Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/_-CNKE2_7z_kM89zZk_UMMjhAl8.roa
File:                     _-CNKE2_7z_kM89zZk_UMMjhAl8.roa (raw, json)
Hash identifier:          Fyok2cPZyLmptoNn7yS8WruQ3n7BVYZFEv5nHH8YA4g=
Subject key identifier:   FF:E0:8D:28:4D:BF:EF:3F:E4:33:CF:73:66:4F:D4:30:C8:E1:02:5F
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       019E50DE27840B14B68A4C097ECB90AE71C5
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/_-CNKE2_7z_kM89zZk_UMMjhAl8.roa
Signing time:             Fri 22 May 2026 18:06:36 +0000
ROA not before:           Fri 22 May 2026 18:06:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49556
IP address blocks:        188.212.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:50:de:27:84:0b:14:b6:8a:4c:09:7e:cb:90:ae:71:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: May 22 18:06:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ffe08d284dbfef3fe433cf73664fd430c8e1025f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:10:e9:69:79:60:06:74:10:05:cc:cb:da:3b:
                    ae:15:3b:1b:c0:07:74:ea:5e:e0:ac:78:40:7e:07:
                    62:37:f3:8a:b4:a0:da:3d:63:e0:b0:fa:11:9e:af:
                    44:8f:90:cd:c7:f1:c7:84:89:f3:87:25:53:3f:e2:
                    40:ac:17:07:67:b1:a6:90:fb:98:72:c3:31:70:41:
                    f4:79:6d:46:2e:23:8d:50:08:f0:d2:80:3c:f9:78:
                    00:46:6a:ff:43:db:6e:a5:8a:23:4d:6b:41:03:29:
                    49:5f:0a:76:43:82:0a:37:7e:92:20:9c:93:73:dc:
                    85:8f:c4:ad:a6:17:d5:88:59:c3:30:ec:1e:ff:1d:
                    63:67:e2:8b:5f:da:0b:46:2e:7b:42:8f:15:15:ab:
                    42:0f:ec:89:26:0c:e4:a1:dc:73:98:13:16:c1:0a:
                    36:de:35:22:3d:f1:88:8d:d8:50:83:b1:b7:ec:63:
                    57:da:eb:95:a1:9a:fd:c4:37:1f:39:1f:fc:be:42:
                    4e:23:10:64:21:38:32:a3:3e:f5:78:37:6b:45:84:
                    29:2c:eb:5d:52:d9:03:34:85:80:f2:cd:9b:9b:4a:
                    99:ef:ab:03:53:86:70:cb:9f:aa:b5:e2:2a:fa:72:
                    dc:4a:e0:bd:da:6b:e9:24:57:db:1e:77:9f:d5:7a:
                    91:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:E0:8D:28:4D:BF:EF:3F:E4:33:CF:73:66:4F:D4:30:C8:E1:02:5F
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/_-CNKE2_7z_kM89zZk_UMMjhAl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.212.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:d9:4d:5c:cc:37:0c:ce:21:1d:3b:25:59:68:d0:b9:1a:4d:
         ea:7a:27:73:ae:12:47:73:26:09:10:ab:ed:6a:cd:5c:61:61:
         01:17:e0:f4:f1:db:77:a5:27:64:9f:9e:28:99:8b:2e:15:b7:
         df:2c:14:ac:dc:22:30:01:5a:0d:ef:b3:c3:80:df:83:f9:ee:
         63:cb:e0:83:f4:59:9f:17:dc:80:8c:f9:59:8f:c5:fe:96:43:
         31:eb:1b:01:60:1e:a0:cf:a3:68:08:2d:b8:d2:f0:69:35:7c:
         09:08:dd:c5:8c:8f:f6:3f:ff:61:6e:c5:35:f7:5c:a8:4a:d3:
         31:97:bd:ae:f6:db:7d:3c:3c:fe:c1:81:36:9e:84:02:01:aa:
         3c:9e:69:58:c4:4d:12:b1:95:23:a0:87:3a:f4:6d:6f:1f:b8:
         76:91:72:8a:0f:3e:2f:6a:ff:97:90:0b:b3:a0:ef:45:17:e6:
         89:bf:d4:08:2d:5a:3d:0e:10:3d:64:9a:c6:ab:53:62:07:f4:
         58:b1:75:28:cf:e1:b9:59:b7:d4:83:2d:79:89:1e:d9:25:95:
         a0:72:4b:bf:aa:24:6f:be:de:f5:39:36:e1:52:e5:8b:2e:94:
         c1:c2:b1:45:a3:9c:46:51:7b:d1:3f:5a:8a:00:d6:34:07:9f:
         7c:c6:78:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5Q3ieECxS2ikwJfsuQrnHFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjYwNTIyMTgwNjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmUwOGQyODRkYmZlZjNmZTQzM2NmNzM2NjRmZDQzMGM4ZTEwMjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBDpaXlgBnQQBczL2juuFTsbwAd0
6l7grHhAfgdiN/OKtKDaPWPgsPoRnq9Ej5DNx/HHhInzhyVTP+JArBcHZ7GmkPuY
csMxcEH0eW1GLiONUAjw0oA8+XgARmr/Q9tupYojTWtBAylJXwp2Q4IKN36SIJyT
c9yFj8StphfViFnDMOwe/x1jZ+KLX9oLRi57Qo8VFatCD+yJJgzkodxzmBMWwQo2
3jUiPfGIjdhQg7G37GNX2uuVoZr9xDcfOR/8vkJOIxBkITgyoz71eDdrRYQpLOtd
UtkDNIWA8s2bm0qZ76sDU4Zwy5+qteIq+nLcSuC92mvpJFfbHnef1XqRwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP/gjShNv+8/5DPPc2ZP1DDI4QJfMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvXy1DTktFMl83el9rTTg5elprX1VNTWpoQWw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNRiMA0G
CSqGSIb3DQEBCwUAA4IBAQBo2U1czDcMziEdOyVZaNC5Gk3qeidzrhJHcyYJEKvt
as1cYWEBF+D08dt3pSdkn54omYsuFbffLBSs3CIwAVoN77PDgN+D+e5jy+CD9Fmf
F9yAjPlZj8X+lkMx6xsBYB6gz6NoCC240vBpNXwJCN3FjI/2P/9hbsU191yoStMx
l72u9tt9PDz+wYE2noQCAao8nmlYxE0SsZUjoIc69G1vH7h2kXKKDz4vav+XkAuz
oO9FF+aJv9QILVo9DhA9ZJrGq1NiB/RYsXUoz+G5WbfUgy15iR7ZJZWgcku/qiRv
vt71OTbhUuWLLpTBwrFFo5xGUXvRP1qKANY0B598xniN
-----END CERTIFICATE-----