Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/KXN5i1ksyLJ3gWuszNVJ4lkPFkA.roa
File:                     KXN5i1ksyLJ3gWuszNVJ4lkPFkA.roa (raw, json)
Hash identifier:          yrzgi/xgwBaka39UCK/DNXA3vvLMwfJcozcKOOGIcnk=
Subject key identifier:   29:73:79:8B:59:2C:C8:B2:77:81:6B:AC:CC:D5:49:E2:59:0F:16:40
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       019E847825ED3E360E19FE5A0CA5F24CC71C
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/KXN5i1ksyLJ3gWuszNVJ4lkPFkA.roa
Signing time:             Mon 01 Jun 2026 18:35:27 +0000
ROA not before:           Mon 01 Jun 2026 18:35:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198154
IP address blocks:        89.44.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:84:78:25:ed:3e:36:0e:19:fe:5a:0c:a5:f2:4c:c7:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Jun  1 18:35:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2973798b592cc8b277816bacccd549e2590f1640
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:72:cb:52:94:ec:b5:ab:14:7f:72:97:26:e1:
                    c4:dd:1d:ad:d4:23:44:79:f0:7e:03:b2:d5:5f:cd:
                    30:65:c4:1c:54:c7:36:b2:cd:1c:c2:7a:b6:8a:8c:
                    1a:7d:ab:3c:7a:87:45:7c:bc:46:8b:c9:88:9b:7b:
                    e0:f4:5f:de:17:e9:d0:6b:e5:20:59:ad:cc:21:12:
                    2e:8a:23:2e:b8:df:c7:26:b5:9d:94:29:cc:ea:d8:
                    e0:a5:2e:94:0b:95:3b:90:cd:15:b2:0c:12:be:97:
                    a0:84:de:0b:a3:c9:c6:ea:0d:4c:7a:d0:ca:a6:b1:
                    f4:aa:ab:35:3e:7a:f8:48:4a:fa:c6:26:52:0b:ff:
                    aa:f9:3c:9c:e8:38:14:e3:0f:57:e8:38:1a:6b:54:
                    e2:24:2a:64:91:50:6d:a4:12:5e:c9:d0:ea:c7:f5:
                    33:26:99:0b:b8:09:63:b5:eb:60:e3:44:0f:a6:88:
                    77:57:01:8b:fd:20:68:48:b5:4e:0c:c4:3f:90:ff:
                    45:7b:45:ef:39:32:b9:98:13:ed:3e:fb:31:77:69:
                    c9:d2:5e:c9:35:81:5b:07:1f:2a:f3:25:7f:af:dd:
                    1d:18:03:91:51:de:02:66:3b:57:e8:45:62:a1:21:
                    8b:c8:d2:33:27:b0:79:2c:d5:19:6f:d2:91:9d:6b:
                    16:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:73:79:8B:59:2C:C8:B2:77:81:6B:AC:CC:D5:49:E2:59:0F:16:40
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/KXN5i1ksyLJ3gWuszNVJ4lkPFkA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.44.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:06:7d:28:b9:c0:ce:36:8c:9c:30:59:ae:a6:4b:a3:b5:d4:
         ce:1a:85:6e:76:bd:a9:71:10:4a:c6:c6:82:57:51:4f:63:7c:
         71:c3:86:02:24:73:67:a8:63:60:17:0b:0a:4e:ac:30:9f:10:
         32:72:38:a7:9d:73:c6:d6:f6:4d:a3:8b:ce:62:38:43:c0:c5:
         3d:a1:5e:f5:32:12:bb:2f:f0:9f:4f:11:c2:df:ef:63:7a:c9:
         64:22:08:31:b7:33:db:d8:86:2c:fa:47:50:6c:6c:d6:64:54:
         ca:0b:fa:c7:84:4f:4c:91:6e:6a:a5:1e:00:3c:88:29:fa:a0:
         57:cb:f9:d6:89:c8:88:d2:ac:05:eb:f9:53:ee:60:79:a2:9b:
         78:ca:15:7c:1e:c1:de:53:a9:50:88:c7:47:f3:05:ad:d2:ab:
         7f:bd:83:3d:31:76:ce:bb:db:61:40:9a:e0:95:13:da:34:89:
         0a:93:1f:63:17:26:13:f9:86:6b:7b:8f:26:d0:09:ef:6a:c7:
         b2:86:f0:d2:89:ae:ed:40:c9:17:ad:cd:93:e8:99:87:40:2f:
         77:4f:4f:1a:70:54:2c:c4:0c:4c:24:17:16:ed:52:a4:25:81:
         cd:69:30:ff:e8:10:cb:f5:3b:31:fc:b3:9f:b9:03:24:cc:2e:
         da:45:eb:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6EeCXtPjYOGf5aDKXyTMccMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjYwNjAxMTgzNTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTczNzk4YjU5MmNjOGIyNzc4MTZiYWNjY2Q1NDllMjU5MGYxNjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXLLUpTstasUf3KXJuHE3R2t1CNE
efB+A7LVX80wZcQcVMc2ss0cwnq2iowafas8eodFfLxGi8mIm3vg9F/eF+nQa+Ug
Wa3MIRIuiiMuuN/HJrWdlCnM6tjgpS6UC5U7kM0VsgwSvpeghN4Lo8nG6g1MetDK
prH0qqs1Pnr4SEr6xiZSC/+q+Tyc6DgU4w9X6Dgaa1TiJCpkkVBtpBJeydDqx/Uz
JpkLuAljtetg40QPpoh3VwGL/SBoSLVODMQ/kP9Fe0XvOTK5mBPtPvsxd2nJ0l7J
NYFbBx8q8yV/r90dGAORUd4CZjtX6EVioSGLyNIzJ7B5LNUZb9KRnWsWGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFClzeYtZLMiyd4FrrMzVSeJZDxZAMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvS1hONWkxa3N5TEozZ1d1c3pOVko0bGtQRmtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSzyMA0G
CSqGSIb3DQEBCwUAA4IBAQAjBn0oucDONoycMFmupkujtdTOGoVudr2pcRBKxsaC
V1FPY3xxw4YCJHNnqGNgFwsKTqwwnxAycjinnXPG1vZNo4vOYjhDwMU9oV71MhK7
L/CfTxHC3+9jeslkIggxtzPb2IYs+kdQbGzWZFTKC/rHhE9MkW5qpR4APIgp+qBX
y/nWiciI0qwF6/lT7mB5opt4yhV8HsHeU6lQiMdH8wWt0qt/vYM9MXbOu9thQJrg
lRPaNIkKkx9jFyYT+YZre48m0AnvaseyhvDSia7tQMkXrc2T6JmHQC93T08acFQs
xAxMJBcW7VKkJYHNaTD/6BDL9Tsx/LOfuQMkzC7aResE
-----END CERTIFICATE-----