Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/o_KgOnMxvvekvBuPyEEYSnKNWEc.roa
File:                     o_KgOnMxvvekvBuPyEEYSnKNWEc.roa (raw, json)
Hash identifier:          mk2PcWlp1oVsxXXBvuzmUNaWlANp8uf/qu/yWtEPDuk=
Subject key identifier:   A3:F2:A0:3A:73:31:BE:F7:A4:BC:1B:8F:C8:41:18:4A:72:8D:58:47
Certificate issuer:       /CN=a5c6373eab19cf43dd2f43111398383ee2bad030
Certificate serial:       019EA77BD1C8B6E46BA2FCA9142EFC362314
Authority key identifier: A5:C6:37:3E:AB:19:CF:43:DD:2F:43:11:13:98:38:3E:E2:BA:D0:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pcY3PqsZz0PdL0MRE5g4PuK60DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/o_KgOnMxvvekvBuPyEEYSnKNWEc.roa
Signing time:             Mon 08 Jun 2026 13:46:10 +0000
ROA not before:           Mon 08 Jun 2026 13:46:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        185.228.1.0/24 maxlen: 24
                          185.228.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/pcY3PqsZz0PdL0MRE5g4PuK60DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/pcY3PqsZz0PdL0MRE5g4PuK60DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pcY3PqsZz0PdL0MRE5g4PuK60DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a7:7b:d1:c8:b6:e4:6b:a2:fc:a9:14:2e:fc:36:23:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5c6373eab19cf43dd2f43111398383ee2bad030
        Validity
            Not Before: Jun  8 13:46:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a3f2a03a7331bef7a4bc1b8fc841184a728d5847
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:22:04:7e:5b:11:37:24:e6:83:61:51:9d:95:
                    5b:f1:e2:91:51:cd:68:77:1d:a0:82:3c:70:8f:bc:
                    4f:9d:3c:09:2a:59:f9:7f:17:fd:ae:76:0a:19:b6:
                    5d:30:6c:bd:7b:bf:d7:c9:a5:a4:a8:7d:29:fe:e2:
                    48:00:39:1f:cb:85:77:a2:c8:57:aa:0f:04:a2:3a:
                    12:a2:60:d1:6b:db:e1:58:7d:3a:88:ea:f4:05:76:
                    4d:a5:13:f5:b8:f6:cc:6d:24:68:77:a9:ae:c5:f0:
                    1e:bd:0e:18:cd:28:cb:c3:40:34:2e:9d:5c:3f:fc:
                    70:69:c3:dc:3a:59:65:b0:a7:ba:eb:28:03:e1:ab:
                    6f:c7:0b:b2:1b:c7:46:f5:15:b1:1a:f1:54:e5:ee:
                    9e:b1:cf:6e:10:89:48:30:86:9c:58:97:b3:33:d9:
                    cc:57:b3:83:fe:d2:f2:dc:ea:e4:a7:d6:6c:12:01:
                    00:c1:3e:3b:da:02:4d:2b:7f:ee:4e:a2:a7:a5:d0:
                    db:54:9b:ec:c1:53:99:d3:d8:9f:f9:39:b7:f4:8f:
                    03:52:01:b4:7e:5f:cc:d9:87:61:f0:61:ad:78:e5:
                    d0:7e:eb:89:c0:dd:a5:9a:8f:b4:e2:d6:ca:c3:04:
                    d2:be:70:0a:4f:94:1e:e2:d8:f3:a9:ae:a5:6b:c1:
                    b7:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:F2:A0:3A:73:31:BE:F7:A4:BC:1B:8F:C8:41:18:4A:72:8D:58:47
            X509v3 Authority Key Identifier:
