Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/506ec8-150f-4275-ac05-05393f2b3a47/1/Kva8pOVZlkquTrmEhbp1bVFcO6k.roa
File:                     Kva8pOVZlkquTrmEhbp1bVFcO6k.roa (raw, json)
Hash identifier:          RxzZTraMVAKkP8ewUU+x3bHJ3Ubv/2C3lu8vqzkWAJU=
Subject key identifier:   2A:F6:BC:A4:E5:59:96:4A:AE:4E:B9:84:85:BA:75:6D:51:5C:3B:A9
Certificate issuer:       /CN=a22c3ce2371b9f21c57e0c3a5787d95a735cb500
Certificate serial:       019B7A59B59990F9F8278D95ECEC35AA5EF5
Authority key identifier: A2:2C:3C:E2:37:1B:9F:21:C5:7E:0C:3A:57:87:D9:5A:73:5C:B5:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oiw84jcbnyHFfgw6V4fZWnNctQA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/506ec8-150f-4275-ac05-05393f2b3a47/1/Kva8pOVZlkquTrmEhbp1bVFcO6k.roa
Signing time:             Thu 01 Jan 2026 16:17:38 +0000
ROA not before:           Thu 01 Jan 2026 16:17:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197635
IP address blocks:        91.223.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/506ec8-150f-4275-ac05-05393f2b3a47/1/oiw84jcbnyHFfgw6V4fZWnNctQA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/506ec8-150f-4275-ac05-05393f2b3a47/1/oiw84jcbnyHFfgw6V4fZWnNctQA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oiw84jcbnyHFfgw6V4fZWnNctQA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 06:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:59:b5:99:90:f9:f8:27:8d:95:ec:ec:35:aa:5e:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a22c3ce2371b9f21c57e0c3a5787d95a735cb500
        Validity
            Not Before: Jan  1 16:17:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2af6bca4e559964aae4eb98485ba756d515c3ba9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:73:2e:36:69:4a:a5:30:ca:9a:7c:cc:da:33:
                    23:a4:e1:e6:c6:15:ad:3b:7e:69:b4:b5:f2:64:74:
                    3d:3d:3a:7d:90:cf:e0:5a:d3:90:67:54:fe:a0:a7:
                    c9:d2:c7:3d:5f:d5:87:20:71:a8:1c:d8:61:bc:22:
                    3c:b4:29:77:ac:0b:a3:86:38:4e:17:d7:ce:82:6c:
                    40:5e:27:e2:2f:91:1a:42:a7:3d:99:54:a5:82:b4:
                    71:69:76:23:0a:0b:4e:38:4e:7e:34:d4:af:45:ba:
                    9d:b5:fc:c3:82:95:c0:dd:21:a9:47:f8:84:1b:53:
                    fd:77:16:c1:2b:4d:22:08:9d:39:0d:fa:78:96:33:
                    18:59:78:d2:8c:59:c4:67:c4:84:89:22:79:cc:37:
                    40:72:a1:8e:cc:b2:fc:8b:a2:0b:19:31:ea:91:7b:
                    a7:8f:b7:77:c0:32:85:d0:6f:7a:5c:a3:36:60:cc:
                    aa:96:08:3b:a9:fd:2f:9b:c6:c2:43:68:ee:18:b4:
                    d4:bc:b5:93:6f:0b:33:bc:bf:66:3c:fa:7f:33:b2:
                    6b:51:ea:3b:f3:98:e9:d8:84:30:bd:13:2f:0c:66:
                    61:d2:be:f1:f7:be:00:e2:35:54:37:86:c6:14:a3:
                    e4:03:ab:e3:ac:51:58:af:3b:45:09:2e:7a:83:b2:
                    f0:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:F6:BC:A4:E5:59:96:4A:AE:4E:B9:84:85:BA:75:6D:51:5C:3B:A9
            X509v3 Authority Key Identifier:
