Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/546ade-daa1-49f1-8bbe-b9eb871f6d96/1/kcYFoWMu5QoSNf9ceG2n-kODfhI.roa
File:                     kcYFoWMu5QoSNf9ceG2n-kODfhI.roa (raw, json)
Hash identifier:          gkTfw6NqMW7Am2gTmxLPtlhTW10NUd3lUtw+Ko4m44k=
Subject key identifier:   91:C6:05:A1:63:2E:E5:0A:12:35:FF:5C:78:6D:A7:FA:43:83:7E:12
Certificate issuer:       /CN=64ded85d9a05b1df689a8b6c313f8128c7a00b67
Certificate serial:       019C8FF82F079F30439950E5A7764D4DE74F
Authority key identifier: 64:DE:D8:5D:9A:05:B1:DF:68:9A:8B:6C:31:3F:81:28:C7:A0:0B:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZN7YXZoFsd9omotsMT-BKMegC2c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/546ade-daa1-49f1-8bbe-b9eb871f6d96/1/kcYFoWMu5QoSNf9ceG2n-kODfhI.roa
Signing time:             Tue 24 Feb 2026 14:05:32 +0000
ROA not before:           Tue 24 Feb 2026 14:05:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202048
IP address blocks:        46.28.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/546ade-daa1-49f1-8bbe-b9eb871f6d96/1/ZN7YXZoFsd9omotsMT-BKMegC2c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/546ade-daa1-49f1-8bbe-b9eb871f6d96/1/ZN7YXZoFsd9omotsMT-BKMegC2c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZN7YXZoFsd9omotsMT-BKMegC2c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 21:16:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8f:f8:2f:07:9f:30:43:99:50:e5:a7:76:4d:4d:e7:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64ded85d9a05b1df689a8b6c313f8128c7a00b67
        Validity
            Not Before: Feb 24 14:05:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=91c605a1632ee50a1235ff5c786da7fa43837e12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:48:17:52:14:6d:7b:c3:2d:ca:63:93:45:cb:
                    b3:77:5d:b0:ff:17:5b:cb:e8:a8:e1:00:33:36:f1:
                    85:0e:55:ad:c9:5f:7a:0d:a7:a9:28:0e:aa:5b:d8:
                    f4:85:6b:15:c7:e9:34:ab:c9:4b:2e:ac:e7:9e:d6:
                    62:03:34:9a:8b:fa:a5:63:1c:68:9d:85:d3:f9:74:
                    a9:5e:28:02:44:0e:67:eb:a6:6e:0a:ea:1f:7d:68:
                    31:c4:20:16:a0:2b:9a:14:c7:c3:d2:e9:d2:aa:3d:
                    40:28:ae:d0:4f:88:34:5b:19:a6:59:ca:77:1a:43:
                    5a:27:c7:d7:97:db:75:6b:74:a9:9d:8c:e8:d9:95:
                    5e:68:c6:ab:0f:68:f8:2e:21:6b:ca:4e:6b:56:f3:
                    8c:4a:8b:72:2f:44:26:f5:45:6e:a0:33:58:6c:f6:
                    39:28:87:6a:da:38:a5:fa:93:9a:6c:6a:f7:fd:d6:
                    d2:87:e2:dd:26:ee:af:c6:bd:94:e7:32:54:ff:b0:
                    f4:d1:d5:a9:83:b6:0c:7b:be:bd:6d:fb:77:b2:fa:
                    8d:6e:d4:ec:02:d0:e3:c7:4f:68:68:c9:b0:58:19:
                    d6:9d:10:c5:41:c9:46:8b:59:31:fa:3e:64:e8:3f:
                    60:7a:59:58:ac:3b:b6:10:74:05:b3:d1:f3:9d:2a:
                    ce:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:C6:05:A1:63:2E:E5:0A:12:35:FF:5C:78:6D:A7:FA:43:83:7E:12
            X509v3 Authority Key Identifier:
