Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/1afe53-f1b8-4315-ab1c-f474f7bd3531/1/lKuSj2D2s_BkgbDkwq4ezJI3T3w.roa
File:                     lKuSj2D2s_BkgbDkwq4ezJI3T3w.roa (raw, json)
Hash identifier:          /Moy61qk0I8UDcBmGXGAKjNku/2a6wMeGyPj13SBh5o=
Subject key identifier:   94:AB:92:8F:60:F6:B3:F0:64:81:B0:E4:C2:AE:1E:CC:92:37:4F:7C
Certificate issuer:       /CN=735f01f333887cece70cc5e7292f2703dea65560
Certificate serial:       019F2368F34A284B5F97296ECE2429F05FB7
Authority key identifier: 73:5F:01:F3:33:88:7C:EC:E7:0C:C5:E7:29:2F:27:03:DE:A6:55:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c18B8zOIfOznDMXnKS8nA96mVWA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/1afe53-f1b8-4315-ab1c-f474f7bd3531/1/lKuSj2D2s_BkgbDkwq4ezJI3T3w.roa
Signing time:             Thu 02 Jul 2026 15:18:28 +0000
ROA not before:           Thu 02 Jul 2026 15:18:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207645
IP address blocks:        185.86.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/1afe53-f1b8-4315-ab1c-f474f7bd3531/1/c18B8zOIfOznDMXnKS8nA96mVWA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/1afe53-f1b8-4315-ab1c-f474f7bd3531/1/c18B8zOIfOznDMXnKS8nA96mVWA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c18B8zOIfOznDMXnKS8nA96mVWA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:f3:4a:28:4b:5f:97:29:6e:ce:24:29:f0:5f:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=735f01f333887cece70cc5e7292f2703dea65560
        Validity
            Not Before: Jul  2 15:18:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=94ab928f60f6b3f06481b0e4c2ae1ecc92374f7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:68:b2:f0:6b:e7:33:13:6c:53:8f:8b:c6:a7:
                    a4:88:18:e1:1c:0f:1e:50:35:37:ab:6d:35:e5:70:
                    4b:4d:14:e0:d4:73:cd:de:c0:2a:7d:cd:b9:3f:e6:
                    e5:1e:b2:c5:4c:e1:14:a2:d1:53:ad:fc:ff:4a:80:
                    7e:c1:e3:17:c3:59:0c:94:25:87:6c:d0:07:39:fc:
                    91:44:58:ac:bc:70:3b:72:06:e9:a9:06:29:dd:3e:
                    d7:6d:99:4d:f1:10:a1:2b:5e:65:e1:c5:34:1e:d5:
                    4a:f5:a6:5b:df:e3:94:f9:a5:37:9c:13:8a:75:43:
                    32:c0:c7:d6:80:ce:08:4a:c8:cd:80:6e:2f:18:70:
                    d5:4f:00:53:f6:0d:c0:81:dc:f6:d6:60:fd:39:bb:
                    9e:6b:a9:8a:d0:31:b2:f0:70:c6:38:04:e4:70:ef:
                    01:3b:1f:c0:f6:24:4d:03:7e:8a:f0:03:28:0e:d1:
                    74:6a:0c:ab:5f:1d:89:81:2d:19:1f:d4:c8:f4:66:
                    43:f7:f3:3f:34:1f:b8:4b:76:49:36:da:a2:c7:87:
                    77:4d:67:fa:7d:f9:d1:cb:e4:be:93:4b:23:c1:cf:
                    63:44:c3:19:2d:32:f6:61:2b:53:8f:9d:84:f7:fe:
                    b1:f0:55:4b:36:f0:f0:e7:7b:3d:e2:f5:4f:44:37:
                    90:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:AB:92:8F:60:F6:B3:F0:64:81:B0:E4:C2:AE:1E:CC:92:37:4F:7C
            X509v3 Authority Key Identifier:
                keyid:73:5F:01:F3:33:88:7C:EC:E7:0C:C5:E7:29:2F:27:03:DE:A6:55:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c18B8zOIfOznDMXnKS8nA96mVWA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/1afe53-f1b8-4315-ab1c-f474f7bd3531/1/lKuSj2D2s_BkgbDkwq4ezJI3T3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/1afe53-f1b8-4315-ab1c-f474f7bd3531/1/c18B8zOIfOznDMXnKS8nA96mVWA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.86.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:b1:41:0e:de:be:61:af:72:e5:11:5f:a4:6c:e0:5b:60:51:
         7b:0d:84:68:28:2d:c5:77:4d:4e:26:b0:94:75:a4:f8:43:71:
         3d:cb:e8:9a:8a:ba:31:5a:2b:73:00:46:58:88:f7:2b:b6:f6:
         52:6e:e6:0a:2b:f0:45:84:ec:62:02:85:09:e0:92:d5:bb:c9:
         f8:41:e5:c5:b7:f5:c9:df:25:5d:09:75:09:0f:1d:bc:fa:c6:
         7f:5a:73:51:93:e0:36:08:b2:5f:ac:58:fe:38:7e:cc:f7:80:
         ce:d4:ed:0a:5d:9e:b6:eb:65:7b:32:42:4b:f8:30:a5:fa:df:
         26:a1:c8:87:d1:ac:41:b4:b1:a6:cb:87:cf:ee:dc:19:29:ba:
         ff:2c:a1:1e:76:4d:0f:df:ef:2c:55:7b:5c:50:72:1f:37:b2:
         38:d4:eb:d0:f8:66:c2:60:90:56:9c:a2:04:25:45:57:b8:68:
         84:75:32:3c:4e:42:08:c5:01:dd:d5:1d:d0:cd:df:44:7d:57:
         6f:96:48:dc:1b:bc:fa:54:5d:47:ca:f6:ac:08:90:d6:f2:9f:
         7d:70:98:0a:f0:5c:65:d0:c8:18:c6:3a:f5:99:2f:bf:c2:c5:
         2d:9c:78:30:e6:c3:4b:b4:54:47:a0:83:b9:82:bc:c3:9c:7e:
         20:20:4c:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaPNKKEtflyluziQp8F+3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczNWYwMWYzMzM4ODdjZWNlNzBjYzVlNzI5MmYyNzAzZGVh
NjU1NjAwHhcNMjYwNzAyMTUxODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGFiOTI4ZjYwZjZiM2YwNjQ4MWIwZTRjMmFlMWVjYzkyMzc0ZjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGiy8GvnMxNsU4+LxqekiBjhHA8e
UDU3q2015XBLTRTg1HPN3sAqfc25P+blHrLFTOEUotFTrfz/SoB+weMXw1kMlCWH
bNAHOfyRRFisvHA7cgbpqQYp3T7XbZlN8RChK15l4cU0HtVK9aZb3+OU+aU3nBOK
dUMywMfWgM4ISsjNgG4vGHDVTwBT9g3Agdz21mD9Obuea6mK0DGy8HDGOATkcO8B
Ox/A9iRNA36K8AMoDtF0agyrXx2JgS0ZH9TI9GZD9/M/NB+4S3ZJNtqix4d3TWf6
ffnRy+S+k0sjwc9jRMMZLTL2YStTj52E9/6x8FVLNvDw53s94vVPRDeQLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJSrko9g9rPwZIGw5MKuHsySN098MB8GA1UdIwQY
MBaAFHNfAfMziHzs5wzF5ykvJwPeplVgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzE4Qjh6T0lmT3puRE1YbktTOG5BOTZtVldBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS8xYWZlNTMtZjFiOC00MzE1LWFiMWMt
ZjQ3NGY3YmQzNTMxLzEvbEt1U2oyRDJzX0JrZ2JEa3dxNGV6SkkzVDN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS8xYWZlNTMtZjFiOC00MzE1LWFiMWMtZjQ3NGY3YmQzNTMx
LzEvYzE4Qjh6T0lmT3puRE1YbktTOG5BOTZtVldBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVYKMA0G
CSqGSIb3DQEBCwUAA4IBAQCksUEO3r5hr3LlEV+kbOBbYFF7DYRoKC3Fd01OJrCU
daT4Q3E9y+iairoxWitzAEZYiPcrtvZSbuYKK/BFhOxiAoUJ4JLVu8n4QeXFt/XJ
3yVdCXUJDx28+sZ/WnNRk+A2CLJfrFj+OH7M94DO1O0KXZ6262V7MkJL+DCl+t8m
ociH0axBtLGmy4fP7twZKbr/LKEedk0P3+8sVXtcUHIfN7I41OvQ+GbCYJBWnKIE
JUVXuGiEdTI8TkIIxQHd1R3Qzd9EfVdvlkjcG7z6VF1HyvasCJDW8p99cJgK8Fxl
0MgYxjr1mS+/wsUtnHgw5sNLtFRHoIO5grzDnH4gIEz0
-----END CERTIFICATE-----
Generated at Fri Jul 3 20:06:01 2026 by rpki-client