Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/1c67ef-e83d-4427-864b-c59825bbcb32/1/pKmHj_UwSowJL7JtZ3ZsbqaOaAw.roa
File:                     pKmHj_UwSowJL7JtZ3ZsbqaOaAw.roa (raw, json)
Hash identifier:          sJJU0c0HzgrlO4mmoDliyfZm6hgydL4GUuwlpgThsI4=
Subject key identifier:   A4:A9:87:8F:F5:30:4A:8C:09:2F:B2:6D:67:76:6C:6E:A6:8E:68:0C
Certificate issuer:       /CN=d4afe3f0c9e555e52d3505d6163278df3da18cee
Certificate serial:       019E8CCB7F96F718ADBD35C8A3A6F10D7DBE
Authority key identifier: D4:AF:E3:F0:C9:E5:55:E5:2D:35:05:D6:16:32:78:DF:3D:A1:8C:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1K_j8MnlVeUtNQXWFjJ43z2hjO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/1c67ef-e83d-4427-864b-c59825bbcb32/1/pKmHj_UwSowJL7JtZ3ZsbqaOaAw.roa
Signing time:             Wed 03 Jun 2026 09:23:27 +0000
ROA not before:           Wed 03 Jun 2026 09:23:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214647
IP address blocks:        213.193.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/1c67ef-e83d-4427-864b-c59825bbcb32/1/1K_j8MnlVeUtNQXWFjJ43z2hjO4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/1c67ef-e83d-4427-864b-c59825bbcb32/1/1K_j8MnlVeUtNQXWFjJ43z2hjO4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1K_j8MnlVeUtNQXWFjJ43z2hjO4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8c:cb:7f:96:f7:18:ad:bd:35:c8:a3:a6:f1:0d:7d:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4afe3f0c9e555e52d3505d6163278df3da18cee
        Validity
            Not Before: Jun  3 09:23:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a4a9878ff5304a8c092fb26d67766c6ea68e680c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:e2:1c:61:9b:1f:49:28:31:de:2b:35:a8:f1:
                    c7:a8:1b:9d:1e:45:f6:20:65:66:a8:94:b0:05:71:
                    ce:18:87:a4:fc:2a:1b:23:69:a2:a9:03:44:83:6a:
                    df:f9:4a:84:b3:db:db:09:f7:80:9a:9c:20:4c:33:
                    e0:54:24:48:bf:43:4a:8c:81:a7:9f:23:78:e8:ad:
                    28:e5:1e:6a:f8:fe:ee:e5:75:e6:74:ee:2b:92:88:
                    19:3f:b4:a6:30:e6:25:02:a0:a8:71:47:58:98:ab:
                    d2:fb:74:e3:e3:d3:04:37:99:ec:39:1f:80:a0:6d:
                    25:90:37:3b:4e:d9:b0:d9:65:17:78:16:7a:4b:0d:
                    e4:f9:d5:7c:e6:c4:29:55:ed:9b:6f:e1:65:2f:15:
                    4d:78:f8:05:b3:e6:46:e2:4b:8f:fc:7d:ed:52:c5:
                    df:54:fa:34:02:10:9e:5a:94:77:44:4b:7c:71:81:
                    9f:a1:12:ca:bf:c2:8a:22:2a:24:b4:87:0e:36:c6:
                    cf:d5:38:58:36:83:55:96:88:a3:c5:9c:39:15:da:
                    57:d7:88:43:a0:07:7c:e0:4c:a7:db:25:64:e0:80:
                    a9:83:b7:7b:9d:53:a8:1b:ec:7f:27:55:90:d0:43:
                    74:d1:cd:c0:c4:3e:fd:be:53:f0:f5:19:84:df:59:
                    f9:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:A9:87:8F:F5:30:4A:8C:09:2F:B2:6D:67:76:6C:6E:A6:8E:68:0C
            X509v3 Authority Key Identifier:
