Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/156f45-da23-4e25-a08c-3687c2f7d83e/1/kpshd_nqvOSLpdq8n2Xp9TiBzzY.roa
File:                     kpshd_nqvOSLpdq8n2Xp9TiBzzY.roa (raw, json)
Hash identifier:          gHB/NPpss7TTnWxPCb4UR0vpBAt4lH1CE9UBGyO8VuM=
Subject key identifier:   92:9B:21:77:F9:EA:BC:E4:8B:A5:DA:BC:9F:65:E9:F5:38:81:CF:36
Certificate issuer:       /CN=988ce6e4ee09ef66658286451790969d7cffe9b9
Certificate serial:       019F087CFB13345388C0CDC722359641E913
Authority key identifier: 98:8C:E6:E4:EE:09:EF:66:65:82:86:45:17:90:96:9D:7C:FF:E9:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mIzm5O4J72ZlgoZFF5CWnXz_6bk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/156f45-da23-4e25-a08c-3687c2f7d83e/1/kpshd_nqvOSLpdq8n2Xp9TiBzzY.roa
Signing time:             Sat 27 Jun 2026 09:50:36 +0000
ROA not before:           Sat 27 Jun 2026 09:50:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50810
IP address blocks:        31.40.4.0/22 maxlen: 22
                          91.206.177.0/24 maxlen: 24
                          153.51.0.0/19 maxlen: 19
                          153.51.128.0/19 maxlen: 19
                          193.37.38.0/24 maxlen: 24
                          194.5.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/156f45-da23-4e25-a08c-3687c2f7d83e/1/mIzm5O4J72ZlgoZFF5CWnXz_6bk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/156f45-da23-4e25-a08c-3687c2f7d83e/1/mIzm5O4J72ZlgoZFF5CWnXz_6bk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mIzm5O4J72ZlgoZFF5CWnXz_6bk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 18:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:08:7c:fb:13:34:53:88:c0:cd:c7:22:35:96:41:e9:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=988ce6e4ee09ef66658286451790969d7cffe9b9
        Validity
            Not Before: Jun 27 09:50:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=929b2177f9eabce48ba5dabc9f65e9f53881cf36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:5d:f7:95:2d:c2:a3:f8:8e:9b:d2:da:13:bd:
                    dd:42:97:73:98:d4:1f:c7:f0:03:25:92:ff:5d:fd:
                    48:be:ae:b3:38:49:fe:37:78:c2:15:ca:8b:3b:7f:
                    9a:1e:aa:c6:83:2d:4c:9b:bc:fa:60:47:a1:e1:c2:
                    53:2a:75:da:d5:a8:d8:ab:77:38:a2:92:ef:e3:23:
                    09:18:d5:f2:04:d7:9f:f0:94:d7:48:26:57:f7:06:
                    a0:73:a9:c4:53:ee:7d:70:52:20:90:66:8a:b1:47:
                    c1:15:e3:c1:93:af:3f:81:81:4c:cf:cd:42:eb:bb:
                    17:af:f9:62:0b:ab:2b:bb:ca:82:f4:34:32:4c:19:
                    7e:aa:96:5a:f5:06:ec:41:1d:a8:75:9f:2d:84:83:
                    f6:a5:1c:18:4d:11:04:a1:b0:73:b9:a1:c9:07:a0:
                    d0:2e:52:99:09:d6:9b:9a:93:50:26:a5:1a:79:37:
                    3d:98:d1:3c:54:ed:f9:4e:52:a7:52:e9:b0:77:10:
                    5a:28:b9:40:54:3a:40:9a:c9:36:9c:21:37:3f:e7:
                    3d:64:6f:3f:61:95:1a:38:f6:23:e9:e2:94:f6:af:
                    41:20:d5:b6:0a:91:ab:05:cd:6a:6a:02:e6:39:b1:
                    f1:06:5a:96:d1:b0:0f:d7:23:26:3b:14:7c:a0:75:
                    6a:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:9B:21:77:F9:EA:BC:E4:8B:A5:DA:BC:9F:65:E9:F5:38:81:CF:36
            X509v3 Authority Key Identifier:
                keyid:98:8C:E6:E4:EE:09:EF:66:65:82:86:45:17:90:96:9D:7C:FF:E9:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mIzm5O4J72ZlgoZFF5CWnXz_6bk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/156f45-da23-4e25-a08c-3687c2f7d83e/1/kpshd_nqvOSLpdq8n2Xp9TiBzzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/156f45-da23-4e25-a08c-3687c2f7d83e/1/mIzm5O4J72ZlgoZFF5CWnXz_6bk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.4.0/22
                  91.206.177.0/24
                  153.51.0.0/19
                  153.51.128.0/19
                  193.37.38.0/24
                  194.5.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:e8:1b:ca:93:59:a1:f7:e2:74:e2:17:d9:06:36:73:5b:45:
         ba:5a:20:e6:e8:c3:bb:b3:7d:47:f6:49:19:95:28:66:56:47:
         b0:dc:57:0a:f5:9d:74:af:da:96:21:7a:a2:e0:b6:ef:ae:32:
         0a:9f:6c:84:f7:b6:a5:44:03:a6:29:3a:75:c2:ea:48:1b:9b:
         99:b6:68:0a:95:74:87:09:a2:5c:48:e7:b9:57:6c:aa:b4:bf:
         40:8e:9a:70:d9:7d:d4:f9:e8:63:e5:0d:51:40:35:0b:6b:4e:
         75:9c:bf:e4:3b:b8:25:14:e3:b6:16:68:08:27:20:34:ff:a6:
         50:04:18:e4:f7:55:60:85:fc:b6:0d:15:39:d8:6f:9e:17:cf:
         fb:dd:c5:9b:6c:97:8c:4b:33:73:40:20:a8:83:8a:0f:cd:d5:
         fa:36:c3:ef:cd:59:d4:67:7d:d8:94:e7:29:61:10:03:4f:91:
         ce:bc:5a:da:40:81:45:f4:43:fe:26:6d:32:c1:89:9d:d8:f3:
         20:18:08:7a:3c:0d:b4:0e:7b:0e:4e:08:34:04:f9:5f:e2:70:
         20:f8:8c:5b:0c:65:e5:ed:75:76:48:7b:5f:20:71:e5:10:b9:
         01:4b:23:87:a7:8a:b8:2e:23:5c:04:5e:0a:7a:ab:b9:20:13:
         a3:ab:7c:5e
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZ8IfPsTNFOIwM3HIjWWQekTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4OGNlNmU0ZWUwOWVmNjY2NTgyODY0NTE3OTA5NjlkN2Nm
ZmU5YjkwHhcNMjYwNjI3MDk1MDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjliMjE3N2Y5ZWFiY2U0OGJhNWRhYmM5ZjY1ZTlmNTM4ODFjZjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmV33lS3Co/iOm9LaE73dQpdzmNQf
x/ADJZL/Xf1Ivq6zOEn+N3jCFcqLO3+aHqrGgy1Mm7z6YEeh4cJTKnXa1ajYq3c4
opLv4yMJGNXyBNef8JTXSCZX9wagc6nEU+59cFIgkGaKsUfBFePBk68/gYFMz81C
67sXr/liC6sru8qC9DQyTBl+qpZa9QbsQR2odZ8thIP2pRwYTREEobBzuaHJB6DQ
LlKZCdabmpNQJqUaeTc9mNE8VO35TlKnUumwdxBaKLlAVDpAmsk2nCE3P+c9ZG8/
YZUaOPYj6eKU9q9BINW2CpGrBc1qagLmObHxBlqW0bAP1yMmOxR8oHVqIwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFJKbIXf56rzki6XavJ9l6fU4gc82MB8GA1UdIwQY
MBaAFJiM5uTuCe9mZYKGRReQlp18/+m5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUl6bTVPNEo3MlpsZ29aRkY1Q1duWHpfNmJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy8xNTZmNDUtZGEyMy00ZTI1LWEwOGMt
MzY4N2MyZjdkODNlLzEva3BzaGRfbnF2T1NMcGRxOG4yWHA5VGlCenpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy8xNTZmNDUtZGEyMy00ZTI1LWEwOGMtMzY4N2MyZjdkODNl
LzEvbUl6bTVPNEo3MlpsZ29aRkY1Q1duWHpfNmJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCHygEAwQA
W86xAwQFmTMAAwQFmTOAAwQAwSUmAwQAwgUQMA0GCSqGSIb3DQEBCwUAA4IBAQBF
6BvKk1mh9+J04hfZBjZzW0W6WiDm6MO7s31H9kkZlShmVkew3FcK9Z10r9qWIXqi
4LbvrjIKn2yE97alRAOmKTp1wupIG5uZtmgKlXSHCaJcSOe5V2yqtL9Ajppw2X3U
+ehj5Q1RQDULa051nL/kO7glFOO2FmgIJyA0/6ZQBBjk91Vghfy2DRU52G+eF8/7
3cWbbJeMSzNzQCCog4oPzdX6NsPvzVnUZ33YlOcpYRADT5HOvFraQIFF9EP+Jm0y
wYmd2PMgGAh6PA20DnsOTgg0BPlf4nAg+IxbDGXl7XV2SHtfIHHlELkBSyOHp4q4
LiNcBF4Kequ5IBOjq3xe
-----END CERTIFICATE-----
Generated at Wed Jul 1 01:34:18 2026 by rpki-client