Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/gzKN-Mo5knrKz9KM74jFZ9dlF2w.roa
File:                     gzKN-Mo5knrKz9KM74jFZ9dlF2w.roa (raw, json)
Hash identifier:          +L35sIGbuvmHZDmJc92yZksqx4UM+pv+alQMiGyh2B4=
Subject key identifier:   83:32:8D:F8:CA:39:92:7A:CA:CF:D2:8C:EF:88:C5:67:D7:65:17:6C
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019E4A22373BC60865E8B3A01F6FF60E7D57
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/gzKN-Mo5knrKz9KM74jFZ9dlF2w.roa
Signing time:             Thu 21 May 2026 10:43:36 +0000
ROA not before:           Thu 21 May 2026 10:43:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     64457
IP address blocks:        185.224.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 May 2026 17:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4a:22:37:3b:c6:08:65:e8:b3:a0:1f:6f:f6:0e:7d:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: May 21 10:43:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=83328df8ca39927acacfd28cef88c567d765176c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:52:ff:86:de:02:e1:79:5e:e9:64:61:39:45:
                    46:29:7f:c0:cc:0a:2a:36:4a:dc:ef:53:1b:da:8c:
                    31:0d:5e:b4:24:b7:e8:a0:d6:7e:ac:ca:03:b1:56:
                    dc:16:99:68:e1:60:1d:92:a2:44:0e:70:a2:36:42:
                    93:bc:6e:8d:c4:eb:51:1c:3d:d2:92:f4:c3:73:0b:
                    3b:6f:bb:8b:ff:fb:c3:83:a5:32:88:54:d8:a4:87:
                    35:5a:83:a4:7e:af:71:fb:04:78:a8:9f:b6:8f:dc:
                    d7:ee:73:a6:6a:f7:d9:94:44:54:51:b4:9e:08:8d:
                    41:db:64:b0:f8:c0:04:58:33:ed:01:32:4e:dd:3b:
                    b9:98:7f:7b:cb:df:64:c5:05:92:a0:4e:19:76:67:
                    5b:9b:98:5d:d3:64:13:ad:db:be:a1:ed:81:22:95:
                    ee:94:f7:79:91:89:49:29:d0:d5:a6:40:76:16:7a:
                    ec:8b:4e:0c:aa:10:27:2a:83:3e:ed:d0:02:db:02:
                    f1:09:59:00:3f:65:21:29:b2:c7:79:af:10:bc:19:
                    5a:a6:02:a2:f0:22:ee:b7:57:da:81:e5:89:b6:f5:
                    47:1e:15:2f:77:9d:08:e7:2a:5b:c8:23:9a:5a:e0:
                    cf:8b:8d:9a:48:21:d2:3c:d8:16:c4:c0:94:23:63:
                    10:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:32:8D:F8:CA:39:92:7A:CA:CF:D2:8C:EF:88:C5:67:D7:65:17:6C
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/gzKN-Mo5knrKz9KM74jFZ9dlF2w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d7:0d:84:a2:bf:7c:63:01:c4:72:50:62:0e:c5:6f:08:37:8e:
         d2:0e:fa:27:b9:59:05:d8:07:4a:4c:4c:17:83:0f:0f:24:53:
         e7:d5:9f:fd:1e:1a:12:bb:25:fa:8b:35:fa:d2:06:fc:60:6f:
         80:cf:f2:e9:71:f3:12:9f:1a:a1:73:21:9c:53:ff:af:7e:5a:
         60:77:54:57:86:ba:1b:3e:68:ed:29:3f:41:2e:7c:f3:90:6b:
         d2:47:9f:42:6d:19:14:c1:42:7b:29:ae:03:72:ba:e2:13:a3:
         92:1f:c0:d8:af:89:1b:be:36:8e:05:1d:85:54:fb:01:39:e9:
         de:d4:f2:fb:fc:b5:78:f3:72:a0:eb:40:16:2d:5a:b8:c2:f4:
         0b:1b:5b:bf:c6:aa:46:89:dc:01:69:a6:cb:76:49:81:d7:fb:
         22:29:29:76:07:ed:ed:c0:57:b7:bc:83:da:c4:75:cb:38:51:
         d0:73:5f:8e:6f:d9:29:ae:36:90:40:81:6d:ea:b0:55:47:7f:
         04:06:99:86:e8:f0:8f:3e:e6:db:94:70:3c:3c:9a:2a:e0:06:
         f7:f1:96:ad:5f:2f:87:5e:f0:07:0c:c3:b2:b4:87:0a:5c:4c:
         1d:20:bf:ba:e1:e1:f9:ef:dd:95:82:f8:fa:62:b6:48:f6:c8:
         22:7b:0b:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5KIjc7xghl6LOgH2/2Dn1XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjYwNTIxMTA0MzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzMyOGRmOGNhMzk5MjdhY2FjZmQyOGNlZjg4YzU2N2Q3NjUxNzZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1L/ht4C4Xle6WRhOUVGKX/AzAoq
Nkrc71Mb2owxDV60JLfooNZ+rMoDsVbcFplo4WAdkqJEDnCiNkKTvG6NxOtRHD3S
kvTDcws7b7uL//vDg6UyiFTYpIc1WoOkfq9x+wR4qJ+2j9zX7nOmavfZlERUUbSe
CI1B22Sw+MAEWDPtATJO3Tu5mH97y99kxQWSoE4Zdmdbm5hd02QTrdu+oe2BIpXu
lPd5kYlJKdDVpkB2Fnrsi04MqhAnKoM+7dAC2wLxCVkAP2UhKbLHea8QvBlapgKi
8CLut1fageWJtvVHHhUvd50I5ypbyCOaWuDPi42aSCHSPNgWxMCUI2MQtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIMyjfjKOZJ6ys/SjO+IxWfXZRdsMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvZ3pLTi1NbzVrbnJLejlLTTc0akZaOWRsRjJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueADMA0G
CSqGSIb3DQEBCwUAA4IBAQDXDYSiv3xjAcRyUGIOxW8IN47SDvonuVkF2AdKTEwX
gw8PJFPn1Z/9HhoSuyX6izX60gb8YG+Az/LpcfMSnxqhcyGcU/+vflpgd1RXhrob
PmjtKT9BLnzzkGvSR59CbRkUwUJ7Ka4DcrriE6OSH8DYr4kbvjaOBR2FVPsBOene
1PL7/LV483Kg60AWLVq4wvQLG1u/xqpGidwBaabLdkmB1/siKSl2B+3twFe3vIPa
xHXLOFHQc1+Ob9kprjaQQIFt6rBVR38EBpmG6PCPPubblHA8PJoq4Ab38ZatXy+H
XvAHDMOytIcKXEwdIL+64eH5792Vgvj6YrZI9sgiewv9
-----END CERTIFICATE-----