1xalUtSU9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9hOTA0MjMtMGI0Yi00OTlmLWJlNjYt
NTU2MDhiNjk0NDU2LzEvUGtMRjVRZTIzTnBaMHFVeFZ6UmNyVGlNblFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9hOTA0MjMtMGI0Yi00OTlmLWJlNjYtNTU2MDhiNjk0NDU2
LzEvVUZFbmNqNmd6OUJ5UnhPeWtYTk1xalUtSU9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZ6IMA0G
CSqGSIb3DQEBCwUAA4IBAQAxQn4resUYZBJANUyql/dYEM0gp167q7zBEWU2+h0M
fTJF7//RGNV33dhHnsJDMJ79jOv72xx0kLC9Qx+PDDZkGm1/zDi4C0MbV1bN7bu4
9X1yQtzoWrnsdVZpol+gXkd8ji5VgZnoos6zExE/HeKw64a8hc3t8o2i0b/aM5yV
CvV76qXqEt2S4eN7XuIwmRrfASOuRhmll2jVQyie42wGUzMys4EBTAkuWl5IOf+d
6SV4rB+XTEXJ4snRh/Qcb500lcpMQHxcDcrj8pvLuwdLW3BH6G5iUCZYRiV4n8St
/2wrz+bnDvSkoQT0iVm5JkzM4POmpij4slq57ej2zNt5
-----END CERTIFICATE-----