Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/KaUoqagO4Gh-uNWHmbN9mJ0l5_M.roa
File:                     KaUoqagO4Gh-uNWHmbN9mJ0l5_M.roa (raw, json)
Hash identifier:          +tXL8aztgYY6LMPxlsThd81j1QiMCBtI/qbEQoXdRaA=
Subject key identifier:   29:A5:28:A9:A8:0E:E0:68:7E:B8:D5:87:99:B3:7D:98:9D:25:E7:F3
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019E83C2E117051EB8B15F0FEC5C4AEBC0F4
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/KaUoqagO4Gh-uNWHmbN9mJ0l5_M.roa
Signing time:             Mon 01 Jun 2026 15:17:27 +0000
ROA not before:           Mon 01 Jun 2026 15:17:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213896
IP address blocks:        87.85.99.0/24 maxlen: 24
                          87.85.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:05:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:83:c2:e1:17:05:1e:b8:b1:5f:0f:ec:5c:4a:eb:c0:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Jun  1 15:17:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=29a528a9a80ee0687eb8d58799b37d989d25e7f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:9f:f2:47:cf:a3:7a:01:69:c4:b1:59:7f:59:
                    3e:c6:f9:2e:64:b8:de:76:33:04:89:80:53:13:5d:
                    ff:4a:b7:b8:4f:77:f3:21:23:0a:51:9c:d8:db:5a:
                    ac:b8:c6:14:da:08:29:1b:bd:fd:2f:67:e0:a8:98:
                    c5:8a:e2:c8:ce:ab:33:4b:0d:bf:33:ba:f7:73:f6:
                    44:2f:fd:ee:64:d7:a6:ae:77:92:85:03:42:48:c3:
                    b8:63:0d:7c:92:45:bb:a2:f7:32:6d:70:f8:01:ec:
                    1b:9d:00:f4:df:93:0c:a0:be:8b:06:9a:65:03:6d:
                    14:90:91:20:50:88:14:00:69:b5:8e:65:90:c0:a8:
                    b2:53:64:42:a6:ed:80:00:8d:c8:8a:dd:4c:b9:3b:
                    7f:4d:14:9d:35:e7:0c:5c:91:9a:ed:ce:1e:fa:b3:
                    e9:e2:bf:71:ea:82:11:61:74:60:7c:6a:65:65:86:
                    1b:1c:06:a5:42:63:de:3a:2e:38:a5:f9:8f:2f:e3:
                    1f:dd:5d:25:de:99:c5:60:18:af:da:60:36:10:6f:
                    3b:3c:3b:02:bc:57:f9:62:72:47:f2:30:d1:da:87:
                    75:71:ef:4b:b7:be:df:26:65:5d:56:76:d0:01:87:
                    44:6c:69:f3:d0:ae:cf:a7:83:6a:8c:fd:ab:24:c4:
                    e3:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:A5:28:A9:A8:0E:E0:68:7E:B8:D5:87:99:B3:7D:98:9D:25:E7:F3
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/KaUoqagO4Gh-uNWHmbN9mJ0l5_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.85.99.0/24
                  87.85.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:68:79:0e:f2:b0:d3:b9:32:1a:ee:9d:a3:81:be:00:c3:f7:
         72:0c:c0:f0:b8:d3:c5:15:54:a2:77:69:5e:ab:f3:08:93:d0:
         e8:76:bc:76:e5:75:ec:db:ed:f9:c9:75:be:ca:e6:9e:03:5f:
         e3:08:08:85:a8:40:69:64:43:80:49:d0:da:a5:89:a8:a2:f6:
         da:87:c8:ed:41:5a:86:66:38:6e:b9:d8:31:87:c7:b8:39:4f:
         38:c9:a1:97:2b:8d:63:a8:1d:46:09:0e:d4:73:d7:5f:5d:09:
         bd:c7:fe:85:20:c0:eb:7f:21:e8:03:e6:7b:6d:76:b4:50:6d:
         eb:7a:48:6a:be:29:ed:b6:fb:57:30:da:46:7f:f9:49:48:85:
         19:7e:ba:69:f3:5b:15:74:e6:29:23:d8:40:da:85:2e:b3:11:
         05:73:3f:d6:98:38:30:cd:1d:59:94:b4:ad:59:48:1c:68:17:
         c5:96:4f:7f:cd:34:b8:40:e7:80:93:25:60:a0:a3:4a:5b:53:
         29:53:dd:e4:b8:ef:f5:33:d4:13:73:2e:42:17:81:dd:4f:10:
         ed:8d:c4:61:b6:e8:cf:0c:85:fd:5a:35:2e:1c:e7:2c:88:1d:
         d2:64:7f:15:3f:34:15:c5:a2:7e:f6:f7:ab:95:13:15:40:95:
         40:74:1a:9a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6DwuEXBR64sV8P7FxK68D0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNjAxMTUxNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWE1MjhhOWE4MGVlMDY4N2ViOGQ1ODc5OWIzN2Q5ODlkMjVlN2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsp/yR8+jegFpxLFZf1k+xvkuZLje
djMEiYBTE13/Sre4T3fzISMKUZzY21qsuMYU2ggpG739L2fgqJjFiuLIzqszSw2/
M7r3c/ZEL/3uZNemrneShQNCSMO4Yw18kkW7ovcybXD4AewbnQD035MMoL6LBppl
A20UkJEgUIgUAGm1jmWQwKiyU2RCpu2AAI3Iit1MuTt/TRSdNecMXJGa7c4e+rPp
4r9x6oIRYXRgfGplZYYbHAalQmPeOi44pfmPL+Mf3V0l3pnFYBiv2mA2EG87PDsC
vFf5YnJH8jDR2od1ce9Lt77fJmVdVnbQAYdEbGnz0K7Pp4NqjP2rJMTjMwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCmlKKmoDuBofrjVh5mzfZidJefzMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvS2FVb3FhZ080R2gtdU5XSG1iTjltSjBsNV9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV1VjAwQA
V1WkMA0GCSqGSIb3DQEBCwUAA4IBAQB9aHkO8rDTuTIa7p2jgb4Aw/dyDMDwuNPF
FVSid2leq/MIk9Dodrx25XXs2+35yXW+yuaeA1/jCAiFqEBpZEOASdDapYmoovba
h8jtQVqGZjhuudgxh8e4OU84yaGXK41jqB1GCQ7Uc9dfXQm9x/6FIMDrfyHoA+Z7
bXa0UG3rekhqvinttvtXMNpGf/lJSIUZfrpp81sVdOYpI9hA2oUusxEFcz/WmDgw
zR1ZlLStWUgcaBfFlk9/zTS4QOeAkyVgoKNKW1MpU93kuO/1M9QTcy5CF4HdTxDt
jcRhtujPDIX9WjUuHOcsiB3SZH8VPzQVxaJ+9verlRMVQJVAdBqa
-----END CERTIFICATE-----