Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/KvM3StmOZkBwSmEp39O9I_j7k04.roa
File:                     KvM3StmOZkBwSmEp39O9I_j7k04.roa (raw, json)
Hash identifier:          tpcdc0S3Vfat1KVvABMTMEmMwO077uZepfs7I1i4yMY=
Subject key identifier:   2A:F3:37:4A:D9:8E:66:40:70:4A:61:29:DF:D3:BD:23:F8:FB:93:4E
Certificate issuer:       /CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
Certificate serial:       019E3B664C5F32E5BFD67429CE82750924F6
Authority key identifier: 1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/KvM3StmOZkBwSmEp39O9I_j7k04.roa
Signing time:             Mon 18 May 2026 14:03:40 +0000
ROA not before:           Mon 18 May 2026 14:03:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214798
IP address blocks:        176.98.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3b:66:4c:5f:32:e5:bf:d6:74:29:ce:82:75:09:24:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
        Validity
            Not Before: May 18 14:03:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2af3374ad98e6640704a6129dfd3bd23f8fb934e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:49:8f:5b:b6:6e:3a:4f:89:26:80:86:ce:f5:
                    a7:45:7b:16:37:dd:10:a3:b1:86:7d:35:64:c2:36:
                    f8:f2:ef:84:31:1c:54:7b:7f:af:6b:9b:76:90:64:
                    de:93:92:7b:a7:ce:d3:14:9a:43:26:49:e5:75:ee:
                    7e:7a:1d:b3:48:b3:f6:3e:3c:7c:62:ac:59:4b:1a:
                    04:e1:6e:02:73:8c:cc:09:c1:cd:cc:37:fa:be:e3:
                    c2:ef:de:be:29:22:fe:27:93:a5:31:09:1d:35:e9:
                    70:97:95:05:38:25:8a:cd:1b:e8:f8:8f:6a:b1:9e:
                    1c:74:59:1f:88:a0:12:fc:47:a4:da:df:80:18:83:
                    19:92:96:9d:e8:dc:df:b9:e5:68:dc:98:d6:ef:1c:
                    d0:20:22:66:cc:e2:eb:1a:b6:3a:99:e7:e2:9d:87:
                    92:1a:b6:e3:bf:88:9b:1b:be:1e:db:bb:ba:17:80:
                    e8:ee:3c:bc:3d:05:58:55:fe:4a:ed:86:fb:a6:45:
                    ed:e5:5d:44:2e:83:07:74:19:cf:6a:93:ec:c5:7b:
                    50:ce:7d:cc:34:bb:5c:37:93:c2:da:a2:e4:a2:9f:
                    76:1f:73:73:3c:25:da:6f:ef:90:a4:d5:c8:c5:a3:
                    73:40:98:b0:0b:b4:04:70:43:3f:9e:7e:1c:1b:a6:
                    e7:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:F3:37:4A:D9:8E:66:40:70:4A:61:29:DF:D3:BD:23:F8:FB:93:4E
            X509v3 Authority Key Identifier:
                keyid:1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/KvM3StmOZkBwSmEp39O9I_j7k04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.98.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:cd:c6:16:2d:5e:5d:56:7e:21:de:7f:8a:f2:7b:dc:d0:94:
         90:5c:d7:5d:ae:a4:a6:00:e2:29:2a:a3:7e:d2:29:96:d8:ef:
         2b:3d:63:4c:4a:d3:fe:c6:9d:a8:34:1e:e8:68:fd:ac:55:fd:
         8f:e7:4d:73:db:fe:66:82:6b:d1:cf:b7:9a:2c:ff:6e:66:fc:
         a9:6e:c2:8a:db:f2:16:da:d5:3a:05:f7:33:f8:27:f7:75:f4:
         58:c8:0c:66:c1:2d:11:44:3a:bb:85:61:00:fa:fc:b8:52:cd:
         59:94:d8:50:34:81:ac:b2:00:4f:8b:46:78:8b:e6:1e:76:65:
         fc:18:a1:4c:64:86:0d:10:10:ba:97:a2:ed:99:27:bd:7c:f6:
         23:0b:12:39:ef:cb:0b:ca:6c:d8:2e:40:63:7f:b9:62:46:ac:
         ac:3b:80:5b:96:1d:a6:28:50:70:74:85:ee:44:11:8e:cc:89:
         65:36:16:d6:44:b2:47:76:e5:08:ef:e5:4a:66:b6:82:c5:ce:
         bc:62:36:1e:b9:f3:c9:e9:a2:5a:a7:4f:92:48:2e:0e:99:a5:
         bf:24:db:27:09:e2:0d:90:fe:db:8a:b3:19:8a:bb:f9:a5:cb:
         cd:25:33:c7:dc:02:0a:b0:7d:cb:1e:53:a4:69:d1:75:67:30:
         7a:e6:00:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ47ZkxfMuW/1nQpzoJ1CST2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMmMyMTlmM2MyOTdiNzc1ODgwYzNiNjUxYTIwMDNmOWJl
NmRlNWUwHhcNMjYwNTE4MTQwMzQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWYzMzc0YWQ5OGU2NjQwNzA0YTYxMjlkZmQzYmQyM2Y4ZmI5MzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUmPW7ZuOk+JJoCGzvWnRXsWN90Q
o7GGfTVkwjb48u+EMRxUe3+va5t2kGTek5J7p87TFJpDJknlde5+eh2zSLP2Pjx8
YqxZSxoE4W4Cc4zMCcHNzDf6vuPC796+KSL+J5OlMQkdNelwl5UFOCWKzRvo+I9q
sZ4cdFkfiKAS/Eek2t+AGIMZkpad6NzfueVo3JjW7xzQICJmzOLrGrY6mefinYeS
Grbjv4ibG74e27u6F4Do7jy8PQVYVf5K7Yb7pkXt5V1ELoMHdBnPapPsxXtQzn3M
NLtcN5PC2qLkop92H3NzPCXab++QpNXIxaNzQJiwC7QEcEM/nn4cG6bn0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCrzN0rZjmZAcEphKd/TvSP4+5NOMB8GA1UdIwQY
MBaAFBssIZ88KXt3WIDDtlGiAD+b5t5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEt
OTJjODFmMjJlNzEyLzEvS3ZNM1N0bU9aa0J3U21FcDM5TzlJX2o3azA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEtOTJjODFmMjJlNzEy
LzEvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGK9MA0G
CSqGSIb3DQEBCwUAA4IBAQAKzcYWLV5dVn4h3n+K8nvc0JSQXNddrqSmAOIpKqN+
0imW2O8rPWNMStP+xp2oNB7oaP2sVf2P501z2/5mgmvRz7eaLP9uZvypbsKK2/IW
2tU6Bfcz+Cf3dfRYyAxmwS0RRDq7hWEA+vy4Us1ZlNhQNIGssgBPi0Z4i+YedmX8
GKFMZIYNEBC6l6LtmSe9fPYjCxI578sLymzYLkBjf7liRqysO4Bblh2mKFBwdIXu
RBGOzIllNhbWRLJHduUI7+VKZraCxc68YjYeufPJ6aJap0+SSC4OmaW/JNsnCeIN
kP7birMZirv5pcvNJTPH3AIKsH3LHlOkadF1ZzB65gDY
-----END CERTIFICATE-----