Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/6594df-0b5a-4640-86ad-aeded904dca5/1/kwUfzWwrFQVASQO2F6UsVOxQr_k.roa
File:                     kwUfzWwrFQVASQO2F6UsVOxQr_k.roa (raw, json)
Hash identifier:          B400R5yaG15mVyOg0wtFtZ9v1gBpdtwEZj5wGIDnL98=
Subject key identifier:   93:05:1F:CD:6C:2B:15:05:40:49:03:B6:17:A5:2C:54:EC:50:AF:F9
Certificate issuer:       /CN=ded5a1224edcf1270ef1b8060985aa87d191aba9
Certificate serial:       019DD6B218894534B6E6F49367E8DF1AECAD
Authority key identifier: DE:D5:A1:22:4E:DC:F1:27:0E:F1:B8:06:09:85:AA:87:D1:91:AB:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3tWhIk7c8ScO8bgGCYWqh9GRq6k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/6594df-0b5a-4640-86ad-aeded904dca5/1/kwUfzWwrFQVASQO2F6UsVOxQr_k.roa
Signing time:             Wed 29 Apr 2026 00:44:49 +0000
ROA not before:           Wed 29 Apr 2026 00:44:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     136907
IP address blocks:        43.249.8.0/23 maxlen: 23
                          43.249.10.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/6594df-0b5a-4640-86ad-aeded904dca5/1/3tWhIk7c8ScO8bgGCYWqh9GRq6k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/6594df-0b5a-4640-86ad-aeded904dca5/1/3tWhIk7c8ScO8bgGCYWqh9GRq6k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3tWhIk7c8ScO8bgGCYWqh9GRq6k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 May 2026 03:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d6:b2:18:89:45:34:b6:e6:f4:93:67:e8:df:1a:ec:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ded5a1224edcf1270ef1b8060985aa87d191aba9
        Validity
            Not Before: Apr 29 00:44:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=93051fcd6c2b1505404903b617a52c54ec50aff9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:90:da:3f:ae:ef:2a:4a:ff:ba:46:e5:09:a7:
                    e1:21:97:d6:f5:c7:88:50:a5:3a:31:ce:97:77:e9:
                    7e:d7:6a:13:e7:51:27:35:e3:c6:16:62:0a:99:f0:
                    11:ff:04:b1:a7:71:b0:af:f6:2a:1a:ac:82:47:0b:
                    44:01:4b:fd:17:d6:9e:7e:48:e8:53:8c:e5:79:e6:
                    25:68:e7:b0:67:00:e2:db:2d:af:16:67:cb:cd:2c:
                    4a:61:c2:f4:7b:3d:88:3a:ee:1e:33:08:79:2b:7a:
                    ad:81:14:fe:34:dc:ed:ee:55:a8:be:7f:44:94:1c:
                    53:9b:47:c1:87:eb:ef:d3:dd:39:96:7d:73:7c:70:
                    db:30:03:eb:02:fa:d9:5d:61:95:fc:0b:67:8a:39:
                    bb:81:ab:ab:c4:87:31:d5:62:9c:e5:da:73:6e:36:
                    f7:87:f4:27:93:06:69:33:4f:0a:d1:88:75:b3:d0:
                    61:d0:1a:c1:bf:86:73:80:a0:d0:a6:14:56:e5:5f:
                    30:68:8a:12:65:57:6f:dc:b4:b7:98:a0:5b:96:0c:
                    0f:81:b1:2e:ab:06:cc:6d:d1:98:c6:03:64:fd:30:
                    fc:e5:64:78:b9:d9:5c:68:d1:84:2f:a7:55:4e:6e:
                    b3:ee:93:69:56:cf:71:ee:b7:7a:81:2d:b8:8f:eb:
                    6d:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:05:1F:CD:6C:2B:15:05:40:49:03:B6:17:A5:2C:54:EC:50:AF:F9
            X509v3 Authority Key Identifier:
                keyid:DE:D5:A1:22:4E:DC:F1:27:0E:F1:B8:06:09:85:AA:87:D1:91:AB:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3tWhIk7c8ScO8bgGCYWqh9GRq6k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/6594df-0b5a-4640-86ad-aeded904dca5/1/kwUfzWwrFQVASQO2F6UsVOxQr_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/6594df-0b5a-4640-86ad-aeded904dca5/1/3tWhIk7c8ScO8bgGCYWqh9GRq6k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.249.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         13:b8:da:ce:ac:d7:c4:e8:b6:60:d5:1c:3c:78:d8:fd:5e:c0:
         43:36:7c:6f:a3:91:8c:b6:29:f9:55:5d:b0:2e:0d:78:bc:91:
         4f:ea:58:ba:61:4a:97:57:a8:dc:3d:34:98:0d:b7:b9:ed:69:
         62:76:51:49:9d:c0:ce:f7:f6:1b:92:87:f3:43:0c:2b:9b:10:
         a9:33:f7:d4:0f:5f:e0:33:2f:bb:85:cc:cc:2f:26:78:f4:2f:
         9b:0c:8f:59:63:e6:b3:d4:e4:db:b2:c7:80:51:6d:68:73:e6:
         8c:c3:61:05:54:4d:7b:cd:e8:ea:7c:1f:ff:4e:dd:7d:5d:c9:
         6b:66:a6:33:3a:c0:72:f3:9b:64:df:6c:62:17:12:2e:f0:d0:
         fd:e6:ab:2e:7d:e4:88:44:eb:63:55:42:ee:11:cc:7a:42:a8:
         39:03:40:18:c1:37:48:36:49:c4:ac:75:96:46:84:77:05:da:
         86:d6:68:49:8c:dc:48:01:44:42:5c:71:02:51:19:02:21:1e:
         13:51:83:41:9f:a0:13:dd:7c:06:6e:5b:3b:8e:ca:7e:9a:1f:
         f7:ef:94:a7:55:5c:bc:05:9a:b2:62:91:84:46:65:8d:e0:bc:
         00:ac:cd:72:ad:7f:03:0c:60:49:4a:51:1c:01:ec:f1:3a:ec:
         d9:88:f8:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3WshiJRTS25vSTZ+jfGuytMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZDVhMTIyNGVkY2YxMjcwZWYxYjgwNjA5ODVhYTg3ZDE5
MWFiYTkwHhcNMjYwNDI5MDA0NDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzA1MWZjZDZjMmIxNTA1NDA0OTAzYjYxN2E1MmM1NGVjNTBhZmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJDaP67vKkr/ukblCafhIZfW9ceI
UKU6Mc6Xd+l+12oT51EnNePGFmIKmfAR/wSxp3Gwr/YqGqyCRwtEAUv9F9aefkjo
U4zleeYlaOewZwDi2y2vFmfLzSxKYcL0ez2IOu4eMwh5K3qtgRT+NNzt7lWovn9E
lBxTm0fBh+vv0905ln1zfHDbMAPrAvrZXWGV/Atnijm7gaurxIcx1WKc5dpzbjb3
h/QnkwZpM08K0Yh1s9Bh0BrBv4ZzgKDQphRW5V8waIoSZVdv3LS3mKBblgwPgbEu
qwbMbdGYxgNk/TD85WR4udlcaNGEL6dVTm6z7pNpVs9x7rd6gS24j+ttkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJMFH81sKxUFQEkDthelLFTsUK/5MB8GA1UdIwQY
MBaAFN7VoSJO3PEnDvG4BgmFqofRkaupMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3RXaElrN2M4U2NPOGJnR0NZV3FoOUdScTZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS82NTk0ZGYtMGI1YS00NjQwLTg2YWQt
YWVkZWQ5MDRkY2E1LzEva3dVZnpXd3JGUVZBU1FPMkY2VXNWT3hRcl9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS82NTk0ZGYtMGI1YS00NjQwLTg2YWQtYWVkZWQ5MDRkY2E1
LzEvM3RXaElrN2M4U2NPOGJnR0NZV3FoOUdScTZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCK/kIMA0G
CSqGSIb3DQEBCwUAA4IBAQATuNrOrNfE6LZg1Rw8eNj9XsBDNnxvo5GMtin5VV2w
Lg14vJFP6li6YUqXV6jcPTSYDbe57WlidlFJncDO9/YbkofzQwwrmxCpM/fUD1/g
My+7hczMLyZ49C+bDI9ZY+az1OTbsseAUW1oc+aMw2EFVE17zejqfB//Tt19Xclr
ZqYzOsBy85tk32xiFxIu8ND95qsufeSIROtjVULuEcx6Qqg5A0AYwTdINknErHWW
RoR3BdqG1mhJjNxIAURCXHECURkCIR4TUYNBn6AT3XwGbls7jsp+mh/375SnVVy8
BZqyYpGERmWN4LwArM1yrX8DDGBJSlEcAezxOuzZiPg0
-----END CERTIFICATE-----