Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/97ccab-d0c8-42e8-8725-a586b07add72/1/JVvCSDu8rrifYpO5MIC8vy1zrds.roa
File:                     JVvCSDu8rrifYpO5MIC8vy1zrds.roa (raw, json)
Hash identifier:          okxALFImBayqCq+MjZ+88HtUfnizSp2j3P1VuBRZTtY=
Subject key identifier:   25:5B:C2:48:3B:BC:AE:B8:9F:62:93:B9:30:80:BC:BF:2D:73:AD:DB
Certificate issuer:       /CN=625b5cf9e29912448cbbbc86d20561899cdb104d
Certificate serial:       019ECCB270D8E38DD3E93EC2BA4360378237
Authority key identifier: 62:5B:5C:F9:E2:99:12:44:8C:BB:BC:86:D2:05:61:89:9C:DB:10:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yltc-eKZEkSMu7yG0gVhiZzbEE0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/97ccab-d0c8-42e8-8725-a586b07add72/1/JVvCSDu8rrifYpO5MIC8vy1zrds.roa
Signing time:             Mon 15 Jun 2026 19:11:46 +0000
ROA not before:           Mon 15 Jun 2026 19:11:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49173
IP address blocks:        185.141.240.0/22 maxlen: 22
                          185.141.242.0/24 maxlen: 24
                          194.146.28.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/97ccab-d0c8-42e8-8725-a586b07add72/1/Yltc-eKZEkSMu7yG0gVhiZzbEE0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/97ccab-d0c8-42e8-8725-a586b07add72/1/Yltc-eKZEkSMu7yG0gVhiZzbEE0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yltc-eKZEkSMu7yG0gVhiZzbEE0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 23:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:cc:b2:70:d8:e3:8d:d3:e9:3e:c2:ba:43:60:37:82:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=625b5cf9e29912448cbbbc86d20561899cdb104d
        Validity
            Not Before: Jun 15 19:11:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=255bc2483bbcaeb89f6293b93080bcbf2d73addb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:56:ff:eb:bb:b3:e4:da:1d:85:13:ce:11:db:
                    32:51:e9:b9:1a:37:e1:f9:6d:bf:64:29:cd:7a:70:
                    74:22:26:16:d9:cd:71:6c:5a:1e:7b:f3:65:2f:6b:
                    09:be:db:a3:ce:e9:60:2a:db:81:fb:da:0b:bf:1f:
                    34:69:c8:e4:c3:b0:74:80:5c:39:57:85:bb:ef:22:
                    00:c8:f9:5e:09:50:49:59:8b:65:da:75:ab:55:63:
                    80:13:6a:81:8f:41:5b:ad:52:ee:15:ac:11:22:fc:
                    7d:de:61:76:66:1c:ea:3a:46:c6:fa:00:ac:c4:1b:
                    2a:a1:08:e4:7e:2a:05:68:95:36:a2:f6:9f:86:34:
                    48:1a:2e:19:b3:9b:ef:f4:ce:ce:dc:05:fa:7e:57:
                    18:ab:9f:1c:8d:e4:17:2b:1e:50:e1:4b:a6:0b:87:
                    ea:11:6e:2b:0a:18:e3:a6:63:28:a9:20:89:b5:8e:
                    d3:6c:e6:90:c8:48:92:ec:dc:05:e9:1c:d6:fb:5f:
                    fc:c8:71:a3:07:53:4a:0a:ff:8d:1b:9d:ac:9f:81:
                    04:85:fd:47:37:1c:b7:fa:18:c5:b6:8c:cd:bb:b8:
                    29:21:a0:9c:6f:44:8f:14:6c:3c:b8:14:93:23:ed:
                    44:ff:a9:f8:50:1f:1e:31:80:ff:e9:ad:e8:c5:d2:
                    60:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:5B:C2:48:3B:BC:AE:B8:9F:62:93:B9:30:80:BC:BF:2D:73:AD:DB
            X509v3 Authority Key Identifier:
                keyid:62:5B:5C:F9:E2:99:12:44:8C:BB:BC:86:D2:05:61:89:9C:DB:10:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yltc-eKZEkSMu7yG0gVhiZzbEE0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/97ccab-d0c8-42e8-8725-a586b07add72/1/JVvCSDu8rrifYpO5MIC8vy1zrds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/97ccab-d0c8-42e8-8725-a586b07add72/1/Yltc-eKZEkSMu7yG0gVhiZzbEE0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.240.0/22
                  194.146.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:41:2e:42:81:15:64:45:ef:f4:1c:5f:47:09:96:b5:48:4f:
         3b:e3:9c:0f:8f:52:b0:31:6e:c7:24:6d:fc:70:c6:4f:d6:13:
         97:68:31:9d:da:9d:68:df:3a:bb:f1:37:e8:ac:55:48:c8:88:
         7d:9a:07:7c:7f:0b:03:5a:0d:41:2d:36:7c:47:ec:20:8e:bc:
         36:86:13:9b:5a:14:de:66:96:55:02:2f:7e:5d:38:50:c5:bf:
         4a:05:9e:7c:ee:f1:d7:5b:42:cb:84:8b:da:f3:f7:34:6a:b4:
         75:8b:91:a7:50:17:d9:73:2b:67:c0:ac:95:0a:fd:bb:b8:24:
         f1:cd:1f:cc:86:9d:30:b9:a1:38:9c:7c:66:08:ae:0e:29:47:
         44:f4:1e:ee:2c:45:d1:5f:67:e5:27:2e:1b:4d:00:11:9f:9c:
         12:85:35:5f:98:ed:56:f2:2e:1f:04:b6:6a:ab:12:50:26:88:
         bb:b1:76:3c:70:31:98:35:40:59:8f:ba:45:e9:43:ae:07:6c:
         6e:22:d6:ea:27:1f:cf:c7:ea:f1:a1:97:1e:22:60:99:7e:b8:
         b7:c6:0f:92:1b:51:d0:ef:c1:69:f0:b2:c4:e3:92:7a:8c:f6:
         c2:a7:fb:ae:d2:c7:77:c4:11:e9:12:af:8c:37:02:64:2a:3e:
         63:d9:36:c7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ7MsnDY443T6T7CukNgN4I3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNWI1Y2Y5ZTI5OTEyNDQ4Y2JiYmM4NmQyMDU2MTg5OWNk
YjEwNGQwHhcNMjYwNjE1MTkxMTQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTViYzI0ODNiYmNhZWI4OWY2MjkzYjkzMDgwYmNiZjJkNzNhZGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Fb/67uz5NodhRPOEdsyUem5Gjfh
+W2/ZCnNenB0IiYW2c1xbFoee/NlL2sJvtujzulgKtuB+9oLvx80acjkw7B0gFw5
V4W77yIAyPleCVBJWYtl2nWrVWOAE2qBj0FbrVLuFawRIvx93mF2ZhzqOkbG+gCs
xBsqoQjkfioFaJU2ovafhjRIGi4Zs5vv9M7O3AX6flcYq58cjeQXKx5Q4UumC4fq
EW4rChjjpmMoqSCJtY7TbOaQyEiS7NwF6RzW+1/8yHGjB1NKCv+NG52sn4EEhf1H
Nxy3+hjFtozNu7gpIaCcb0SPFGw8uBSTI+1E/6n4UB8eMYD/6a3oxdJgZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCVbwkg7vK64n2KTuTCAvL8tc63bMB8GA1UdIwQY
MBaAFGJbXPnimRJEjLu8htIFYYmc2xBNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWx0Yy1lS1pFa1NNdTd5RzBnVmhpWnpiRUUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy85N2NjYWItZDBjOC00MmU4LTg3MjUt
YTU4NmIwN2FkZDcyLzEvSlZ2Q1NEdThycmlmWXBPNU1JQzh2eTF6cmRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy85N2NjYWItZDBjOC00MmU4LTg3MjUtYTU4NmIwN2FkZDcy
LzEvWWx0Yy1lS1pFa1NNdTd5RzBnVmhpWnpiRUUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuY3wAwQC
wpIcMA0GCSqGSIb3DQEBCwUAA4IBAQCKQS5CgRVkRe/0HF9HCZa1SE8745wPj1Kw
MW7HJG38cMZP1hOXaDGd2p1o3zq78TforFVIyIh9mgd8fwsDWg1BLTZ8R+wgjrw2
hhObWhTeZpZVAi9+XThQxb9KBZ587vHXW0LLhIva8/c0arR1i5GnUBfZcytnwKyV
Cv27uCTxzR/Mhp0wuaE4nHxmCK4OKUdE9B7uLEXRX2flJy4bTQARn5wShTVfmO1W
8i4fBLZqqxJQJoi7sXY8cDGYNUBZj7pF6UOuB2xuItbqJx/Px+rxoZceImCZfri3
xg+SG1HQ78Fp8LLE45J6jPbCp/uu0sd3xBHpEq+MNwJkKj5j2TbH
-----END CERTIFICATE-----
Generated at Wed Jul 1 07:25:45 2026 by rpki-client