Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/dmOHwgbnoCRhoLg_fFLiu1Y5vZk.roa
File:                     dmOHwgbnoCRhoLg_fFLiu1Y5vZk.roa (raw, json)
Hash identifier:          rfX+Iq8x7mvB73/s7COHDQopmGHF1orAq3S1Gp8T9wg=
Subject key identifier:   76:63:87:C2:06:E7:A0:24:61:A0:B8:3F:7C:52:E2:BB:56:39:BD:99
Certificate issuer:       /CN=22a5d84053e2b0c313af1e3ba5102466a5f79678
Certificate serial:       019EF934E8C249F6406A744FD69B019AF67E
Authority key identifier: 22:A5:D8:40:53:E2:B0:C3:13:AF:1E:3B:A5:10:24:66:A5:F7:96:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IqXYQFPisMMTrx47pRAkZqX3lng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/dmOHwgbnoCRhoLg_fFLiu1Y5vZk.roa
Signing time:             Wed 24 Jun 2026 10:37:34 +0000
ROA not before:           Wed 24 Jun 2026 10:37:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15830
IP address blocks:        137.174.0.0/16 maxlen: 22
                          137.174.128.0/18 maxlen: 22
                          137.174.192.0/19 maxlen: 22
                          141.137.0.0/16 maxlen: 22
                          141.137.232.0/24 maxlen: 24
                          141.137.233.0/24 maxlen: 24
                          147.123.32.0/19 maxlen: 24
                          147.123.128.0/17 maxlen: 22
                          147.123.208.0/21 maxlen: 24
                          155.204.0.0/16 maxlen: 22
                          155.204.119.0/24 maxlen: 24
                          155.204.128.0/18 maxlen: 22
                          155.204.200.0/21 maxlen: 24
                          155.204.208.0/21 maxlen: 21
                          155.204.216.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/IqXYQFPisMMTrx47pRAkZqX3lng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/IqXYQFPisMMTrx47pRAkZqX3lng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IqXYQFPisMMTrx47pRAkZqX3lng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 Jul 2026 15:46:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:f9:34:e8:c2:49:f6:40:6a:74:4f:d6:9b:01:9a:f6:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22a5d84053e2b0c313af1e3ba5102466a5f79678
        Validity
            Not Before: Jun 24 10:37:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=766387c206e7a02461a0b83f7c52e2bb5639bd99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:0e:4b:c9:64:e6:a8:66:a2:05:90:55:f8:9b:
                    75:e3:eb:04:27:5f:3c:23:44:16:15:d0:7c:2f:ac:
                    07:e1:65:ef:97:25:2b:3a:ac:58:b8:f1:d9:b0:ef:
                    40:41:db:fc:eb:c8:db:dc:ae:01:2d:6c:fc:ce:0c:
                    82:6a:bf:fb:16:ff:41:de:eb:7d:fa:e2:9b:01:53:
                    75:aa:18:96:18:1d:e8:33:a5:be:16:a1:3a:4c:5a:
                    ca:ea:a3:2d:1a:db:c3:17:af:dc:a1:39:4e:03:0a:
                    2b:3d:2e:f3:50:eb:a8:6f:31:bb:8c:c8:cd:f8:bd:
                    86:2d:9c:c0:08:cb:43:e4:0c:1f:c0:b8:80:f6:a0:
                    f6:02:66:5c:87:24:18:71:de:55:5d:78:c9:4a:e3:
                    52:44:ba:af:92:bc:07:f9:55:51:e9:d8:41:80:16:
                    ae:3c:51:5f:8e:f9:61:c8:03:59:6b:d2:bb:a0:bf:
                    d9:09:a0:c5:9e:fe:f0:7e:b1:f5:75:84:b1:4d:9a:
                    06:b7:87:3b:6c:89:1b:bf:89:db:92:9c:34:20:70:
                    62:77:d6:6e:3a:ca:33:9a:b5:74:b8:29:11:01:62:
                    01:5d:64:f4:c2:1a:b5:1d:71:5d:62:a4:f8:b5:df:
                    aa:f9:04:01:13:88:e3:52:3d:9c:ff:35:69:f0:05:
