Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/b178bd-b6a5-4610-8c6a-abf4840ea607/1/Kt2R5igqZ7jgASRyGSnLXSO7qyQ.roa
File:                     Kt2R5igqZ7jgASRyGSnLXSO7qyQ.roa (raw, json)
Hash identifier:          NygL3NUXK+uQ3D8358PTKE1x4Au6POhod3XQJw59Ke4=
Subject key identifier:   2A:DD:91:E6:28:2A:67:B8:E0:01:24:72:19:29:CB:5D:23:BB:AB:24
Certificate issuer:       /CN=c76bf6b781bcf8c28008a8e8fdde60e7ae3122aa
Certificate serial:       019B783460325AEDC733370CA0DFB47B641E
Authority key identifier: C7:6B:F6:B7:81:BC:F8:C2:80:08:A8:E8:FD:DE:60:E7:AE:31:22:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x2v2t4G8-MKACKjo_d5g564xIqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/b178bd-b6a5-4610-8c6a-abf4840ea607/1/Kt2R5igqZ7jgASRyGSnLXSO7qyQ.roa
Signing time:             Thu 01 Jan 2026 06:17:36 +0000
ROA not before:           Thu 01 Jan 2026 06:17:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60597
IP address blocks:        185.14.200.0/24 maxlen: 24
                          185.14.201.0/24 maxlen: 24
                          185.14.202.0/24 maxlen: 24
                          185.14.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/b178bd-b6a5-4610-8c6a-abf4840ea607/1/x2v2t4G8-MKACKjo_d5g564xIqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/b178bd-b6a5-4610-8c6a-abf4840ea607/1/x2v2t4G8-MKACKjo_d5g564xIqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x2v2t4G8-MKACKjo_d5g564xIqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:60:32:5a:ed:c7:33:37:0c:a0:df:b4:7b:64:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c76bf6b781bcf8c28008a8e8fdde60e7ae3122aa
        Validity
            Not Before: Jan  1 06:17:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2add91e6282a67b8e00124721929cb5d23bbab24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:a4:c0:41:b7:00:d2:2d:3a:2f:e5:2d:40:c6:
                    83:9b:11:a5:5f:5d:d0:99:21:b6:44:c7:f1:97:9c:
                    56:79:f3:95:5c:94:23:71:f7:8d:ba:3c:ed:94:34:
                    bd:3d:bd:6f:ae:d7:4f:3c:c7:3f:87:ed:25:22:a1:
                    e2:74:d6:fe:44:d0:f9:0d:44:92:91:30:ca:f7:31:
                    b0:e7:84:01:d1:0b:71:08:70:a2:d6:49:68:11:f4:
                    31:5d:9a:44:a2:90:47:ea:02:75:ad:40:28:cc:ac:
                    f4:54:9f:16:63:09:b3:59:80:f2:6f:14:9a:0d:71:
                    56:b9:a8:38:12:58:9e:7f:83:4a:e0:c5:d0:d2:3d:
                    66:36:eb:29:23:2b:09:4d:ae:54:cc:82:a2:e1:74:
                    59:47:5a:89:95:01:65:c7:2a:f8:d6:cd:56:2c:58:
                    7a:b3:78:70:c8:12:1e:f2:47:2c:13:1b:f8:08:6b:
                    73:c1:71:b6:dc:57:00:cb:e7:db:9d:22:e9:79:38:
                    c8:8e:c4:df:5b:10:ac:4b:d3:32:20:dd:2e:ca:73:
                    97:bf:90:94:aa:1a:94:f6:4f:d7:30:4d:79:38:5b:
                    0c:64:d4:3b:8a:e6:74:5b:43:4c:a1:2f:d7:cc:7c:
                    dd:67:0a:fa:36:74:25:c8:a7:b1:f5:07:5b:4a:e4:
                    f5:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:DD:91:E6:28:2A:67:B8:E0:01:24:72:19:29:CB:5D:23:BB:AB:24
