Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/KyW0NLPBY-c8-93421DPFnp7SOc.roa
File:                     KyW0NLPBY-c8-93421DPFnp7SOc.roa (raw, json)
Hash identifier:          +0RudaRLsqd8hbUGe7FKAAGeAubtOGhIa6cc4eD1Xc8=
Subject key identifier:   2B:25:B4:34:B3:C1:63:E7:3C:FB:DD:F8:DB:50:CF:16:7A:7B:48:E7
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019D47B8AB8218EBEF847E26E88C4A8B9326
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/KyW0NLPBY-c8-93421DPFnp7SOc.roa
Signing time:             Wed 01 Apr 2026 06:26:18 +0000
ROA not before:           Wed 01 Apr 2026 06:26:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     17497
IP address blocks:        194.231.135.0/24 maxlen: 24
                          194.231.138.0/24 maxlen: 24
                          194.231.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:47:b8:ab:82:18:eb:ef:84:7e:26:e8:8c:4a:8b:93:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Apr  1 06:26:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2b25b434b3c163e73cfbddf8db50cf167a7b48e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:7d:27:a3:7b:f2:f3:f2:fb:10:d9:ef:96:29:
                    67:cc:cb:fb:7c:00:1e:c8:e1:33:97:35:40:17:ad:
                    0f:c4:31:f3:44:5b:e1:d5:9b:b9:f6:60:86:b3:20:
                    df:f2:3f:8d:e1:f7:3c:ac:d6:f9:4a:0d:db:8c:8e:
                    92:ad:9b:71:8b:9d:c8:75:e8:78:97:1d:b7:35:60:
                    a5:d5:1f:14:37:98:f6:d4:8d:ca:6a:26:bf:cd:c4:
                    6a:e5:16:8f:c3:5a:19:dc:21:26:42:36:9a:c4:3e:
                    1d:b9:55:38:de:48:67:90:d5:51:4a:01:c6:3d:8e:
                    7f:06:8b:80:88:2f:c5:60:86:46:c0:72:bb:ac:7f:
                    18:f9:7b:cd:6a:4e:8e:a9:e7:b1:86:5b:fd:0d:03:
                    d5:6b:53:7c:07:57:69:fe:4e:3d:0a:f4:1a:32:e6:
                    d4:f2:dc:ac:a4:27:8e:fa:f6:c7:2b:53:90:aa:40:
                    de:54:49:21:2e:41:e5:f1:ae:ab:5f:7b:8d:1e:9b:
                    01:9c:57:7f:cb:19:07:d1:b2:3a:82:69:33:63:58:
                    c0:e4:14:41:c7:7c:6e:b4:49:40:62:7b:1f:bb:8d:
                    6c:f2:ca:92:d6:e0:5f:3a:de:f4:f8:4d:16:da:b6:
                    2a:0d:d4:c7:16:7c:13:4d:c0:4e:fd:94:0c:fd:28:
                    ba:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:25:B4:34:B3:C1:63:E7:3C:FB:DD:F8:DB:50:CF:16:7A:7B:48:E7
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/KyW0NLPBY-c8-93421DPFnp7SOc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.135.0/24
                  194.231.138.0/24
                  194.231.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:f9:51:04:1b:dd:81:7c:bf:39:db:cc:f1:d4:29:82:fe:5a:
         c2:3b:b3:e6:5e:5e:9a:66:53:36:a2:c5:28:1b:31:bd:d7:78:
         a1:99:c9:6c:43:c4:08:88:d9:65:9c:82:a5:95:83:f6:14:1b:
         85:95:46:c4:99:42:bb:1a:69:e8:1e:d9:91:a8:fa:21:48:85:
         1a:0a:71:6d:b6:5d:ef:7e:7f:9c:1f:1f:71:af:43:e1:d3:7f:
         f4:9a:60:fb:6a:46:f5:30:18:48:1d:c3:60:c4:b0:fc:7e:f8:
         12:d9:65:9c:48:78:d6:85:81:4c:0b:a0:98:32:f5:14:08:6f:
         c5:7d:14:33:0f:9f:84:32:1c:93:e0:58:85:34:31:f9:e3:8d:
         83:42:02:25:15:41:dd:9f:e5:e6:56:9b:85:88:1c:b5:18:50:
         08:25:f3:a3:e5:17:81:a0:fe:e1:22:26:a1:cd:d1:73:2c:3d:
         64:3d:9c:6f:ef:2f:94:6e:06:c2:b8:02:38:54:37:be:bb:3e:
         d2:69:5c:0f:2e:95:c7:dc:ab:da:e0:eb:f1:a7:03:0b:7f:61:
         d6:68:c4:d0:a1:ba:4b:3f:16:68:1a:19:34:1c:01:e6:54:b2:
         a0:f6:1c:b2:e1:18:f6:06:17:49:b6:ad:b2:dd:a7:65:0e:01:
         c9:f0:77:a7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ1HuKuCGOvvhH4m6IxKi5MmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNDAxMDYyNjE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjI1YjQzNGIzYzE2M2U3M2NmYmRkZjhkYjUwY2YxNjdhN2I0OGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2H0no3vy8/L7ENnvlilnzMv7fAAe
yOEzlzVAF60PxDHzRFvh1Zu59mCGsyDf8j+N4fc8rNb5Sg3bjI6SrZtxi53Ideh4
lx23NWCl1R8UN5j21I3Kaia/zcRq5RaPw1oZ3CEmQjaaxD4duVU43khnkNVRSgHG
PY5/BouAiC/FYIZGwHK7rH8Y+XvNak6Oqeexhlv9DQPVa1N8B1dp/k49CvQaMubU
8tyspCeO+vbHK1OQqkDeVEkhLkHl8a6rX3uNHpsBnFd/yxkH0bI6gmkzY1jA5BRB
x3xutElAYnsfu41s8sqS1uBfOt70+E0W2rYqDdTHFnwTTcBO/ZQM/Si6BwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCsltDSzwWPnPPvd+NtQzxZ6e0jnMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvS3lXME5MUEJZLWM4LTkzNDIxRFBGbnA3U09jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwueHAwQA
wueKAwQAwufGMA0GCSqGSIb3DQEBCwUAA4IBAQAE+VEEG92BfL8528zx1CmC/lrC
O7PmXl6aZlM2osUoGzG913ihmclsQ8QIiNllnIKllYP2FBuFlUbEmUK7GmnoHtmR
qPohSIUaCnFttl3vfn+cHx9xr0Ph03/0mmD7akb1MBhIHcNgxLD8fvgS2WWcSHjW
hYFMC6CYMvUUCG/FfRQzD5+EMhyT4FiFNDH5442DQgIlFUHdn+XmVpuFiBy1GFAI
JfOj5ReBoP7hIiahzdFzLD1kPZxv7y+UbgbCuAI4VDe+uz7SaVwPLpXH3Kva4Ovx
pwMLf2HWaMTQobpLPxZoGhk0HAHmVLKg9hyy4Rj2BhdJtq2y3adlDgHJ8Hen
-----END CERTIFICATE-----