Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/Q185qBCTAslf97Rog3SUyG95EBo.roa
File:                     Q185qBCTAslf97Rog3SUyG95EBo.roa (raw, json)
Hash identifier:          +jTEwCGDvqQHKcWHrPwBJB6gQVTArNQuwOaaAn3R7Fw=
Subject key identifier:   43:5F:39:A8:10:93:02:C9:5F:F7:B4:68:83:74:94:C8:6F:79:10:1A
Certificate issuer:       /CN=e8a851ddae5a64cc38825395be9a507da95ab7cf
Certificate serial:       019ECAE2FD3BCCAD712FAB18581367514BF9
Authority key identifier: E8:A8:51:DD:AE:5A:64:CC:38:82:53:95:BE:9A:50:7D:A9:5A:B7:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6KhR3a5aZMw4glOVvppQfalat88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/Q185qBCTAslf97Rog3SUyG95EBo.roa
Signing time:             Mon 15 Jun 2026 10:45:34 +0000
ROA not before:           Mon 15 Jun 2026 10:45:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202447
IP address blocks:        147.236.118.0/23 maxlen: 24
                          147.236.118.0/24 maxlen: 24
                          147.236.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/6KhR3a5aZMw4glOVvppQfalat88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/6KhR3a5aZMw4glOVvppQfalat88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6KhR3a5aZMw4glOVvppQfalat88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ca:e2:fd:3b:cc:ad:71:2f:ab:18:58:13:67:51:4b:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8a851ddae5a64cc38825395be9a507da95ab7cf
        Validity
            Not Before: Jun 15 10:45:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=435f39a8109302c95ff7b468837494c86f79101a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:2c:01:b9:67:a0:4b:36:da:78:3b:42:4e:01:
                    66:9e:41:a1:cb:2d:f2:8d:10:c7:12:e2:d0:08:e0:
                    f1:ce:14:b7:7f:b9:a9:07:b0:0f:40:a5:8a:33:87:
                    07:66:09:58:a7:c6:55:3d:49:fa:a5:51:36:73:1a:
                    a8:11:8c:30:05:08:09:bf:da:db:27:0f:3e:0d:24:
                    93:a3:be:45:71:f6:dd:6e:0a:73:8d:53:37:26:5c:
                    22:9b:5e:17:53:a9:6d:7e:c7:b7:4e:bf:47:dc:1c:
                    92:c8:24:d1:18:52:f4:9a:bc:90:64:a8:bb:21:14:
                    73:cd:de:8f:63:2e:6d:0c:e6:b5:20:78:ca:d2:b6:
                    35:d0:bf:69:67:27:36:65:17:d1:5a:2b:fb:bb:2f:
                    bb:4b:5f:ac:4c:ad:47:e0:98:da:a1:89:aa:ee:90:
                    5a:63:90:8e:f7:60:ad:9f:24:8f:77:59:e7:7c:83:
                    aa:7b:4a:e7:f5:bc:31:98:2d:c1:92:5b:64:cb:77:
                    a0:10:f6:11:bb:42:41:d1:88:66:3c:9b:84:7a:ae:
                    30:39:07:d1:fe:ee:39:fe:b8:a6:2e:a7:fe:de:5d:
                    ca:94:d2:ee:15:93:0d:12:87:4e:d6:cb:ae:ff:82:
                    bc:2c:97:3e:67:7d:c5:d4:13:7d:f3:6b:43:b8:97:
                    ef:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:5F:39:A8:10:93:02:C9:5F:F7:B4:68:83:74:94:C8:6F:79:10:1A
            X509v3 Authority Key Identifier:
