Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/KmL9hUmZWVkaAtdmjfXfWJiHh-s.roa
File:                     KmL9hUmZWVkaAtdmjfXfWJiHh-s.roa (raw, json)
Hash identifier:          YDzujFQaz+G+jCdu6mA5zUHDiIZN9X1GHpvWadjwBgQ=
Subject key identifier:   2A:62:FD:85:49:99:59:59:1A:02:D7:66:8D:F5:DF:58:98:87:87:EB
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       019E4A48AAA1C6F356566965B0B774267A9E
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/KmL9hUmZWVkaAtdmjfXfWJiHh-s.roa
Signing time:             Thu 21 May 2026 11:25:36 +0000
ROA not before:           Thu 21 May 2026 11:25:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3257
IP address blocks:        86.106.80.0/24 maxlen: 24
                          93.113.158.0/24 maxlen: 24
                          188.240.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 04:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4a:48:aa:a1:c6:f3:56:56:69:65:b0:b7:74:26:7a:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: May 21 11:25:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2a62fd85499959591a02d7668df5df58988787eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:88:82:1c:66:ff:ca:6d:ff:3e:1a:2b:bc:04:
                    c3:ed:5e:42:ed:95:9a:92:ce:3c:71:06:2f:87:bc:
                    4c:3e:10:78:2c:98:2f:18:b2:d7:5f:65:81:fb:23:
                    30:fc:5e:f7:c7:02:ac:3e:7d:f7:d1:96:08:09:b1:
                    b5:7c:d4:6f:8d:b4:8c:a3:08:80:eb:b0:17:9c:a6:
                    4a:f9:0d:9e:89:cc:9b:9b:06:21:20:29:44:f2:38:
                    92:63:fb:61:5d:89:9b:de:fa:c5:c0:16:d9:9f:62:
                    5e:b9:eb:eb:6d:c4:88:5c:de:5d:3e:b2:4d:f0:ec:
                    36:e9:91:0d:fc:bd:12:25:b3:0e:34:fb:1e:91:7e:
                    e3:09:e1:49:41:55:78:41:73:c9:a4:7d:f3:ed:0a:
                    1a:54:c9:a7:94:72:62:ba:53:fe:21:b3:78:1b:57:
                    4a:5e:4b:1e:62:38:8f:d2:40:ca:a0:a1:26:f0:b4:
                    a3:10:b0:bc:15:30:df:49:ae:f0:6c:ed:59:f5:3e:
                    7f:e5:ee:e2:e2:83:d4:1b:13:be:15:d3:15:56:b6:
                    ed:f5:e5:14:e6:ac:e0:13:22:a3:b0:ca:fe:ed:22:
                    cd:37:cb:d3:38:c9:4c:72:f7:16:80:11:73:5a:fc:
                    6e:2f:ff:b1:e3:49:93:d7:d7:b3:99:02:a5:8d:86:
                    2d:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:62:FD:85:49:99:59:59:1A:02:D7:66:8D:F5:DF:58:98:87:87:EB
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/KmL9hUmZWVkaAtdmjfXfWJiHh-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.106.80.0/24
                  93.113.158.0/24
                  188.240.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:5f:4c:ab:93:25:68:cf:6c:b8:12:27:4d:c1:55:33:19:80:
         3e:9b:4f:8a:94:06:a8:27:b8:f9:e9:7f:fa:1d:4c:29:7e:e7:
         cf:f7:e9:dd:bd:47:60:32:9d:1e:9f:44:cf:73:12:6d:8b:88:
         e9:3c:16:de:aa:9c:d9:0d:6b:91:9b:63:2a:ad:90:58:63:5c:
         75:68:d7:8e:9e:b3:39:f1:b2:83:ec:e4:03:0a:0a:7c:8d:7c:
         fa:86:3a:74:a4:b9:30:cf:48:7c:5f:cd:c1:49:ba:29:f6:43:
         23:c2:4d:ec:3e:48:28:99:db:87:63:45:ee:f2:46:d3:d4:2c:
         d1:82:ca:85:a0:44:4c:51:93:e1:2c:07:6c:ad:b5:bb:bd:92:
         5b:da:2a:17:d9:12:86:e5:9e:15:c8:55:4f:e8:3c:cb:97:de:
         6c:5e:c2:56:c7:95:1b:b5:16:af:27:d7:f5:63:f4:66:8d:3e:
         cb:12:15:83:8e:ef:be:1c:e1:f4:cf:01:87:df:94:35:03:eb:
         37:f2:9c:9f:db:b6:9a:99:3b:6e:fe:f2:d3:1c:7f:36:d6:6b:
         6e:31:08:8f:7f:34:12:8e:11:11:f6:76:ea:7c:a2:16:de:4a:
         26:b9:7f:32:ff:ca:b9:73:7b:3a:ae:95:9c:96:1a:c5:57:10:
         61:fe:8c:13
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ5KSKqhxvNWVmllsLd0JnqeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjYwNTIxMTEyNTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTYyZmQ4NTQ5OTk1OTU5MWEwMmQ3NjY4ZGY1ZGY1ODk4ODc4N2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4iCHGb/ym3/PhorvATD7V5C7ZWa
ks48cQYvh7xMPhB4LJgvGLLXX2WB+yMw/F73xwKsPn330ZYICbG1fNRvjbSMowiA
67AXnKZK+Q2eicybmwYhIClE8jiSY/thXYmb3vrFwBbZn2JeuevrbcSIXN5dPrJN
8Ow26ZEN/L0SJbMONPsekX7jCeFJQVV4QXPJpH3z7QoaVMmnlHJiulP+IbN4G1dK
XkseYjiP0kDKoKEm8LSjELC8FTDfSa7wbO1Z9T5/5e7i4oPUGxO+FdMVVrbt9eUU
5qzgEyKjsMr+7SLNN8vTOMlMcvcWgBFzWvxuL/+x40mT19ezmQKljYYthwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCpi/YVJmVlZGgLXZo3131iYh4frMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvS21MOWhVbVpXVmthQXRkbWpmWGZXSmlIaC1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVmpQAwQA
XXGeAwQAvPAOMA0GCSqGSIb3DQEBCwUAA4IBAQB+X0yrkyVoz2y4EidNwVUzGYA+
m0+KlAaoJ7j56X/6HUwpfufP9+ndvUdgMp0en0TPcxJti4jpPBbeqpzZDWuRm2Mq
rZBYY1x1aNeOnrM58bKD7OQDCgp8jXz6hjp0pLkwz0h8X83BSbop9kMjwk3sPkgo
mduHY0Xu8kbT1CzRgsqFoERMUZPhLAdsrbW7vZJb2ioX2RKG5Z4VyFVP6DzLl95s
XsJWx5UbtRavJ9f1Y/RmjT7LEhWDju++HOH0zwGH35Q1A+s38pyf27aamTtu/vLT
HH821mtuMQiPfzQSjhER9nbqfKIW3komuX8y/8q5c3s6rpWclhrFVxBh/owT
-----END CERTIFICATE-----