                keyid:A2:2C:3C:E2:37:1B:9F:21:C5:7E:0C:3A:57:87:D9:5A:73:5C:B5:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oiw84jcbnyHFfgw6V4fZWnNctQA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/506ec8-150f-4275-ac05-05393f2b3a47/1/Kva8pOVZlkquTrmEhbp1bVFcO6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/506ec8-150f-4275-ac05-05393f2b3a47/1/oiw84jcbnyHFfgw6V4fZWnNctQA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:d6:8c:4c:64:09:ae:86:63:57:b4:33:9e:db:89:8e:4c:26:
         19:ec:5d:06:bb:99:59:4c:44:42:f8:b9:85:4e:c4:89:f9:4d:
         ca:8e:e0:bc:e3:39:c5:d7:96:88:b7:2d:e1:8f:a2:66:b4:26:
         e2:5b:ee:87:33:e2:51:96:3c:4f:67:d2:a5:4d:7f:2e:b6:82:
         3a:e1:95:99:80:c4:81:51:cc:ef:e8:60:07:34:f7:2f:2e:36:
         16:be:ad:75:f4:04:b6:e9:10:1c:21:d3:cf:3f:63:d0:d3:c5:
         3e:4d:f6:33:d2:60:c7:e4:58:5b:8f:ab:73:90:19:96:c3:26:
         93:bd:88:f8:b2:83:97:17:7d:e6:0a:07:b2:b8:fe:f6:ab:d9:
         78:93:f5:5a:69:91:3c:9c:82:9b:67:75:f8:61:81:47:94:21:
         5c:f1:2e:b6:bd:cc:d3:82:66:33:ed:9c:33:a2:17:8a:af:49:
         66:86:52:18:df:2c:76:0e:89:1a:26:a4:73:9b:df:86:be:87:
         ac:3e:e2:ea:f5:20:22:27:7a:43:19:31:53:03:10:13:26:63:
         a7:93:3b:18:4e:9e:a4:41:28:88:80:af:4f:d3:92:ad:83:b5:
         36:d5:b4:2a:f5:2a:71:b2:60:38:c9:bd:6a:60:6d:59:c2:7c:
         ba:ee:7e:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WbWZkPn4J42V7Ow1ql71MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyMmMzY2UyMzcxYjlmMjFjNTdlMGMzYTU3ODdkOTVhNzM1
Y2I1MDAwHhcNMjYwMTAxMTYxNzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWY2YmNhNGU1NTk5NjRhYWU0ZWI5ODQ4NWJhNzU2ZDUxNWMzYmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo3MuNmlKpTDKmnzM2jMjpOHmxhWt
O35ptLXyZHQ9PTp9kM/gWtOQZ1T+oKfJ0sc9X9WHIHGoHNhhvCI8tCl3rAujhjhO
F9fOgmxAXifiL5EaQqc9mVSlgrRxaXYjCgtOOE5+NNSvRbqdtfzDgpXA3SGpR/iE
G1P9dxbBK00iCJ05Dfp4ljMYWXjSjFnEZ8SEiSJ5zDdAcqGOzLL8i6ILGTHqkXun
j7d3wDKF0G96XKM2YMyqlgg7qf0vm8bCQ2juGLTUvLWTbwszvL9mPPp/M7JrUeo7
85jp2IQwvRMvDGZh0r7x974A4jVUN4bGFKPkA6vjrFFYrztFCS56g7LwKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCr2vKTlWZZKrk65hIW6dW1RXDupMB8GA1UdIwQY
MBaAFKIsPOI3G58hxX4MOleH2VpzXLUAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2l3ODRqY2JueUhGZmd3NlY0ZlpXbk5jdFFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy81MDZlYzgtMTUwZi00Mjc1LWFjMDUt
MDUzOTNmMmIzYTQ3LzEvS3ZhOHBPVlpsa3F1VHJtRWhicDFiVkZjTzZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy81MDZlYzgtMTUwZi00Mjc1LWFjMDUtMDUzOTNmMmIzYTQ3
LzEvb2l3ODRqY2JueUhGZmd3NlY0ZlpXbk5jdFFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9/FMA0G
CSqGSIb3DQEBCwUAA4IBAQC91oxMZAmuhmNXtDOe24mOTCYZ7F0Gu5lZTERC+LmF
TsSJ+U3KjuC84znF15aIty3hj6JmtCbiW+6HM+JRljxPZ9KlTX8utoI64ZWZgMSB
Uczv6GAHNPcvLjYWvq119AS26RAcIdPPP2PQ08U+TfYz0mDH5Fhbj6tzkBmWwyaT
vYj4soOXF33mCgeyuP72q9l4k/VaaZE8nIKbZ3X4YYFHlCFc8S62vczTgmYz7Zwz
oheKr0lmhlIY3yx2DokaJqRzm9+GvoesPuLq9SAiJ3pDGTFTAxATJmOnkzsYTp6k
QSiIgK9P05Ktg7U21bQq9SpxsmA4yb1qYG1Zwny67n6W
-----END CERTIFICATE-----