Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/KsO_QgRT4HRTy9NUr9RwW-fE8qI.roa
File:                     KsO_QgRT4HRTy9NUr9RwW-fE8qI.roa (raw, json)
Hash identifier:          2vRLbPM0pyFl21bIcT0eNlafJQyCPbo7DwGLoYVM1R8=
Subject key identifier:   2A:C3:BF:42:04:53:E0:74:53:CB:D3:54:AF:D4:70:5B:E7:C4:F2:A2
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       019DB3884AAFB81C51448F7ED98CC8D33990
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/KsO_QgRT4HRTy9NUr9RwW-fE8qI.roa
Signing time:             Wed 22 Apr 2026 04:52:26 +0000
ROA not before:           Wed 22 Apr 2026 04:52:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212264
IP address blocks:        194.85.113.0/24 maxlen: 24
                          195.208.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Apr 2026 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b3:88:4a:af:b8:1c:51:44:8f:7e:d9:8c:c8:d3:39:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Apr 22 04:52:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2ac3bf420453e07453cbd354afd4705be7c4f2a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:b9:01:64:1a:cb:f9:53:4f:26:1e:d5:c3:bb:
                    14:e0:9f:2f:f5:bb:89:16:d4:57:94:ce:27:11:ba:
                    4e:c4:7f:6d:37:55:4b:2f:76:9b:58:ec:64:3b:69:
                    48:da:41:b4:ae:4f:be:2c:f8:e1:24:07:d4:52:18:
                    3c:dc:58:92:47:05:f7:be:bd:4d:b1:eb:43:0a:95:
                    7b:70:5f:d4:72:85:65:c3:f1:31:56:20:3b:fa:a6:
                    b0:ee:08:21:af:11:08:87:87:4a:cb:0a:cf:9e:81:
                    cd:00:90:4f:34:fa:66:6b:c0:b3:1f:36:a4:7a:3c:
                    70:fd:35:69:a8:69:e2:fb:8a:06:8a:80:8e:18:fa:
                    28:2a:9d:e9:a2:78:78:2a:6c:5d:bc:9c:3a:d7:88:
                    3d:1b:ac:01:71:12:4e:07:0f:d7:38:89:e6:a3:13:
                    9c:b2:78:1d:6e:08:1f:57:e8:29:43:7a:e6:58:d8:
                    1b:d1:50:cc:d1:a2:6f:0f:f8:fa:0a:ab:62:03:39:
                    23:a2:3a:99:6d:11:ac:08:68:4e:c8:2d:f7:68:48:
                    0b:2c:f0:80:af:70:7f:19:65:71:38:9b:25:a7:e3:
                    df:b8:06:b1:65:3a:bf:4d:2f:0d:90:20:a7:30:ca:
                    a7:6e:a5:62:fe:8b:4f:f4:ae:b5:67:99:7c:01:ec:
                    d3:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:C3:BF:42:04:53:E0:74:53:CB:D3:54:AF:D4:70:5B:E7:C4:F2:A2
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/KsO_QgRT4HRTy9NUr9RwW-fE8qI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.85.113.0/24
                  195.208.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:93:63:cb:9d:7c:4c:ce:4c:9e:8a:10:85:76:11:8d:ec:3c:
         41:4a:02:ef:ee:5a:22:e8:a2:4f:82:50:68:0e:11:22:e2:b8:
         a8:87:87:1c:b8:61:7b:2e:91:25:1d:ab:0e:39:ea:b7:66:bb:
         e4:49:69:fa:2b:25:cb:1b:c4:df:d6:95:81:38:1b:b5:93:e5:
         e4:3e:77:7c:cf:ea:e0:35:98:1a:98:33:9c:5f:d0:95:be:70:
         c3:55:ad:d7:0e:c3:00:c8:89:ff:ca:08:ac:90:c8:27:67:57:
         83:b3:00:a9:91:5c:b4:12:30:a3:cf:02:1c:08:d7:3e:7b:b1:
         bb:cf:2e:8d:7e:3e:b3:20:6f:3e:b5:8b:6d:6c:6e:a8:60:a2:
         da:13:2d:ad:94:60:46:29:90:07:f2:cb:c7:d2:89:b5:ff:3d:
         cc:05:ec:01:01:eb:d8:1d:db:13:e8:37:9d:59:b2:9b:be:d6:
         26:90:e7:3f:77:0d:a9:04:72:93:41:61:75:f0:7e:6b:60:be:
         c5:00:78:f7:75:d2:58:56:9a:62:5c:25:52:c3:a7:c3:0f:7d:
         40:9e:e1:de:f8:0f:45:fe:1c:1c:f8:9c:7e:aa:69:1e:00:f3:
         0d:53:44:3a:4d:1f:7a:96:22:4c:01:71:ea:a7:f7:47:89:57:
         b3:12:5d:43
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2ziEqvuBxRRI9+2YzI0zmQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjYwNDIyMDQ1MjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWMzYmY0MjA0NTNlMDc0NTNjYmQzNTRhZmQ0NzA1YmU3YzRmMmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA37kBZBrL+VNPJh7Vw7sU4J8v9buJ
FtRXlM4nEbpOxH9tN1VLL3abWOxkO2lI2kG0rk++LPjhJAfUUhg83FiSRwX3vr1N
setDCpV7cF/UcoVlw/ExViA7+qaw7gghrxEIh4dKywrPnoHNAJBPNPpma8CzHzak
ejxw/TVpqGni+4oGioCOGPooKp3ponh4KmxdvJw614g9G6wBcRJOBw/XOInmoxOc
sngdbggfV+gpQ3rmWNgb0VDM0aJvD/j6CqtiAzkjojqZbRGsCGhOyC33aEgLLPCA
r3B/GWVxOJslp+PfuAaxZTq/TS8NkCCnMMqnbqVi/otP9K61Z5l8AezTaQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCrDv0IEU+B0U8vTVK/UcFvnxPKiMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvS3NPX1FnUlQ0SFJUeTlOVXI5UndXLWZFOHFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwlVxAwQA
w9BuMA0GCSqGSIb3DQEBCwUAA4IBAQAbk2PLnXxMzkyeihCFdhGN7DxBSgLv7loi
6KJPglBoDhEi4rioh4ccuGF7LpElHasOOeq3ZrvkSWn6KyXLG8Tf1pWBOBu1k+Xk
Pnd8z+rgNZgamDOcX9CVvnDDVa3XDsMAyIn/ygiskMgnZ1eDswCpkVy0EjCjzwIc
CNc+e7G7zy6Nfj6zIG8+tYttbG6oYKLaEy2tlGBGKZAH8svH0om1/z3MBewBAevY
HdsT6DedWbKbvtYmkOc/dw2pBHKTQWF18H5rYL7FAHj3ddJYVppiXCVSw6fDD31A
nuHe+A9F/hwc+Jx+qmkeAPMNU0Q6TR96liJMAXHqp/dHiVezEl1D
-----END CERTIFICATE-----