Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/e41698-e7ac-418c-b91d-2267968b652f/1/KSBa2zQ1tYI2KvNAmb1TOOD_qJQ.roa
File:                     KSBa2zQ1tYI2KvNAmb1TOOD_qJQ.roa (raw, json)
Hash identifier:          dc4hBbdFYwTuGA/xpkix9p/ifR2D23egaqG5vWC5QGI=
Subject key identifier:   29:20:5A:DB:34:35:B5:82:36:2A:F3:40:99:BD:53:38:E0:FF:A8:94
Certificate issuer:       /CN=c23642d1ab39d309ec5f33e4e8814adc3584825f
Certificate serial:       019873FC43E34EE5586231EA9317D351E992
Authority key identifier: C2:36:42:D1:AB:39:D3:09:EC:5F:33:E4:E8:81:4A:DC:35:84:82:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjZC0as50wnsXzPk6IFK3DWEgl8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/e41698-e7ac-418c-b91d-2267968b652f/1/KSBa2zQ1tYI2KvNAmb1TOOD_qJQ.roa
Signing time:             Mon 04 Aug 2025 07:29:28 +0000
ROA not before:           Mon 04 Aug 2025 07:29:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14445
IP address blocks:        193.58.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/e41698-e7ac-418c-b91d-2267968b652f/1/wjZC0as50wnsXzPk6IFK3DWEgl8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/e41698-e7ac-418c-b91d-2267968b652f/1/wjZC0as50wnsXzPk6IFK3DWEgl8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjZC0as50wnsXzPk6IFK3DWEgl8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 13:02:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:73:fc:43:e3:4e:e5:58:62:31:ea:93:17:d3:51:e9:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c23642d1ab39d309ec5f33e4e8814adc3584825f
        Validity
            Not Before: Aug  4 07:29:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29205adb3435b582362af34099bd5338e0ffa894
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:3c:60:ae:6d:0c:73:b6:f8:3e:45:9e:55:ed:
                    47:5a:88:b6:e0:45:dc:c3:b0:5d:cc:43:d6:1b:39:
                    87:e8:bf:e4:3e:37:44:0c:d6:de:5e:fd:44:ad:7d:
                    88:08:c4:bc:80:09:66:95:12:04:db:1b:31:eb:92:
                    e1:16:ce:5c:57:33:ac:2a:5c:b3:ea:4a:8a:3e:86:
                    08:d8:ef:54:50:f0:4f:1c:c1:2c:f8:84:92:56:62:
                    c4:ab:3c:92:72:3a:46:43:13:14:d1:2c:da:b6:99:
                    31:87:04:93:89:7f:0e:c3:83:84:70:9b:d0:60:07:
                    e2:43:8c:8f:6e:13:ea:c2:31:d4:32:f5:2f:d2:48:
                    f3:ee:dd:51:a8:af:93:97:11:5d:6e:00:4f:94:6a:
                    6b:51:6e:e3:cb:b4:64:2f:d1:a6:6e:ce:a9:68:72:
                    3a:86:45:75:6e:4d:e9:21:2a:fe:70:9e:da:5e:e6:
                    cc:ec:cc:f1:a8:30:95:52:d2:95:10:14:f6:a4:f3:
                    92:45:0e:8d:5d:b5:df:31:75:7a:f4:4b:8e:48:da:
                    89:7d:1c:d6:e5:b8:a2:51:1f:a9:3f:37:ea:2e:da:
                    de:cf:d6:68:4d:b0:94:bf:40:6b:9a:59:36:b3:2e:
                    6d:90:60:70:7f:6c:07:f2:62:77:9e:7a:d7:a5:8d:
                    34:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:20:5A:DB:34:35:B5:82:36:2A:F3:40:99:BD:53:38:E0:FF:A8:94
            X509v3 Authority Key Identifier:
                keyid:C2:36:42:D1:AB:39:D3:09:EC:5F:33:E4:E8:81:4A:DC:35:84:82:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjZC0as50wnsXzPk6IFK3DWEgl8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/e41698-e7ac-418c-b91d-2267968b652f/1/KSBa2zQ1tYI2KvNAmb1TOOD_qJQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/e41698-e7ac-418c-b91d-2267968b652f/1/wjZC0as50wnsXzPk6IFK3DWEgl8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.58.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:33:b6:43:05:1d:7f:33:f6:e8:83:72:b5:04:74:00:08:b1:
         c3:54:cd:4c:43:e4:45:da:22:d6:c1:75:1d:21:c3:3e:1f:16:
         79:53:56:55:f5:09:7e:46:ef:cb:36:d2:31:cc:b3:0b:09:da:
         8b:f7:59:64:1f:ed:5d:4f:c7:de:1c:40:96:df:38:29:11:97:
         d9:a8:d9:51:0b:5d:9a:7b:db:67:86:94:94:58:6b:b1:60:9a:
         35:ac:ea:7f:a2:df:3a:07:5d:04:e2:f7:5b:cc:66:5e:be:44:
         d9:d5:64:be:13:3d:8b:27:1b:9d:5e:7b:bb:73:6c:df:d1:6f:
         cd:fd:ef:0d:39:2c:4a:5a:01:6c:11:36:b0:ac:65:4a:3f:6e:
         4c:b7:e8:4e:7a:d8:4e:f9:b9:3e:2d:81:0f:13:bd:dd:73:89:
         67:9f:a2:1b:e0:99:b8:c4:35:06:8c:d2:ce:e4:9d:a3:0e:61:
         2d:52:1e:18:07:a9:aa:30:52:b7:e9:4a:f3:87:e1:db:71:51:
         27:e5:72:56:23:88:18:43:54:7f:ec:d9:74:6f:90:2e:d5:b8:
         27:fd:1e:fd:e6:2d:05:b1:ec:9f:08:f8:71:10:90:82:a4:21:
         c9:00:69:2e:7e:e7:c6:cd:04:d1:43:e7:a2:49:c7:6d:79:59:
         92:07:83:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhz/EPjTuVYYjHqkxfTUemSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMzY0MmQxYWIzOWQzMDllYzVmMzNlNGU4ODE0YWRjMzU4
NDgyNWYwHhcNMjUwODA0MDcyOTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTIwNWFkYjM0MzViNTgyMzYyYWYzNDA5OWJkNTMzOGUwZmZhODk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnDxgrm0Mc7b4PkWeVe1HWoi24EXc
w7BdzEPWGzmH6L/kPjdEDNbeXv1ErX2ICMS8gAlmlRIE2xsx65LhFs5cVzOsKlyz
6kqKPoYI2O9UUPBPHMEs+ISSVmLEqzyScjpGQxMU0SzatpkxhwSTiX8Ow4OEcJvQ
YAfiQ4yPbhPqwjHUMvUv0kjz7t1RqK+TlxFdbgBPlGprUW7jy7RkL9Gmbs6paHI6
hkV1bk3pISr+cJ7aXubM7MzxqDCVUtKVEBT2pPOSRQ6NXbXfMXV69EuOSNqJfRzW
5biiUR+pPzfqLtrez9ZoTbCUv0Brmlk2sy5tkGBwf2wH8mJ3nnrXpY007wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCkgWts0NbWCNirzQJm9Uzjg/6iUMB8GA1UdIwQY
MBaAFMI2QtGrOdMJ7F8z5OiBStw1hIJfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2paQzBhczUwd25zWHpQazZJRkszRFdFZ2w4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9lNDE2OTgtZTdhYy00MThjLWI5MWQt
MjI2Nzk2OGI2NTJmLzEvS1NCYTJ6UTF0WUkyS3ZOQW1iMVRPT0RfcUpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9lNDE2OTgtZTdhYy00MThjLWI5MWQtMjI2Nzk2OGI2NTJm
LzEvd2paQzBhczUwd25zWHpQazZJRkszRFdFZ2w4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTp3MA0G
CSqGSIb3DQEBCwUAA4IBAQB9M7ZDBR1/M/bog3K1BHQACLHDVM1MQ+RF2iLWwXUd
IcM+HxZ5U1ZV9Ql+Ru/LNtIxzLMLCdqL91lkH+1dT8feHECW3zgpEZfZqNlRC12a
e9tnhpSUWGuxYJo1rOp/ot86B10E4vdbzGZevkTZ1WS+Ez2LJxudXnu7c2zf0W/N
/e8NOSxKWgFsETawrGVKP25Mt+hOethO+bk+LYEPE73dc4lnn6Ib4Jm4xDUGjNLO
5J2jDmEtUh4YB6mqMFK36Urzh+HbcVEn5XJWI4gYQ1R/7Nl0b5Au1bgn/R795i0F
seyfCPhxEJCCpCHJAGkufufGzQTRQ+eiScdteVmSB4N7
-----END CERTIFICATE-----
Generated at Wed Aug 6 16:17:35 2025 by rpki-client