Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/kWrHI9OHXWhWUuiSfxBO4KO-UhM.roa
File:                     kWrHI9OHXWhWUuiSfxBO4KO-UhM.roa (raw, json)
Hash identifier:          883NbCofKX7H4VSdniVsXzmWIxbJp/0JfRK0DPGmToU=
Subject key identifier:   91:6A:C7:23:D3:87:5D:68:56:52:E8:92:7F:10:4E:E0:A3:BE:52:13
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019E3A4C43F9E54CCA66BC836B49C5D6E44C
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/kWrHI9OHXWhWUuiSfxBO4KO-UhM.roa
Signing time:             Mon 18 May 2026 08:55:37 +0000
ROA not before:           Mon 18 May 2026 08:55:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25198
IP address blocks:        84.21.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3a:4c:43:f9:e5:4c:ca:66:bc:83:6b:49:c5:d6:e4:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: May 18 08:55:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=916ac723d3875d685652e8927f104ee0a3be5213
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:fb:b0:1e:e0:f8:40:7f:29:8c:ac:77:f6:03:
                    17:8f:ea:62:1f:b1:40:42:a5:9e:26:85:63:f0:78:
                    ad:e8:b8:bb:25:35:ef:73:d0:d6:e7:e1:17:9f:e2:
                    22:9a:56:d6:18:c3:3f:28:84:a9:61:49:d2:ee:75:
                    36:e3:c0:0d:63:b2:8b:38:f1:78:c8:34:90:ee:8a:
                    6f:e4:a2:94:5e:08:d8:0b:b5:9b:5f:35:a0:2c:b9:
                    41:b1:97:d3:50:c3:9a:30:2e:8c:8d:4f:f1:f3:62:
                    71:d3:5b:3c:be:c6:07:ef:0b:2a:fa:73:2e:5e:81:
                    bb:85:98:d0:57:19:fe:42:b6:f6:7c:a7:6a:f4:c7:
                    9e:8f:46:23:c3:71:54:60:3c:d3:a3:d9:90:e2:34:
                    0c:f4:39:a8:17:6c:7a:c1:f1:41:58:01:f0:48:dd:
                    7e:d2:50:58:ef:a6:d9:e3:34:5c:09:b9:65:ca:e6:
                    18:86:69:90:23:11:bb:57:56:d3:3b:e8:12:81:42:
                    b5:2d:1b:25:19:ba:89:f4:cf:bc:48:bb:a3:54:81:
                    22:38:c9:45:6a:8e:e1:40:1d:86:5a:a8:29:46:63:
                    ed:8b:45:b9:62:bf:a9:2a:05:48:6e:34:b5:05:54:
                    c2:02:f4:5e:8a:3e:50:c4:c2:28:a8:85:66:ce:4e:
                    d7:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:6A:C7:23:D3:87:5D:68:56:52:E8:92:7F:10:4E:E0:A3:BE:52:13
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/kWrHI9OHXWhWUuiSfxBO4KO-UhM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.21.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:6b:04:73:d3:f8:a6:98:d3:5e:d1:58:d3:a4:53:1a:bf:6e:
         46:f3:79:43:38:e0:06:0b:42:0b:17:de:23:d5:0d:8c:8f:6a:
         3c:a2:92:b2:18:cb:b1:8a:91:27:24:1e:c7:2f:00:0b:f3:a2:
         e4:83:7c:98:41:f0:c2:f7:21:e7:50:8a:be:34:92:d2:7d:7c:
         f4:27:13:c3:c6:87:5b:6a:64:2f:d1:64:21:5a:fe:7f:55:11:
         53:6d:f4:38:ae:11:b8:ff:5f:64:5c:4d:1f:60:18:77:f6:e9:
         76:10:7d:6e:22:ff:74:3c:cf:76:cc:ff:b8:35:fa:65:ad:03:
         c2:ca:63:82:d7:ca:b1:01:bd:bf:71:fa:1a:ec:1c:9b:20:42:
         d5:6e:51:f9:29:93:4e:ad:67:7d:8e:59:27:70:b2:fd:89:04:
         31:f2:c7:6d:ad:ce:7f:98:0d:f9:f8:40:52:19:b0:0e:d8:51:
         74:ad:ec:97:8e:af:c8:e6:99:37:06:86:6d:5c:2f:cc:3b:94:
         74:1c:ff:c8:78:df:25:5c:c0:d9:0d:60:25:7f:76:be:ae:0a:
         4e:a0:eb:bb:87:81:e6:de:41:fa:a2:06:97:c6:23:09:a8:07:
         8d:d6:f8:84:bb:27:1b:10:de:b4:44:a4:47:f3:af:00:fe:39:
         f9:9d:f2:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ46TEP55UzKZryDa0nF1uRMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwNTE4MDg1NTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTZhYzcyM2QzODc1ZDY4NTY1MmU4OTI3ZjEwNGVlMGEzYmU1MjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyfuwHuD4QH8pjKx39gMXj+piH7FA
QqWeJoVj8Hit6Li7JTXvc9DW5+EXn+IimlbWGMM/KISpYUnS7nU248ANY7KLOPF4
yDSQ7opv5KKUXgjYC7WbXzWgLLlBsZfTUMOaMC6MjU/x82Jx01s8vsYH7wsq+nMu
XoG7hZjQVxn+Qrb2fKdq9Meej0Yjw3FUYDzTo9mQ4jQM9DmoF2x6wfFBWAHwSN1+
0lBY76bZ4zRcCbllyuYYhmmQIxG7V1bTO+gSgUK1LRslGbqJ9M+8SLujVIEiOMlF
ao7hQB2GWqgpRmPti0W5Yr+pKgVIbjS1BVTCAvReij5QxMIoqIVmzk7XnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJFqxyPTh11oVlLokn8QTuCjvlITMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEva1dySEk5T0hYV2hXVXVpU2Z4Qk80S08tVWhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVBW8MA0G
CSqGSIb3DQEBCwUAA4IBAQBaawRz0/immNNe0VjTpFMav25G83lDOOAGC0ILF94j
1Q2Mj2o8opKyGMuxipEnJB7HLwAL86Lkg3yYQfDC9yHnUIq+NJLSfXz0JxPDxodb
amQv0WQhWv5/VRFTbfQ4rhG4/19kXE0fYBh39ul2EH1uIv90PM92zP+4NfplrQPC
ymOC18qxAb2/cfoa7BybIELVblH5KZNOrWd9jlkncLL9iQQx8sdtrc5/mA35+EBS
GbAO2FF0reyXjq/I5pk3BoZtXC/MO5R0HP/IeN8lXMDZDWAlf3a+rgpOoOu7h4Hm
3kH6ogaXxiMJqAeN1viEuycbEN60RKRH868A/jn5nfJr
-----END CERTIFICATE-----