                keyid:E8:A8:51:DD:AE:5A:64:CC:38:82:53:95:BE:9A:50:7D:A9:5A:B7:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6KhR3a5aZMw4glOVvppQfalat88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/Q185qBCTAslf97Rog3SUyG95EBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/6KhR3a5aZMw4glOVvppQfalat88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.236.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ba:c9:2a:d6:26:27:ef:36:f0:08:b2:5c:7e:7a:47:b4:3e:eb:
         f3:57:75:68:9f:4d:31:93:0f:71:50:b4:0c:84:73:00:a0:a3:
         0e:6a:2a:af:92:c1:e2:e7:2a:0e:d1:df:88:ae:82:a3:54:ad:
         d8:25:4e:30:9b:07:d9:2e:79:1c:40:3c:b0:13:fc:85:89:69:
         03:b0:93:fc:42:16:f6:fc:ff:8c:7b:c1:b2:99:38:23:79:82:
         ff:4e:04:bb:eb:65:cc:3b:b2:db:49:b4:83:54:5f:87:cb:2a:
         9f:20:33:7f:92:92:60:c0:de:b2:37:e1:b1:09:cc:ad:4f:95:
         75:92:3c:8a:50:25:40:c8:90:28:21:b9:5f:55:7b:cd:5f:8e:
         aa:ff:c6:6d:3f:7c:38:2b:9c:45:ba:42:fb:fe:7e:f6:26:8f:
         00:bd:6e:55:57:36:cb:b1:0c:2c:e1:fa:71:8c:fa:e4:48:12:
         1e:31:5a:90:76:2e:7b:7e:e7:77:e4:e6:9d:7e:d3:e5:68:a4:
         17:47:62:17:18:46:31:53:76:57:22:1c:e1:80:44:ec:52:bd:
         f8:8e:0e:c9:12:d7:64:27:33:5a:9d:64:a7:8b:85:13:86:50:
         70:88:af:23:8c:1a:2c:4d:e5:a9:16:60:4e:7b:f5:fa:34:91:
         ba:33:7c:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7K4v07zK1xL6sYWBNnUUv5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YTg1MWRkYWU1YTY0Y2MzODgyNTM5NWJlOWE1MDdkYTk1
YWI3Y2YwHhcNMjYwNjE1MTA0NTM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzVmMzlhODEwOTMwMmM5NWZmN2I0Njg4Mzc0OTRjODZmNzkxMDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuywBuWegSzbaeDtCTgFmnkGhyy3y
jRDHEuLQCODxzhS3f7mpB7APQKWKM4cHZglYp8ZVPUn6pVE2cxqoEYwwBQgJv9rb
Jw8+DSSTo75FcfbdbgpzjVM3Jlwim14XU6ltfse3Tr9H3BySyCTRGFL0mryQZKi7
IRRzzd6PYy5tDOa1IHjK0rY10L9pZyc2ZRfRWiv7uy+7S1+sTK1H4JjaoYmq7pBa
Y5CO92CtnySPd1nnfIOqe0rn9bwxmC3Bkltky3egEPYRu0JB0YhmPJuEeq4wOQfR
/u45/rimLqf+3l3KlNLuFZMNEodO1suu/4K8LJc+Z33F1BN982tDuJfv2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFENfOagQkwLJX/e0aIN0lMhveRAaMB8GA1UdIwQY
MBaAFOioUd2uWmTMOIJTlb6aUH2pWrfPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNktoUjNhNWFaTXc0Z2xPVnZwcFFmYWxhdDg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8zNjM4ZDctM2VjMy00NTk1LWE2MzEt
MTEwYzg3OGRjZDI5LzEvUTE4NXFCQ1RBc2xmOTdSb2czU1V5Rzk1RUJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8zNjM4ZDctM2VjMy00NTk1LWE2MzEtMTEwYzg3OGRjZDI5
LzEvNktoUjNhNWFaTXc0Z2xPVnZwcFFmYWxhdDg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBk+x2MA0G
CSqGSIb3DQEBCwUAA4IBAQC6ySrWJifvNvAIslx+eke0PuvzV3Von00xkw9xULQM
hHMAoKMOaiqvksHi5yoO0d+IroKjVK3YJU4wmwfZLnkcQDywE/yFiWkDsJP8Qhb2
/P+Me8GymTgjeYL/TgS762XMO7LbSbSDVF+HyyqfIDN/kpJgwN6yN+GxCcytT5V1
kjyKUCVAyJAoIblfVXvNX46q/8ZtP3w4K5xFukL7/n72Jo8AvW5VVzbLsQws4fpx
jPrkSBIeMVqQdi57fud35OadftPlaKQXR2IXGEYxU3ZXIhzhgETsUr34jg7JEtdk
JzNanWSni4UThlBwiK8jjBosTeWpFmBOe/X6NJG6M3xb
-----END CERTIFICATE-----