Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/e58b40-dde6-4840-810c-31f92945dffd/1/caKUs3eqb1C-2Yju8MusRYTam6U.roa
File:                     caKUs3eqb1C-2Yju8MusRYTam6U.roa (raw, json)
Hash identifier:          NPWp22I7VFgBs3i27P5Ky/kdDBlPWyPBqWXmEv0PUv0=
Subject key identifier:   71:A2:94:B3:77:AA:6F:50:BE:D9:88:EE:F0:CB:AC:45:84:DA:9B:A5
Certificate issuer:       /CN=ebb2a42550e5e2b4aa1a473b2b371bc28341a16a
Certificate serial:       019B7E37740C2FF9DE703926768EA7DBF061
Authority key identifier: EB:B2:A4:25:50:E5:E2:B4:AA:1A:47:3B:2B:37:1B:C2:83:41:A1:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/67KkJVDl4rSqGkc7KzcbwoNBoWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/e58b40-dde6-4840-810c-31f92945dffd/1/caKUs3eqb1C-2Yju8MusRYTam6U.roa
Signing time:             Fri 02 Jan 2026 10:18:41 +0000
ROA not before:           Fri 02 Jan 2026 10:18:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203897
IP address blocks:        91.229.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/e58b40-dde6-4840-810c-31f92945dffd/1/67KkJVDl4rSqGkc7KzcbwoNBoWo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/e58b40-dde6-4840-810c-31f92945dffd/1/67KkJVDl4rSqGkc7KzcbwoNBoWo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/67KkJVDl4rSqGkc7KzcbwoNBoWo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:74:0c:2f:f9:de:70:39:26:76:8e:a7:db:f0:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebb2a42550e5e2b4aa1a473b2b371bc28341a16a
        Validity
            Not Before: Jan  2 10:18:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=71a294b377aa6f50bed988eef0cbac4584da9ba5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:3e:33:9e:52:34:fd:87:6e:7e:f7:81:68:27:
                    8e:12:62:d8:e5:e4:63:bb:9b:ea:f6:a2:d8:b4:6c:
                    08:00:f3:11:70:6a:3b:b4:0a:2f:10:99:da:26:a4:
                    be:be:46:59:05:ab:50:b7:6b:b1:1b:67:39:9a:dd:
                    7f:8b:73:64:ff:90:ec:37:e3:10:13:e4:82:81:7d:
                    22:bd:8b:e1:06:ce:ec:3f:f1:fe:c6:b4:56:78:f0:
                    5f:77:b8:2a:c1:1e:31:27:b5:c9:bf:5a:5f:f9:bd:
                    85:ba:cb:01:9f:c2:d0:7d:fa:e9:76:11:73:ec:46:
                    12:f5:90:98:4a:f0:8b:c5:09:2a:2a:9c:1a:16:65:
                    7f:fa:6b:40:72:07:f4:30:46:7c:1f:49:24:df:da:
                    16:61:4e:fc:c4:c3:3b:62:a6:c2:56:7b:8d:c5:52:
                    9b:5c:3e:a6:b6:cc:6b:d0:bb:21:64:4b:ac:1f:c3:
                    aa:4c:7e:db:45:de:cd:25:03:38:ac:b7:a9:99:5f:
                    95:d4:02:da:c6:f7:28:d6:b6:23:73:37:f9:64:b7:
                    c9:90:fd:23:ea:87:ac:06:e7:6e:c6:cd:cf:cb:7e:
                    bf:6d:c3:b6:8b:00:5a:c4:82:e1:b4:73:20:d5:75:
                    00:57:e3:e5:a7:00:f1:ec:58:87:77:5e:38:09:59:
                    c1:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:A2:94:B3:77:AA:6F:50:BE:D9:88:EE:F0:CB:AC:45:84:DA:9B:A5
            X509v3 Authority Key Identifier:
                keyid:EB:B2:A4:25:50:E5:E2:B4:AA:1A:47:3B:2B:37:1B:C2:83:41:A1:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/67KkJVDl4rSqGkc7KzcbwoNBoWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/e58b40-dde6-4840-810c-31f92945dffd/1/caKUs3eqb1C-2Yju8MusRYTam6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/e58b40-dde6-4840-810c-31f92945dffd/1/67KkJVDl4rSqGkc7KzcbwoNBoWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:3a:25:13:7d:bc:70:f5:52:4a:fd:96:3a:f0:73:aa:ff:9e:
         d8:ff:d6:9c:ef:4e:45:7b:4b:50:91:9a:fa:5c:d0:94:91:a3:
         b4:c8:b5:03:31:af:68:b4:b5:45:9e:db:93:1d:a4:9d:5d:d9:
         9e:87:bf:d4:e6:41:e1:85:ca:96:74:b4:fb:20:2c:41:d3:d3:
         03:56:42:ae:db:ae:ca:c3:7f:4f:16:3b:e1:19:f4:62:ef:59:
         ce:5b:32:a0:c6:58:ed:5d:48:f5:7a:bf:cc:3a:84:8a:71:c7:
         b2:0a:1d:fa:ad:94:ee:31:cb:5c:8a:ad:5c:06:6c:7d:b8:3c:
         2c:a7:82:37:de:55:92:d8:ae:5b:6d:88:b4:ae:a3:dd:63:a2:
         0a:99:4e:89:f8:71:c0:28:06:df:54:08:a7:ae:d6:1f:c7:d8:
         43:5f:76:87:47:07:b6:d7:ff:c0:09:5b:a7:af:97:99:c8:a7:
         fa:41:fb:55:4f:b0:f1:2a:ca:b1:2b:ff:0a:c8:48:22:0c:65:
         57:0d:f5:fc:b2:5c:54:3f:6f:43:77:8d:9a:22:6f:72:1d:b9:
         ca:f7:8c:ab:31:91:96:90:39:1f:ba:b5:81:26:35:c2:8f:0a:
         6d:68:77:4a:82:f6:95:3a:a2:54:7f:79:48:2d:cc:3f:50:a3:
         0a:c5:77:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N3QML/necDkmdo6n2/BhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViYjJhNDI1NTBlNWUyYjRhYTFhNDczYjJiMzcxYmMyODM0
MWExNmEwHhcNMjYwMTAyMTAxODQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWEyOTRiMzc3YWE2ZjUwYmVkOTg4ZWVmMGNiYWM0NTg0ZGE5YmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7D4znlI0/YdufveBaCeOEmLY5eRj
u5vq9qLYtGwIAPMRcGo7tAovEJnaJqS+vkZZBatQt2uxG2c5mt1/i3Nk/5DsN+MQ
E+SCgX0ivYvhBs7sP/H+xrRWePBfd7gqwR4xJ7XJv1pf+b2FussBn8LQffrpdhFz
7EYS9ZCYSvCLxQkqKpwaFmV/+mtAcgf0MEZ8H0kk39oWYU78xMM7YqbCVnuNxVKb
XD6mtsxr0LshZEusH8OqTH7bRd7NJQM4rLepmV+V1ALaxvco1rYjczf5ZLfJkP0j
6oesBuduxs3Py36/bcO2iwBaxILhtHMg1XUAV+PlpwDx7FiHd144CVnB8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHGilLN3qm9QvtmI7vDLrEWE2pulMB8GA1UdIwQY
MBaAFOuypCVQ5eK0qhpHOys3G8KDQaFqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjdLa0pWRGw0clNxR2tjN0t6Y2J3b05Cb1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC9lNThiNDAtZGRlNi00ODQwLTgxMGMt
MzFmOTI5NDVkZmZkLzEvY2FLVXMzZXFiMUMtMllqdThNdXNSWVRhbTZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC9lNThiNDAtZGRlNi00ODQwLTgxMGMtMzFmOTI5NDVkZmZk
LzEvNjdLa0pWRGw0clNxR2tjN0t6Y2J3b05Cb1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+V8MA0G
CSqGSIb3DQEBCwUAA4IBAQCNOiUTfbxw9VJK/ZY68HOq/57Y/9ac705Fe0tQkZr6
XNCUkaO0yLUDMa9otLVFntuTHaSdXdmeh7/U5kHhhcqWdLT7ICxB09MDVkKu267K
w39PFjvhGfRi71nOWzKgxljtXUj1er/MOoSKcceyCh36rZTuMctciq1cBmx9uDws
p4I33lWS2K5bbYi0rqPdY6IKmU6J+HHAKAbfVAinrtYfx9hDX3aHRwe21//ACVun
r5eZyKf6QftVT7DxKsqxK/8KyEgiDGVXDfX8slxUP29Dd42aIm9yHbnK94yrMZGW
kDkfurWBJjXCjwptaHdKgvaVOqJUf3lILcw/UKMKxXdw
-----END CERTIFICATE-----