                keyid:A5:C6:37:3E:AB:19:CF:43:DD:2F:43:11:13:98:38:3E:E2:BA:D0:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pcY3PqsZz0PdL0MRE5g4PuK60DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/o_KgOnMxvvekvBuPyEEYSnKNWEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/pcY3PqsZz0PdL0MRE5g4PuK60DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.1.0-185.228.2.255

    Signature Algorithm: sha256WithRSAEncryption
         5c:e7:de:13:7b:2d:97:64:fa:17:cc:2b:01:0a:dd:e8:ff:d5:
         da:0a:70:e1:56:c5:da:d1:a0:a7:ab:0d:90:45:09:4b:a9:dd:
         4c:7a:7d:f8:63:cc:4b:f5:69:9d:5e:1d:96:17:2b:28:32:e7:
         fc:da:ec:47:9c:d9:37:53:c0:26:21:56:84:fa:23:1f:ba:51:
         9d:d2:ef:d5:7b:c4:64:9e:45:85:1f:a8:e6:80:27:58:2f:66:
         52:ed:e5:75:d9:91:37:97:23:91:c5:30:5c:67:54:b8:70:08:
         10:39:cc:7a:2b:ec:10:44:19:4e:b8:28:fb:df:2f:4e:e8:09:
         81:68:67:fb:84:d7:78:21:0d:f0:80:bf:8c:24:51:c6:a7:bd:
         65:29:9d:80:da:23:13:ed:72:68:74:ee:89:7d:68:62:49:41:
         79:58:c7:63:52:a3:63:bb:bd:93:b1:ce:8d:c9:3b:8d:9a:1c:
         5c:3e:8f:3d:aa:85:2a:b9:f8:45:18:97:19:e0:d2:3a:cb:3f:
         c1:c5:80:a2:8c:49:88:e8:1b:98:1a:bd:48:94:70:39:64:39:
         48:df:25:77:c8:bc:e6:0c:8a:a0:90:5e:03:77:ff:6a:97:5d:
         2c:14:35:d4:20:fe:66:f8:89:11:fb:c1:99:b4:bb:ea:c4:40:
         07:e0:c6:92
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ6ne9HItuRrovypFC78NiMUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YzYzNzNlYWIxOWNmNDNkZDJmNDMxMTEzOTgzODNlZTJi
YWQwMzAwHhcNMjYwNjA4MTM0NjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2YyYTAzYTczMzFiZWY3YTRiYzFiOGZjODQxMTg0YTcyOGQ1ODQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiiIEflsRNyTmg2FRnZVb8eKRUc1o
dx2ggjxwj7xPnTwJKln5fxf9rnYKGbZdMGy9e7/XyaWkqH0p/uJIADkfy4V3oshX
qg8EojoSomDRa9vhWH06iOr0BXZNpRP1uPbMbSRod6muxfAevQ4YzSjLw0A0Lp1c
P/xwacPcOlllsKe66ygD4atvxwuyG8dG9RWxGvFU5e6esc9uEIlIMIacWJezM9nM
V7OD/tLy3Orkp9ZsEgEAwT472gJNK3/uTqKnpdDbVJvswVOZ09if+Tm39I8DUgG0
fl/M2Ydh8GGteOXQfuuJwN2lmo+04tbKwwTSvnAKT5Qe4tjzqa6la8G3mQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKPyoDpzMb73pLwbj8hBGEpyjVhHMB8GA1UdIwQY
MBaAFKXGNz6rGc9D3S9DEROYOD7iutAwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGNZM1Bxc1p6MFBkTDBNUkU1ZzRQdUs2MERBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9mMGY1ZTMtNjA1MC00ZTJkLWE0ZWEt
YTRlYTBhNjNmNzY2LzEvb19LZ09uTXh2dmVrdkJ1UHlFRVlTbktOV0VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9mMGY1ZTMtNjA1MC00ZTJkLWE0ZWEtYTRlYTBhNjNmNzY2
LzEvcGNZM1Bxc1p6MFBkTDBNUkU1ZzRQdUs2MERBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC55AED
BAC55AIwDQYJKoZIhvcNAQELBQADggEBAFzn3hN7LZdk+hfMKwEK3ej/1doKcOFW
xdrRoKerDZBFCUup3Ux6ffhjzEv1aZ1eHZYXKygy5/za7Eec2TdTwCYhVoT6Ix+6
UZ3S79V7xGSeRYUfqOaAJ1gvZlLt5XXZkTeXI5HFMFxnVLhwCBA5zHor7BBEGU64
KPvfL07oCYFoZ/uE13ghDfCAv4wkUcanvWUpnYDaIxPtcmh07ol9aGJJQXlYx2NS
o2O7vZOxzo3JO42aHFw+jz2qhSq5+EUYlxng0jrLP8HFgKKMSYjoG5gavUiUcDlk
OUjfJXfIvOYMiqCQXgN3/2qXXSwUNdQg/mb4iRH7wZm0u+rEQAfgxpI=
-----END CERTIFICATE-----