Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/42shYTmXJVs-QCfvTMS0xRC7xFI.roa
File:                     42shYTmXJVs-QCfvTMS0xRC7xFI.roa (raw, json)
Hash identifier:          5t1NbfCoxs5wJmv1KoHhL2uefLCwCrpp12D5NoazZ+c=
Subject key identifier:   E3:6B:21:61:39:97:25:5B:3E:40:27:EF:4C:C4:B4:C5:10:BB:C4:52
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       019D57E12478F86D0B9DEE68153936FB1A7F
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/42shYTmXJVs-QCfvTMS0xRC7xFI.roa
Signing time:             Sat 04 Apr 2026 09:44:25 +0000
ROA not before:           Sat 04 Apr 2026 09:44:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7768
IP address blocks:        185.249.200.0/24 maxlen: 24
                          185.249.201.0/24 maxlen: 24
                          185.249.202.0/24 maxlen: 24
                          185.249.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:57:e1:24:78:f8:6d:0b:9d:ee:68:15:39:36:fb:1a:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Apr  4 09:44:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e36b21613997255b3e4027ef4cc4b4c510bbc452
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:37:1b:62:85:44:c5:85:d5:fd:51:fa:d1:56:
                    40:5b:b8:57:c9:3e:a0:d9:cc:5a:cf:a9:89:94:e8:
                    c4:d7:11:ee:3c:47:be:87:68:1b:e6:a1:1e:c2:57:
                    28:f6:ff:a1:08:ef:17:f2:40:d3:e7:f6:e0:42:e4:
                    12:71:34:e7:51:63:39:3a:fd:9b:46:3b:3b:0b:03:
                    bd:37:1c:8f:12:15:54:5e:df:08:f0:93:bd:be:f6:
                    4b:f1:8f:b6:cb:9e:d6:f2:14:e7:0d:d1:4c:37:be:
                    60:be:dc:61:ac:56:5b:2d:ee:85:94:d3:ea:7b:f9:
                    f0:27:c3:c4:44:8b:a0:0d:56:2c:d5:46:9d:55:0a:
                    27:83:24:ab:e7:15:24:f1:fe:d8:dd:90:f3:c3:5b:
                    2b:61:5b:f1:9e:e1:5f:c6:3b:58:35:a8:82:43:9a:
                    81:c3:71:f1:97:71:f1:2c:ba:0a:92:84:0e:02:29:
                    ad:08:4b:05:60:db:9b:2f:2d:77:85:31:1a:65:c6:
                    9b:df:78:e3:2b:da:3b:7d:db:c4:c7:fe:5b:76:07:
                    7c:9d:80:43:a9:ef:43:73:51:69:30:e1:91:7d:0e:
                    15:e2:19:f9:85:f0:e3:8e:83:7b:3c:0e:fb:66:3c:
                    6a:1f:19:22:19:df:51:8f:cf:b6:38:ce:ec:56:86:
                    56:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:6B:21:61:39:97:25:5B:3E:40:27:EF:4C:C4:B4:C5:10:BB:C4:52
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/42shYTmXJVs-QCfvTMS0xRC7xFI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.249.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         95:fc:5a:e1:37:f8:b6:6e:0f:54:5c:97:bf:db:de:d7:57:57:
         fb:af:70:fc:22:d3:a7:15:9d:61:ba:42:92:ed:62:98:7b:fe:
         2b:fe:46:2b:0e:73:e8:9f:56:c0:d0:d6:71:09:95:3e:1d:ec:
         5d:72:ea:9d:85:e3:3e:be:a7:4e:44:08:e7:75:2c:e9:80:11:
         0d:be:32:3e:f0:d4:c7:32:f9:83:d1:db:bf:c6:52:e1:e7:ba:
         ee:88:be:eb:95:86:ea:d6:09:61:55:5b:f6:48:fd:44:f5:1a:
         b8:ec:42:86:da:61:1d:e6:c6:bf:8b:5b:7a:18:5b:ce:5b:8b:
         0d:f6:ee:65:5c:59:7b:92:f5:84:5a:e0:42:04:32:b4:ac:09:
         3f:e9:5d:80:10:79:6a:2d:6c:d2:b2:c4:38:7f:53:67:af:f4:
         5a:b7:5b:e2:69:92:97:40:0b:a6:3c:a6:47:2b:9a:d0:92:0a:
         53:6f:63:78:c0:b3:22:73:71:45:10:2c:81:d0:c7:77:f4:89:
         fe:b2:d3:ac:d5:64:44:79:79:05:ad:46:59:78:fd:09:0a:e8:
         d1:54:27:45:8c:41:b6:e7:5b:86:8c:59:6b:1c:22:47:02:2b:
         14:43:65:9e:c2:dc:7c:c4:72:b7:e7:9e:0b:db:a4:fb:6e:16:
         c1:0c:c0:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1X4SR4+G0Lne5oFTk2+xp/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjYwNDA0MDk0NDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzZiMjE2MTM5OTcyNTViM2U0MDI3ZWY0Y2M0YjRjNTEwYmJjNDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jcbYoVExYXV/VH60VZAW7hXyT6g
2cxaz6mJlOjE1xHuPEe+h2gb5qEewlco9v+hCO8X8kDT5/bgQuQScTTnUWM5Ov2b
Rjs7CwO9NxyPEhVUXt8I8JO9vvZL8Y+2y57W8hTnDdFMN75gvtxhrFZbLe6FlNPq
e/nwJ8PERIugDVYs1UadVQongySr5xUk8f7Y3ZDzw1srYVvxnuFfxjtYNaiCQ5qB
w3Hxl3HxLLoKkoQOAimtCEsFYNubLy13hTEaZcab33jjK9o7fdvEx/5bdgd8nYBD
qe9Dc1FpMOGRfQ4V4hn5hfDjjoN7PA77ZjxqHxkiGd9Rj8+2OM7sVoZWPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFONrIWE5lyVbPkAn70zEtMUQu8RSMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvNDJzaFlUbVhKVnMtUUNmdlRNUzB4UkM3eEZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufnIMA0G
CSqGSIb3DQEBCwUAA4IBAQCV/FrhN/i2bg9UXJe/297XV1f7r3D8ItOnFZ1hukKS
7WKYe/4r/kYrDnPon1bA0NZxCZU+HexdcuqdheM+vqdORAjndSzpgBENvjI+8NTH
MvmD0du/xlLh57ruiL7rlYbq1glhVVv2SP1E9Rq47EKG2mEd5sa/i1t6GFvOW4sN
9u5lXFl7kvWEWuBCBDK0rAk/6V2AEHlqLWzSssQ4f1Nnr/Rat1viaZKXQAumPKZH
K5rQkgpTb2N4wLMic3FFECyB0Md39In+stOs1WREeXkFrUZZeP0JCujRVCdFjEG2
51uGjFlrHCJHAisUQ2Wewtx8xHK3554L26T7bhbBDMCF
-----END CERTIFICATE-----