Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/2ad53a-f118-4a88-8c2f-987086ccab84/1/lfMrkwLp7hAwWVEeABAkFyae20g.roa
File:                     lfMrkwLp7hAwWVEeABAkFyae20g.roa (raw, json)
Hash identifier:          /+dZbciWTAdNljkvx7xP06l/dJfOWpz054ogX8e4mqs=
Subject key identifier:   95:F3:2B:93:02:E9:EE:10:30:59:51:1E:00:10:24:17:26:9E:DB:48
Certificate issuer:       /CN=bf99d23c82729a8049e7565775a864bc3aa282ef
Certificate serial:       019EB553D92F1B764B402B15A090247DDB06
Authority key identifier: BF:99:D2:3C:82:72:9A:80:49:E7:56:57:75:A8:64:BC:3A:A2:82:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v5nSPIJymoBJ51ZXdahkvDqigu8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/2ad53a-f118-4a88-8c2f-987086ccab84/1/lfMrkwLp7hAwWVEeABAkFyae20g.roa
Signing time:             Thu 11 Jun 2026 06:17:11 +0000
ROA not before:           Thu 11 Jun 2026 06:17:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208950
IP address blocks:        185.134.60.0/24 maxlen: 24
                          185.134.62.0/24 maxlen: 24
                          185.134.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/2ad53a-f118-4a88-8c2f-987086ccab84/1/v5nSPIJymoBJ51ZXdahkvDqigu8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/2ad53a-f118-4a88-8c2f-987086ccab84/1/v5nSPIJymoBJ51ZXdahkvDqigu8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v5nSPIJymoBJ51ZXdahkvDqigu8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 21:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b5:53:d9:2f:1b:76:4b:40:2b:15:a0:90:24:7d:db:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf99d23c82729a8049e7565775a864bc3aa282ef
        Validity
            Not Before: Jun 11 06:17:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=95f32b9302e9ee103059511e00102417269edb48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:00:fe:40:88:74:6c:35:7e:f3:cf:6d:bb:05:
                    ce:a4:b9:0f:6a:c7:8d:15:21:79:3a:fe:3f:e9:4c:
                    70:a0:de:f5:20:2c:93:7d:df:3b:0c:c1:cf:15:06:
                    52:5b:0d:20:9d:d7:4d:39:7c:e7:ed:50:33:aa:79:
                    21:0d:e2:64:bf:d3:df:61:22:9b:fe:c9:6e:9f:79:
                    60:5d:cc:b1:74:23:9e:e5:64:f2:23:e7:5d:82:88:
                    d0:20:14:f6:f1:55:27:41:86:09:5f:f4:81:75:9a:
                    3d:26:f1:2b:ab:36:e5:ef:b9:90:d6:b5:50:e7:49:
                    f0:e8:01:55:f8:73:02:81:34:6f:9f:62:b6:c7:e7:
                    9a:03:c3:a8:98:71:25:c2:a2:59:e5:33:8d:57:f8:
                    93:58:5e:af:05:59:43:ef:a8:ad:fb:5c:36:fe:e8:
                    87:e9:2d:62:20:48:e4:88:65:ed:ec:44:0b:cc:11:
                    c9:8a:01:4c:8a:66:bb:05:ca:4a:f1:9a:12:b2:c8:
                    58:b7:6d:66:fc:5d:fc:f7:68:4c:e8:5f:c8:09:4e:
                    07:28:ac:fe:cb:ec:34:d5:d7:87:88:bc:5a:e3:25:
                    aa:1c:9b:2b:49:c2:e2:3f:f3:d3:af:9f:8a:23:4f:
                    c4:9c:a2:9a:5f:ad:70:86:dc:42:01:d2:f6:ba:53:
                    0f:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:F3:2B:93:02:E9:EE:10:30:59:51:1E:00:10:24:17:26:9E:DB:48
            X509v3 Authority Key Identifier:
