Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/ksfyX1A66qksMi7yY2YUuYkItDI.roa
File:                     ksfyX1A66qksMi7yY2YUuYkItDI.roa (raw, json)
Hash identifier:          Ka6tT0UzQN7PNatMEnkGYWsSHnAlF+3+njRwkEMDhP0=
Subject key identifier:   92:C7:F2:5F:50:3A:EA:A9:2C:32:2E:F2:63:66:14:B9:89:08:B4:32
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       019CC262497A99F1CADD5B3EF995BB7A4C03
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/ksfyX1A66qksMi7yY2YUuYkItDI.roa
Signing time:             Fri 06 Mar 2026 09:02:26 +0000
ROA not before:           Fri 06 Mar 2026 09:02:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49468
IP address blocks:        188.66.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Mar 2026 16:52:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c2:62:49:7a:99:f1:ca:dd:5b:3e:f9:95:bb:7a:4c:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Mar  6 09:02:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=92c7f25f503aeaa92c322ef2636614b98908b432
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ef:7b:79:c1:be:18:a3:70:84:2e:3d:1e:84:
                    7e:c7:02:5d:a7:71:36:78:b3:8e:15:4e:24:60:60:
                    85:c3:04:e5:57:bf:c9:0b:28:96:b0:ed:d2:9b:c7:
                    54:82:d3:8b:c9:16:d4:70:f5:d8:76:7a:40:44:c6:
                    0d:34:b0:8e:7a:bb:9c:8b:3e:a9:86:fc:c9:0d:82:
                    ff:8b:e3:2a:5c:ea:3d:fb:e9:48:3d:6c:8d:e1:74:
                    2b:d8:a8:28:29:c8:d1:72:58:b9:76:57:25:63:23:
                    12:7d:46:a3:c0:48:c5:b4:9e:d3:dc:80:36:bb:e9:
                    20:ea:00:2f:2e:c1:d8:10:d5:a2:83:27:9c:46:ed:
                    61:d9:a0:1e:05:a3:8d:e6:40:dd:ac:cd:f8:2c:e7:
                    d9:3c:89:0d:af:22:e0:c5:f6:5a:b9:63:c1:34:0e:
                    e4:63:48:36:24:b1:f9:d6:52:58:d7:42:b4:0d:50:
                    a2:aa:04:82:55:90:ce:fd:b8:76:db:92:ba:07:90:
                    59:82:69:dd:d6:cd:8d:1f:bb:c7:76:53:52:28:23:
                    96:45:7c:de:89:81:52:a0:dc:18:a1:9e:e9:3d:04:
                    95:5a:ab:64:6a:60:e1:81:ce:8a:74:72:a2:cb:41:
                    1d:81:24:4c:21:a3:dd:3a:e5:32:7f:35:f5:e9:0d:
                    cb:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:C7:F2:5F:50:3A:EA:A9:2C:32:2E:F2:63:66:14:B9:89:08:B4:32
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/ksfyX1A66qksMi7yY2YUuYkItDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.66.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:5f:e5:10:ca:6f:be:a3:af:92:6f:1b:f4:d4:5e:d9:2f:4b:
         ce:c1:e4:71:4c:8e:1e:c9:b9:ec:01:9c:48:6e:97:ca:74:a2:
         ca:43:1d:45:ff:94:ec:da:4b:1d:c4:d8:4c:0b:62:9e:8b:71:
         9f:17:06:6d:66:02:2f:0e:b6:e8:9c:a1:c9:1b:5f:fd:43:78:
         cd:da:1e:cf:12:b2:6a:b8:55:34:9a:24:a7:2b:bd:81:48:4c:
         83:f3:b0:5d:46:f7:8c:f8:d2:fd:73:97:40:3b:a4:66:6d:47:
         2c:13:56:43:51:62:5a:ec:83:91:69:0b:22:67:4e:84:4e:82:
         20:ce:67:d2:e5:05:d2:83:15:07:6c:13:bc:c9:80:67:71:53:
         09:c0:a3:f4:3a:e3:82:17:c0:34:58:14:c4:5e:d8:5e:c0:1a:
         f8:9a:0b:ff:a3:60:79:2d:fc:c0:7a:f1:2b:b0:44:44:a0:eb:
         08:a7:43:0f:d6:c7:25:a5:68:0c:bf:f2:fa:8d:67:11:50:eb:
         a9:41:57:a3:6e:fe:45:9f:07:55:ef:be:38:c5:0d:79:52:dc:
         61:a4:a7:f4:bc:9d:ee:b6:a1:76:e4:3d:dd:3e:47:34:45:08:
         e4:1c:47:46:bc:31:79:23:7b:93:14:f3:c9:c3:f7:a5:4d:91:
         58:13:07:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzCYkl6mfHK3Vs++ZW7ekwDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjYwMzA2MDkwMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmM3ZjI1ZjUwM2FlYWE5MmMzMjJlZjI2MzY2MTRiOTg5MDhiNDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAse97ecG+GKNwhC49HoR+xwJdp3E2
eLOOFU4kYGCFwwTlV7/JCyiWsO3Sm8dUgtOLyRbUcPXYdnpARMYNNLCOeruciz6p
hvzJDYL/i+MqXOo9++lIPWyN4XQr2KgoKcjRcli5dlclYyMSfUajwEjFtJ7T3IA2
u+kg6gAvLsHYENWigyecRu1h2aAeBaON5kDdrM34LOfZPIkNryLgxfZauWPBNA7k
Y0g2JLH51lJY10K0DVCiqgSCVZDO/bh225K6B5BZgmnd1s2NH7vHdlNSKCOWRXze
iYFSoNwYoZ7pPQSVWqtkamDhgc6KdHKiy0EdgSRMIaPdOuUyfzX16Q3LWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJLH8l9QOuqpLDIu8mNmFLmJCLQyMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEva3NmeVgxQTY2cWtzTWk3eVkyWVV1WWtJdERJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvEIYMA0G
CSqGSIb3DQEBCwUAA4IBAQAMX+UQym++o6+Sbxv01F7ZL0vOweRxTI4eybnsAZxI
bpfKdKLKQx1F/5Ts2ksdxNhMC2Kei3GfFwZtZgIvDrbonKHJG1/9Q3jN2h7PErJq
uFU0miSnK72BSEyD87BdRveM+NL9c5dAO6RmbUcsE1ZDUWJa7IORaQsiZ06EToIg
zmfS5QXSgxUHbBO8yYBncVMJwKP0OuOCF8A0WBTEXthewBr4mgv/o2B5LfzAevEr
sEREoOsIp0MP1sclpWgMv/L6jWcRUOupQVejbv5FnwdV7744xQ15UtxhpKf0vJ3u
tqF25D3dPkc0RQjkHEdGvDF5I3uTFPPJw/elTZFYEwcW
-----END CERTIFICATE-----