Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/12d691-37a4-4b15-a7ea-bd37da0e447c/1/KfwY1j22Ax4UScL4SqchoS6Z8Bo.roa
File:                     KfwY1j22Ax4UScL4SqchoS6Z8Bo.roa (raw, json)
Hash identifier:          lfrpyk1o29ncs3GeyAV8veuvMaUhtX2qKzwSKrcBWAo=
Subject key identifier:   29:FC:18:D6:3D:B6:03:1E:14:49:C2:F8:4A:A7:21:A1:2E:99:F0:1A
Certificate issuer:       /CN=fb79c26f31575345159c840ed278a878a9256615
Certificate serial:       019ECBA16A7DB53C24B901F8D233148D79DF
Authority key identifier: FB:79:C2:6F:31:57:53:45:15:9C:84:0E:D2:78:A8:78:A9:25:66:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-3nCbzFXU0UVnIQO0nioeKklZhU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/12d691-37a4-4b15-a7ea-bd37da0e447c/1/KfwY1j22Ax4UScL4SqchoS6Z8Bo.roa
Signing time:             Mon 15 Jun 2026 14:13:33 +0000
ROA not before:           Mon 15 Jun 2026 14:13:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12459
IP address blocks:        91.214.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/12d691-37a4-4b15-a7ea-bd37da0e447c/1/1-3nCbzFXU0UVnIQO0nioeKklZhU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/12d691-37a4-4b15-a7ea-bd37da0e447c/1/1-3nCbzFXU0UVnIQO0nioeKklZhU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-3nCbzFXU0UVnIQO0nioeKklZhU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 20:30:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:cb:a1:6a:7d:b5:3c:24:b9:01:f8:d2:33:14:8d:79:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb79c26f31575345159c840ed278a878a9256615
        Validity
            Not Before: Jun 15 14:13:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=29fc18d63db6031e1449c2f84aa721a12e99f01a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:cf:80:5a:00:92:32:f9:c8:dc:1e:27:08:44:
                    50:f1:a2:e0:4f:94:7a:81:46:ac:ff:0f:60:3e:ee:
                    bf:e2:40:84:61:33:2b:eb:5f:a9:81:c2:34:18:ea:
                    7c:c1:ad:a9:72:1f:72:52:f0:95:da:1b:b6:1e:3a:
                    15:db:6a:0e:f1:ee:b0:bc:db:f3:d7:3e:d1:22:55:
                    d7:a7:8c:fa:0e:e2:dc:0c:c1:55:33:93:4a:34:7f:
                    f8:ef:f8:09:09:58:37:7a:9d:57:bb:07:b5:54:c7:
                    2c:9f:f3:a6:0f:a8:91:be:10:c9:21:4a:4b:ac:c4:
                    12:76:b8:49:46:e4:3b:a6:02:06:6e:81:96:54:3f:
                    6d:a6:73:9c:5b:3f:02:b9:e1:91:c2:4b:73:90:2b:
                    0d:40:7c:5e:8e:ce:7b:9e:40:b1:64:48:bc:88:70:
                    85:1f:b1:f3:e4:7b:9a:79:17:dd:37:14:c0:5e:bb:
                    9c:c8:77:5a:e6:f3:71:d4:96:4c:6f:45:53:44:e8:
                    7a:0b:5e:7c:6f:ef:90:e8:c1:22:63:4d:e2:4e:f9:
                    63:4a:1a:e4:6c:e8:39:d3:3b:8e:38:11:b0:6e:77:
                    97:5a:f0:52:41:d0:e1:94:44:6c:b8:b9:60:b2:43:
                    cc:bc:43:95:b1:f3:1a:9c:c8:0a:ae:5f:96:93:6f:
                    e4:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:FC:18:D6:3D:B6:03:1E:14:49:C2:F8:4A:A7:21:A1:2E:99:F0:1A
            X509v3 Authority Key Identifier:
