Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/KXJrApwPKHI7PAO0VtlzehnYu2M.roa
File:                     KXJrApwPKHI7PAO0VtlzehnYu2M.roa (raw, json)
Hash identifier:          Vn+RjPoJEME0TlcfV+bSC5tFxXUcHiN+LrbEeQ3zCyI=
Subject key identifier:   29:72:6B:02:9C:0F:28:72:3B:3C:03:B4:56:D9:73:7A:19:D8:BB:63
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       019D865EE9122248D6AFB89F4EF064564B35
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/KXJrApwPKHI7PAO0VtlzehnYu2M.roa
Signing time:             Mon 13 Apr 2026 10:24:20 +0000
ROA not before:           Mon 13 Apr 2026 10:24:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204741
IP address blocks:        94.24.40.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:86:5e:e9:12:22:48:d6:af:b8:9f:4e:f0:64:56:4b:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Apr 13 10:24:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=29726b029c0f28723b3c03b456d9737a19d8bb63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:c3:2a:7f:9d:7e:c4:e1:72:4e:ba:d4:17:07:
                    80:27:94:a6:05:8f:e4:f9:00:62:52:61:85:eb:81:
                    10:77:6c:32:4b:f5:85:9a:21:59:1b:60:a0:81:fb:
                    8c:e1:cc:32:ac:e8:f6:87:cf:7d:4c:9f:b9:05:85:
                    3f:ff:c6:e3:bf:24:fc:d7:b1:71:2a:a7:89:04:75:
                    6d:d0:68:45:07:0e:81:d5:a3:77:4d:a0:4c:87:82:
                    2a:be:dc:79:12:b5:09:9e:5c:e5:bd:c9:10:9b:32:
                    ab:81:bf:28:66:ed:29:df:d7:5d:c2:13:a7:f9:a2:
                    c7:4f:2a:29:15:48:d7:90:25:cb:bc:d5:dc:e0:bf:
                    23:5c:b8:ca:39:c0:00:ae:97:79:3e:1a:f9:3d:60:
                    41:ed:a3:d6:38:c6:ed:49:6d:46:2f:4d:c5:28:66:
                    74:4f:dc:b0:e0:33:a8:e7:11:de:6f:1c:f0:7d:0e:
                    d5:b3:a7:70:e5:82:15:ef:db:aa:28:49:34:dc:e5:
                    28:8b:dd:98:8b:e0:24:52:cb:51:06:aa:38:8e:7f:
                    9b:ab:95:45:13:0f:e5:2e:a4:d5:e9:16:9f:4b:1b:
                    e6:01:6a:70:2e:2b:32:8e:9e:24:f9:36:c5:dd:b9:
                    b0:f7:bd:88:61:85:51:7a:7f:59:e4:c9:e5:82:ca:
                    9a:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:72:6B:02:9C:0F:28:72:3B:3C:03:B4:56:D9:73:7A:19:D8:BB:63
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/KXJrApwPKHI7PAO0VtlzehnYu2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.24.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5b:f5:1f:b4:56:fb:d0:d8:f5:18:0f:cf:0a:33:f6:cd:35:80:
         bf:d6:6c:69:b8:28:d3:b7:e0:0e:73:73:49:f0:e1:86:06:62:
         cc:57:3f:b0:4d:43:52:0f:f2:53:d7:81:10:d7:a5:0a:f8:02:
         11:7f:89:cb:76:6e:d8:c7:2f:82:82:fb:8d:31:11:e7:23:ed:
         46:b4:5d:6a:29:81:48:3f:fc:fa:79:ef:aa:14:af:7d:50:89:
         f8:d8:d5:d7:9d:69:a9:af:be:7e:14:f4:49:d6:80:f2:a7:03:
         2e:77:ed:c7:6f:99:0a:b4:d2:7b:87:78:f8:2d:df:ee:ed:da:
         28:0f:cd:5b:1d:23:04:07:4b:87:1d:dd:68:63:d7:96:1a:81:
         e8:7f:64:b0:16:91:f9:04:f2:f3:c6:e6:72:e1:72:e3:c2:a1:
         d3:73:a2:b6:b0:af:a0:e3:e6:2e:4f:83:7d:08:ac:57:f2:4e:
         b2:e0:de:4d:f2:9c:b4:9c:a9:ba:49:b5:48:d4:de:78:65:6c:
         f6:a6:e7:db:40:73:33:eb:84:e8:ae:73:cb:7d:fd:aa:bb:a8:
         81:d8:a5:7c:d2:41:18:1b:ac:30:33:1b:f8:f4:89:d3:45:be:
         2d:3e:85:27:5f:29:09:9f:43:b3:ee:e2:90:c8:e8:92:c9:e7:
         30:09:c6:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2GXukSIkjWr7ifTvBkVks1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjYwNDEzMTAyNDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTcyNmIwMjljMGYyODcyM2IzYzAzYjQ1NmQ5NzM3YTE5ZDhiYjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvMMqf51+xOFyTrrUFweAJ5SmBY/k
+QBiUmGF64EQd2wyS/WFmiFZG2CggfuM4cwyrOj2h899TJ+5BYU//8bjvyT817Fx
KqeJBHVt0GhFBw6B1aN3TaBMh4Iqvtx5ErUJnlzlvckQmzKrgb8oZu0p39ddwhOn
+aLHTyopFUjXkCXLvNXc4L8jXLjKOcAArpd5Phr5PWBB7aPWOMbtSW1GL03FKGZ0
T9yw4DOo5xHebxzwfQ7Vs6dw5YIV79uqKEk03OUoi92Yi+AkUstRBqo4jn+bq5VF
Ew/lLqTV6RafSxvmAWpwLisyjp4k+TbF3bmw972IYYVRen9Z5MnlgsqapwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFClyawKcDyhyOzwDtFbZc3oZ2LtjMB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvS1hKckFwd1BLSEk3UEFPMFZ0bHplaG5ZdTJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXhgoMA0G
CSqGSIb3DQEBCwUAA4IBAQBb9R+0VvvQ2PUYD88KM/bNNYC/1mxpuCjTt+AOc3NJ
8OGGBmLMVz+wTUNSD/JT14EQ16UK+AIRf4nLdm7Yxy+CgvuNMRHnI+1GtF1qKYFI
P/z6ee+qFK99UIn42NXXnWmpr75+FPRJ1oDypwMud+3Hb5kKtNJ7h3j4Ld/u7doo
D81bHSMEB0uHHd1oY9eWGoHof2SwFpH5BPLzxuZy4XLjwqHTc6K2sK+g4+YuT4N9
CKxX8k6y4N5N8py0nKm6SbVI1N54ZWz2pufbQHMz64TornPLff2qu6iB2KV80kEY
G6wwMxv49InTRb4tPoUnXykJn0Oz7uKQyOiSyecwCcby
-----END CERTIFICATE-----