            X509v3 Authority Key Identifier:
                keyid:C7:6B:F6:B7:81:BC:F8:C2:80:08:A8:E8:FD:DE:60:E7:AE:31:22:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x2v2t4G8-MKACKjo_d5g564xIqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b178bd-b6a5-4610-8c6a-abf4840ea607/1/Kt2R5igqZ7jgASRyGSnLXSO7qyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b178bd-b6a5-4610-8c6a-abf4840ea607/1/x2v2t4G8-MKACKjo_d5g564xIqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:97:6f:91:9d:77:44:87:39:56:58:a1:bf:3e:8b:79:62:f2:
         ca:4d:e6:1f:c3:6c:22:2a:ea:34:23:21:5e:c8:0e:c7:a2:d3:
         e4:37:47:6e:67:61:c6:07:b0:a3:d6:cd:84:0d:4d:72:76:7a:
         8d:d4:96:fd:55:9b:30:8a:16:dd:e9:db:cd:f5:c8:45:0e:ed:
         c2:49:69:2f:87:47:5c:98:22:ac:91:e9:e1:b4:e6:33:ce:d9:
         08:5e:32:e0:91:3c:f9:da:6c:cb:46:88:b0:f0:1a:da:71:34:
         d6:26:eb:20:36:a4:05:8b:e4:72:9d:03:15:3a:92:ee:e6:ef:
         2f:45:a8:28:24:8e:4d:e6:f6:94:16:2d:c9:de:28:46:b2:84:
         59:e0:92:b2:ae:b3:f2:b0:bc:e9:d1:4e:1b:3b:cc:49:61:d8:
         b7:45:73:79:22:63:ee:a5:d0:76:18:96:f0:2c:47:e3:6b:55:
         79:58:b6:ed:58:9a:0a:66:a2:04:07:5f:0c:9c:64:fe:ac:b0:
         21:70:c9:b9:fe:25:64:91:fc:c4:07:58:8f:5e:bb:c5:9f:31:
         5b:9e:ea:c9:41:f4:fd:89:93:51:05:21:47:83:e9:63:84:52:
         8f:f0:95:25:43:34:b9:54:2e:67:2f:43:31:9e:fa:bc:cf:da:
         ee:4b:f1:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NGAyWu3HMzcMoN+0e2QeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NmJmNmI3ODFiY2Y4YzI4MDA4YThlOGZkZGU2MGU3YWUz
MTIyYWEwHhcNMjYwMTAxMDYxNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWRkOTFlNjI4MmE2N2I4ZTAwMTI0NzIxOTI5Y2I1ZDIzYmJhYjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1KTAQbcA0i06L+UtQMaDmxGlX13Q
mSG2RMfxl5xWefOVXJQjcfeNujztlDS9Pb1vrtdPPMc/h+0lIqHidNb+RND5DUSS
kTDK9zGw54QB0QtxCHCi1kloEfQxXZpEopBH6gJ1rUAozKz0VJ8WYwmzWYDybxSa
DXFWuag4Elief4NK4MXQ0j1mNuspIysJTa5UzIKi4XRZR1qJlQFlxyr41s1WLFh6
s3hwyBIe8kcsExv4CGtzwXG23FcAy+fbnSLpeTjIjsTfWxCsS9MyIN0uynOXv5CU
qhqU9k/XME15OFsMZNQ7iuZ0W0NMoS/XzHzdZwr6NnQlyKex9QdbSuT1zQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCrdkeYoKme44AEkchkpy10ju6skMB8GA1UdIwQY
MBaAFMdr9reBvPjCgAio6P3eYOeuMSKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDJ2MnQ0RzgtTUtBQ0tqb19kNWc1NjR4SXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9iMTc4YmQtYjZhNS00NjEwLThjNmEt
YWJmNDg0MGVhNjA3LzEvS3QyUjVpZ3FaN2pnQVNSeUdTbkxYU083cXlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9iMTc4YmQtYjZhNS00NjEwLThjNmEtYWJmNDg0MGVhNjA3
LzEveDJ2MnQ0RzgtTUtBQ0tqb19kNWc1NjR4SXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQ7IMA0G
CSqGSIb3DQEBCwUAA4IBAQCOl2+RnXdEhzlWWKG/Pot5YvLKTeYfw2wiKuo0IyFe
yA7HotPkN0duZ2HGB7Cj1s2EDU1ydnqN1Jb9VZswihbd6dvN9chFDu3CSWkvh0dc
mCKskenhtOYzztkIXjLgkTz52mzLRoiw8BracTTWJusgNqQFi+RynQMVOpLu5u8v
RagoJI5N5vaUFi3J3ihGsoRZ4JKyrrPysLzp0U4bO8xJYdi3RXN5ImPupdB2GJbw
LEfja1V5WLbtWJoKZqIEB18MnGT+rLAhcMm5/iVkkfzEB1iPXrvFnzFbnurJQfT9
iZNRBSFHg+ljhFKP8JUlQzS5VC5nL0Mxnvq8z9ruS/He
-----END CERTIFICATE-----