Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/jKMbEYpcNPxKWCIMI-LubBs0DH0.roa
File:                     jKMbEYpcNPxKWCIMI-LubBs0DH0.roa (raw, json)
Hash identifier:          MYW0L6JQHwowkFpc6oaF9/EWozaJk4IrXDYZ8vBuxfM=
Subject key identifier:   8C:A3:1B:11:8A:5C:34:FC:4A:58:22:0C:23:E2:EE:6C:1B:34:0C:7D
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       019DF6D8B139767303920EA10699FD64E1FD
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/jKMbEYpcNPxKWCIMI-LubBs0DH0.roa
Signing time:             Tue 05 May 2026 06:34:49 +0000
ROA not before:           Tue 05 May 2026 06:34:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49592
IP address blocks:        195.3.144.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 May 2026 15:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f6:d8:b1:39:76:73:03:92:0e:a1:06:99:fd:64:e1:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: May  5 06:34:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8ca31b118a5c34fc4a58220c23e2ee6c1b340c7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:5f:2d:1b:70:76:b8:88:19:fd:51:e3:97:ea:
                    fc:c7:bd:c6:4c:2a:14:eb:1c:56:e4:44:52:fe:11:
                    fd:75:fe:fb:1b:df:7a:3c:fa:78:4e:a3:bd:9d:c4:
                    80:b9:66:82:ca:c1:7f:17:ef:e1:29:f4:f3:10:ae:
                    01:6a:21:fe:2b:b4:c6:e5:07:b5:2c:92:a8:9b:a3:
                    b5:e5:60:30:a5:4e:50:f7:70:55:18:32:9e:78:0e:
                    33:82:b9:bb:1d:59:d7:8b:de:0d:a4:41:fe:8d:51:
                    3b:9a:32:80:f1:b1:b5:ed:f0:0a:ae:e0:cd:54:b0:
                    61:c0:ea:6a:48:1e:8e:fd:26:9b:6b:81:8f:cb:ce:
                    a9:4e:9c:64:5e:bc:e7:3f:10:56:55:b9:c0:60:db:
                    f3:85:aa:7e:11:97:13:db:a9:60:2b:b4:4b:07:c7:
                    49:f2:a5:5d:07:33:77:b9:0a:c0:ca:4d:ca:ce:3c:
                    b4:8a:4b:80:22:de:1c:29:e4:c5:8b:65:8e:87:83:
                    01:73:4d:6a:49:1e:b1:a9:43:0b:e8:1a:31:44:fb:
                    6b:a9:7b:01:9a:87:93:c8:e8:da:1a:6d:b1:33:8d:
                    99:75:6b:e7:39:6b:10:53:bf:03:7c:97:a8:b1:12:
                    b2:59:30:b1:c5:d1:81:77:e5:e5:12:3a:c7:65:d8:
                    a0:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:A3:1B:11:8A:5C:34:FC:4A:58:22:0C:23:E2:EE:6C:1B:34:0C:7D
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/jKMbEYpcNPxKWCIMI-LubBs0DH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.3.144.0/23

    Signature Algorithm: sha256WithRSAEncryption
         25:a7:78:5e:83:7d:a6:6e:f5:bb:a6:72:79:ce:f4:47:f7:ee:
         82:9e:03:c9:76:de:be:58:f2:aa:6c:08:77:d2:bb:3c:14:4c:
         b8:56:4b:bb:fc:4b:22:93:40:76:78:2a:89:88:1c:f4:bf:16:
         ed:58:2d:bb:2b:f2:d9:94:b3:73:f4:16:82:d4:8c:ef:8d:f4:
         8b:e5:6c:82:e8:d2:c9:a5:3e:34:c4:8a:fc:97:14:fc:c4:5f:
         d4:27:33:73:7a:21:f9:3e:31:04:cd:9c:42:31:ea:34:bd:bf:
         2b:dc:a4:42:d6:d9:89:11:5c:59:ff:8f:cc:51:34:3e:64:9f:
         c7:72:38:59:e8:21:51:0e:ac:57:9a:c9:ae:4c:65:76:8c:9a:
         db:6d:2d:a2:f4:48:04:84:b0:b0:d7:b5:8e:ec:6c:4a:39:cc:
         f4:98:74:b2:9b:cc:32:24:5c:a5:49:e8:77:38:c2:b0:02:d2:
         3e:7a:c5:d9:13:79:6c:3c:53:8d:04:fd:85:5d:98:83:82:1d:
         8d:54:83:1d:67:42:d7:c4:96:f4:e9:de:1c:35:aa:7e:da:be:
         36:31:a1:ed:78:70:12:57:96:9e:46:36:c3:36:03:16:38:34:
         72:47:4e:96:85:10:a2:ae:73:8f:a9:99:5a:a3:be:bd:92:af:
         d7:5b:04:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ322LE5dnMDkg6hBpn9ZOH9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjYwNTA1MDYzNDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2EzMWIxMThhNWMzNGZjNGE1ODIyMGMyM2UyZWU2YzFiMzQwYzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAol8tG3B2uIgZ/VHjl+r8x73GTCoU
6xxW5ERS/hH9df77G996PPp4TqO9ncSAuWaCysF/F+/hKfTzEK4BaiH+K7TG5Qe1
LJKom6O15WAwpU5Q93BVGDKeeA4zgrm7HVnXi94NpEH+jVE7mjKA8bG17fAKruDN
VLBhwOpqSB6O/Saba4GPy86pTpxkXrznPxBWVbnAYNvzhap+EZcT26lgK7RLB8dJ
8qVdBzN3uQrAyk3Kzjy0ikuAIt4cKeTFi2WOh4MBc01qSR6xqUML6BoxRPtrqXsB
moeTyOjaGm2xM42ZdWvnOWsQU78DfJeosRKyWTCxxdGBd+XlEjrHZdig1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIyjGxGKXDT8SlgiDCPi7mwbNAx9MB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvaktNYkVZcGNOUHhLV0NJTUktTHViQnMwREgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwwOQMA0G
CSqGSIb3DQEBCwUAA4IBAQAlp3heg32mbvW7pnJ5zvRH9+6CngPJdt6+WPKqbAh3
0rs8FEy4Vku7/Esik0B2eCqJiBz0vxbtWC27K/LZlLNz9BaC1IzvjfSL5WyC6NLJ
pT40xIr8lxT8xF/UJzNzeiH5PjEEzZxCMeo0vb8r3KRC1tmJEVxZ/4/MUTQ+ZJ/H
cjhZ6CFRDqxXmsmuTGV2jJrbbS2i9EgEhLCw17WO7GxKOcz0mHSym8wyJFylSeh3
OMKwAtI+esXZE3lsPFONBP2FXZiDgh2NVIMdZ0LXxJb06d4cNap+2r42MaHteHAS
V5aeRjbDNgMWODRyR06WhRCirnOPqZlao769kq/XWwSo
-----END CERTIFICATE-----