Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/KbK_GUCbk6_l4PqY3tfSl9CIE08.roa
File:                     KbK_GUCbk6_l4PqY3tfSl9CIE08.roa (raw, json)
Hash identifier:          zoxs9V9ert9MYGSDGAJtsOY+9reHislxQzxfbVZHVtM=
Subject key identifier:   29:B2:BF:19:40:9B:93:AF:E5:E0:FA:98:DE:D7:D2:97:D0:88:13:4F
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019EF23368C1965DF400E0E1348D37553581
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/KbK_GUCbk6_l4PqY3tfSl9CIE08.roa
Signing time:             Tue 23 Jun 2026 01:58:35 +0000
ROA not before:           Tue 23 Jun 2026 01:58:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215262
IP address blocks:        2a06:9801:7e0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 13:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:f2:33:68:c1:96:5d:f4:00:e0:e1:34:8d:37:55:35:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Jun 23 01:58:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=29b2bf19409b93afe5e0fa98ded7d297d088134f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:7b:3f:cc:7c:f3:ff:b4:08:a2:cd:b0:c6:8b:
                    85:b0:2b:f3:a4:5d:01:1b:18:0d:4a:d4:81:4a:b1:
                    af:ce:ff:4c:41:82:71:7f:33:b3:d5:ba:07:b6:68:
                    c6:b0:eb:48:7d:43:ff:ae:d4:b7:10:96:40:dc:63:
                    45:2a:ff:f9:d0:59:f0:16:9a:00:9f:06:15:a6:e6:
                    1d:05:e6:af:50:9f:d7:5a:f9:a7:6b:37:c2:23:be:
                    27:3e:e3:cd:07:7e:70:41:0d:c7:16:e1:a1:1a:3e:
                    a7:b8:77:e4:6e:38:f9:f2:b0:b7:e7:d8:45:81:b7:
                    33:6c:bd:4c:16:c0:91:6d:2c:e0:40:aa:1c:a2:d3:
                    ee:6b:81:32:9f:9e:4d:73:4f:ec:14:21:14:f4:54:
                    c8:79:9c:4a:84:8f:3e:66:4f:10:3c:02:54:c5:0e:
                    9d:f5:4c:60:f5:76:4b:5f:f8:f0:d9:2c:14:61:6d:
                    74:9a:c4:bb:e9:8f:6e:9c:09:1b:64:43:c3:61:3a:
                    26:5f:40:99:8f:50:f5:83:39:af:af:9f:95:ee:c1:
                    29:29:45:c2:0b:1c:06:c1:5a:64:a9:58:d5:d3:9d:
                    7e:f5:2a:92:98:df:47:7f:3d:23:2f:da:7e:e3:99:
                    92:99:38:11:c1:37:20:cf:87:00:96:c6:ea:11:4f:
                    05:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:B2:BF:19:40:9B:93:AF:E5:E0:FA:98:DE:D7:D2:97:D0:88:13:4F
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/KbK_GUCbk6_l4PqY3tfSl9CIE08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:7e0::/44

    Signature Algorithm: sha256WithRSAEncryption
         52:e3:cb:20:0d:77:c7:1a:f0:14:8b:c0:7d:b4:54:86:3f:c3:
         ce:93:3c:80:bd:7e:b7:b4:8a:94:2e:35:43:f4:63:be:ea:94:
         d2:34:fc:e9:8b:3e:32:df:c4:03:6c:c3:a7:81:63:4a:7d:7f:
         96:e0:df:5f:19:26:95:4d:97:2a:5d:10:77:31:af:77:66:3f:
         79:82:7a:72:7f:7c:96:c3:fc:3a:4e:6b:00:ec:78:ac:63:5c:
         63:3b:76:ca:a3:c0:d5:6a:96:20:31:4d:4c:2a:43:d3:e6:81:
         7f:24:ee:58:5e:67:12:8f:11:b8:5c:7c:89:ab:20:71:46:84:
         02:8d:66:6d:da:93:ec:39:59:ec:89:01:48:00:fa:c2:4d:4b:
         a3:6b:b9:cf:99:de:22:02:4c:ff:9c:f8:59:15:b1:ea:e6:62:
         17:cd:a6:f4:05:03:38:cd:84:f2:c8:69:61:1e:28:b2:cd:a9:
         32:09:4d:98:45:bb:72:ea:8b:4d:5a:34:f1:55:10:54:86:c3:
         61:f7:2d:09:d2:82:21:23:c2:6d:57:7b:06:6e:37:e0:cf:28:
         eb:1a:5f:84:e1:49:21:96:fd:4b:cb:68:95:97:e4:d8:39:2b:
         5e:0e:16:78:44:9c:91:e5:0f:cb:57:d7:9f:79:5d:9b:2a:2c:
         a0:f0:ab:6c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ7yM2jBll30AODhNI03VTWBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNjIzMDE1ODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWIyYmYxOTQwOWI5M2FmZTVlMGZhOThkZWQ3ZDI5N2QwODgxMzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApns/zHzz/7QIos2wxouFsCvzpF0B
GxgNStSBSrGvzv9MQYJxfzOz1boHtmjGsOtIfUP/rtS3EJZA3GNFKv/50FnwFpoA
nwYVpuYdBeavUJ/XWvmnazfCI74nPuPNB35wQQ3HFuGhGj6nuHfkbjj58rC359hF
gbczbL1MFsCRbSzgQKocotPua4Eyn55Nc0/sFCEU9FTIeZxKhI8+Zk8QPAJUxQ6d
9Uxg9XZLX/jw2SwUYW10msS76Y9unAkbZEPDYTomX0CZj1D1gzmvr5+V7sEpKUXC
CxwGwVpkqVjV051+9SqSmN9Hfz0jL9p+45mSmTgRwTcgz4cAlsbqEU8F8QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCmyvxlAm5Ov5eD6mN7X0pfQiBNPMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvS2JLX0dVQ2JrNl9sNFBxWTN0ZlNsOUNJRTA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgaYAQfg
MA0GCSqGSIb3DQEBCwUAA4IBAQBS48sgDXfHGvAUi8B9tFSGP8POkzyAvX63tIqU
LjVD9GO+6pTSNPzpiz4y38QDbMOngWNKfX+W4N9fGSaVTZcqXRB3Ma93Zj95gnpy
f3yWw/w6TmsA7HisY1xjO3bKo8DVapYgMU1MKkPT5oF/JO5YXmcSjxG4XHyJqyBx
RoQCjWZt2pPsOVnsiQFIAPrCTUuja7nPmd4iAkz/nPhZFbHq5mIXzab0BQM4zYTy
yGlhHiiyzakyCU2YRbty6otNWjTxVRBUhsNh9y0J0oIhI8JtV3sGbjfgzyjrGl+E
4Ukhlv1Ly2iVl+TYOSteDhZ4RJyR5Q/LV9efeV2bKiyg8Kts
-----END CERTIFICATE-----