                keyid:FB:79:C2:6F:31:57:53:45:15:9C:84:0E:D2:78:A8:78:A9:25:66:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-3nCbzFXU0UVnIQO0nioeKklZhU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/12d691-37a4-4b15-a7ea-bd37da0e447c/1/KfwY1j22Ax4UScL4SqchoS6Z8Bo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/12d691-37a4-4b15-a7ea-bd37da0e447c/1/1-3nCbzFXU0UVnIQO0nioeKklZhU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.214.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:99:db:93:21:d9:25:94:d7:af:7c:f2:1d:4b:b3:2a:f1:a5:
         8a:e4:da:26:ff:dc:73:66:aa:67:6b:e6:79:4a:11:7b:ea:f9:
         a6:aa:7a:36:52:1d:7f:8d:2a:5f:a6:3d:fa:0e:12:bb:52:97:
         5e:94:69:66:0a:24:34:c5:30:e2:91:b6:62:be:89:a1:aa:06:
         91:ab:f7:6a:95:ec:1e:5b:74:82:a1:ab:a7:09:0b:81:ab:4c:
         42:12:ce:7e:19:d1:93:2f:61:fb:ab:64:3e:f7:52:cc:b0:fb:
         74:ee:8c:04:fb:a1:e4:9b:d8:e0:b8:0d:a0:10:bb:87:20:8b:
         73:1d:e5:38:51:fe:78:c6:eb:5a:f2:bc:ec:6a:f6:3e:52:c2:
         99:f6:6b:af:ef:67:98:62:c3:4c:b3:28:d7:6e:0a:93:f2:7c:
         fb:26:1f:6b:96:e6:16:be:ba:dd:52:fe:b6:69:06:dd:96:28:
         d9:ee:dd:a3:04:59:fd:7a:4d:26:5f:9f:be:67:94:ac:e7:71:
         5b:8a:69:59:9b:4d:1c:c7:07:af:bd:c0:b4:9f:88:fb:42:80:
         ba:03:fb:c1:8b:ff:76:ec:df:23:b8:82:18:3f:8a:91:f5:1a:
         d6:04:2a:f6:77:72:7a:85:36:fc:04:85:63:e5:56:b0:ad:48:
         cf:ed:06:73
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZ7LoWp9tTwkuQH40jMUjXnfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiNzljMjZmMzE1NzUzNDUxNTljODQwZWQyNzhhODc4YTky
NTY2MTUwHhcNMjYwNjE1MTQxMzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWZjMThkNjNkYjYwMzFlMTQ0OWMyZjg0YWE3MjFhMTJlOTlmMDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiM+AWgCSMvnI3B4nCERQ8aLgT5R6
gUas/w9gPu6/4kCEYTMr61+pgcI0GOp8wa2pch9yUvCV2hu2HjoV22oO8e6wvNvz
1z7RIlXXp4z6DuLcDMFVM5NKNH/47/gJCVg3ep1Xuwe1VMcsn/OmD6iRvhDJIUpL
rMQSdrhJRuQ7pgIGboGWVD9tpnOcWz8CueGRwktzkCsNQHxejs57nkCxZEi8iHCF
H7Hz5HuaeRfdNxTAXrucyHda5vNx1JZMb0VTROh6C158b++Q6MEiY03iTvljShrk
bOg50zuOOBGwbneXWvBSQdDhlERsuLlgskPMvEOVsfManMgKrl+Wk2/kvwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCn8GNY9tgMeFEnC+EqnIaEumfAaMB8GA1UdIwQY
MBaAFPt5wm8xV1NFFZyEDtJ4qHipJWYVMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS0zbkNiekZYVTBVVm5JUU8wbmlvZUtrbFpoVS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODAvMTJkNjkxLTM3YTQtNGIxNS1hN2Vh
LWJkMzdkYTBlNDQ3Yy8xL0tmd1kxajIyQXg0VVNjTDRTcWNob1M2WjhCby5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODAvMTJkNjkxLTM3YTQtNGIxNS1hN2VhLWJkMzdkYTBlNDQ3
Yy8xLzEtM25DYnpGWFUwVVZuSVFPMG5pb2VLa2xaaFUuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABb1i0w
DQYJKoZIhvcNAQELBQADggEBAEqZ25Mh2SWU16988h1LsyrxpYrk2ib/3HNmqmdr
5nlKEXvq+aaqejZSHX+NKl+mPfoOErtSl16UaWYKJDTFMOKRtmK+iaGqBpGr92qV
7B5bdIKhq6cJC4GrTEISzn4Z0ZMvYfurZD73Usyw+3TujAT7oeSb2OC4DaAQu4cg
i3Md5ThR/njG61ryvOxq9j5Swpn2a6/vZ5hiw0yzKNduCpPyfPsmH2uW5ha+ut1S
/rZpBt2WKNnu3aMEWf16TSZfn75nlKzncVuKaVmbTRzHB6+9wLSfiPtCgLoD+8GL
/3bs3yO4ghg/ipH1GtYEKvZ3cnqFNvwEhWPlVrCtSM/tBnM=
-----END CERTIFICATE-----
Generated at Wed Jul 1 01:34:17 2026 by rpki-client