                    77:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:63:87:C2:06:E7:A0:24:61:A0:B8:3F:7C:52:E2:BB:56:39:BD:99
            X509v3 Authority Key Identifier:
                keyid:22:A5:D8:40:53:E2:B0:C3:13:AF:1E:3B:A5:10:24:66:A5:F7:96:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IqXYQFPisMMTrx47pRAkZqX3lng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/dmOHwgbnoCRhoLg_fFLiu1Y5vZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/IqXYQFPisMMTrx47pRAkZqX3lng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  137.174.0.0/16
                  141.137.0.0/16
                  147.123.32.0/19
                  147.123.128.0/17
                  155.204.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         90:2a:82:b9:ca:f2:de:0c:36:16:ba:e6:3f:4f:40:9a:c3:5f:
         13:72:84:50:9e:08:95:7d:4b:06:c7:a2:ff:57:ec:d9:47:b4:
         27:3c:25:fa:b2:ac:f3:ef:3d:65:c0:43:48:12:ed:68:de:c6:
         f8:d7:48:7e:c2:e7:2c:39:b1:53:fa:7d:39:f3:ed:85:c4:53:
         36:82:be:45:45:8e:2c:c8:04:7c:ff:d4:6f:0c:fa:69:15:7b:
         a7:8b:dd:1f:69:57:d3:20:46:ad:ae:5a:62:bd:ab:a3:63:2b:
         20:40:5c:b8:e8:c3:1c:35:8d:26:73:fd:57:27:6e:88:bd:90:
         39:e4:f2:e3:ee:9c:2e:fa:f5:6a:6f:e2:5d:36:43:ce:48:83:
         c4:b5:e6:56:ac:b0:65:97:be:b4:90:9b:24:30:26:e6:54:b5:
         6e:97:d9:7f:76:65:b1:c9:5e:8f:9e:fb:8e:39:7e:bf:68:54:
         c0:79:84:b7:dc:bc:a3:6b:cc:8a:8f:51:25:db:04:a4:a5:83:
         2a:50:ad:bd:bf:2b:05:72:89:2c:cd:bc:df:bb:2c:e4:3e:fb:
         8f:8e:31:4a:19:23:b6:c4:eb:1c:1b:fb:4d:e3:7b:68:f6:15:
         b2:b4:4a:2f:24:83:c5:86:cb:ec:17:91:90:51:5f:41:cd:01:
         3d:54:52:6f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ75NOjCSfZAanRP1psBmvZ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYTVkODQwNTNlMmIwYzMxM2FmMWUzYmE1MTAyNDY2YTVm
Nzk2NzgwHhcNMjYwNjI0MTAzNzM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjYzODdjMjA2ZTdhMDI0NjFhMGI4M2Y3YzUyZTJiYjU2MzliZDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApA5LyWTmqGaiBZBV+Jt14+sEJ188
I0QWFdB8L6wH4WXvlyUrOqxYuPHZsO9AQdv868jb3K4BLWz8zgyCar/7Fv9B3ut9
+uKbAVN1qhiWGB3oM6W+FqE6TFrK6qMtGtvDF6/coTlOAworPS7zUOuobzG7jMjN
+L2GLZzACMtD5AwfwLiA9qD2AmZchyQYcd5VXXjJSuNSRLqvkrwH+VVR6dhBgBau
PFFfjvlhyANZa9K7oL/ZCaDFnv7wfrH1dYSxTZoGt4c7bIkbv4nbkpw0IHBid9Zu
OsozmrV0uCkRAWIBXWT0whq1HXFdYqT4td+q+QQBE4jjUj2c/zVp8AV3cwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHZjh8IG56AkYaC4P3xS4rtWOb2ZMB8GA1UdIwQY
MBaAFCKl2EBT4rDDE68eO6UQJGal95Z4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXFYWVFGUGlzTU1Ucng0N3BSQWtacVgzbG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9lM2ZiN2QtZGQ0Yi00ZDg1LWIwOGUt
NTkxY2FmNTM2ZWNjLzEvZG1PSHdnYm5vQ1Job0xnX2ZGTGl1MVk1dlprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9lM2ZiN2QtZGQ0Yi00ZDg1LWIwOGUtNTkxY2FmNTM2ZWNj
LzEvSXFYWVFGUGlzTU1Ucng0N3BSQWtacVgzbG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAATAbAwMAia4DAwCN
iQMEBZN7IAMEB5N7gAMDAJvMMA0GCSqGSIb3DQEBCwUAA4IBAQCQKoK5yvLeDDYW
uuY/T0Caw18TcoRQngiVfUsGx6L/V+zZR7QnPCX6sqzz7z1lwENIEu1o3sb410h+
wucsObFT+n058+2FxFM2gr5FRY4syAR8/9RvDPppFXuni90faVfTIEatrlpivauj
YysgQFy46MMcNY0mc/1XJ26IvZA55PLj7pwu+vVqb+JdNkPOSIPEteZWrLBll760
kJskMCbmVLVul9l/dmWxyV6PnvuOOX6/aFTAeYS33Lyja8yKj1El2wSkpYMqUK29
vysFcokszbzfuyzkPvuPjjFKGSO2xOscG/tN43to9hWytEovJIPFhsvsF5GQUV9B
zQE9VFJv
-----END CERTIFICATE-----
Generated at Sun Jul 5 19:09:01 2026 by rpki-client