Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/b85fc7-b80b-4652-96fd-efdf24177659/1/lrgNRd0O6OEGUEiR8wRaVa3DsrA.roa
File:                     lrgNRd0O6OEGUEiR8wRaVa3DsrA.roa (raw, json)
Hash identifier:          TeIEf4K/pGYlqWlRjjWHKbjqBfGM9FJHygXlbt3o44c=
Subject key identifier:   96:B8:0D:45:DD:0E:E8:E1:06:50:48:91:F3:04:5A:55:AD:C3:B2:B0
Certificate issuer:       /CN=7365aae62b157dd461df6702e5b909278b613815
Certificate serial:       019EAC7AD52F3856B919C81B934ADE950FF8
Authority key identifier: 73:65:AA:E6:2B:15:7D:D4:61:DF:67:02:E5:B9:09:27:8B:61:38:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c2Wq5isVfdRh32cC5bkJJ4thOBU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/b85fc7-b80b-4652-96fd-efdf24177659/1/lrgNRd0O6OEGUEiR8wRaVa3DsrA.roa
Signing time:             Tue 09 Jun 2026 13:03:11 +0000
ROA not before:           Tue 09 Jun 2026 13:03:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49028
IP address blocks:        185.125.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/b85fc7-b80b-4652-96fd-efdf24177659/1/c2Wq5isVfdRh32cC5bkJJ4thOBU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/b85fc7-b80b-4652-96fd-efdf24177659/1/c2Wq5isVfdRh32cC5bkJJ4thOBU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c2Wq5isVfdRh32cC5bkJJ4thOBU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 04:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ac:7a:d5:2f:38:56:b9:19:c8:1b:93:4a:de:95:0f:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7365aae62b157dd461df6702e5b909278b613815
        Validity
            Not Before: Jun  9 13:03:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=96b80d45dd0ee8e106504891f3045a55adc3b2b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:c2:86:54:4b:2e:cd:9c:51:5f:a7:42:54:e4:
                    3e:be:21:b2:db:12:aa:4d:9e:1a:11:f4:11:cd:37:
                    8f:fd:d6:e0:cc:b2:c6:09:52:6b:95:b3:cf:87:f6:
                    75:ef:16:f2:98:9a:52:00:f7:90:c6:61:a9:41:40:
                    d5:75:8e:2a:e6:0d:ac:33:30:0e:b4:f6:ce:77:54:
                    df:ed:f3:6a:d9:46:b9:fc:c9:80:d8:92:9d:8e:d8:
                    8d:3a:1a:5f:45:4c:02:44:25:e3:c8:97:67:10:99:
                    a3:7d:27:ea:b8:c6:35:7d:75:58:1c:77:86:ee:d3:
                    ed:e8:ad:7c:be:82:07:7b:a0:82:3e:7e:e1:83:e5:
                    de:f7:6d:5f:1e:de:9e:27:0d:bf:b2:13:81:c3:5b:
                    cf:9b:9e:d3:d5:70:f8:34:30:e2:60:2a:bb:aa:c6:
                    dc:75:98:c9:8b:70:c7:d3:37:8f:50:43:d8:bf:ea:
                    91:c7:de:11:3b:c5:c0:06:1f:72:9c:24:9b:9a:02:
                    63:4c:61:31:97:09:dd:67:bf:fb:22:24:03:fa:f1:
                    1c:ea:c3:f9:d0:7d:70:34:01:48:6b:56:ea:21:15:
                    e6:9c:92:8e:c5:1d:5a:e2:ec:d0:1b:51:1b:f2:3f:
                    7a:a6:0c:b5:51:45:fc:e5:a1:e9:2f:56:89:23:70:
                    4a:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:B8:0D:45:DD:0E:E8:E1:06:50:48:91:F3:04:5A:55:AD:C3:B2:B0
            X509v3 Authority Key Identifier:
                keyid:73:65:AA:E6:2B:15:7D:D4:61:DF:67:02:E5:B9:09:27:8B:61:38:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2Wq5isVfdRh32cC5bkJJ4thOBU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/b85fc7-b80b-4652-96fd-efdf24177659/1/lrgNRd0O6OEGUEiR8wRaVa3DsrA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/b85fc7-b80b-4652-96fd-efdf24177659/1/c2Wq5isVfdRh32cC5bkJJ4thOBU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.125.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:f0:1d:ba:d6:3e:0b:27:1b:2f:53:26:e6:b2:24:4f:c3:e3:
         7a:cc:b8:9a:e1:da:70:13:c9:30:11:2f:01:c0:94:27:de:c5:
         4d:36:a6:f4:7a:43:56:cb:87:2d:82:5f:6b:59:f2:b5:7e:08:
         25:68:fd:b0:d2:80:44:17:52:bc:17:f7:38:20:89:cc:0f:be:
         11:8b:10:4f:cb:fb:e4:aa:f8:59:26:9e:42:6f:52:1c:1a:98:
         eb:28:b2:85:77:a4:75:c8:5c:4e:82:91:a5:57:a3:8d:f6:7d:
         a7:ba:8c:d3:95:c0:44:b2:69:ca:69:18:fe:88:cd:5e:ea:64:
         39:b9:67:91:2e:b9:bf:d5:db:d2:76:02:d8:ee:d6:8a:6c:53:
         1f:14:a5:07:45:60:06:3b:88:71:b9:47:64:be:60:27:26:77:
         59:fb:01:32:86:2e:34:9e:ed:d3:59:1b:1c:14:bf:04:76:5d:
         b1:d6:92:d2:99:e4:4a:9a:3f:50:1f:77:24:70:51:ea:20:5f:
         6b:57:89:4e:f0:cd:7d:cc:60:f5:79:eb:08:ed:ad:86:3e:2d:
         90:78:82:d4:f1:2c:84:85:1a:64:96:ee:95:62:9f:bd:7e:59:
         92:f7:f2:4a:1b:95:4d:11:25:18:15:8d:0f:5d:e5:f4:ec:ed:
         ec:f7:d9:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6setUvOFa5Gcgbk0relQ/4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczNjVhYWU2MmIxNTdkZDQ2MWRmNjcwMmU1YjkwOTI3OGI2
MTM4MTUwHhcNMjYwNjA5MTMwMzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmI4MGQ0NWRkMGVlOGUxMDY1MDQ4OTFmMzA0NWE1NWFkYzNiMmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMKGVEsuzZxRX6dCVOQ+viGy2xKq
TZ4aEfQRzTeP/dbgzLLGCVJrlbPPh/Z17xbymJpSAPeQxmGpQUDVdY4q5g2sMzAO
tPbOd1Tf7fNq2Ua5/MmA2JKdjtiNOhpfRUwCRCXjyJdnEJmjfSfquMY1fXVYHHeG
7tPt6K18voIHe6CCPn7hg+Xe921fHt6eJw2/shOBw1vPm57T1XD4NDDiYCq7qsbc
dZjJi3DH0zePUEPYv+qRx94RO8XABh9ynCSbmgJjTGExlwndZ7/7IiQD+vEc6sP5
0H1wNAFIa1bqIRXmnJKOxR1a4uzQG1Eb8j96pgy1UUX85aHpL1aJI3BKAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJa4DUXdDujhBlBIkfMEWlWtw7KwMB8GA1UdIwQY
MBaAFHNlquYrFX3UYd9nAuW5CSeLYTgVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzJXcTVpc1ZmZFJoMzJjQzVia0pKNHRoT0JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9iODVmYzctYjgwYi00NjUyLTk2ZmQt
ZWZkZjI0MTc3NjU5LzEvbHJnTlJkME82T0VHVUVpUjh3UmFWYTNEc3JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9iODVmYzctYjgwYi00NjUyLTk2ZmQtZWZkZjI0MTc3NjU5
LzEvYzJXcTVpc1ZmZFJoMzJjQzVia0pKNHRoT0JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuX2NMA0G
CSqGSIb3DQEBCwUAA4IBAQA08B261j4LJxsvUybmsiRPw+N6zLia4dpwE8kwES8B
wJQn3sVNNqb0ekNWy4ctgl9rWfK1fgglaP2w0oBEF1K8F/c4IInMD74RixBPy/vk
qvhZJp5Cb1IcGpjrKLKFd6R1yFxOgpGlV6ON9n2nuozTlcBEsmnKaRj+iM1e6mQ5
uWeRLrm/1dvSdgLY7taKbFMfFKUHRWAGO4hxuUdkvmAnJndZ+wEyhi40nu3TWRsc
FL8Edl2x1pLSmeRKmj9QH3ckcFHqIF9rV4lO8M19zGD1eesI7a2GPi2QeILU8SyE
hRpklu6VYp+9flmS9/JKG5VNESUYFY0PXeX07O3s99lc
-----END CERTIFICATE-----