Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/KacNY2NRCZHAdOB1lxgrSlTUZlM.roa
File:                     KacNY2NRCZHAdOB1lxgrSlTUZlM.roa (raw, json)
Hash identifier:          qllOkGGUcuSdb7HoAuEKwUiZ9/GJv0Ub2eGz8KFRmtE=
Subject key identifier:   29:A7:0D:63:63:51:09:91:C0:74:E0:75:97:18:2B:4A:54:D4:66:53
Certificate issuer:       /CN=166afc51c922fd842fec5b0cbbd26ebdbd1a161e
Certificate serial:       019D0534F5DFAC66460FAC5EC6E8E1096839
Authority key identifier: 16:6A:FC:51:C9:22:FD:84:2F:EC:5B:0C:BB:D2:6E:BD:BD:1A:16:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/KacNY2NRCZHAdOB1lxgrSlTUZlM.roa
Signing time:             Thu 19 Mar 2026 08:27:30 +0000
ROA not before:           Thu 19 Mar 2026 08:27:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209697
IP address blocks:        62.112.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Mar 2026 11:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:05:34:f5:df:ac:66:46:0f:ac:5e:c6:e8:e1:09:68:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=166afc51c922fd842fec5b0cbbd26ebdbd1a161e
        Validity
            Not Before: Mar 19 08:27:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=29a70d6363510991c074e07597182b4a54d46653
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:cb:7f:39:65:7f:6b:2a:49:85:b8:d7:cb:5f:
                    94:bc:c9:37:09:dd:12:2d:be:e0:7e:1a:e6:eb:1b:
                    c5:99:12:2c:92:db:5e:f8:9c:08:41:96:48:f8:e0:
                    e6:79:c0:47:e6:ed:f5:2f:88:96:25:cc:07:83:ba:
                    f6:1e:33:02:7e:60:c5:73:63:53:da:bf:0d:f1:c2:
                    69:05:b2:c8:34:7d:7b:69:9c:c3:7b:82:40:7c:ed:
                    1c:51:12:72:bb:4e:a1:04:52:e2:95:a8:d2:bb:ab:
                    de:5c:fd:48:d8:67:9f:b3:b9:f4:8c:89:e1:3f:e5:
                    43:9f:79:4b:17:ed:28:66:a7:1f:73:be:26:f5:66:
                    b0:17:8a:41:ca:e6:af:e6:33:0a:8c:68:3d:9f:38:
                    ad:b1:17:eb:5a:69:f4:d5:fa:92:10:26:27:1c:e1:
                    28:6b:0d:e6:20:5f:5f:ff:03:62:53:f9:11:c9:00:
                    41:86:8f:75:f6:19:58:d3:8a:46:d3:a8:42:e1:2c:
                    76:6a:94:a7:cb:0d:53:78:ae:12:ff:07:59:eb:d3:
                    35:2b:5e:db:37:26:d3:1e:49:a1:a8:df:40:ee:bd:
                    f9:8e:cf:69:7b:7b:74:77:f4:42:9e:c6:69:80:18:
                    ee:21:fc:e9:e9:a0:cd:e9:51:86:f9:1e:54:60:ef:
                    a2:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:A7:0D:63:63:51:09:91:C0:74:E0:75:97:18:2B:4A:54:D4:66:53
            X509v3 Authority Key Identifier:
