Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/3eea5e-3713-4310-962b-8f2f01f7a9ba/1/kdaDaZmYqGMzqUUnLPSsLH8GrPc.roa
File:                     kdaDaZmYqGMzqUUnLPSsLH8GrPc.roa (raw, json)
Hash identifier:          B9RQvP9FD3l+CItncVjMhVfvLB+HWK7qmh+l2cN8QSk=
Subject key identifier:   91:D6:83:69:99:98:A8:63:33:A9:45:27:2C:F4:AC:2C:7F:06:AC:F7
Certificate issuer:       /CN=896f4af92036fe50a20f4a1512e9c2c8ecedcecb
Certificate serial:       019DCB58C8B4816821E80856288418DE34DB
Authority key identifier: 89:6F:4A:F9:20:36:FE:50:A2:0F:4A:15:12:E9:C2:C8:EC:ED:CE:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iW9K-SA2_lCiD0oVEunCyOztzss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/3eea5e-3713-4310-962b-8f2f01f7a9ba/1/kdaDaZmYqGMzqUUnLPSsLH8GrPc.roa
Signing time:             Sun 26 Apr 2026 19:51:26 +0000
ROA not before:           Sun 26 Apr 2026 19:51:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211259
IP address blocks:        45.92.68.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/3eea5e-3713-4310-962b-8f2f01f7a9ba/1/iW9K-SA2_lCiD0oVEunCyOztzss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/3eea5e-3713-4310-962b-8f2f01f7a9ba/1/iW9K-SA2_lCiD0oVEunCyOztzss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iW9K-SA2_lCiD0oVEunCyOztzss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 May 2026 04:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:cb:58:c8:b4:81:68:21:e8:08:56:28:84:18:de:34:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=896f4af92036fe50a20f4a1512e9c2c8ecedcecb
        Validity
            Not Before: Apr 26 19:51:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=91d683699998a86333a945272cf4ac2c7f06acf7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:4a:f2:c0:03:f0:0d:26:76:39:c8:6f:74:5b:
                    41:d0:65:fa:be:a0:97:40:a1:35:d7:40:2c:eb:2f:
                    bc:4e:00:9c:7d:d8:2e:e8:62:7f:29:9e:76:39:20:
                    68:56:f1:b3:fe:e4:11:ca:b6:a3:01:a0:c7:db:02:
                    ce:1a:d9:91:71:52:6c:06:b1:63:e7:c8:92:c4:57:
                    1f:2f:50:53:79:ea:04:6c:1a:46:aa:9b:c8:32:05:
                    e8:55:56:c0:1b:dc:93:8a:09:ab:02:56:30:fb:59:
                    bb:8e:06:8c:b2:1f:b9:53:2b:ce:b9:f5:55:7d:7a:
                    13:30:35:04:28:17:03:b5:46:b0:b8:2f:e3:11:12:
                    0c:db:ad:18:10:fd:37:6b:63:98:13:c5:e8:28:09:
                    a9:26:ee:f1:dd:39:9a:19:41:a7:b2:5b:9a:fe:8f:
                    61:e6:53:90:5b:ac:d6:db:b5:31:c0:ae:7d:42:54:
                    42:6a:09:b8:d4:9a:71:77:6f:fa:aa:31:45:96:b5:
                    4b:70:ab:87:aa:a3:29:d7:ee:ba:50:a6:bd:d4:75:
                    e9:2b:aa:b2:af:c2:80:2c:7d:fd:35:1c:a5:f5:ec:
                    25:18:ef:04:95:36:1f:f6:4a:16:4b:0a:51:08:90:
                    36:30:6a:41:cf:15:b7:80:be:e6:32:10:15:1d:95:
                    90:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:D6:83:69:99:98:A8:63:33:A9:45:27:2C:F4:AC:2C:7F:06:AC:F7
            X509v3 Authority Key Identifier:
                keyid:89:6F:4A:F9:20:36:FE:50:A2:0F:4A:15:12:E9:C2:C8:EC:ED:CE:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iW9K-SA2_lCiD0oVEunCyOztzss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/3eea5e-3713-4310-962b-8f2f01f7a9ba/1/kdaDaZmYqGMzqUUnLPSsLH8GrPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/3eea5e-3713-4310-962b-8f2f01f7a9ba/1/iW9K-SA2_lCiD0oVEunCyOztzss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.68.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:a1:44:a3:2d:a0:f1:17:14:ad:69:9b:83:8e:12:29:0e:b1:
         f6:63:e6:44:46:39:d0:65:08:ea:e6:f4:ff:89:26:39:8b:c8:
         3a:84:48:ff:04:38:59:ad:bf:44:95:e7:22:0e:f2:a7:07:09:
         57:5b:b9:51:42:f2:b4:35:f7:3a:63:0c:ea:fa:57:64:ed:af:
         dd:3f:c4:81:b1:52:cf:b8:51:a8:bf:db:75:62:40:73:94:02:
         65:5b:1e:c0:dc:4d:69:f6:52:74:fa:d2:18:cf:12:5a:4a:f4:
         43:5d:a0:19:70:e6:7d:c1:6c:01:b6:66:57:d1:9f:db:18:d5:
         d4:90:ba:ee:8c:8c:ee:58:e4:b2:16:3a:c8:b6:42:e5:f1:66:
         7b:7e:c8:e2:e7:36:f1:e5:e1:73:cc:7f:66:60:5e:2c:7c:bb:
         a4:c0:d0:4e:72:50:79:41:8d:37:d9:24:9b:48:9c:02:b8:45:
         ce:c6:dd:07:df:20:61:56:b6:81:2b:41:2b:12:e2:f1:23:c3:
         ae:bd:22:cb:f7:3d:a3:2e:10:b1:c9:7c:df:f3:ce:bf:eb:ce:
         5b:e2:80:ad:f8:c3:45:ce:1d:cc:5d:0f:e4:a0:c4:21:8b:2f:
         af:af:8e:bb:52:fc:fa:e0:02:5b:de:3d:c6:99:aa:ac:ca:5a:
         ac:46:93:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3LWMi0gWgh6AhWKIQY3jTbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NmY0YWY5MjAzNmZlNTBhMjBmNGExNTEyZTljMmM4ZWNl
ZGNlY2IwHhcNMjYwNDI2MTk1MTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWQ2ODM2OTk5OThhODYzMzNhOTQ1MjcyY2Y0YWMyYzdmMDZhY2Y3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00rywAPwDSZ2OchvdFtB0GX6vqCX
QKE110As6y+8TgCcfdgu6GJ/KZ52OSBoVvGz/uQRyrajAaDH2wLOGtmRcVJsBrFj
58iSxFcfL1BTeeoEbBpGqpvIMgXoVVbAG9yTigmrAlYw+1m7jgaMsh+5UyvOufVV
fXoTMDUEKBcDtUawuC/jERIM260YEP03a2OYE8XoKAmpJu7x3TmaGUGnslua/o9h
5lOQW6zW27UxwK59QlRCagm41Jpxd2/6qjFFlrVLcKuHqqMp1+66UKa91HXpK6qy
r8KALH39NRyl9ewlGO8ElTYf9koWSwpRCJA2MGpBzxW3gL7mMhAVHZWQNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJHWg2mZmKhjM6lFJyz0rCx/Bqz3MB8GA1UdIwQY
MBaAFIlvSvkgNv5Qog9KFRLpwsjs7c7LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVc5Sy1TQTJfbENpRDBvVkV1bkN5T3p0enNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy8zZWVhNWUtMzcxMy00MzEwLTk2MmIt
OGYyZjAxZjdhOWJhLzEva2RhRGFabVlxR016cVVVbkxQU3NMSDhHclBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy8zZWVhNWUtMzcxMy00MzEwLTk2MmItOGYyZjAxZjdhOWJh
LzEvaVc5Sy1TQTJfbENpRDBvVkV1bkN5T3p0enNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVxEMA0G
CSqGSIb3DQEBCwUAA4IBAQBeoUSjLaDxFxStaZuDjhIpDrH2Y+ZERjnQZQjq5vT/
iSY5i8g6hEj/BDhZrb9EleciDvKnBwlXW7lRQvK0Nfc6Ywzq+ldk7a/dP8SBsVLP
uFGov9t1YkBzlAJlWx7A3E1p9lJ0+tIYzxJaSvRDXaAZcOZ9wWwBtmZX0Z/bGNXU
kLrujIzuWOSyFjrItkLl8WZ7fsji5zbx5eFzzH9mYF4sfLukwNBOclB5QY032SSb
SJwCuEXOxt0H3yBhVraBK0ErEuLxI8OuvSLL9z2jLhCxyXzf886/685b4oCt+MNF
zh3MXQ/koMQhiy+vr467Uvz64AJb3j3GmaqsylqsRpOt
-----END CERTIFICATE-----