Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/KMrWEiP5Yy6wX99O6ZQ0fHC7BcY.roa
File:                     KMrWEiP5Yy6wX99O6ZQ0fHC7BcY.roa (raw, json)
Hash identifier:          TPcHEHAqi3Ooq1IFkjWpbkcWw7ZwIqec6HKECpOIaOU=
Subject key identifier:   28:CA:D6:12:23:F9:63:2E:B0:5F:DF:4E:E9:94:34:7C:70:BB:05:C6
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019E87FD077C8CDA972CDB249DB788BFAB42
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/KMrWEiP5Yy6wX99O6ZQ0fHC7BcY.roa
Signing time:             Tue 02 Jun 2026 10:59:27 +0000
ROA not before:           Tue 02 Jun 2026 10:59:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2914
IP address blocks:        64.137.52.0/23 maxlen: 23
                          104.233.0.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 19:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:87:fd:07:7c:8c:da:97:2c:db:24:9d:b7:88:bf:ab:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jun  2 10:59:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=28cad61223f9632eb05fdf4ee994347c70bb05c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:3c:82:f9:78:4b:38:50:cd:6a:5f:ca:ff:4f:
                    24:07:a7:c1:52:81:ce:85:c2:a0:7b:3d:03:b5:e2:
                    70:5f:6b:db:8c:47:0a:55:86:56:1f:53:b0:7b:0a:
                    70:15:25:94:fc:c2:8e:93:cc:e5:54:32:39:21:70:
                    65:6d:69:51:90:13:09:ae:34:44:b3:d1:39:ef:f2:
                    b1:e1:d9:bf:2a:90:2c:56:a2:a0:e7:cd:92:17:b0:
                    04:78:74:a7:39:c0:a8:8c:00:8f:81:76:d3:4a:cc:
                    d6:bd:e0:60:ef:9e:f8:fc:55:11:3c:c2:ee:ec:d5:
                    77:7d:4d:80:65:cc:3b:9e:b6:cb:4a:68:db:d3:f4:
                    4d:f5:57:0f:9a:c4:7b:87:f6:a3:02:4b:0b:c0:82:
                    dc:e6:3d:6d:38:3d:f6:de:56:46:e0:eb:44:94:ea:
                    e1:33:9c:90:cc:83:d0:cd:47:ff:0f:70:eb:3b:ab:
                    1d:eb:ad:d8:fb:46:38:a2:b3:d6:c4:0e:1b:58:1e:
                    d3:77:4b:64:05:92:6d:41:7a:93:bd:c3:24:bb:64:
                    6b:11:a1:f0:38:cb:e3:a4:33:69:b2:ad:1b:8f:8d:
                    a6:60:6e:53:32:d5:cb:e9:fc:ac:90:36:f7:62:20:
                    07:49:88:4b:3f:a4:7a:35:b0:44:26:86:67:a1:4e:
                    2d:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:CA:D6:12:23:F9:63:2E:B0:5F:DF:4E:E9:94:34:7C:70:BB:05:C6
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/KMrWEiP5Yy6wX99O6ZQ0fHC7BcY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.137.52.0/23
                  104.233.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         15:76:9b:c6:41:6f:e2:10:a7:f1:f2:19:7d:a2:23:49:28:2f:
         e2:7b:88:c1:54:6b:f4:26:20:50:ee:f3:31:41:7f:d9:b2:98:
         e5:63:3b:2b:05:9a:2d:02:88:93:ea:8d:42:05:2e:ed:cd:86:
         9e:a1:a7:80:d6:02:1b:59:22:c5:be:4c:8a:05:4d:16:02:6e:
         92:09:31:ef:0a:7f:1d:49:09:e7:2c:eb:1e:8f:e3:69:fc:1d:
         cf:32:a9:09:b3:0a:a8:21:2a:cb:a9:bf:cf:25:23:f0:29:ce:
         df:7f:08:9d:ab:9a:80:98:bb:0e:70:25:14:41:c9:a8:ae:e5:
         2d:5e:5c:8c:f7:4b:31:23:7e:3d:38:c8:39:44:cc:12:de:25:
         fc:42:1c:a4:71:3d:9d:0f:cb:c3:1d:ea:4e:75:b9:f3:98:fb:
         59:5f:c6:c8:14:60:ac:c4:6b:fb:fe:04:02:0f:b2:8e:50:48:
         79:59:b5:de:c7:8d:86:09:52:d1:68:fe:51:ff:ef:67:9f:5a:
         ca:86:68:6a:06:a9:be:ea:51:36:50:70:a3:d4:2b:b9:e8:d0:
         00:ce:aa:92:1d:27:29:46:68:45:c9:e3:4d:36:66:63:2e:06:
         b8:52:74:35:cd:a8:67:f7:36:39:db:5e:6b:10:9b:a8:2e:11:
         b7:73:41:2d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6H/Qd8jNqXLNsknbeIv6tCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjYwNjAyMTA1OTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGNhZDYxMjIzZjk2MzJlYjA1ZmRmNGVlOTk0MzQ3YzcwYmIwNWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DyC+XhLOFDNal/K/08kB6fBUoHO
hcKgez0DteJwX2vbjEcKVYZWH1OwewpwFSWU/MKOk8zlVDI5IXBlbWlRkBMJrjRE
s9E57/Kx4dm/KpAsVqKg582SF7AEeHSnOcCojACPgXbTSszWveBg7574/FURPMLu
7NV3fU2AZcw7nrbLSmjb0/RN9VcPmsR7h/ajAksLwILc5j1tOD323lZG4OtElOrh
M5yQzIPQzUf/D3DrO6sd663Y+0Y4orPWxA4bWB7Td0tkBZJtQXqTvcMku2RrEaHw
OMvjpDNpsq0bj42mYG5TMtXL6fyskDb3YiAHSYhLP6R6NbBEJoZnoU4tkwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCjK1hIj+WMusF/fTumUNHxwuwXGMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvS01yV0VpUDVZeTZ3WDk5TzZaUTBmSEM3QmNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBQIk0AwQC
aOkAMA0GCSqGSIb3DQEBCwUAA4IBAQAVdpvGQW/iEKfx8hl9oiNJKC/ie4jBVGv0
JiBQ7vMxQX/ZspjlYzsrBZotAoiT6o1CBS7tzYaeoaeA1gIbWSLFvkyKBU0WAm6S
CTHvCn8dSQnnLOsej+Np/B3PMqkJswqoISrLqb/PJSPwKc7ffwidq5qAmLsOcCUU
QcmoruUtXlyM90sxI349OMg5RMwS3iX8QhykcT2dD8vDHepOdbnzmPtZX8bIFGCs
xGv7/gQCD7KOUEh5WbXex42GCVLRaP5R/+9nn1rKhmhqBqm+6lE2UHCj1Cu56NAA
zqqSHScpRmhFyeNNNmZjLga4UnQ1zahn9zY5215rEJuoLhG3c0Et
-----END CERTIFICATE-----