Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/kCsBaUzl0VJzCqTvefgRf9Ora-Y.roa
File:                     kCsBaUzl0VJzCqTvefgRf9Ora-Y.roa (raw, json)
Hash identifier:          xGacFlbxros0DtBMF2AYVgiGm+bKu4KlmyADoX0xnf0=
Subject key identifier:   90:2B:01:69:4C:E5:D1:52:73:0A:A4:EF:79:F8:11:7F:D3:AB:6B:E6
Certificate issuer:       /CN=b14aba8b60749393478e83c360e6cbd75d156f89
Certificate serial:       019C22E3A6268DD4B655B916219792195039
Authority key identifier: B1:4A:BA:8B:60:74:93:93:47:8E:83:C3:60:E6:CB:D7:5D:15:6F:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sUq6i2B0k5NHjoPDYObL110Vb4k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/kCsBaUzl0VJzCqTvefgRf9Ora-Y.roa
Signing time:             Tue 03 Feb 2026 09:44:30 +0000
ROA not before:           Tue 03 Feb 2026 09:44:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200040
IP address blocks:        188.124.0.0/24 maxlen: 24
                          188.124.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/sUq6i2B0k5NHjoPDYObL110Vb4k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/sUq6i2B0k5NHjoPDYObL110Vb4k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sUq6i2B0k5NHjoPDYObL110Vb4k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:22:e3:a6:26:8d:d4:b6:55:b9:16:21:97:92:19:50:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b14aba8b60749393478e83c360e6cbd75d156f89
        Validity
            Not Before: Feb  3 09:44:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=902b01694ce5d152730aa4ef79f8117fd3ab6be6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:6b:de:8e:31:3f:ae:7e:88:90:89:35:80:64:
                    fe:e6:05:36:6d:26:be:91:d3:06:12:63:3b:02:38:
                    db:85:87:ce:5b:82:cc:06:d4:11:37:2c:10:7b:92:
                    6c:d3:be:49:23:f2:c9:72:15:18:74:90:10:e5:f6:
                    8c:21:c8:2e:48:bd:cb:ba:51:e6:55:80:15:c9:17:
                    fa:80:26:b6:8f:d1:96:2a:d7:9f:4a:39:c6:be:d6:
                    15:03:2f:98:46:c0:d2:1b:df:64:26:e8:8d:b6:2a:
                    72:a8:38:93:9f:4c:8b:8d:b8:b3:64:7f:c9:4f:db:
                    9c:26:8f:27:8d:cc:1f:e7:1d:73:fe:ef:ce:e1:0f:
                    a6:db:7e:67:19:81:88:c3:35:21:de:d3:cc:2d:fe:
                    b6:35:bd:d2:e2:8d:47:0c:02:37:1b:12:60:52:10:
                    bf:be:61:76:5a:96:c1:35:cb:08:13:d3:1b:d0:18:
                    f7:d9:69:a4:34:26:fc:ce:67:9e:47:63:72:e8:57:
                    9c:cc:87:13:83:dd:9e:9e:6f:3f:d3:03:eb:70:cd:
                    d1:01:3c:7b:50:91:b2:e0:55:e5:93:5e:01:07:8b:
                    fd:0f:94:83:2a:34:ab:4c:96:0f:08:c8:41:c2:60:
                    7d:60:66:bd:7f:e5:cf:cf:ff:01:82:56:5d:d5:b2:
                    55:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:2B:01:69:4C:E5:D1:52:73:0A:A4:EF:79:F8:11:7F:D3:AB:6B:E6
            X509v3 Authority Key Identifier:
