Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/KmnFkmxRpBR3M7e2s0wp9vNbfeU.roa
File:                     KmnFkmxRpBR3M7e2s0wp9vNbfeU.roa (raw, json)
Hash identifier:          7wvQQO0KV9rHOA/7jjoRqj/nG2Xmu+/OUYKBPusVQa0=
Subject key identifier:   2A:69:C5:92:6C:51:A4:14:77:33:B7:B6:B3:4C:29:F6:F3:5B:7D:E5
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       019E407C2374EDD70A0A46172FB53E2BA606
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/KmnFkmxRpBR3M7e2s0wp9vNbfeU.roa
Signing time:             Tue 19 May 2026 13:45:37 +0000
ROA not before:           Tue 19 May 2026 13:45:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197901
IP address blocks:        95.46.74.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:01:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:40:7c:23:74:ed:d7:0a:0a:46:17:2f:b5:3e:2b:a6:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: May 19 13:45:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2a69c5926c51a4147733b7b6b34c29f6f35b7de5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:f6:a7:cd:31:3a:a9:2f:da:75:7f:22:d8:c2:
                    09:c0:67:5a:a8:77:4c:b5:a8:fe:5f:41:45:48:9b:
                    fc:54:c5:ce:de:ce:da:19:f1:2a:fa:df:6e:89:3c:
                    21:7b:09:f2:55:c7:c5:12:2c:5c:4d:83:17:b3:f9:
                    a0:be:55:20:57:99:3e:72:af:48:9a:3c:23:7e:fc:
                    57:eb:70:11:fb:0a:eb:8a:dc:f7:d4:a0:d6:36:e1:
                    0c:41:f4:3d:2e:91:c0:51:81:8f:43:73:df:f3:53:
                    9a:de:d5:c2:79:60:cb:5d:e0:a9:2e:99:5e:f2:95:
                    aa:a8:b5:b0:80:2d:24:17:27:f6:3b:74:ce:f8:ac:
                    96:60:03:e3:55:59:ab:58:e0:30:45:02:a3:f9:b4:
                    ab:41:e1:e0:fe:d1:36:35:57:bf:08:f8:c4:c8:bf:
                    8e:9d:6c:ae:2f:c3:02:89:93:cf:a0:51:b4:07:01:
                    83:65:36:03:48:f2:e8:b8:c2:5e:a6:35:6e:3b:b0:
                    40:2a:98:b4:c1:ed:9b:93:6a:bd:3a:4e:a9:bd:28:
                    2c:c9:e2:e9:d1:91:51:cc:71:38:6c:45:ab:55:a7:
                    d5:9a:90:e5:7f:6f:9d:45:9c:9a:59:25:c1:68:12:
                    e0:f4:ca:72:ac:1b:f6:32:f5:37:34:fd:84:54:a0:
                    ed:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:69:C5:92:6C:51:A4:14:77:33:B7:B6:B3:4C:29:F6:F3:5B:7D:E5
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/KmnFkmxRpBR3M7e2s0wp9vNbfeU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.46.74.0/23

    Signature Algorithm: sha256WithRSAEncryption
         82:22:3b:ef:c0:29:70:1f:63:2b:89:5d:69:24:73:09:bc:83:
         a5:a3:83:c7:fe:48:80:c9:4d:28:2b:e5:df:e5:03:8e:aa:76:
         02:ad:55:0f:d3:08:ff:1d:e3:76:a1:6f:bd:04:26:91:3f:ae:
         f5:ce:2a:4f:70:0e:68:55:e3:8c:97:60:f1:47:ef:ee:f3:c2:
         52:22:35:76:01:cf:2a:31:27:48:99:90:c1:76:26:08:ee:d3:
         51:67:65:21:c0:48:48:fc:0c:2b:24:4d:06:13:54:9e:03:6e:
         00:2e:bd:cb:50:d2:db:0a:32:f4:20:18:f1:14:95:17:20:43:
         22:2e:56:04:b9:81:a4:63:9b:b6:26:f4:51:8a:a5:e7:b0:2a:
         7e:b2:57:85:3c:76:8f:85:36:9c:68:63:57:99:76:bb:73:3c:
         59:0c:82:08:a5:f2:9c:df:8a:3e:5a:35:21:54:fb:b1:dc:46:
         4c:12:a3:69:08:d9:d3:7e:e3:36:bb:3a:54:16:b9:64:c1:36:
         a3:d3:5c:43:b8:de:28:d8:f4:f8:21:d2:17:19:92:bd:9e:e6:
         35:75:8e:81:17:88:98:3b:d2:09:50:4b:fe:b5:dc:8e:1d:10:
         1f:a8:cc:f4:15:5e:7e:d8:93:bb:e9:60:8d:d1:33:c8:0d:a8:
         de:0c:f7:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5AfCN07dcKCkYXL7U+K6YGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjYwNTE5MTM0NTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTY5YzU5MjZjNTFhNDE0NzczM2I3YjZiMzRjMjlmNmYzNWI3ZGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7PanzTE6qS/adX8i2MIJwGdaqHdM
taj+X0FFSJv8VMXO3s7aGfEq+t9uiTwhewnyVcfFEixcTYMXs/mgvlUgV5k+cq9I
mjwjfvxX63AR+wrritz31KDWNuEMQfQ9LpHAUYGPQ3Pf81Oa3tXCeWDLXeCpLple
8pWqqLWwgC0kFyf2O3TO+KyWYAPjVVmrWOAwRQKj+bSrQeHg/tE2NVe/CPjEyL+O
nWyuL8MCiZPPoFG0BwGDZTYDSPLouMJepjVuO7BAKpi0we2bk2q9Ok6pvSgsyeLp
0ZFRzHE4bEWrVafVmpDlf2+dRZyaWSXBaBLg9MpyrBv2MvU3NP2EVKDtZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCppxZJsUaQUdzO3trNMKfbzW33lMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvS21uRmtteFJwQlIzTTdlMnMwd3A5dk5iZmVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXy5KMA0G
CSqGSIb3DQEBCwUAA4IBAQCCIjvvwClwH2MriV1pJHMJvIOlo4PH/kiAyU0oK+Xf
5QOOqnYCrVUP0wj/HeN2oW+9BCaRP671zipPcA5oVeOMl2DxR+/u88JSIjV2Ac8q
MSdImZDBdiYI7tNRZ2UhwEhI/AwrJE0GE1SeA24ALr3LUNLbCjL0IBjxFJUXIEMi
LlYEuYGkY5u2JvRRiqXnsCp+sleFPHaPhTacaGNXmXa7czxZDIIIpfKc34o+WjUh
VPux3EZMEqNpCNnTfuM2uzpUFrlkwTaj01xDuN4o2PT4IdIXGZK9nuY1dY6BF4iY
O9IJUEv+tdyOHRAfqMz0FV5+2JO76WCN0TPIDajeDPeU
-----END CERTIFICATE-----