Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/kyJQs5we30dtkYez5Z5lc7nb1uk.roa
File:                     kyJQs5we30dtkYez5Z5lc7nb1uk.roa (raw, json)
Hash identifier:          QYkWAPu1QeZJ7qVGGJyIAFdYbqAhnaEmDRslgqPIGEg=
Subject key identifier:   93:22:50:B3:9C:1E:DF:47:6D:91:87:B3:E5:9E:65:73:B9:DB:D6:E9
Certificate issuer:       /CN=1319f052bc9e7284888074390c9d0bc127606692
Certificate serial:       019E8DB18485B09B06AC45B70C4DF747F8BF
Authority key identifier: 13:19:F0:52:BC:9E:72:84:88:80:74:39:0C:9D:0B:C1:27:60:66:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExnwUryecoSIgHQ5DJ0LwSdgZpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/kyJQs5we30dtkYez5Z5lc7nb1uk.roa
Signing time:             Wed 03 Jun 2026 13:34:41 +0000
ROA not before:           Wed 03 Jun 2026 13:34:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25253
IP address blocks:        193.126.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/ExnwUryecoSIgHQ5DJ0LwSdgZpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/ExnwUryecoSIgHQ5DJ0LwSdgZpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExnwUryecoSIgHQ5DJ0LwSdgZpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 04:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8d:b1:84:85:b0:9b:06:ac:45:b7:0c:4d:f7:47:f8:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1319f052bc9e7284888074390c9d0bc127606692
        Validity
            Not Before: Jun  3 13:34:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=932250b39c1edf476d9187b3e59e6573b9dbd6e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:cf:6e:21:cb:80:2a:dc:ec:6b:17:6e:50:a9:
                    9a:f7:fb:fb:5e:60:15:09:86:39:54:b6:e7:0f:df:
                    4f:f4:82:22:35:06:5d:cd:91:0f:e8:c0:a5:a5:49:
                    82:01:eb:b1:81:9a:e6:54:b9:d5:15:af:43:dc:6c:
                    27:c7:15:ac:80:84:63:da:a8:34:a8:7a:ec:99:66:
                    fa:46:4f:11:1e:08:34:75:41:3b:34:d2:d8:72:4a:
                    92:c2:1f:63:61:b4:57:19:c9:24:44:b9:c3:f0:91:
                    21:f3:4b:01:9b:22:2c:18:af:ea:55:ba:59:87:13:
                    b7:1d:98:53:d3:26:14:ea:8f:5d:3b:e8:db:bd:80:
                    96:f5:ed:e8:0b:a2:e4:4f:a8:00:21:8d:be:1b:e9:
                    50:3e:6a:ab:c7:53:41:56:d4:88:50:35:e4:71:52:
                    1b:46:3f:ba:43:6b:65:6d:b5:29:17:6d:16:26:4e:
                    3a:44:6d:68:34:0a:87:be:64:dc:c6:85:74:7f:0d:
                    e7:96:13:1c:41:de:ad:41:83:a0:7e:b6:1e:c9:bc:
                    41:4e:75:ac:e0:70:ac:c6:10:da:44:50:48:b9:e6:
                    c1:e7:62:52:02:e2:fe:aa:9c:64:26:5f:8d:43:38:
                    96:da:85:2d:af:87:77:61:8b:36:79:69:bf:ce:63:
                    10:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:22:50:B3:9C:1E:DF:47:6D:91:87:B3:E5:9E:65:73:B9:DB:D6:E9
            X509v3 Authority Key Identifier:
