Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/949dde-e814-4fb2-9f9b-59483fa09fe1/1/KrmrfuyTmay6BxzsP6g7DR2EuMs.roa
File:                     KrmrfuyTmay6BxzsP6g7DR2EuMs.roa (raw, json)
Hash identifier:          i89qUuvLONj+YCXDaSghoBx5U4M3h/mBM7QmhvsqeeI=
Subject key identifier:   2A:B9:AB:7E:EC:93:99:AC:BA:07:1C:EC:3F:A8:3B:0D:1D:84:B8:CB
Certificate issuer:       /CN=25fd5781576f3d4225af99453e93a92598527126
Certificate serial:       019B7910B69F6C5DE8B6CC2DC5CB9348E280
Authority key identifier: 25:FD:57:81:57:6F:3D:42:25:AF:99:45:3E:93:A9:25:98:52:71:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jf1XgVdvPUIlr5lFPpOpJZhScSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/949dde-e814-4fb2-9f9b-59483fa09fe1/1/KrmrfuyTmay6BxzsP6g7DR2EuMs.roa
Signing time:             Thu 01 Jan 2026 10:18:17 +0000
ROA not before:           Thu 01 Jan 2026 10:18:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208738
IP address blocks:        185.252.184.0/24 maxlen: 24
                          185.252.186.0/24 maxlen: 24
                          185.252.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/949dde-e814-4fb2-9f9b-59483fa09fe1/1/Jf1XgVdvPUIlr5lFPpOpJZhScSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/949dde-e814-4fb2-9f9b-59483fa09fe1/1/Jf1XgVdvPUIlr5lFPpOpJZhScSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jf1XgVdvPUIlr5lFPpOpJZhScSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:b6:9f:6c:5d:e8:b6:cc:2d:c5:cb:93:48:e2:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25fd5781576f3d4225af99453e93a92598527126
        Validity
            Not Before: Jan  1 10:18:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2ab9ab7eec9399acba071cec3fa83b0d1d84b8cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:37:e2:15:0d:7b:d0:24:29:eb:c0:02:3b:fa:
                    49:61:98:ac:5c:b9:19:5f:e0:5e:13:47:7f:e3:59:
                    cb:59:1e:8a:63:42:0a:b3:92:6b:9e:f5:d5:20:01:
                    6c:02:6a:a7:5d:58:4b:5f:fb:47:33:a3:39:f7:bd:
                    84:0c:81:8a:f4:8c:56:54:c6:2e:36:db:7e:5a:dc:
                    d9:44:14:ca:12:0f:fb:bc:0b:e1:62:af:2c:1d:43:
                    ad:ff:f4:9d:c0:04:2b:5e:b7:d8:b5:b5:53:57:b7:
                    4b:22:88:22:48:d5:38:4c:cb:01:10:41:58:ea:68:
                    de:68:27:b7:d1:65:8b:9c:64:0b:41:a6:f1:b3:b9:
                    f0:93:ed:77:45:23:a0:ed:49:8f:22:3c:2d:76:f4:
                    c6:da:c9:9a:8d:54:c6:6f:c4:da:a0:c1:c8:88:42:
                    85:20:c3:fa:a7:8b:65:8e:6d:49:61:ea:38:5a:7b:
                    08:38:f0:1c:92:cd:02:c8:e3:2e:8b:13:59:de:5e:
                    0f:15:1c:c3:13:69:22:ff:2b:64:9c:07:54:d1:aa:
                    88:65:88:6d:7e:d5:aa:d8:a6:9c:f9:a1:73:aa:80:
                    8c:1e:58:15:f1:af:76:9c:b6:d0:e3:5e:b7:7c:8b:
                    28:e0:6a:c6:69:80:23:48:be:ec:e8:13:94:a6:c1:
                    04:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:B9:AB:7E:EC:93:99:AC:BA:07:1C:EC:3F:A8:3B:0D:1D:84:B8:CB
            X509v3 Authority Key Identifier:
                keyid:25:FD:57:81:57:6F:3D:42:25:AF:99:45:3E:93:A9:25:98:52:71:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jf1XgVdvPUIlr5lFPpOpJZhScSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/949dde-e814-4fb2-9f9b-59483fa09fe1/1/KrmrfuyTmay6BxzsP6g7DR2EuMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/949dde-e814-4fb2-9f9b-59483fa09fe1/1/Jf1XgVdvPUIlr5lFPpOpJZhScSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.184.0/24
                  185.252.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         74:9a:ab:18:f2:b3:8d:84:5d:25:e0:05:f4:e0:df:9c:24:0d:
         34:2f:b7:50:3d:b3:c1:3d:cd:03:6a:3c:2c:63:31:d4:5b:c8:
         c5:ef:93:43:3a:df:48:ae:85:d7:18:63:2d:38:a6:83:0c:3a:
         ad:b6:c6:d4:65:67:b5:c0:90:5b:f0:8b:c7:6a:5e:67:8c:b4:
         62:66:81:00:86:d5:4b:42:3f:19:a4:8f:7f:4c:d2:da:d7:c8:
         f0:c7:a7:4d:96:34:e3:78:8b:db:40:87:ea:52:ed:b6:9b:9f:
         85:c2:3e:f1:45:3e:1f:a5:89:9f:80:3e:9d:ac:db:65:09:b8:
         df:e5:66:b7:63:d5:36:9f:3f:cf:c5:bc:8d:e9:73:7c:6d:b9:
         da:5b:ed:09:2a:56:35:fa:7d:be:4c:8c:95:9e:6b:64:ac:c3:
         13:08:b2:d6:f8:f8:d5:b9:e7:f5:67:37:fe:49:57:b6:7b:a4:
         81:c6:9e:4b:a3:ed:37:46:f1:f6:bd:a2:52:f1:e6:4a:26:0f:
         02:10:9b:3a:c6:89:11:77:af:db:43:40:58:68:fa:01:f4:77:
         c7:ff:b3:85:98:26:2e:e3:19:fb:f0:9b:36:8b:1b:78:fc:65:
         b6:57:62:7e:d2:2c:88:bf:98:4f:71:89:18:97:23:a3:3b:06:
         82:8b:1e:55
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZt5ELafbF3otswtxcuTSOKAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ZmQ1NzgxNTc2ZjNkNDIyNWFmOTk0NTNlOTNhOTI1OTg1
MjcxMjYwHhcNMjYwMTAxMTAxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWI5YWI3ZWVjOTM5OWFjYmEwNzFjZWMzZmE4M2IwZDFkODRiOGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTfiFQ170CQp68ACO/pJYZisXLkZ
X+BeE0d/41nLWR6KY0IKs5JrnvXVIAFsAmqnXVhLX/tHM6M5972EDIGK9IxWVMYu
Ntt+WtzZRBTKEg/7vAvhYq8sHUOt//SdwAQrXrfYtbVTV7dLIogiSNU4TMsBEEFY
6mjeaCe30WWLnGQLQabxs7nwk+13RSOg7UmPIjwtdvTG2smajVTGb8TaoMHIiEKF
IMP6p4tljm1JYeo4WnsIOPAcks0CyOMuixNZ3l4PFRzDE2ki/ytknAdU0aqIZYht
ftWq2Kac+aFzqoCMHlgV8a92nLbQ4163fIso4GrGaYAjSL7s6BOUpsEE/wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCq5q37sk5msugcc7D+oOw0dhLjLMB8GA1UdIwQY
MBaAFCX9V4FXbz1CJa+ZRT6TqSWYUnEmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmYxWGdWZHZQVUlscjVsRlBwT3BKWmhTY1NZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni85NDlkZGUtZTgxNC00ZmIyLTlmOWIt
NTk0ODNmYTA5ZmUxLzEvS3JtcmZ1eVRtYXk2Qnh6c1A2ZzdEUjJFdU1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni85NDlkZGUtZTgxNC00ZmIyLTlmOWItNTk0ODNmYTA5ZmUx
LzEvSmYxWGdWZHZQVUlscjVsRlBwT3BKWmhTY1NZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAufy4AwQB
ufy6MA0GCSqGSIb3DQEBCwUAA4IBAQB0mqsY8rONhF0l4AX04N+cJA00L7dQPbPB
Pc0DajwsYzHUW8jF75NDOt9IroXXGGMtOKaDDDqttsbUZWe1wJBb8IvHal5njLRi
ZoEAhtVLQj8ZpI9/TNLa18jwx6dNljTjeIvbQIfqUu22m5+Fwj7xRT4fpYmfgD6d
rNtlCbjf5Wa3Y9U2nz/PxbyN6XN8bbnaW+0JKlY1+n2+TIyVnmtkrMMTCLLW+PjV
uef1Zzf+SVe2e6SBxp5Lo+03RvH2vaJS8eZKJg8CEJs6xokRd6/bQ0BYaPoB9HfH
/7OFmCYu4xn78Js2ixt4/GW2V2J+0iyIv5hPcYkYlyOjOwaCix5V
-----END CERTIFICATE-----