                keyid:B1:4A:BA:8B:60:74:93:93:47:8E:83:C3:60:E6:CB:D7:5D:15:6F:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sUq6i2B0k5NHjoPDYObL110Vb4k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/kCsBaUzl0VJzCqTvefgRf9Ora-Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/461685-073e-41af-9bb6-cf6c305212eb/1/sUq6i2B0k5NHjoPDYObL110Vb4k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.124.0.0/24
                  188.124.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:a4:b5:03:e0:20:21:c5:b4:9d:1a:84:4d:e2:36:f5:ae:a5:
         a4:5e:6d:43:c9:c8:53:5a:2f:f6:7f:88:27:bb:07:ff:cb:9f:
         a5:ea:95:d7:92:d0:88:24:b9:a5:c8:c4:31:f7:56:45:6d:df:
         92:f1:93:54:9b:1a:5d:28:3f:a6:5d:89:18:2c:f5:17:b2:fb:
         b2:e0:5d:77:d0:ab:e6:c9:12:fe:cc:a7:b4:fa:87:d0:22:a8:
         42:ba:20:a6:ce:2b:94:2f:47:83:30:82:12:4b:90:76:ef:51:
         1c:87:67:f6:be:00:4b:08:be:83:82:19:8d:22:56:36:89:57:
         57:7f:18:29:7d:34:f4:40:8f:4e:da:a1:00:0a:5f:c6:0f:2a:
         3f:74:77:7c:2e:be:ee:1c:55:fc:13:4a:ec:04:8d:1a:9e:96:
         b6:c9:51:05:be:b7:71:d5:e0:b9:97:94:ce:88:0a:23:ad:4d:
         80:d3:ec:a4:bd:95:fb:60:98:1c:70:6d:ac:59:19:1f:1c:f7:
         13:7b:7a:f6:1f:89:66:21:22:a6:af:e0:11:6c:d6:97:32:c6:
         03:b9:a5:45:08:8a:a5:3b:29:96:bd:34:4b:9c:95:3c:e6:5d:
         9b:b3:d9:03:99:6b:97:8d:1c:51:4c:f0:c8:e5:02:c0:cc:9b:
         c8:d8:d2:b2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZwi46YmjdS2VbkWIZeSGVA5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNGFiYThiNjA3NDkzOTM0NzhlODNjMzYwZTZjYmQ3NWQx
NTZmODkwHhcNMjYwMjAzMDk0NDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDJiMDE2OTRjZTVkMTUyNzMwYWE0ZWY3OWY4MTE3ZmQzYWI2YmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzmvejjE/rn6IkIk1gGT+5gU2bSa+
kdMGEmM7AjjbhYfOW4LMBtQRNywQe5Js075JI/LJchUYdJAQ5faMIcguSL3LulHm
VYAVyRf6gCa2j9GWKtefSjnGvtYVAy+YRsDSG99kJuiNtipyqDiTn0yLjbizZH/J
T9ucJo8njcwf5x1z/u/O4Q+m235nGYGIwzUh3tPMLf62Nb3S4o1HDAI3GxJgUhC/
vmF2WpbBNcsIE9Mb0Bj32WmkNCb8zmeeR2Ny6FeczIcTg92enm8/0wPrcM3RATx7
UJGy4FXlk14BB4v9D5SDKjSrTJYPCMhBwmB9YGa9f+XPz/8BglZd1bJVQQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJArAWlM5dFScwqk73n4EX/Tq2vmMB8GA1UdIwQY
MBaAFLFKuotgdJOTR46Dw2Dmy9ddFW+JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1VxNmkyQjBrNU5Iam9QRFlPYkwxMTBWYjRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi80NjE2ODUtMDczZS00MWFmLTliYjYt
Y2Y2YzMwNTIxMmViLzEva0NzQmFVemwwVkp6Q3FUdmVmZ1JmOU9yYS1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi80NjE2ODUtMDczZS00MWFmLTliYjYtY2Y2YzMwNTIxMmVi
LzEvc1VxNmkyQjBrNU5Iam9QRFlPYkwxMTBWYjRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAvHwAAwQA
vHwGMA0GCSqGSIb3DQEBCwUAA4IBAQCEpLUD4CAhxbSdGoRN4jb1rqWkXm1DychT
Wi/2f4gnuwf/y5+l6pXXktCIJLmlyMQx91ZFbd+S8ZNUmxpdKD+mXYkYLPUXsvuy
4F130KvmyRL+zKe0+ofQIqhCuiCmziuUL0eDMIISS5B271Ech2f2vgBLCL6DghmN
IlY2iVdXfxgpfTT0QI9O2qEACl/GDyo/dHd8Lr7uHFX8E0rsBI0anpa2yVEFvrdx
1eC5l5TOiAojrU2A0+ykvZX7YJgccG2sWRkfHPcTe3r2H4lmISKmr+ARbNaXMsYD
uaVFCIqlOymWvTRLnJU85l2bs9kDmWuXjRxRTPDI5QLAzJvI2NKy
-----END CERTIFICATE-----