Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/KVv7_M50V2iyBxYsG_dQpH_S9tQ.roa
File:                     KVv7_M50V2iyBxYsG_dQpH_S9tQ.roa (raw, json)
Hash identifier:          RkhZYcx1K+qPGt8mNSXPpba3hYgNZEfnfscSk3pS5x0=
Subject key identifier:   29:5B:FB:FC:CE:74:57:68:B2:07:16:2C:1B:F7:50:A4:7F:D2:F6:D4
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       019D58BA1ECC0353F58CB84E74163ED051A0
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/KVv7_M50V2iyBxYsG_dQpH_S9tQ.roa
Signing time:             Sat 04 Apr 2026 13:41:25 +0000
ROA not before:           Sat 04 Apr 2026 13:41:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200436
IP address blocks:        188.212.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:58:ba:1e:cc:03:53:f5:8c:b8:4e:74:16:3e:d0:51:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Apr  4 13:41:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=295bfbfcce745768b207162c1bf750a47fd2f6d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:7a:31:69:23:46:7c:08:a5:2e:2c:34:40:f3:
                    72:31:2d:3f:f2:a4:98:a4:87:98:96:4f:bc:16:59:
                    2b:2d:df:74:af:4d:2d:30:86:0c:77:81:76:56:cc:
                    79:b7:75:81:45:81:bd:ba:68:81:2e:ad:43:e4:e1:
                    56:ea:d5:96:76:6e:66:5c:7a:06:8d:2d:11:75:c3:
                    cb:fb:95:37:50:f9:3f:e0:34:d6:7e:f7:b8:d7:2e:
                    a7:66:40:fe:95:e9:63:3c:fa:16:02:7b:a8:f5:69:
                    d5:5b:3e:6f:1f:59:0d:7f:9c:bd:22:6d:90:6d:63:
                    09:12:5e:7d:82:2a:88:15:57:1b:f2:66:d9:e1:81:
                    88:19:a6:34:42:c1:b2:29:36:52:4b:3e:01:d9:00:
                    51:07:be:ce:23:8a:fe:b1:61:c1:9c:67:2e:4f:07:
                    96:63:0c:8f:82:49:3d:de:cd:e2:d9:d6:28:66:ff:
                    11:36:fe:e7:5f:6b:68:7e:ee:b9:91:5f:48:26:24:
                    38:06:c3:5f:25:cb:c2:fd:94:d7:b8:fc:49:f8:65:
                    47:3a:8a:f1:3e:4a:1c:07:cf:73:37:32:2b:c9:24:
                    a7:6d:cf:1b:d9:d7:a4:ab:fb:bd:99:2b:ea:f9:2d:
                    97:8b:28:c6:01:2e:24:bd:23:83:52:af:67:00:54:
                    8c:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:5B:FB:FC:CE:74:57:68:B2:07:16:2C:1B:F7:50:A4:7F:D2:F6:D4
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/KVv7_M50V2iyBxYsG_dQpH_S9tQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.212.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:8a:02:bb:a3:59:eb:59:d1:c5:03:ab:d3:f1:3e:aa:fc:d2:
         88:f0:40:7a:b8:d5:5f:10:5c:dc:21:39:a9:7c:d3:1f:43:49:
         f3:c6:e1:92:88:b3:67:b6:d1:09:00:33:c6:e6:e3:0f:2f:a2:
         33:ec:98:c7:af:49:83:07:8e:fe:00:a9:89:ef:e2:82:fa:9e:
         39:5a:86:9c:2e:69:fe:f2:d6:88:fd:32:e7:da:24:c0:47:68:
         94:c0:ed:9f:f1:e0:6e:cb:62:9d:44:f6:b6:54:57:12:c5:69:
         c1:4f:c5:bf:b5:d4:e3:89:cb:7e:cb:19:91:f3:0e:6d:0c:e1:
         68:6e:ae:cf:c9:55:a7:e4:00:e7:ca:94:92:31:ae:00:a9:11:
         4d:6d:5e:ba:31:f6:7e:aa:4c:8d:59:95:eb:81:71:3b:ed:5f:
         eb:db:2b:93:4f:cd:e5:f1:05:31:3a:3b:ed:10:14:ee:9c:ab:
         aa:25:d4:a3:9b:27:02:9f:d7:5d:ba:9a:27:f4:00:37:f8:83:
         5c:fd:70:21:d3:8f:b2:ad:ef:86:c7:72:77:74:e2:b6:a4:cd:
         ad:94:c7:8a:90:f4:8c:39:3e:ad:91:9e:5c:33:4e:35:28:76:
         c2:77:a2:3f:8d:20:99:bf:4c:0a:a8:15:eb:aa:4b:1e:b6:a4:
         9b:3a:fa:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1Yuh7MA1P1jLhOdBY+0FGgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjYwNDA0MTM0MTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTViZmJmY2NlNzQ1NzY4YjIwNzE2MmMxYmY3NTBhNDdmZDJmNmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3oxaSNGfAilLiw0QPNyMS0/8qSY
pIeYlk+8FlkrLd90r00tMIYMd4F2Vsx5t3WBRYG9umiBLq1D5OFW6tWWdm5mXHoG
jS0RdcPL+5U3UPk/4DTWfve41y6nZkD+leljPPoWAnuo9WnVWz5vH1kNf5y9Im2Q
bWMJEl59giqIFVcb8mbZ4YGIGaY0QsGyKTZSSz4B2QBRB77OI4r+sWHBnGcuTweW
YwyPgkk93s3i2dYoZv8RNv7nX2tofu65kV9IJiQ4BsNfJcvC/ZTXuPxJ+GVHOorx
PkocB89zNzIrySSnbc8b2dekq/u9mSvq+S2XiyjGAS4kvSODUq9nAFSMiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFClb+/zOdFdosgcWLBv3UKR/0vbUMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvS1Z2N19NNTBWMml5QnhZc0dfZFFwSF9TOXRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNRgMA0G
CSqGSIb3DQEBCwUAA4IBAQCnigK7o1nrWdHFA6vT8T6q/NKI8EB6uNVfEFzcITmp
fNMfQ0nzxuGSiLNnttEJADPG5uMPL6Iz7JjHr0mDB47+AKmJ7+KC+p45WoacLmn+
8taI/TLn2iTAR2iUwO2f8eBuy2KdRPa2VFcSxWnBT8W/tdTjict+yxmR8w5tDOFo
bq7PyVWn5ADnypSSMa4AqRFNbV66MfZ+qkyNWZXrgXE77V/r2yuTT83l8QUxOjvt
EBTunKuqJdSjmycCn9ddupon9AA3+INc/XAh04+yre+Gx3J3dOK2pM2tlMeKkPSM
OT6tkZ5cM041KHbCd6I/jSCZv0wKqBXrqksetqSbOvrq
-----END CERTIFICATE-----