Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/759143-d9bd-46e4-8865-8e1da5142c72/1/KdjeaKOVQI8nkLscbrcljjEWQvo.roa
File:                     KdjeaKOVQI8nkLscbrcljjEWQvo.roa (raw, json)
Hash identifier:          hmKWt5BMw7FcRXxgWPqVLHCN6voSzvaQG+o7oZwdPWo=
Subject key identifier:   29:D8:DE:68:A3:95:40:8F:27:90:BB:1C:6E:B7:25:8E:31:16:42:FA
Certificate issuer:       /CN=0092e74582531aaafee88b9c72e8c29e454d0659
Certificate serial:       019E4E5420B64407C9EFF294B99E81B00045
Authority key identifier: 00:92:E7:45:82:53:1A:AA:FE:E8:8B:9C:72:E8:C2:9E:45:4D:06:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AJLnRYJTGqr-6IuccujCnkVNBlk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/759143-d9bd-46e4-8865-8e1da5142c72/1/KdjeaKOVQI8nkLscbrcljjEWQvo.roa
Signing time:             Fri 22 May 2026 06:16:36 +0000
ROA not before:           Fri 22 May 2026 06:16:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215406
IP address blocks:        193.28.157.0/24 maxlen: 24
                          193.28.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/759143-d9bd-46e4-8865-8e1da5142c72/1/AJLnRYJTGqr-6IuccujCnkVNBlk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/759143-d9bd-46e4-8865-8e1da5142c72/1/AJLnRYJTGqr-6IuccujCnkVNBlk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AJLnRYJTGqr-6IuccujCnkVNBlk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 22:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4e:54:20:b6:44:07:c9:ef:f2:94:b9:9e:81:b0:00:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0092e74582531aaafee88b9c72e8c29e454d0659
        Validity
            Not Before: May 22 06:16:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=29d8de68a395408f2790bb1c6eb7258e311642fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:89:3f:60:c5:9d:35:3a:12:34:b9:88:bc:f6:
                    0a:8a:4c:2f:f7:b2:6d:1e:ed:62:92:2e:78:4c:f4:
                    ef:fe:61:59:6a:2e:4e:4b:6c:42:70:2c:d1:03:6a:
                    a7:8f:96:e3:a1:4b:8f:3e:86:03:60:b3:56:e8:7c:
                    19:69:84:32:b3:0f:96:fd:6a:0c:06:af:16:33:0e:
                    19:82:58:49:6c:61:23:96:10:9f:e6:a6:b8:9f:69:
                    9f:47:1b:30:9b:04:f4:ef:f1:7c:ac:91:5b:ab:2e:
                    b9:fe:1d:51:b0:b1:1f:5b:f9:27:f5:10:32:9f:30:
                    32:35:a1:35:5d:46:7e:48:b2:06:da:05:1f:63:af:
                    e2:98:bf:39:9f:27:12:00:61:84:3b:6c:64:70:ba:
                    be:fb:ee:92:8f:d7:27:b5:c8:75:c9:9c:f3:fe:5f:
                    ae:35:bb:14:3a:8a:a6:3e:6e:b2:5a:e7:2b:bf:01:
                    6d:29:77:58:4f:06:0b:80:53:be:fe:b4:27:5b:ed:
                    5f:6a:11:5f:06:61:d6:b2:b7:05:51:68:0f:13:21:
                    0d:95:e7:4e:f6:1b:fa:ec:f9:1b:37:6c:80:f9:3f:
                    68:2a:ab:96:54:31:59:5b:f8:c5:b4:fd:3b:b9:04:
                    fd:21:c9:24:df:e8:08:a6:24:98:94:ac:cc:d3:f4:
                    b4:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:D8:DE:68:A3:95:40:8F:27:90:BB:1C:6E:B7:25:8E:31:16:42:FA
            X509v3 Authority Key Identifier:
