Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/Kc2zATrqB0A3Wgy3WLuaTpaJaEE.roa
File:                     Kc2zATrqB0A3Wgy3WLuaTpaJaEE.roa (raw, json)
Hash identifier:          q6WebFostcw9/rueWK6eJhYOR/pjKj+MkCNgsKFRoZU=
Subject key identifier:   29:CD:B3:01:3A:EA:07:40:37:5A:0C:B7:58:BB:9A:4E:96:89:68:41
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       019E3AF99CBFD5F1D3A9B2BF4682EBF0ADC1
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/Kc2zATrqB0A3Wgy3WLuaTpaJaEE.roa
Signing time:             Mon 18 May 2026 12:04:57 +0000
ROA not before:           Mon 18 May 2026 12:04:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44382
IP address blocks:        45.141.148.0/24 maxlen: 24
                          194.116.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3a:f9:9c:bf:d5:f1:d3:a9:b2:bf:46:82:eb:f0:ad:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: May 18 12:04:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=29cdb3013aea0740375a0cb758bb9a4e96896841
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:64:cf:d4:8a:c1:3a:0b:17:f8:a5:18:9b:0a:
                    1e:8f:f8:87:33:47:3a:dc:ae:d1:00:44:13:e8:51:
                    0a:01:90:eb:b1:42:a9:b9:d1:28:83:00:7e:a2:13:
                    b6:a6:25:7e:3e:9a:3b:00:6a:64:08:76:1b:6e:3d:
                    5b:08:e0:66:fb:d4:37:93:a3:e0:fa:9d:ee:2d:c3:
                    d2:b0:5e:fb:ee:ef:71:2c:02:44:0a:08:9c:1e:f9:
                    92:77:5a:be:cc:77:76:3d:1d:df:5f:81:ff:7b:08:
                    ff:67:ee:b7:3b:cb:3b:2b:bf:da:f5:b4:2d:6c:dd:
                    89:ec:c8:04:5e:f0:61:dd:e6:b3:b6:23:1e:b1:40:
                    a9:93:13:a9:8b:70:bc:32:62:19:ec:29:60:49:2a:
                    23:6d:2e:20:12:09:90:2e:cf:f3:b8:8d:99:72:28:
                    36:4b:43:6e:65:da:05:7b:77:c2:05:69:2e:d2:12:
                    6b:21:ab:bb:56:ca:cf:7d:ba:0a:d8:6e:c0:67:ee:
                    32:06:22:7e:b2:7f:ee:13:45:f3:66:fd:d8:87:32:
                    58:3b:a0:db:fa:49:75:51:06:88:89:fd:9e:0f:20:
                    18:83:42:e3:7e:09:d8:8a:e5:f7:de:f8:d1:c7:9f:
                    a4:d9:d3:05:29:6c:c6:66:f7:46:88:85:66:7c:0a:
                    d8:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:CD:B3:01:3A:EA:07:40:37:5A:0C:B7:58:BB:9A:4E:96:89:68:41
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/Kc2zATrqB0A3Wgy3WLuaTpaJaEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.148.0/24
                  194.116.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:33:2c:4b:f4:c0:e0:dd:bc:2c:f0:23:e9:8d:44:7b:cf:27:
         ed:20:57:ab:8d:e6:48:c0:c1:f0:cd:09:13:1b:49:26:bf:82:
         3e:41:30:e7:c2:3e:85:06:3b:f9:24:71:9b:9c:94:9a:d8:34:
         0f:73:88:88:6b:d8:60:15:4a:68:20:84:a1:f8:d1:dc:be:05:
         75:14:2c:ce:27:c5:f1:f6:f3:a8:26:2b:65:b5:60:2b:b4:10:
         f3:fc:35:95:2d:4e:a7:d5:44:10:60:d9:c2:af:a0:fc:e1:f3:
         af:c0:93:86:2e:e4:84:af:67:0e:43:1f:e4:82:94:5e:4c:e3:
         5e:2b:db:03:73:b5:5a:6b:2b:24:77:b2:36:48:0b:78:c9:15:
         b6:b5:27:74:76:af:dc:76:45:61:7d:3e:80:75:f7:9d:f0:b8:
         1e:39:5b:db:eb:74:01:9f:5c:c4:d2:60:eb:56:2b:36:8c:0e:
         b8:87:73:2e:5e:ac:11:ce:dc:db:f7:b4:99:6f:dc:a3:e4:10:
         8b:d9:94:5a:b6:f2:f9:e4:bb:a7:cc:12:a9:78:70:2a:ae:a9:
         1f:63:31:b2:60:1c:c2:30:32:08:2b:a7:88:47:74:6a:e5:6c:
         8a:79:55:54:35:78:66:37:51:40:70:7e:79:49:70:da:bc:58:
         8e:c8:28:44
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ46+Zy/1fHTqbK/RoLr8K3BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjYwNTE4MTIwNDU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWNkYjMwMTNhZWEwNzQwMzc1YTBjYjc1OGJiOWE0ZTk2ODk2ODQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7GTP1IrBOgsX+KUYmwoej/iHM0c6
3K7RAEQT6FEKAZDrsUKpudEogwB+ohO2piV+Ppo7AGpkCHYbbj1bCOBm+9Q3k6Pg
+p3uLcPSsF777u9xLAJECgicHvmSd1q+zHd2PR3fX4H/ewj/Z+63O8s7K7/a9bQt
bN2J7MgEXvBh3eaztiMesUCpkxOpi3C8MmIZ7ClgSSojbS4gEgmQLs/zuI2Zcig2
S0NuZdoFe3fCBWku0hJrIau7VsrPfboK2G7AZ+4yBiJ+sn/uE0XzZv3YhzJYO6Db
+kl1UQaIif2eDyAYg0LjfgnYiuX33vjRx5+k2dMFKWzGZvdGiIVmfArYXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCnNswE66gdAN1oMt1i7mk6WiWhBMB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvS2MyekFUcnFCMEEzV2d5M1dMdWFUcGFKYUVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALY2UAwQA
wnTsMA0GCSqGSIb3DQEBCwUAA4IBAQCcMyxL9MDg3bws8CPpjUR7zyftIFerjeZI
wMHwzQkTG0kmv4I+QTDnwj6FBjv5JHGbnJSa2DQPc4iIa9hgFUpoIISh+NHcvgV1
FCzOJ8Xx9vOoJitltWArtBDz/DWVLU6n1UQQYNnCr6D84fOvwJOGLuSEr2cOQx/k
gpReTONeK9sDc7Vaayskd7I2SAt4yRW2tSd0dq/cdkVhfT6Adfed8LgeOVvb63QB
n1zE0mDrVis2jA64h3MuXqwRztzb97SZb9yj5BCL2ZRatvL55LunzBKpeHAqrqkf
YzGyYBzCMDIIK6eIR3Rq5WyKeVVUNXhmN1FAcH55SXDavFiOyChE
-----END CERTIFICATE-----