Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/af161b-ef51-44bd-8e0a-9eb3c682b009/1/KnCfg8nTQsfpTcM_cEW8Uzz8x5M.roa
File:                     KnCfg8nTQsfpTcM_cEW8Uzz8x5M.roa (raw, json)
Hash identifier:          2VYLtBiQmGKXrUCSv3SxyNnrS3C6FcV2aiRtsHxSXSI=
Subject key identifier:   2A:70:9F:83:C9:D3:42:C7:E9:4D:C3:3F:70:45:BC:53:3C:FC:C7:93
Certificate issuer:       /CN=287e1c97f71f355867e3fb877f21aa5130b6cf5d
Certificate serial:       019B79EC2F79AED491A4B23C106A361E4056
Authority key identifier: 28:7E:1C:97:F7:1F:35:58:67:E3:FB:87:7F:21:AA:51:30:B6:CF:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KH4cl_cfNVhn4_uHfyGqUTC2z10.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/af161b-ef51-44bd-8e0a-9eb3c682b009/1/KnCfg8nTQsfpTcM_cEW8Uzz8x5M.roa
Signing time:             Thu 01 Jan 2026 14:18:00 +0000
ROA not before:           Thu 01 Jan 2026 14:18:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205244
IP address blocks:        185.224.100.0/24 maxlen: 24
                          185.224.101.0/24 maxlen: 24
                          185.224.102.0/24 maxlen: 24
                          185.224.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/af161b-ef51-44bd-8e0a-9eb3c682b009/1/KH4cl_cfNVhn4_uHfyGqUTC2z10.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/af161b-ef51-44bd-8e0a-9eb3c682b009/1/KH4cl_cfNVhn4_uHfyGqUTC2z10.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KH4cl_cfNVhn4_uHfyGqUTC2z10.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 14:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:2f:79:ae:d4:91:a4:b2:3c:10:6a:36:1e:40:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=287e1c97f71f355867e3fb877f21aa5130b6cf5d
        Validity
            Not Before: Jan  1 14:18:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2a709f83c9d342c7e94dc33f7045bc533cfcc793
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:09:7a:4e:20:d1:66:ac:05:5e:e3:fe:cd:f7:
                    44:63:ae:3b:a9:2e:d8:07:a5:79:00:3e:bc:29:52:
                    b8:8d:ea:ca:98:d6:87:60:99:0a:9c:64:e5:9c:81:
                    38:db:52:29:99:18:f7:80:29:83:4d:8e:f8:17:42:
                    92:da:d6:9f:46:f6:09:cb:c8:fe:48:b1:bd:62:a0:
                    78:74:59:d2:2f:64:e1:f7:b5:f2:54:ca:dc:17:29:
                    46:2c:4d:77:ef:df:2e:05:78:52:15:a1:c5:75:4c:
                    9a:6c:b0:43:e0:43:18:b2:fd:6b:46:4d:ce:22:7a:
                    1b:05:50:5e:d3:ea:30:89:02:5f:53:99:47:53:17:
                    57:ee:21:3a:f1:20:36:98:5b:04:e9:b5:f1:d1:96:
                    3c:76:9f:8c:d4:94:e3:b4:65:3b:e3:59:89:31:e1:
                    de:35:42:85:10:d8:7f:03:7d:e5:71:02:ed:27:20:
                    df:46:d7:63:ee:c3:f3:fc:a0:d2:1a:d2:98:af:03:
                    5b:87:e4:3d:42:db:cc:25:cb:37:c8:87:8b:1b:6f:
                    ad:b2:3f:61:3f:1a:f0:4e:55:c6:eb:8e:9a:fb:0f:
                    3b:f1:fb:15:e5:f3:9e:d1:e9:d8:0f:3a:0a:f6:62:
                    4a:94:26:2c:89:8a:26:17:84:6a:9d:5d:79:4f:9d:
                    da:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:70:9F:83:C9:D3:42:C7:E9:4D:C3:3F:70:45:BC:53:3C:FC:C7:93
