Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/433edf-aaf8-4669-877c-e3781d8fe74c/1/N3KHZV88RwdfoPL8Ok2sRVd1Z6c.roa
File:                     N3KHZV88RwdfoPL8Ok2sRVd1Z6c.roa (raw, json)
Hash identifier:          cQ6zVrGrgsrgW+oT5wOSgpj/HVvWjL2jCcXlnM4d28I=
Subject key identifier:   37:72:87:65:5F:3C:47:07:5F:A0:F2:FC:3A:4D:AC:45:57:75:67:A7
Certificate issuer:       /CN=6135c1f7b7140c872e7f3ff3462b4edc631d7674
Certificate serial:       019CB7DCF65975446079E7670F59E02FC9E1
Authority key identifier: 61:35:C1:F7:B7:14:0C:87:2E:7F:3F:F3:46:2B:4E:DC:63:1D:76:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YTXB97cUDIcufz_zRitO3GMddnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/433edf-aaf8-4669-877c-e3781d8fe74c/1/N3KHZV88RwdfoPL8Ok2sRVd1Z6c.roa
Signing time:             Wed 04 Mar 2026 08:00:37 +0000
ROA not before:           Wed 04 Mar 2026 08:00:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202984
IP address blocks:        185.231.244.0/24 maxlen: 24
                          185.231.245.0/24 maxlen: 24
                          185.231.246.0/23 maxlen: 23
                          194.147.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/433edf-aaf8-4669-877c-e3781d8fe74c/1/YTXB97cUDIcufz_zRitO3GMddnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/433edf-aaf8-4669-877c-e3781d8fe74c/1/YTXB97cUDIcufz_zRitO3GMddnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YTXB97cUDIcufz_zRitO3GMddnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 14:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b7:dc:f6:59:75:44:60:79:e7:67:0f:59:e0:2f:c9:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6135c1f7b7140c872e7f3ff3462b4edc631d7674
        Validity
            Not Before: Mar  4 08:00:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=377287655f3c47075fa0f2fc3a4dac45577567a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:7c:eb:d2:ea:b8:55:43:b6:c7:0d:0e:49:b9:
                    e3:bf:c9:18:de:f2:d7:36:8e:61:db:60:d3:0b:8e:
                    49:78:c1:a4:fb:5f:ea:c9:4b:10:b7:f0:8c:26:e2:
                    df:af:8b:ba:8c:be:6f:7f:db:96:8b:0b:4b:13:15:
                    e7:27:5b:b9:75:41:e7:fb:e1:09:49:04:91:1f:55:
                    8b:52:51:ed:90:28:c7:dd:c6:21:f3:32:b0:49:9f:
                    e6:43:70:1a:84:c8:24:2a:b8:ae:5b:5d:00:f2:9e:
                    c2:85:e0:31:4e:bc:ba:cf:02:d3:c5:e5:cc:b8:c3:
                    9a:bb:69:c8:8c:46:5d:32:ad:6a:ff:9e:f5:9e:94:
                    3f:ef:41:75:a7:57:fc:e4:78:71:7f:90:87:85:93:
                    67:63:ca:83:2e:83:5e:78:c2:a6:e0:4e:ae:ab:a9:
                    a9:45:d3:4f:3d:51:9a:c3:bb:59:a4:a4:4a:ef:ff:
                    82:e9:96:c2:af:c4:7f:7e:7b:ab:c6:89:80:ff:31:
                    17:17:55:b9:94:e0:42:63:87:f4:7b:07:33:ba:fc:
                    f7:91:3f:27:aa:6c:1b:21:f0:bc:c0:84:0c:b3:8a:
                    73:8c:d6:09:83:d5:88:06:de:24:e5:e6:18:a9:1e:
                    50:91:b2:23:4d:fa:bf:0c:f1:ac:73:64:ea:7d:c4:
                    79:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:72:87:65:5F:3C:47:07:5F:A0:F2:FC:3A:4D:AC:45:57:75:67:A7
