Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/koXw3LvEwrzn9qCWrcZnQPR8iMs.roa
File:                     koXw3LvEwrzn9qCWrcZnQPR8iMs.roa (raw, json)
Hash identifier:          gNqdDH2AralOcsOhDuMpE5EfKzaR6A0T5YWUJwlNSmY=
Subject key identifier:   92:85:F0:DC:BB:C4:C2:BC:E7:F6:A0:96:AD:C6:67:40:F4:7C:88:CB
Certificate issuer:       /CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
Certificate serial:       019D03CEFBAEC9E43A1EE29AB034C0A9AFBD
Authority key identifier: D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/koXw3LvEwrzn9qCWrcZnQPR8iMs.roa
Signing time:             Thu 19 Mar 2026 01:56:29 +0000
ROA not before:           Thu 19 Mar 2026 01:56:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202400
IP address blocks:        85.149.222.0/24 maxlen: 24
                          2a14:7dc0:530::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Mar 2026 08:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:03:ce:fb:ae:c9:e4:3a:1e:e2:9a:b0:34:c0:a9:af:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
        Validity
            Not Before: Mar 19 01:56:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9285f0dcbbc4c2bce7f6a096adc66740f47c88cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:7e:3e:69:11:25:87:cc:2c:2a:dd:1e:93:3d:
                    64:80:39:e4:f3:cc:3c:7c:a4:52:8e:3d:67:54:84:
                    9c:bf:d0:04:34:14:34:18:20:2f:42:0a:44:70:f3:
                    45:85:ca:56:7c:62:27:e4:c1:32:03:44:30:3e:f4:
                    27:8a:81:0f:59:89:97:25:8e:24:d3:ca:77:f9:ab:
                    ca:b4:0e:3d:f1:39:a1:e4:e8:3d:5e:bb:13:c2:06:
                    fd:4d:ec:a1:6c:0c:a0:2f:84:77:c6:4e:21:dd:2c:
                    57:b9:de:0e:ef:3d:30:2a:e4:86:10:f7:17:43:bd:
                    69:29:2c:89:7f:1e:c1:3a:8a:6c:14:9c:7c:2b:04:
                    43:fd:d6:4b:cf:7d:ac:a8:c7:b6:d5:23:83:cf:88:
                    de:b9:4b:69:e2:95:90:a9:90:6a:51:33:5f:aa:08:
                    28:2c:68:85:03:88:08:c9:02:0e:a2:0c:99:8e:1f:
                    7e:bc:13:ec:5d:05:c2:e1:92:d3:f9:1b:7d:95:c1:
                    3a:ee:4b:b3:bb:5d:be:fc:a1:b4:64:57:98:f9:0f:
                    b4:f5:2e:9a:5b:89:3f:7b:0f:74:96:47:48:ed:ad:
                    f0:95:f5:1a:3c:a3:ec:46:7a:47:01:1e:89:b3:57:
                    b9:ea:97:30:82:e6:0f:04:36:d4:1d:f1:aa:d1:4a:
                    f2:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:85:F0:DC:BB:C4:C2:BC:E7:F6:A0:96:AD:C6:67:40:F4:7C:88:CB
            X509v3 Authority Key Identifier:
                keyid:D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/koXw3LvEwrzn9qCWrcZnQPR8iMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.149.222.0/24
                IPv6:
                  2a14:7dc0:530::/44

    Signature Algorithm: sha256WithRSAEncryption
         ba:02:92:a5:15:78:f9:ac:90:4d:2c:c8:6a:e6:bf:19:9a:8b:
         4e:32:a6:b2:c9:fb:5a:12:d0:6e:14:09:30:45:27:a1:71:03:
         09:f1:ed:ae:ec:63:7a:28:c5:94:47:93:cc:b7:e1:45:62:07:
         f3:d2:0a:99:67:f7:91:e1:b5:db:f0:5c:76:14:5b:18:fc:8e:
         2a:70:85:d8:36:75:fd:66:3d:52:85:5a:5a:7e:73:b6:ae:a0:
         17:e6:a5:6a:10:be:bb:72:7a:62:62:a2:8b:e5:3a:10:bc:c0:
         db:35:eb:25:eb:a1:83:5a:de:33:c6:99:a5:ad:d0:31:22:6b:
         a3:85:78:46:a9:8c:5f:b7:6c:02:46:44:20:89:2d:3f:b8:33:
         89:eb:31:ce:e2:17:e5:5c:0c:b1:44:54:b3:08:69:5a:7f:1b:
         4b:fd:d7:e0:49:00:86:62:9e:d6:64:15:e5:f7:a1:92:71:50:
         d5:d4:70:ad:ac:fc:69:32:ba:ec:ca:09:81:23:63:12:f5:e4:
         e4:3f:dd:e4:38:1b:2f:3b:84:01:13:08:c2:c3:8d:13:a9:a9:
         d2:6e:95:01:bc:27:15:f8:24:3e:ef:19:83:d2:bf:b4:0a:2f:
         14:38:a2:9a:82:20:78:c3:34:f2:02:55:fc:71:b0:ab:2d:5a:
         4c:ac:46:a6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ0DzvuuyeQ6HuKasDTAqa+9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDNjYTJjMjMxYWZkZjNiMDM1NWM3N2E3Y2JiMjI2Zjgx
Yjc0ZGUwHhcNMjYwMzE5MDE1NjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mjg1ZjBkY2JiYzRjMmJjZTdmNmEwOTZhZGM2Njc0MGY0N2M4OGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyH4+aRElh8wsKt0ekz1kgDnk88w8
fKRSjj1nVIScv9AENBQ0GCAvQgpEcPNFhcpWfGIn5MEyA0QwPvQnioEPWYmXJY4k
08p3+avKtA498Tmh5Og9XrsTwgb9TeyhbAygL4R3xk4h3SxXud4O7z0wKuSGEPcX
Q71pKSyJfx7BOopsFJx8KwRD/dZLz32sqMe21SODz4jeuUtp4pWQqZBqUTNfqggo
LGiFA4gIyQIOogyZjh9+vBPsXQXC4ZLT+Rt9lcE67kuzu12+/KG0ZFeY+Q+09S6a
W4k/ew90lkdI7a3wlfUaPKPsRnpHAR6Js1e56pcwguYPBDbUHfGq0UryhQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJKF8Ny7xMK85/aglq3GZ0D0fIjLMB8GA1UdIwQY
MBaAFNjTyiwjGv3zsDVcd6fLsib4G3TeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTkt
OTkxMjhiZjZhODQxLzEva29YdzNMdkV3cnpuOXFDV3JjWm5RUFI4aU1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTktOTkxMjhiZjZhODQx
LzEvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAVZXeMA8E
AgACMAkDBwQqFH3ABTAwDQYJKoZIhvcNAQELBQADggEBALoCkqUVePmskE0syGrm
vxmai04yprLJ+1oS0G4UCTBFJ6FxAwnx7a7sY3ooxZRHk8y34UViB/PSCpln95Hh
tdvwXHYUWxj8jipwhdg2df1mPVKFWlp+c7auoBfmpWoQvrtyemJioovlOhC8wNs1
6yXroYNa3jPGmaWt0DEia6OFeEapjF+3bAJGRCCJLT+4M4nrMc7iF+VcDLFEVLMI
aVp/G0v91+BJAIZintZkFeX3oZJxUNXUcK2s/GkyuuzKCYEjYxL15OQ/3eQ4Gy87
hAETCMLDjROpqdJulQG8JxX4JD7vGYPSv7QKLxQ4opqCIHjDNPICVfxxsKstWkys
RqY=
-----END CERTIFICATE-----