                keyid:BF:99:D2:3C:82:72:9A:80:49:E7:56:57:75:A8:64:BC:3A:A2:82:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v5nSPIJymoBJ51ZXdahkvDqigu8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2ad53a-f118-4a88-8c2f-987086ccab84/1/lfMrkwLp7hAwWVEeABAkFyae20g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2ad53a-f118-4a88-8c2f-987086ccab84/1/v5nSPIJymoBJ51ZXdahkvDqigu8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.134.60.0/24
                  185.134.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         06:73:7e:bc:5d:c6:09:cb:23:90:29:43:60:68:c0:23:7f:07:
         2c:c9:c6:c7:c5:09:07:9c:16:89:5e:b8:99:ea:58:47:06:16:
         0c:b4:3f:04:ee:86:da:56:8f:06:32:8b:20:c1:4f:ca:35:9e:
         4b:bc:b5:a5:27:17:ca:41:65:3e:74:e5:3f:fb:2a:a5:2f:12:
         76:36:18:1e:35:52:84:8f:e4:ad:a3:e8:82:46:73:2f:ba:13:
         b0:99:d8:c8:9a:63:21:eb:f5:de:65:d8:66:d5:7a:54:f1:41:
         23:18:66:ce:29:06:d6:3e:ab:e1:24:e1:b9:c0:c9:cc:e5:86:
         2d:2a:37:74:a9:5e:54:8e:8f:66:b1:01:18:2d:66:2a:e6:c7:
         bd:bc:b2:17:b7:30:cc:48:e2:e8:57:d7:5a:03:a1:09:97:73:
         40:a2:a7:e1:8a:d2:47:e4:59:6f:d3:01:6c:fc:31:18:48:e1:
         53:59:5d:b3:9d:57:52:8c:04:d0:83:6a:a8:31:4b:e7:d3:5e:
         98:12:c4:38:0d:bf:0b:6e:f3:ac:20:f3:a1:d3:6d:4b:15:2b:
         54:0e:20:a6:bc:0c:20:f9:db:70:4f:9d:48:45:51:14:c0:3d:
         35:6d:5f:85:1f:61:38:1c:09:dc:19:6f:71:b2:71:a7:52:2e:
         60:b0:d6:34
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ61U9kvG3ZLQCsVoJAkfdsGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmOTlkMjNjODI3MjlhODA0OWU3NTY1Nzc1YTg2NGJjM2Fh
MjgyZWYwHhcNMjYwNjExMDYxNzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWYzMmI5MzAyZTllZTEwMzA1OTUxMWUwMDEwMjQxNzI2OWVkYjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiwD+QIh0bDV+889tuwXOpLkPaseN
FSF5Ov4/6UxwoN71ICyTfd87DMHPFQZSWw0gnddNOXzn7VAzqnkhDeJkv9PfYSKb
/slun3lgXcyxdCOe5WTyI+ddgojQIBT28VUnQYYJX/SBdZo9JvErqzbl77mQ1rVQ
50nw6AFV+HMCgTRvn2K2x+eaA8OomHElwqJZ5TONV/iTWF6vBVlD76it+1w2/uiH
6S1iIEjkiGXt7EQLzBHJigFMima7BcpK8ZoSsshYt21m/F3892hM6F/ICU4HKKz+
y+w01deHiLxa4yWqHJsrScLiP/PTr5+KI0/EnKKaX61whtxCAdL2ulMP4wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJXzK5MC6e4QMFlRHgAQJBcmnttIMB8GA1UdIwQY
MBaAFL+Z0jyCcpqASedWV3WoZLw6ooLvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjVuU1BJSnltb0JKNTFaWGRhaGt2RHFpZ3U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8yYWQ1M2EtZjExOC00YTg4LThjMmYt
OTg3MDg2Y2NhYjg0LzEvbGZNcmt3THA3aEF3V1ZFZUFCQWtGeWFlMjBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8yYWQ1M2EtZjExOC00YTg4LThjMmYtOTg3MDg2Y2NhYjg0
LzEvdjVuU1BJSnltb0JKNTFaWGRhaGt2RHFpZ3U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuYY8AwQB
uYY+MA0GCSqGSIb3DQEBCwUAA4IBAQAGc368XcYJyyOQKUNgaMAjfwcsycbHxQkH
nBaJXriZ6lhHBhYMtD8E7obaVo8GMosgwU/KNZ5LvLWlJxfKQWU+dOU/+yqlLxJ2
NhgeNVKEj+Sto+iCRnMvuhOwmdjImmMh6/XeZdhm1XpU8UEjGGbOKQbWPqvhJOG5
wMnM5YYtKjd0qV5Ujo9msQEYLWYq5se9vLIXtzDMSOLoV9daA6EJl3NAoqfhitJH
5Flv0wFs/DEYSOFTWV2znVdSjATQg2qoMUvn016YEsQ4Db8LbvOsIPOh021LFStU
DiCmvAwg+dtwT51IRVEUwD01bV+FH2E4HAncGW9xsnGnUi5gsNY0
-----END CERTIFICATE-----