            X509v3 Authority Key Identifier:
                keyid:61:35:C1:F7:B7:14:0C:87:2E:7F:3F:F3:46:2B:4E:DC:63:1D:76:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YTXB97cUDIcufz_zRitO3GMddnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/433edf-aaf8-4669-877c-e3781d8fe74c/1/N3KHZV88RwdfoPL8Ok2sRVd1Z6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/433edf-aaf8-4669-877c-e3781d8fe74c/1/YTXB97cUDIcufz_zRitO3GMddnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.244.0/22
                  194.147.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:55:2a:29:e4:c5:34:ce:2b:8d:d9:e6:94:88:dd:99:7c:53:
         e6:39:5c:f2:a6:2f:ae:9f:00:5a:97:36:06:c5:10:6f:43:87:
         a8:46:47:4d:1f:e1:48:db:02:94:69:01:0c:b6:7b:26:ee:25:
         25:7c:07:23:83:ff:29:86:0e:a6:bc:b5:de:3c:bf:23:b0:ce:
         2a:68:e5:34:7f:fc:c0:f1:dd:47:67:1b:1e:ba:46:cd:63:e4:
         6b:de:f0:53:c4:bf:1c:51:97:7a:5d:65:3d:f7:d4:30:7e:6d:
         16:d2:60:f6:a9:c5:73:3f:c2:ca:b1:a4:fd:3b:92:7f:24:29:
         cb:15:a8:34:03:ab:b7:3b:3e:87:68:12:79:d2:21:2b:a3:3a:
         42:17:72:72:64:fd:57:4d:26:86:b9:09:d3:7c:95:96:51:52:
         11:24:63:b1:0a:4f:69:e4:b0:6b:12:3b:fa:ad:86:dd:7b:44:
         6e:73:1e:3f:88:d2:b8:6c:c8:94:9c:b7:fa:e2:34:1a:ca:09:
         8b:1e:3a:62:d6:b3:be:cd:4b:da:1a:7f:d3:9e:d0:4b:d8:fd:
         15:f8:55:02:cc:70:47:6f:dd:1c:59:ad:55:fe:10:62:36:8d:
         1e:46:fd:bd:48:2a:7c:42:a2:68:55:c6:e4:d7:ac:fd:f9:6f:
         72:95:e3:92
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZy33PZZdURgeednD1ngL8nhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxMzVjMWY3YjcxNDBjODcyZTdmM2ZmMzQ2MmI0ZWRjNjMx
ZDc2NzQwHhcNMjYwMzA0MDgwMDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzcyODc2NTVmM2M0NzA3NWZhMGYyZmMzYTRkYWM0NTU3NzU2N2E3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnzr0uq4VUO2xw0OSbnjv8kY3vLX
No5h22DTC45JeMGk+1/qyUsQt/CMJuLfr4u6jL5vf9uWiwtLExXnJ1u5dUHn++EJ
SQSRH1WLUlHtkCjH3cYh8zKwSZ/mQ3AahMgkKriuW10A8p7CheAxTry6zwLTxeXM
uMOau2nIjEZdMq1q/571npQ/70F1p1f85Hhxf5CHhZNnY8qDLoNeeMKm4E6uq6mp
RdNPPVGaw7tZpKRK7/+C6ZbCr8R/fnurxomA/zEXF1W5lOBCY4f0ewczuvz3kT8n
qmwbIfC8wIQMs4pzjNYJg9WIBt4k5eYYqR5QkbIjTfq/DPGsc2TqfcR5zQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDdyh2VfPEcHX6Dy/DpNrEVXdWenMB8GA1UdIwQY
MBaAFGE1wfe3FAyHLn8/80YrTtxjHXZ0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVRYQjk3Y1VESWN1ZnpfelJpdE8zR01kZG5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS80MzNlZGYtYWFmOC00NjY5LTg3N2Mt
ZTM3ODFkOGZlNzRjLzEvTjNLSFpWODhSd2Rmb1BMOE9rMnNSVmQxWjZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS80MzNlZGYtYWFmOC00NjY5LTg3N2MtZTM3ODFkOGZlNzRj
LzEvWVRYQjk3Y1VESWN1ZnpfelJpdE8zR01kZG5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuef0AwQA
wpNyMA0GCSqGSIb3DQEBCwUAA4IBAQDFVSop5MU0ziuN2eaUiN2ZfFPmOVzypi+u
nwBalzYGxRBvQ4eoRkdNH+FI2wKUaQEMtnsm7iUlfAcjg/8phg6mvLXePL8jsM4q
aOU0f/zA8d1HZxseukbNY+Rr3vBTxL8cUZd6XWU999Qwfm0W0mD2qcVzP8LKsaT9
O5J/JCnLFag0A6u3Oz6HaBJ50iErozpCF3JyZP1XTSaGuQnTfJWWUVIRJGOxCk9p
5LBrEjv6rYbde0Rucx4/iNK4bMiUnLf64jQaygmLHjpi1rO+zUvaGn/TntBL2P0V
+FUCzHBHb90cWa1V/hBiNo0eRv29SCp8QqJoVcbk16z9+W9yleOS
-----END CERTIFICATE-----