Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/95d71d-f41b-4171-8350-e0892a28aac9/1/OkIPJfQ3ucjtNqmllyrXBPtOzcY.roa
File:                     OkIPJfQ3ucjtNqmllyrXBPtOzcY.roa (raw, json)
Hash identifier:          +8DQv1DEa2PzagZPd8ytxiVCfNd5z5SM1U3gJ24YFyI=
Subject key identifier:   3A:42:0F:25:F4:37:B9:C8:ED:36:A9:A5:97:2A:D7:04:FB:4E:CD:C6
Certificate issuer:       /CN=7400d5013c12852242343093cbf5148d4eaeaaf9
Certificate serial:       019E1C49802FADC0BDF75747E3A148315A6B
Authority key identifier: 74:00:D5:01:3C:12:85:22:42:34:30:93:CB:F5:14:8D:4E:AE:AA:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dADVATwShSJCNDCTy_UUjU6uqvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/95d71d-f41b-4171-8350-e0892a28aac9/1/OkIPJfQ3ucjtNqmllyrXBPtOzcY.roa
Signing time:             Tue 12 May 2026 13:03:59 +0000
ROA not before:           Tue 12 May 2026 13:03:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212440
IP address blocks:        185.112.180.0/22 maxlen: 24
                          185.112.183.0/24 maxlen: 24
                          2a0e:6f00::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/95d71d-f41b-4171-8350-e0892a28aac9/1/dADVATwShSJCNDCTy_UUjU6uqvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/95d71d-f41b-4171-8350-e0892a28aac9/1/dADVATwShSJCNDCTy_UUjU6uqvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dADVATwShSJCNDCTy_UUjU6uqvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1c:49:80:2f:ad:c0:bd:f7:57:47:e3:a1:48:31:5a:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7400d5013c12852242343093cbf5148d4eaeaaf9
        Validity
            Not Before: May 12 13:03:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3a420f25f437b9c8ed36a9a5972ad704fb4ecdc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:3e:c0:87:77:be:dc:35:4d:b0:90:86:10:58:
                    8c:21:69:2b:b4:d4:85:fb:6b:ca:de:18:d8:bf:7d:
                    8b:1c:d4:06:4f:d2:78:d2:68:14:41:30:51:b7:2e:
                    ab:81:f0:af:75:7c:0c:89:f6:8b:e5:69:a1:68:af:
                    78:59:c1:7a:f5:13:7a:58:94:cf:e6:89:89:0d:55:
                    9e:97:f3:f8:24:28:25:c6:3c:33:b9:6c:ff:ba:de:
                    93:77:7e:44:2d:ef:cd:50:54:fe:09:ef:78:a5:11:
                    f3:82:62:73:09:06:47:d5:af:69:5a:2b:7e:90:d5:
                    c5:7d:cf:53:ae:c0:fe:0c:00:97:a7:4e:8e:98:37:
                    c3:20:5f:4a:14:74:09:1e:14:42:ea:b4:5e:5f:7d:
                    db:63:f0:18:d6:42:14:3e:ef:b8:e1:2e:7d:90:45:
                    d7:4d:4f:a7:b9:ce:5e:4e:50:4e:47:1e:67:da:52:
                    b8:ce:d0:bb:5c:af:10:75:44:b4:fd:07:d8:4e:a3:
                    df:5f:f5:ef:dc:f7:4c:4e:2b:63:c0:ab:e2:9c:25:
                    70:9c:a4:7f:7e:84:b2:ea:74:81:7f:66:a3:b4:8b:
                    21:d8:1b:11:55:da:ae:1e:20:23:ed:cd:3e:5a:96:
                    8c:49:d7:88:6b:87:e8:1b:76:a1:9a:ff:c8:a2:ac:
                    4d:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:42:0F:25:F4:37:B9:C8:ED:36:A9:A5:97:2A:D7:04:FB:4E:CD:C6
            X509v3 Authority Key Identifier:
                keyid:74:00:D5:01:3C:12:85:22:42:34:30:93:CB:F5:14:8D:4E:AE:AA:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dADVATwShSJCNDCTy_UUjU6uqvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/95d71d-f41b-4171-8350-e0892a28aac9/1/OkIPJfQ3ucjtNqmllyrXBPtOzcY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/95d71d-f41b-4171-8350-e0892a28aac9/1/dADVATwShSJCNDCTy_UUjU6uqvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.180.0/22
                IPv6:
                  2a0e:6f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         48:48:9a:57:56:70:36:cd:43:5a:96:b0:45:39:bf:6e:ba:fe:
         e1:8c:87:40:aa:c6:06:bf:42:b7:b8:bb:07:94:9a:84:df:f7:
         eb:4f:40:13:bf:0a:b2:e1:73:44:94:f2:0f:3b:78:14:af:fb:
         4b:7b:1f:fe:ff:7d:d1:dc:3d:7e:fb:8a:0e:45:75:ad:ba:b9:
         4c:78:75:0e:3e:2a:34:c0:f8:8b:64:8f:b7:24:27:76:27:f3:
         49:21:8d:66:6a:6c:b0:ea:66:90:19:f3:81:1a:c8:99:b7:e3:
         fb:7f:5d:62:cf:75:90:3b:20:2d:9b:9e:f2:18:5c:fc:72:b1:
         f2:da:04:bd:1e:d6:4c:90:d9:14:5d:b5:be:2f:87:8c:a0:bb:
         c8:b6:2f:b9:ae:ef:b0:90:28:66:65:58:21:eb:d6:13:7e:1d:
         fa:8e:2d:ff:d9:87:10:d7:d8:99:07:bd:07:8c:be:89:6f:96:
         1b:b3:c9:55:e9:e0:dd:1d:83:c8:17:64:9f:b0:16:54:91:b5:
         c6:ac:67:b0:59:78:00:7b:93:43:b2:26:61:09:ca:27:16:0d:
         22:bf:29:61:92:49:d1:99:d6:27:21:db:15:10:3b:ad:9e:45:
         5c:b8:0f:5e:03:df:86:bd:e1:db:c9:9f:00:dc:b6:7d:0b:29:
         6a:b1:54:3b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ4cSYAvrcC991dH46FIMVprMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0MDBkNTAxM2MxMjg1MjI0MjM0MzA5M2NiZjUxNDhkNGVh
ZWFhZjkwHhcNMjYwNTEyMTMwMzU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTQyMGYyNWY0MzdiOWM4ZWQzNmE5YTU5NzJhZDcwNGZiNGVjZGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmz7Ah3e+3DVNsJCGEFiMIWkrtNSF
+2vK3hjYv32LHNQGT9J40mgUQTBRty6rgfCvdXwMifaL5WmhaK94WcF69RN6WJTP
5omJDVWel/P4JCglxjwzuWz/ut6Td35ELe/NUFT+Ce94pRHzgmJzCQZH1a9pWit+
kNXFfc9TrsD+DACXp06OmDfDIF9KFHQJHhRC6rReX33bY/AY1kIUPu+44S59kEXX
TU+nuc5eTlBORx5n2lK4ztC7XK8QdUS0/QfYTqPfX/Xv3PdMTitjwKvinCVwnKR/
foSy6nSBf2ajtIsh2BsRVdquHiAj7c0+WpaMSdeIa4foG3ahmv/IoqxNjQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDpCDyX0N7nI7TappZcq1wT7Ts3GMB8GA1UdIwQY
MBaAFHQA1QE8EoUiQjQwk8v1FI1Orqr5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEFEVkFUd1NoU0pDTkRDVHlfVVVqVTZ1cXZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS85NWQ3MWQtZjQxYi00MTcxLTgzNTAt
ZTA4OTJhMjhhYWM5LzEvT2tJUEpmUTN1Y2p0TnFtbGx5clhCUHRPemNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS85NWQ3MWQtZjQxYi00MTcxLTgzNTAtZTA4OTJhMjhhYWM5
LzEvZEFEVkFUd1NoU0pDTkRDVHlfVVVqVTZ1cXZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXC0MA0E
AgACMAcDBQMqDm8AMA0GCSqGSIb3DQEBCwUAA4IBAQBISJpXVnA2zUNalrBFOb9u
uv7hjIdAqsYGv0K3uLsHlJqE3/frT0ATvwqy4XNElPIPO3gUr/tLex/+/33R3D1+
+4oORXWturlMeHUOPio0wPiLZI+3JCd2J/NJIY1mamyw6maQGfOBGsiZt+P7f11i
z3WQOyAtm57yGFz8crHy2gS9HtZMkNkUXbW+L4eMoLvIti+5ru+wkChmZVgh69YT
fh36ji3/2YcQ19iZB70HjL6Jb5Ybs8lV6eDdHYPIF2SfsBZUkbXGrGewWXgAe5ND
siZhCconFg0ivylhkknRmdYnIdsVEDutnkVcuA9eA9+GveHbyZ8A3LZ9CylqsVQ7
-----END CERTIFICATE-----