                keyid:D4:AF:E3:F0:C9:E5:55:E5:2D:35:05:D6:16:32:78:DF:3D:A1:8C:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1K_j8MnlVeUtNQXWFjJ43z2hjO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/1c67ef-e83d-4427-864b-c59825bbcb32/1/pKmHj_UwSowJL7JtZ3ZsbqaOaAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/1c67ef-e83d-4427-864b-c59825bbcb32/1/1K_j8MnlVeUtNQXWFjJ43z2hjO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.193.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:b4:21:e2:e1:88:55:57:29:bf:50:51:de:df:76:a6:97:1a:
         86:c0:39:99:c9:55:bd:b8:b2:60:dc:d4:d0:a2:eb:a9:ce:22:
         db:10:b6:45:92:b0:81:e8:88:03:bc:42:1c:80:5f:71:bb:64:
         1e:68:f1:6b:a1:9b:60:56:3c:db:10:eb:3a:ea:af:d3:f7:ca:
         f1:4f:2e:55:0e:ed:91:a6:73:83:e4:72:cb:60:3c:1c:e2:f0:
         2f:d6:c5:a4:e4:46:4f:8a:2a:72:c4:c6:c9:66:27:f4:9d:a3:
         3e:5d:50:4b:ec:0d:e0:6d:c4:1f:7b:ba:ae:72:bb:df:48:f4:
         6d:be:60:46:86:c0:86:01:29:0a:2e:b8:75:ed:77:04:49:9e:
         ef:43:8e:36:22:ae:10:ae:a1:19:62:f0:40:71:20:ca:c7:57:
         16:d2:2e:fd:d3:62:d9:f9:7c:bc:20:f1:53:5b:0f:54:9a:d4:
         27:aa:c0:02:49:e6:a2:3d:8c:2f:c0:6e:4e:70:07:37:df:38:
         4e:bc:02:56:15:27:fb:44:81:36:70:a5:f0:48:34:9e:79:b5:
         0d:e7:eb:00:ea:3d:85:c2:48:d5:fe:b8:cf:71:3b:00:52:98:
         00:24:3b:c4:f8:b3:e8:89:48:02:0c:36:42:a4:55:21:2b:9e:
         fa:c9:10:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6My3+W9xitvTXIo6bxDX2+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0YWZlM2YwYzllNTU1ZTUyZDM1MDVkNjE2MzI3OGRmM2Rh
MThjZWUwHhcNMjYwNjAzMDkyMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGE5ODc4ZmY1MzA0YThjMDkyZmIyNmQ2Nzc2NmM2ZWE2OGU2ODBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+IcYZsfSSgx3is1qPHHqBudHkX2
IGVmqJSwBXHOGIek/CobI2miqQNEg2rf+UqEs9vbCfeAmpwgTDPgVCRIv0NKjIGn
nyN46K0o5R5q+P7u5XXmdO4rkogZP7SmMOYlAqCocUdYmKvS+3Tj49MEN5nsOR+A
oG0lkDc7Ttmw2WUXeBZ6Sw3k+dV85sQpVe2bb+FlLxVNePgFs+ZG4kuP/H3tUsXf
VPo0AhCeWpR3REt8cYGfoRLKv8KKIioktIcONsbP1ThYNoNVloijxZw5FdpX14hD
oAd84Eyn2yVk4ICpg7d7nVOoG+x/J1WQ0EN00c3AxD79vlPw9RmE31n5IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKSph4/1MEqMCS+ybWd2bG6mjmgMMB8GA1UdIwQY
MBaAFNSv4/DJ5VXlLTUF1hYyeN89oYzuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUtfajhNbmxWZVV0TlFYV0ZqSjQzejJoak80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8xYzY3ZWYtZTgzZC00NDI3LTg2NGIt
YzU5ODI1YmJjYjMyLzEvcEttSGpfVXdTb3dKTDdKdFozWnNicWFPYUF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8xYzY3ZWYtZTgzZC00NDI3LTg2NGItYzU5ODI1YmJjYjMy
LzEvMUtfajhNbmxWZVV0TlFYV0ZqSjQzejJoak80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1cHxMA0G
CSqGSIb3DQEBCwUAA4IBAQBctCHi4YhVVym/UFHe33amlxqGwDmZyVW9uLJg3NTQ
ouupziLbELZFkrCB6IgDvEIcgF9xu2QeaPFroZtgVjzbEOs66q/T98rxTy5VDu2R
pnOD5HLLYDwc4vAv1sWk5EZPiipyxMbJZif0naM+XVBL7A3gbcQfe7qucrvfSPRt
vmBGhsCGASkKLrh17XcESZ7vQ442Iq4QrqEZYvBAcSDKx1cW0i7902LZ+Xy8IPFT
Ww9UmtQnqsACSeaiPYwvwG5OcAc33zhOvAJWFSf7RIE2cKXwSDSeebUN5+sA6j2F
wkjV/rjPcTsAUpgAJDvE+LPoiUgCDDZCpFUhK576yRAR
-----END CERTIFICATE-----