            X509v3 Authority Key Identifier:
                keyid:28:7E:1C:97:F7:1F:35:58:67:E3:FB:87:7F:21:AA:51:30:B6:CF:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KH4cl_cfNVhn4_uHfyGqUTC2z10.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/af161b-ef51-44bd-8e0a-9eb3c682b009/1/KnCfg8nTQsfpTcM_cEW8Uzz8x5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/af161b-ef51-44bd-8e0a-9eb3c682b009/1/KH4cl_cfNVhn4_uHfyGqUTC2z10.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1f:b6:07:56:b9:7d:7c:61:ef:a6:25:57:5b:50:63:53:b1:70:
         1b:d4:c8:84:41:6f:e6:f1:32:2a:8b:af:0b:bf:f4:17:7f:72:
         e0:36:10:3a:af:f7:98:4a:22:4f:55:97:64:b2:2d:f3:9b:1a:
         e5:6d:d6:ae:42:7b:d9:60:9f:1d:12:4e:fd:2e:81:18:e6:49:
         c1:8f:49:ff:93:94:c6:c6:d0:df:07:1e:a8:e2:6a:c2:13:ba:
         7f:89:05:13:a9:15:51:d7:71:37:2d:c8:d7:76:f8:cd:d8:54:
         be:af:ff:b9:c0:51:19:a9:db:d9:ea:47:95:cb:43:7f:af:fa:
         11:eb:98:b9:94:6e:d9:bb:1a:33:79:70:2e:24:15:87:7a:dd:
         a0:80:09:cb:ce:45:f1:3d:54:49:9a:e7:93:78:c6:7e:86:ea:
         b1:8d:d8:b8:88:43:f4:da:fd:5f:be:34:bd:e5:02:c5:b3:37:
         eb:29:30:61:7c:49:16:e9:9c:66:46:57:9e:40:7e:cf:5e:2c:
         1d:c7:4d:29:ae:53:46:72:6c:07:a4:bf:3f:21:4d:18:b9:2b:
         a6:de:00:88:e5:7b:ef:f7:37:13:ee:a9:f2:55:c6:11:5d:60:
         06:53:ec:8d:f1:ff:34:e3:a2:23:55:0b:cb:ce:af:a9:50:30:
         8f:1d:e7:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57C95rtSRpLI8EGo2HkBWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4N2UxYzk3ZjcxZjM1NTg2N2UzZmI4NzdmMjFhYTUxMzBi
NmNmNWQwHhcNMjYwMTAxMTQxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTcwOWY4M2M5ZDM0MmM3ZTk0ZGMzM2Y3MDQ1YmM1MzNjZmNjNzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQl6TiDRZqwFXuP+zfdEY647qS7Y
B6V5AD68KVK4jerKmNaHYJkKnGTlnIE421IpmRj3gCmDTY74F0KS2tafRvYJy8j+
SLG9YqB4dFnSL2Th97XyVMrcFylGLE13798uBXhSFaHFdUyabLBD4EMYsv1rRk3O
InobBVBe0+owiQJfU5lHUxdX7iE68SA2mFsE6bXx0ZY8dp+M1JTjtGU741mJMeHe
NUKFENh/A33lcQLtJyDfRtdj7sPz/KDSGtKYrwNbh+Q9QtvMJcs3yIeLG2+tsj9h
PxrwTlXG646a+w878fsV5fOe0enYDzoK9mJKlCYsiYomF4RqnV15T53aCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCpwn4PJ00LH6U3DP3BFvFM8/MeTMB8GA1UdIwQY
MBaAFCh+HJf3HzVYZ+P7h38hqlEwts9dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0g0Y2xfY2ZOVmhuNF91SGZ5R3FVVEMyejEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hZjE2MWItZWY1MS00NGJkLThlMGEt
OWViM2M2ODJiMDA5LzEvS25DZmc4blRRc2ZwVGNNX2NFVzhVeno4eDVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hZjE2MWItZWY1MS00NGJkLThlMGEtOWViM2M2ODJiMDA5
LzEvS0g0Y2xfY2ZOVmhuNF91SGZ5R3FVVEMyejEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueBkMA0G
CSqGSIb3DQEBCwUAA4IBAQAftgdWuX18Ye+mJVdbUGNTsXAb1MiEQW/m8TIqi68L
v/QXf3LgNhA6r/eYSiJPVZdksi3zmxrlbdauQnvZYJ8dEk79LoEY5knBj0n/k5TG
xtDfBx6o4mrCE7p/iQUTqRVR13E3LcjXdvjN2FS+r/+5wFEZqdvZ6keVy0N/r/oR
65i5lG7ZuxozeXAuJBWHet2ggAnLzkXxPVRJmueTeMZ+huqxjdi4iEP02v1fvjS9
5QLFszfrKTBhfEkW6ZxmRleeQH7PXiwdx00prlNGcmwHpL8/IU0YuSum3gCI5Xvv
9zcT7qnyVcYRXWAGU+yN8f8046IjVQvLzq+pUDCPHecO
-----END CERTIFICATE-----