                keyid:00:92:E7:45:82:53:1A:AA:FE:E8:8B:9C:72:E8:C2:9E:45:4D:06:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AJLnRYJTGqr-6IuccujCnkVNBlk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/759143-d9bd-46e4-8865-8e1da5142c72/1/KdjeaKOVQI8nkLscbrcljjEWQvo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/759143-d9bd-46e4-8865-8e1da5142c72/1/AJLnRYJTGqr-6IuccujCnkVNBlk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.28.157.0/24
                  193.28.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:f6:42:9c:80:bc:1a:8b:f1:81:43:40:0c:54:be:34:9b:6d:
         df:39:19:50:ff:a4:35:39:3e:a1:4d:38:3e:d2:74:3f:d8:f6:
         39:c4:02:aa:5c:90:8b:2e:34:78:a2:a0:4d:16:a5:5b:75:16:
         0a:58:1c:f2:c7:e9:ee:11:58:40:aa:c0:ae:56:b0:ac:33:b0:
         d2:4c:45:8f:e9:d4:dc:60:a8:7f:db:3a:28:c8:be:39:b7:2e:
         73:a2:31:6c:d7:28:f9:d0:b4:7a:b6:5d:df:f0:d0:d0:98:6e:
         c2:00:f8:67:cb:1f:48:1d:cb:26:d1:29:0f:27:8b:77:d6:ce:
         00:cc:60:43:b5:a4:24:40:82:ff:21:0b:ae:8c:ed:cd:c1:9c:
         ff:0f:d6:31:eb:9c:3a:32:e1:7e:33:41:cb:02:19:59:df:75:
         d7:68:e5:30:04:fb:11:77:54:1f:66:f5:d9:32:e1:43:03:bf:
         ac:ef:16:41:7c:af:83:2e:3c:6e:1d:2e:b3:da:d2:46:a8:26:
         80:8f:2c:52:0f:f8:a3:87:5c:52:f1:e0:4e:88:04:f8:eb:db:
         4e:6f:b1:c5:60:14:69:62:18:f6:6b:7c:c2:75:44:21:7b:92:
         fa:e3:44:2a:b0:75:68:a5:51:72:bb:ee:39:41:35:e8:c9:c9:
         19:ba:72:de
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5OVCC2RAfJ7/KUuZ6BsABFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwOTJlNzQ1ODI1MzFhYWFmZWU4OGI5YzcyZThjMjllNDU0
ZDA2NTkwHhcNMjYwNTIyMDYxNjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWQ4ZGU2OGEzOTU0MDhmMjc5MGJiMWM2ZWI3MjU4ZTMxMTY0MmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnok/YMWdNToSNLmIvPYKikwv97Jt
Hu1iki54TPTv/mFZai5OS2xCcCzRA2qnj5bjoUuPPoYDYLNW6HwZaYQysw+W/WoM
Bq8WMw4ZglhJbGEjlhCf5qa4n2mfRxswmwT07/F8rJFbqy65/h1RsLEfW/kn9RAy
nzAyNaE1XUZ+SLIG2gUfY6/imL85nycSAGGEO2xkcLq+++6Sj9cntch1yZzz/l+u
NbsUOoqmPm6yWucrvwFtKXdYTwYLgFO+/rQnW+1fahFfBmHWsrcFUWgPEyENledO
9hv67PkbN2yA+T9oKquWVDFZW/jFtP07uQT9Ickk3+gIpiSYlKzM0/S06QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCnY3mijlUCPJ5C7HG63JY4xFkL6MB8GA1UdIwQY
MBaAFACS50WCUxqq/uiLnHLowp5FTQZZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUpMblJZSlRHcXItNkl1Y2N1akNua1ZOQmxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy83NTkxNDMtZDliZC00NmU0LTg4NjUt
OGUxZGE1MTQyYzcyLzEvS2RqZWFLT1ZRSThua0xzY2JyY2xqakVXUXZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy83NTkxNDMtZDliZC00NmU0LTg4NjUtOGUxZGE1MTQyYzcy
LzEvQUpMblJZSlRHcXItNkl1Y2N1akNua1ZOQmxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwRydAwQA
wRyzMA0GCSqGSIb3DQEBCwUAA4IBAQBg9kKcgLwai/GBQ0AMVL40m23fORlQ/6Q1
OT6hTTg+0nQ/2PY5xAKqXJCLLjR4oqBNFqVbdRYKWBzyx+nuEVhAqsCuVrCsM7DS
TEWP6dTcYKh/2zooyL45ty5zojFs1yj50LR6tl3f8NDQmG7CAPhnyx9IHcsm0SkP
J4t31s4AzGBDtaQkQIL/IQuujO3NwZz/D9Yx65w6MuF+M0HLAhlZ33XXaOUwBPsR
d1QfZvXZMuFDA7+s7xZBfK+DLjxuHS6z2tJGqCaAjyxSD/ijh1xS8eBOiAT469tO
b7HFYBRpYhj2a3zCdUQhe5L640QqsHVopVFyu+45QTXoyckZunLe
-----END CERTIFICATE-----