Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/KqX_F5inahfFi_Uf0lUdknq02_I.roa
File:                     KqX_F5inahfFi_Uf0lUdknq02_I.roa (raw, json)
Hash identifier:          eMyY/RJXEgkwFfwzZdUeVSIVLAkusZF0X9dpw7S9hvQ=
Subject key identifier:   2A:A5:FF:17:98:A7:6A:17:C5:8B:F5:1F:D2:55:1D:92:7A:B4:DB:F2
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       019D87468D10F1D6375B1290E27C17645359
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/KqX_F5inahfFi_Uf0lUdknq02_I.roa
Signing time:             Mon 13 Apr 2026 14:37:20 +0000
ROA not before:           Mon 13 Apr 2026 14:37:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211567
IP address blocks:        185.88.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:87:46:8d:10:f1:d6:37:5b:12:90:e2:7c:17:64:53:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Apr 13 14:37:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2aa5ff1798a76a17c58bf51fd2551d927ab4dbf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:60:80:19:24:12:88:ba:a6:a1:91:eb:b1:64:
                    e1:0a:bf:76:c0:ec:23:b3:55:f7:f7:7b:65:36:f1:
                    81:89:1f:f5:76:50:f6:ce:b2:fd:f0:92:74:20:f5:
                    b7:a9:dc:30:ed:d7:56:0f:9e:76:7f:b4:8d:ed:77:
                    96:27:9f:5a:b8:7d:e6:9b:88:e8:f8:cc:fe:ef:c2:
                    8f:a4:29:b8:c9:cb:ea:75:d9:36:3c:9c:81:19:c0:
                    9f:01:e8:ca:3d:f1:1b:3a:c3:c2:b0:48:f4:6e:21:
                    73:67:74:2c:2b:83:49:1f:d4:b7:c0:65:15:7a:ee:
                    9d:37:91:18:33:01:6b:54:51:08:17:54:ca:e3:52:
                    6f:6a:4d:dc:c2:4f:99:bb:14:e3:bc:c5:a4:5d:24:
                    ff:b2:8d:89:64:75:72:5c:e4:6c:0b:34:d4:62:15:
                    5e:2b:3e:4d:8d:54:eb:7f:4c:7e:67:59:b6:1a:0d:
                    16:ab:d3:61:48:00:0e:73:67:fc:60:aa:e6:bf:2b:
                    1f:b5:eb:2c:3c:af:ad:a5:4d:25:9f:47:bc:32:37:
                    fd:94:14:95:c9:8f:9b:9b:b3:71:74:5f:b3:f2:f9:
                    42:60:3b:1b:7a:4d:28:5e:3a:e1:bc:43:f2:2e:57:
                    98:d6:01:e9:20:4c:9b:b9:e0:86:5c:fc:ab:15:ee:
                    e9:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:A5:FF:17:98:A7:6A:17:C5:8B:F5:1F:D2:55:1D:92:7A:B4:DB:F2
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/KqX_F5inahfFi_Uf0lUdknq02_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:db:fb:24:87:6b:90:76:25:38:f7:7a:74:15:57:f3:32:cd:
         ca:c5:9f:49:92:9e:62:31:cd:a0:ef:f2:cc:b9:f9:88:e0:ad:
         8c:92:b9:ec:5c:53:8d:5d:2b:21:e5:c1:f1:74:bc:f9:3c:35:
         81:40:15:6b:c8:14:ba:9a:3b:35:de:d8:64:28:17:d4:5a:dc:
         ae:c0:ef:2f:0b:9b:7f:46:e8:21:30:15:b2:ab:6f:e0:3a:31:
         46:50:1a:97:70:95:22:73:aa:61:19:af:0c:4e:68:22:b8:93:
         41:79:c8:4b:91:3c:75:2f:4d:5a:c4:b7:17:e4:fd:f9:68:2b:
         d1:bf:a3:fd:42:ea:7f:77:df:f3:a7:bd:f9:3d:14:83:11:ae:
         68:d1:ca:8c:ee:5f:57:51:3c:36:bc:b6:fd:c1:c8:80:d0:0c:
         c4:91:fa:73:68:17:52:03:bf:c6:78:08:e3:bc:b9:43:68:a0:
         5f:a8:dd:2b:1e:39:cc:d3:01:6c:10:14:13:12:e9:53:86:72:
         1a:1f:ae:b6:7e:ef:46:be:8f:64:9e:22:72:b7:2d:a1:64:1f:
         f5:12:3b:23:26:1b:6c:08:55:76:49:e8:49:26:67:9b:ba:3e:
         f8:27:0c:cf:1b:39:70:95:b9:ac:82:8d:76:52:6e:21:96:4c:
         9d:81:92:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2HRo0Q8dY3WxKQ4nwXZFNZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjYwNDEzMTQzNzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWE1ZmYxNzk4YTc2YTE3YzU4YmY1MWZkMjU1MWQ5MjdhYjRkYmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2CAGSQSiLqmoZHrsWThCr92wOwj
s1X393tlNvGBiR/1dlD2zrL98JJ0IPW3qdww7ddWD552f7SN7XeWJ59auH3mm4jo
+Mz+78KPpCm4ycvqddk2PJyBGcCfAejKPfEbOsPCsEj0biFzZ3QsK4NJH9S3wGUV
eu6dN5EYMwFrVFEIF1TK41Jvak3cwk+ZuxTjvMWkXST/so2JZHVyXORsCzTUYhVe
Kz5NjVTrf0x+Z1m2Gg0Wq9NhSAAOc2f8YKrmvysftessPK+tpU0ln0e8Mjf9lBSV
yY+bm7NxdF+z8vlCYDsbek0oXjrhvEPyLleY1gHpIEybueCGXPyrFe7pUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCql/xeYp2oXxYv1H9JVHZJ6tNvyMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvS3FYX0Y1aW5haGZGaV9VZjBsVWRrbnEwMl9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVitMA0G
CSqGSIb3DQEBCwUAA4IBAQBu2/skh2uQdiU493p0FVfzMs3KxZ9Jkp5iMc2g7/LM
ufmI4K2MkrnsXFONXSsh5cHxdLz5PDWBQBVryBS6mjs13thkKBfUWtyuwO8vC5t/
RughMBWyq2/gOjFGUBqXcJUic6phGa8MTmgiuJNBechLkTx1L01axLcX5P35aCvR
v6P9Qup/d9/zp735PRSDEa5o0cqM7l9XUTw2vLb9wciA0AzEkfpzaBdSA7/GeAjj
vLlDaKBfqN0rHjnM0wFsEBQTEulThnIaH662fu9Gvo9kniJyty2hZB/1EjsjJhts
CFV2SehJJmebuj74JwzPGzlwlbmsgo12Um4hlkydgZI5
-----END CERTIFICATE-----