                keyid:13:19:F0:52:BC:9E:72:84:88:80:74:39:0C:9D:0B:C1:27:60:66:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExnwUryecoSIgHQ5DJ0LwSdgZpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/kyJQs5we30dtkYez5Z5lc7nb1uk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/ExnwUryecoSIgHQ5DJ0LwSdgZpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.126.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:d7:78:7a:84:3b:db:67:f4:11:c8:be:61:c9:c6:4e:35:15:
         17:84:fb:84:f6:e6:fe:f8:de:fe:0f:83:e7:e6:36:27:85:57:
         b6:25:11:3a:b0:7f:80:bd:f3:56:a9:d8:63:16:35:9a:39:6a:
         aa:29:ec:f2:7b:29:3a:43:c0:d4:85:59:86:f2:4b:fc:4a:b2:
         5c:58:a2:f4:c9:37:85:ba:5c:8e:00:d1:0c:69:61:3f:10:af:
         65:da:39:54:a2:cd:29:3f:29:96:73:e3:11:31:cd:df:52:14:
         4b:1b:6d:3e:b7:6d:ac:4c:72:9f:de:72:3e:4c:c9:4c:50:1f:
         00:e6:69:5d:0e:d8:fc:3f:20:0a:80:d8:b3:f3:3c:b9:23:a0:
         9b:87:9a:de:53:17:01:77:15:be:09:9f:f7:45:cf:b3:35:fe:
         01:5c:47:0e:95:4a:b5:cd:c3:ba:18:e1:87:ef:44:26:ca:67:
         56:51:62:71:da:78:7a:e2:66:5b:95:1c:b1:7e:e4:b9:e1:2d:
         b9:84:41:06:76:e2:03:f7:53:47:d8:4b:49:ca:f5:e3:ad:89:
         a5:93:9e:24:a4:4c:99:10:24:8d:c6:54:fd:2d:1d:c6:89:30:
         6b:f3:a9:a7:95:94:f8:30:80:f2:96:9c:49:f8:fb:be:80:d2:
         6a:cc:57:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6NsYSFsJsGrEW3DE33R/i/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTlmMDUyYmM5ZTcyODQ4ODgwNzQzOTBjOWQwYmMxMjc2
MDY2OTIwHhcNMjYwNjAzMTMzNDQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzIyNTBiMzljMWVkZjQ3NmQ5MTg3YjNlNTllNjU3M2I5ZGJkNmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns9uIcuAKtzsaxduUKma9/v7XmAV
CYY5VLbnD99P9IIiNQZdzZEP6MClpUmCAeuxgZrmVLnVFa9D3GwnxxWsgIRj2qg0
qHrsmWb6Rk8RHgg0dUE7NNLYckqSwh9jYbRXGckkRLnD8JEh80sBmyIsGK/qVbpZ
hxO3HZhT0yYU6o9dO+jbvYCW9e3oC6LkT6gAIY2+G+lQPmqrx1NBVtSIUDXkcVIb
Rj+6Q2tlbbUpF20WJk46RG1oNAqHvmTcxoV0fw3nlhMcQd6tQYOgfrYeybxBTnWs
4HCsxhDaRFBIuebB52JSAuL+qpxkJl+NQziW2oUtr4d3YYs2eWm/zmMQ5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJMiULOcHt9HbZGHs+WeZXO529bpMB8GA1UdIwQY
MBaAFBMZ8FK8nnKEiIB0OQydC8EnYGaSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhud1VyeWVjb1NJZ0hRNURKMEx3U2RnWnBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9kNWJiY2UtNDIyMC00ZWM0LThhZjUt
MmMxYTc3MzBiZDI1LzEva3lKUXM1d2UzMGR0a1llejVaNWxjN25iMXVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9kNWJiY2UtNDIyMC00ZWM0LThhZjUtMmMxYTc3MzBiZDI1
LzEvRXhud1VyeWVjb1NJZ0hRNURKMEx3U2RnWnBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwX5zMA0G
CSqGSIb3DQEBCwUAA4IBAQBr13h6hDvbZ/QRyL5hycZONRUXhPuE9ub++N7+D4Pn
5jYnhVe2JRE6sH+AvfNWqdhjFjWaOWqqKezyeyk6Q8DUhVmG8kv8SrJcWKL0yTeF
ulyOANEMaWE/EK9l2jlUos0pPymWc+MRMc3fUhRLG20+t22sTHKf3nI+TMlMUB8A
5mldDtj8PyAKgNiz8zy5I6Cbh5reUxcBdxW+CZ/3Rc+zNf4BXEcOlUq1zcO6GOGH
70QmymdWUWJx2nh64mZblRyxfuS54S25hEEGduID91NH2EtJyvXjrYmlk54kpEyZ
ECSNxlT9LR3GiTBr86mnlZT4MIDylpxJ+Pu+gNJqzFek
-----END CERTIFICATE-----