                keyid:64:DE:D8:5D:9A:05:B1:DF:68:9A:8B:6C:31:3F:81:28:C7:A0:0B:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZN7YXZoFsd9omotsMT-BKMegC2c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/546ade-daa1-49f1-8bbe-b9eb871f6d96/1/kcYFoWMu5QoSNf9ceG2n-kODfhI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/546ade-daa1-49f1-8bbe-b9eb871f6d96/1/ZN7YXZoFsd9omotsMT-BKMegC2c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.28.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:da:b6:d7:63:79:20:3b:5d:23:89:97:12:b1:41:8d:77:22:
         24:2d:a7:55:44:c0:e2:f6:7f:09:67:07:ad:23:57:6d:48:c8:
         4c:18:4d:d1:23:6e:d0:36:a9:8a:89:8b:ad:9d:b0:51:e8:6a:
         fe:57:34:57:e3:84:95:be:d2:29:73:d0:59:92:3c:8e:72:82:
         d2:c7:fe:47:00:a0:05:1d:1b:38:28:a9:52:5e:74:6a:15:ab:
         dc:19:0e:f0:dc:44:fb:1a:29:c2:b9:03:ee:5c:d9:02:20:89:
         b6:0e:c3:77:28:58:2c:90:80:15:14:85:a0:e3:0a:12:3e:cd:
         ee:2b:8d:98:ac:5a:47:05:3c:fd:5a:22:2e:62:9b:2a:5d:6d:
         f3:2c:31:fd:7b:3e:e0:90:12:4a:af:79:34:cd:ef:c3:34:51:
         0d:4a:62:ee:0c:30:dc:f7:b9:f0:c1:b3:86:28:62:5f:f2:29:
         8a:42:b2:b4:e7:37:1d:fe:12:9a:38:e8:8a:03:7b:90:73:a4:
         68:64:3c:7f:73:ca:36:a4:85:34:4c:ca:2e:60:cb:1d:88:29:
         c9:a7:7b:09:7d:16:55:cd:db:4f:5d:ba:72:90:df:57:8a:b8:
         12:90:83:54:a3:8f:84:6d:0b:f1:65:71:23:6b:bf:e1:04:8a:
         f9:61:5b:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyP+C8HnzBDmVDlp3ZNTedPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZGVkODVkOWEwNWIxZGY2ODlhOGI2YzMxM2Y4MTI4Yzdh
MDBiNjcwHhcNMjYwMjI0MTQwNTMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWM2MDVhMTYzMmVlNTBhMTIzNWZmNWM3ODZkYTdmYTQzODM3ZTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2EgXUhRte8MtymOTRcuzd12w/xdb
y+io4QAzNvGFDlWtyV96DaepKA6qW9j0hWsVx+k0q8lLLqznntZiAzSai/qlYxxo
nYXT+XSpXigCRA5n66ZuCuoffWgxxCAWoCuaFMfD0unSqj1AKK7QT4g0WxmmWcp3
GkNaJ8fXl9t1a3SpnYzo2ZVeaMarD2j4LiFryk5rVvOMSotyL0Qm9UVuoDNYbPY5
KIdq2jil+pOabGr3/dbSh+LdJu6vxr2U5zJU/7D00dWpg7YMe769bft3svqNbtTs
AtDjx09oaMmwWBnWnRDFQclGi1kx+j5k6D9gellYrDu2EHQFs9HznSrOKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJHGBaFjLuUKEjX/XHhtp/pDg34SMB8GA1UdIwQY
MBaAFGTe2F2aBbHfaJqLbDE/gSjHoAtnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk43WVhab0ZzZDlvbW90c01ULUJLTWVnQzJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny81NDZhZGUtZGFhMS00OWYxLThiYmUt
YjllYjg3MWY2ZDk2LzEva2NZRm9XTXU1UW9TTmY5Y2VHMm4ta09EZmhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny81NDZhZGUtZGFhMS00OWYxLThiYmUtYjllYjg3MWY2ZDk2
LzEvWk43WVhab0ZzZDlvbW90c01ULUJLTWVnQzJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhzoMA0G
CSqGSIb3DQEBCwUAA4IBAQAP2rbXY3kgO10jiZcSsUGNdyIkLadVRMDi9n8JZwet
I1dtSMhMGE3RI27QNqmKiYutnbBR6Gr+VzRX44SVvtIpc9BZkjyOcoLSx/5HAKAF
HRs4KKlSXnRqFavcGQ7w3ET7GinCuQPuXNkCIIm2DsN3KFgskIAVFIWg4woSPs3u
K42YrFpHBTz9WiIuYpsqXW3zLDH9ez7gkBJKr3k0ze/DNFENSmLuDDDc97nwwbOG
KGJf8imKQrK05zcd/hKaOOiKA3uQc6RoZDx/c8o2pIU0TMouYMsdiCnJp3sJfRZV
zdtPXbpykN9XirgSkINUo4+EbQvxZXEja7/hBIr5YVuf
-----END CERTIFICATE-----