Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/2ff188-67de-42a0-8bcd-34d29bb1cd85/1/KpSiFlpQT5dMSWFR8bhyaB5lV0E.roa
File:                     KpSiFlpQT5dMSWFR8bhyaB5lV0E.roa (raw, json)
Hash identifier:          b+M/pWTjrzDu/kT2jGIzR1Dtt5OUtfCqD8vNrO/FXP8=
Subject key identifier:   2A:94:A2:16:5A:50:4F:97:4C:49:61:51:F1:B8:72:68:1E:65:57:41
Certificate issuer:       /CN=635f7f20054c4fbda2de4ed87f5f641f935b0386
Certificate serial:       019E45FC33E0A66CC751E9C42FE3C0E9B079
Authority key identifier: 63:5F:7F:20:05:4C:4F:BD:A2:DE:4E:D8:7F:5F:64:1F:93:5B:03:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y19_IAVMT72i3k7Yf19kH5NbA4Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/2ff188-67de-42a0-8bcd-34d29bb1cd85/1/KpSiFlpQT5dMSWFR8bhyaB5lV0E.roa
Signing time:             Wed 20 May 2026 15:23:36 +0000
ROA not before:           Wed 20 May 2026 15:23:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5539
IP address blocks:        193.97.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/2ff188-67de-42a0-8bcd-34d29bb1cd85/1/Y19_IAVMT72i3k7Yf19kH5NbA4Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/2ff188-67de-42a0-8bcd-34d29bb1cd85/1/Y19_IAVMT72i3k7Yf19kH5NbA4Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y19_IAVMT72i3k7Yf19kH5NbA4Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 22:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:45:fc:33:e0:a6:6c:c7:51:e9:c4:2f:e3:c0:e9:b0:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=635f7f20054c4fbda2de4ed87f5f641f935b0386
        Validity
            Not Before: May 20 15:23:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2a94a2165a504f974c496151f1b872681e655741
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:6c:f2:e5:ec:f9:f9:83:1d:86:f1:ba:10:b4:
                    39:42:78:a2:26:3b:de:c4:ee:18:09:15:41:c7:8d:
                    bc:52:d0:35:b3:43:e2:5b:f2:25:94:5f:13:01:8c:
                    b6:7e:2f:40:56:85:cf:58:2e:d1:2c:65:82:69:03:
                    43:a4:58:94:ba:19:8c:18:cd:aa:59:cf:cb:ef:31:
                    70:6d:57:3e:d0:f7:d5:fd:97:b3:8e:37:dd:30:8b:
                    42:20:90:dd:07:9a:81:b1:84:31:6e:7c:cd:a3:63:
                    a7:8f:9b:d9:bb:da:d3:9b:98:4d:86:9a:67:ca:51:
                    07:e7:21:91:bc:3b:54:7d:e8:c0:fc:65:f6:2b:e3:
                    38:e3:07:87:e8:2f:9a:b1:9c:50:1c:de:62:2d:3c:
                    69:63:58:93:3a:48:07:08:fa:99:f6:d7:e3:44:cc:
                    f4:1c:6d:ea:9a:47:07:c5:10:ef:9f:92:c7:71:bb:
                    91:1f:35:e6:76:f0:fb:af:26:37:39:97:fd:63:4d:
                    b9:71:db:19:6d:ce:da:17:9a:de:94:0e:da:79:ff:
                    a7:ff:a8:01:1a:38:8c:b9:ab:51:83:25:13:19:67:
                    8d:56:cb:15:b0:56:ca:42:f0:c6:38:85:e7:74:04:
                    af:20:aa:b2:26:ee:d2:54:aa:21:ed:10:7e:b9:fb:
                    00:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:94:A2:16:5A:50:4F:97:4C:49:61:51:F1:B8:72:68:1E:65:57:41
            X509v3 Authority Key Identifier:
                keyid:63:5F:7F:20:05:4C:4F:BD:A2:DE:4E:D8:7F:5F:64:1F:93:5B:03:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y19_IAVMT72i3k7Yf19kH5NbA4Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/2ff188-67de-42a0-8bcd-34d29bb1cd85/1/KpSiFlpQT5dMSWFR8bhyaB5lV0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/2ff188-67de-42a0-8bcd-34d29bb1cd85/1/Y19_IAVMT72i3k7Yf19kH5NbA4Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.97.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:40:3b:06:aa:61:f4:23:34:da:f9:bd:8d:f3:80:35:0c:55:
         32:1e:b6:55:17:49:5b:b8:52:5d:f8:24:30:5a:96:5b:be:3e:
         d7:69:de:68:b3:4d:11:bb:e9:26:89:83:1f:c3:2e:90:a9:c1:
         32:24:9e:7a:ca:19:a6:e2:10:6e:9a:68:6d:cc:5f:3e:8d:a8:
         48:63:7a:17:aa:c9:6e:63:f6:cd:e4:89:67:c6:da:ec:71:6f:
         3f:83:46:2a:da:2b:2b:6b:99:61:87:b4:fe:92:ad:ee:d9:d6:
         0d:c7:f4:70:ab:0a:ac:d4:0b:52:6e:08:6c:99:b0:28:a2:14:
         63:8f:23:47:7d:f0:41:1c:dc:bb:b0:78:3e:39:2b:1c:0d:30:
         94:e3:5f:da:e6:fd:4b:b8:9e:e8:b1:65:fd:45:87:2b:02:97:
         f5:0b:71:2e:10:9d:4d:eb:b4:cc:bd:84:b3:59:2d:ef:70:44:
         4d:92:bc:44:60:d8:87:d7:f5:34:15:93:8b:01:8b:24:42:5b:
         c0:8c:1c:e0:d2:cc:b0:58:09:94:09:e4:bf:d6:7d:cf:09:42:
         dc:39:94:f1:fa:2f:e0:56:7a:24:68:61:bf:e5:4c:e1:df:f5:
         9a:40:51:14:4f:8d:21:3f:dc:09:70:7f:0f:eb:ae:32:6a:c3:
         b4:b7:66:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5F/DPgpmzHUenEL+PA6bB5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNWY3ZjIwMDU0YzRmYmRhMmRlNGVkODdmNWY2NDFmOTM1
YjAzODYwHhcNMjYwNTIwMTUyMzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTk0YTIxNjVhNTA0Zjk3NGM0OTYxNTFmMWI4NzI2ODFlNjU1NzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkWzy5ez5+YMdhvG6ELQ5QniiJjve
xO4YCRVBx428UtA1s0PiW/IllF8TAYy2fi9AVoXPWC7RLGWCaQNDpFiUuhmMGM2q
Wc/L7zFwbVc+0PfV/ZezjjfdMItCIJDdB5qBsYQxbnzNo2Onj5vZu9rTm5hNhppn
ylEH5yGRvDtUfejA/GX2K+M44weH6C+asZxQHN5iLTxpY1iTOkgHCPqZ9tfjRMz0
HG3qmkcHxRDvn5LHcbuRHzXmdvD7ryY3OZf9Y025cdsZbc7aF5relA7aef+n/6gB
GjiMuatRgyUTGWeNVssVsFbKQvDGOIXndASvIKqyJu7SVKoh7RB+ufsATQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCqUohZaUE+XTElhUfG4cmgeZVdBMB8GA1UdIwQY
MBaAFGNffyAFTE+9ot5O2H9fZB+TWwOGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTE5X0lBVk1UNzJpM2s3WWYxOWtINU5iQTRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8yZmYxODgtNjdkZS00MmEwLThiY2Qt
MzRkMjliYjFjZDg1LzEvS3BTaUZscFFUNWRNU1dGUjhiaHlhQjVsVjBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8yZmYxODgtNjdkZS00MmEwLThiY2QtMzRkMjliYjFjZDg1
LzEvWTE5X0lBVk1UNzJpM2s3WWYxOWtINU5iQTRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWGBMA0G
CSqGSIb3DQEBCwUAA4IBAQCeQDsGqmH0IzTa+b2N84A1DFUyHrZVF0lbuFJd+CQw
WpZbvj7Xad5os00Ru+kmiYMfwy6QqcEyJJ56yhmm4hBummhtzF8+jahIY3oXqslu
Y/bN5IlnxtrscW8/g0Yq2isra5lhh7T+kq3u2dYNx/Rwqwqs1AtSbghsmbAoohRj
jyNHffBBHNy7sHg+OSscDTCU41/a5v1LuJ7osWX9RYcrApf1C3EuEJ1N67TMvYSz
WS3vcERNkrxEYNiH1/U0FZOLAYskQlvAjBzg0sywWAmUCeS/1n3PCULcOZTx+i/g
VnokaGG/5Uzh3/WaQFEUT40hP9wJcH8P664yasO0t2ZV
-----END CERTIFICATE-----