Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/KBFhtKcJq5uA7ADerkedr7ALsUc.roa
File:                     KBFhtKcJq5uA7ADerkedr7ALsUc.roa (raw, json)
Hash identifier:          zdLI7qiXR8cpmXvF/k9fx3+iYtigbpqLuzWcJYNq8OU=
Subject key identifier:   28:11:61:B4:A7:09:AB:9B:80:EC:00:DE:AE:47:9D:AF:B0:0B:B1:47
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       019E926F06A88BAC95E67C272591933CEC8A
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/KBFhtKcJq5uA7ADerkedr7ALsUc.roa
Signing time:             Thu 04 Jun 2026 11:40:10 +0000
ROA not before:           Thu 04 Jun 2026 11:40:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202169
IP address blocks:        91.215.48.0/22 maxlen: 24
                          185.19.188.0/23 maxlen: 24
                          185.19.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 08:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:92:6f:06:a8:8b:ac:95:e6:7c:27:25:91:93:3c:ec:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jun  4 11:40:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=281161b4a709ab9b80ec00deae479dafb00bb147
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:db:e7:e4:59:e1:a7:5d:33:3b:ec:19:e2:7a:
                    7f:c4:9e:a0:14:18:17:5e:1d:28:c8:0b:7a:c5:8a:
                    b1:77:08:ee:d3:a1:ac:ae:f0:96:bc:c3:65:f4:c3:
                    4e:b8:70:42:26:03:2d:b0:86:b6:fc:1b:e3:a2:4c:
                    dd:e7:eb:5b:bb:96:58:b7:4d:a4:d4:4b:ec:e8:03:
                    9a:6a:8d:30:e8:94:12:a0:0e:2c:33:7e:a1:2f:ab:
                    6b:11:b5:6f:a5:32:08:43:56:5c:cb:34:25:09:de:
                    da:97:5c:ad:b9:36:6e:1a:5f:a6:1e:d2:21:1b:24:
                    1c:46:9c:07:e3:34:ad:e3:6f:01:c1:7b:c9:41:af:
                    12:29:d3:3e:44:49:3b:d5:32:93:2a:42:b5:69:dc:
                    d4:f9:ba:c4:ab:9f:09:02:7a:2f:28:77:00:7d:35:
                    db:04:8f:7a:65:2c:1d:92:70:20:9d:5d:be:d4:eb:
                    64:54:b1:6c:09:8f:f3:4d:6e:4c:7c:63:e5:d1:a9:
                    07:69:71:77:73:e0:63:d7:18:4e:d1:d5:2a:55:69:
                    ed:31:08:87:c1:f5:11:2b:0e:91:03:15:35:3e:8e:
                    7e:0e:12:2f:74:20:0e:56:43:5f:65:2e:8d:72:52:
                    8d:cd:b0:03:43:03:6b:b2:02:33:1d:3b:9f:fe:82:
                    51:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:11:61:B4:A7:09:AB:9B:80:EC:00:DE:AE:47:9D:AF:B0:0B:B1:47
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/KBFhtKcJq5uA7ADerkedr7ALsUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.215.48.0/22
                  185.19.188.0-185.19.190.255

    Signature Algorithm: sha256WithRSAEncryption
         1a:e2:50:4f:79:b0:2a:cd:5b:a4:92:a3:1c:75:2d:f2:ad:03:
         31:07:a7:09:3c:2c:f1:3d:f9:e1:0d:e9:6c:20:f7:d1:66:70:
         e6:d1:1a:97:9e:c5:66:52:89:57:e0:27:17:45:b9:db:ec:e3:
         32:c6:73:d9:61:c8:3e:57:6a:c0:ed:57:d2:67:e8:2f:0c:bb:
         6a:ab:d0:56:a5:12:67:22:a1:ab:2d:73:92:0c:97:94:83:a7:
         5f:1f:c4:e1:7f:11:33:4a:96:d9:f5:6c:f5:36:b9:4c:e4:47:
         d9:83:26:1f:d3:fb:1f:1f:fb:02:eb:59:90:6c:38:af:a0:fd:
         f0:5e:e7:d9:f9:75:ca:95:58:2a:a5:33:66:2d:d9:98:af:41:
         15:c0:65:5c:5e:42:00:ad:4f:fb:50:d8:14:81:8c:cf:e5:0e:
         5d:9e:05:9b:fe:ff:3a:c0:9c:c3:d2:52:df:16:32:e9:ac:18:
         98:52:db:28:fd:2d:d0:ae:89:d2:45:7e:3e:32:1e:b1:02:9d:
         7d:77:6b:e2:99:cc:38:b8:a6:3c:e5:43:47:e2:cf:87:10:39:
         e5:8c:38:51:e0:52:df:f5:40:de:43:b4:b7:b3:05:8b:e0:42:
         8f:19:52:eb:5e:1a:09:fa:80:be:b9:31:f4:5f:ab:2f:94:8b:
         c0:e6:42:16
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ6Sbwaoi6yV5nwnJZGTPOyKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjYwNjA0MTE0MDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODExNjFiNGE3MDlhYjliODBlYzAwZGVhZTQ3OWRhZmIwMGJiMTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9vn5Fnhp10zO+wZ4np/xJ6gFBgX
Xh0oyAt6xYqxdwju06GsrvCWvMNl9MNOuHBCJgMtsIa2/Bvjokzd5+tbu5ZYt02k
1Evs6AOaao0w6JQSoA4sM36hL6trEbVvpTIIQ1ZcyzQlCd7al1ytuTZuGl+mHtIh
GyQcRpwH4zSt428BwXvJQa8SKdM+REk71TKTKkK1adzU+brEq58JAnovKHcAfTXb
BI96ZSwdknAgnV2+1OtkVLFsCY/zTW5MfGPl0akHaXF3c+Bj1xhO0dUqVWntMQiH
wfURKw6RAxU1Po5+DhIvdCAOVkNfZS6NclKNzbADQwNrsgIzHTuf/oJRtQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFCgRYbSnCaubgOwA3q5Hna+wC7FHMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvS0JGaHRLY0pxNXVBN0FEZXJrZWRyN0FMc1VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQCW9cwMAwD
BAK5E7wDBAC5E74wDQYJKoZIhvcNAQELBQADggEBABriUE95sCrNW6SSoxx1LfKt
AzEHpwk8LPE9+eEN6Wwg99FmcObRGpeexWZSiVfgJxdFudvs4zLGc9lhyD5XasDt
V9Jn6C8Mu2qr0FalEmcioastc5IMl5SDp18fxOF/ETNKltn1bPU2uUzkR9mDJh/T
+x8f+wLrWZBsOK+g/fBe59n5dcqVWCqlM2Yt2ZivQRXAZVxeQgCtT/tQ2BSBjM/l
Dl2eBZv+/zrAnMPSUt8WMumsGJhS2yj9LdCuidJFfj4yHrECnX13a+KZzDi4pjzl
Q0fiz4cQOeWMOFHgUt/1QN5DtLezBYvgQo8ZUuteGgn6gL65MfRfqy+Ui8DmQhY=
-----END CERTIFICATE-----