                keyid:16:6A:FC:51:C9:22:FD:84:2F:EC:5B:0C:BB:D2:6E:BD:BD:1A:16:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/KacNY2NRCZHAdOB1lxgrSlTUZlM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.112.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:54:00:e2:52:b8:b0:38:03:0f:7f:fc:9d:24:ee:c7:17:64:
         6b:a8:1b:ad:2c:5f:62:a3:95:f1:f5:6d:ac:d4:41:41:a3:28:
         e3:82:06:ae:c3:61:ff:b3:3e:9e:ef:ef:bf:fb:cf:f6:27:3f:
         88:11:88:be:0e:97:eb:b4:93:9c:11:47:9a:85:96:fa:2d:14:
         9c:d4:7d:d6:07:28:51:bd:eb:16:87:cb:3c:1d:06:3d:e5:43:
         02:74:8a:da:ed:20:1a:0d:02:2f:7c:9a:e3:47:68:2b:2b:ee:
         14:36:59:ab:f9:65:ca:4d:f2:d3:06:10:c0:c4:89:98:f9:dd:
         d1:7f:da:1c:5f:96:20:48:c9:47:21:d9:1b:43:7a:1c:60:27:
         c3:35:50:56:6d:16:c2:54:25:1b:bf:fc:a4:1d:3c:54:9d:b9:
         34:47:93:11:d8:7b:03:76:9b:e6:e6:cb:8d:52:01:2e:4a:dc:
         43:f6:32:3e:3e:6e:5d:7a:89:80:9a:4e:42:c1:ff:9c:3f:3c:
         5d:94:fd:95:6c:51:53:97:08:ee:97:06:c7:0b:6b:20:b6:4d:
         34:8a:fd:1e:03:2b:9a:12:ef:ed:8c:d4:1c:a6:9b:4d:15:00:
         7e:2a:7b:aa:f0:35:b5:86:44:81:96:f0:bc:0a:67:ac:e8:fa:
         1a:16:6b:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0FNPXfrGZGD6xexujhCWg5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2NmFmYzUxYzkyMmZkODQyZmVjNWIwY2JiZDI2ZWJkYmQx
YTE2MWUwHhcNMjYwMzE5MDgyNzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWE3MGQ2MzYzNTEwOTkxYzA3NGUwNzU5NzE4MmI0YTU0ZDQ2NjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7st/OWV/aypJhbjXy1+UvMk3Cd0S
Lb7gfhrm6xvFmRIsktte+JwIQZZI+ODmecBH5u31L4iWJcwHg7r2HjMCfmDFc2NT
2r8N8cJpBbLINH17aZzDe4JAfO0cURJyu06hBFLilajSu6veXP1I2Gefs7n0jInh
P+VDn3lLF+0oZqcfc74m9WawF4pByuav5jMKjGg9nzitsRfrWmn01fqSECYnHOEo
aw3mIF9f/wNiU/kRyQBBho919hlY04pG06hC4Sx2apSnyw1TeK4S/wdZ69M1K17b
NybTHkmhqN9A7r35js9pe3t0d/RCnsZpgBjuIfzp6aDN6VGG+R5UYO+iewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCmnDWNjUQmRwHTgdZcYK0pU1GZTMB8GA1UdIwQY
MBaAFBZq/FHJIv2EL+xbDLvSbr29GhYeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRm1yOFVja2lfWVF2N0ZzTXU5SnV2YjBhRmg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy84OGM0NTQtY2JhYS00M2ZkLWIzYzEt
MTNiOTExMGNlMjBjLzEvS2FjTlkyTlJDWkhBZE9CMWx4Z3JTbFRVWmxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy84OGM0NTQtY2JhYS00M2ZkLWIzYzEtMTNiOTExMGNlMjBj
LzEvRm1yOFVja2lfWVF2N0ZzTXU5SnV2YjBhRmg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPnDOMA0G
CSqGSIb3DQEBCwUAA4IBAQB4VADiUriwOAMPf/ydJO7HF2RrqButLF9io5Xx9W2s
1EFBoyjjggauw2H/sz6e7++/+8/2Jz+IEYi+DpfrtJOcEUeahZb6LRSc1H3WByhR
vesWh8s8HQY95UMCdIra7SAaDQIvfJrjR2grK+4UNlmr+WXKTfLTBhDAxImY+d3R
f9ocX5YgSMlHIdkbQ3ocYCfDNVBWbRbCVCUbv/ykHTxUnbk0R5MR2HsDdpvm5suN
UgEuStxD9jI+Pm5deomAmk5Cwf+cPzxdlP2VbFFTlwjulwbHC2sgtk00iv0eAyua
Eu/tjNQcpptNFQB+Knuq8DW1hkSBlvC8Cmes6PoaFmvF
-----END CERTIFICATE-----