Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/6db264-73d4-43ac-a97e-590b1b2a4609/1/KER-U-aRYckOZzpn7PbWOavueRg.roa
File:                     KER-U-aRYckOZzpn7PbWOavueRg.roa (raw, json)
Hash identifier:          VnTgbJYVhXdPGDTQ2hppQejhsFcgs5I5az6oUP5boak=
Subject key identifier:   28:44:7E:53:E6:91:61:C9:0E:67:3A:67:EC:F6:D6:39:AB:EE:79:18
Certificate issuer:       /CN=6416bc721c740c10fc7b0d8b1b358a2d35f488b7
Certificate serial:       019B7C12C93834CC3FD29D9D26E34853F987
Authority key identifier: 64:16:BC:72:1C:74:0C:10:FC:7B:0D:8B:1B:35:8A:2D:35:F4:88:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZBa8chx0DBD8ew2LGzWKLTX0iLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/6db264-73d4-43ac-a97e-590b1b2a4609/1/KER-U-aRYckOZzpn7PbWOavueRg.roa
Signing time:             Fri 02 Jan 2026 00:19:24 +0000
ROA not before:           Fri 02 Jan 2026 00:19:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49644
IP address blocks:        91.213.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/6db264-73d4-43ac-a97e-590b1b2a4609/1/ZBa8chx0DBD8ew2LGzWKLTX0iLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/6db264-73d4-43ac-a97e-590b1b2a4609/1/ZBa8chx0DBD8ew2LGzWKLTX0iLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZBa8chx0DBD8ew2LGzWKLTX0iLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 21:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:c9:38:34:cc:3f:d2:9d:9d:26:e3:48:53:f9:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6416bc721c740c10fc7b0d8b1b358a2d35f488b7
        Validity
            Not Before: Jan  2 00:19:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=28447e53e69161c90e673a67ecf6d639abee7918
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:53:d2:5a:ca:c4:66:f2:0d:cc:fb:c2:dc:91:
                    b3:f2:d1:b1:1c:a6:4c:aa:59:d2:17:e4:0b:97:87:
                    66:21:48:07:bc:81:40:7d:57:c2:5d:50:e2:d1:3e:
                    71:a2:ca:f0:36:6a:51:e4:af:30:ce:86:e0:67:58:
                    08:84:ff:5f:5b:25:5c:0e:9b:6d:4f:b5:a0:44:38:
                    38:75:11:62:9b:52:1f:15:ec:99:9b:f8:ea:06:bf:
                    9f:ac:c4:2d:c3:6b:cf:93:6d:05:d6:38:f4:cf:85:
                    ad:31:df:23:80:b6:7b:e3:0b:ff:7e:f4:02:1d:4c:
                    75:35:ac:ab:27:5a:e9:c3:b5:54:ba:b9:76:39:c5:
                    2a:a8:74:41:d1:e7:34:89:11:a1:fc:19:e7:ef:67:
                    54:84:b3:81:15:cc:be:42:ad:be:a3:be:30:6a:d4:
                    d5:57:70:a8:a9:62:ca:41:9b:21:bb:9a:04:f8:64:
                    35:00:5e:15:1d:f9:9c:90:93:0c:34:aa:13:de:fa:
                    5c:5b:8a:f2:1d:ca:b6:ef:6a:a4:9b:79:30:8a:83:
                    e1:f0:96:b1:dd:37:45:46:fd:93:13:b0:1b:65:1b:
                    9c:91:6c:8a:5d:a9:a7:89:eb:81:2b:5d:ff:4b:98:
                    0a:05:c5:75:7d:ea:72:58:3a:e3:f3:e8:18:8b:4e:
                    6e:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:44:7E:53:E6:91:61:C9:0E:67:3A:67:EC:F6:D6:39:AB:EE:79:18
            X509v3 Authority Key Identifier:
                keyid:64:16:BC:72:1C:74:0C:10:FC:7B:0D:8B:1B:35:8A:2D:35:F4:88:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZBa8chx0DBD8ew2LGzWKLTX0iLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/6db264-73d4-43ac-a97e-590b1b2a4609/1/KER-U-aRYckOZzpn7PbWOavueRg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/6db264-73d4-43ac-a97e-590b1b2a4609/1/ZBa8chx0DBD8ew2LGzWKLTX0iLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         de:80:32:37:3b:33:51:d6:57:4e:82:5e:12:fd:74:7e:ca:5b:
         96:cc:ea:d7:ee:4a:67:28:ae:57:5c:71:ec:81:bb:0e:d7:7f:
         06:c5:7d:79:a4:2e:88:23:e1:fe:ee:aa:8e:5a:f2:fe:fb:09:
         0c:f8:f8:2e:65:83:21:19:ba:db:e8:4d:72:53:9c:37:06:a0:
         11:12:1c:a0:6b:3c:5a:5f:f1:e5:68:3e:63:6a:3a:05:36:17:
         1b:ce:18:98:9a:b6:15:96:0e:82:fd:59:5b:4f:d3:64:f1:d7:
         9f:bd:0a:e9:84:2f:1e:fe:84:67:6f:7d:ac:40:2a:d4:4a:1b:
         fa:93:fd:6b:8f:28:20:dd:ec:a3:3b:1f:41:35:f2:89:9e:59:
         e2:6f:80:8c:e5:d7:9d:c1:64:b2:c1:65:24:ac:60:d1:ac:22:
         4a:19:37:98:a4:99:d9:81:93:55:9d:c3:65:7c:e3:4f:e8:57:
         65:0e:4d:3c:f1:09:d9:6c:84:be:4f:49:a1:07:52:00:5c:1c:
         fc:a6:9c:df:2e:c8:9f:fb:a2:7e:2d:54:6d:67:60:a8:80:c9:
         3e:de:0f:a0:80:2a:3d:ec:3d:d5:40:a7:9d:45:73:e2:8e:99:
         2a:87:b2:3f:e7:46:e0:2b:a0:73:9c:a7:3e:2d:53:d2:64:5a:
         33:4e:c5:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8Esk4NMw/0p2dJuNIU/mHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MTZiYzcyMWM3NDBjMTBmYzdiMGQ4YjFiMzU4YTJkMzVm
NDg4YjcwHhcNMjYwMTAyMDAxOTI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODQ0N2U1M2U2OTE2MWM5MGU2NzNhNjdlY2Y2ZDYzOWFiZWU3OTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFPSWsrEZvINzPvC3JGz8tGxHKZM
qlnSF+QLl4dmIUgHvIFAfVfCXVDi0T5xosrwNmpR5K8wzobgZ1gIhP9fWyVcDptt
T7WgRDg4dRFim1IfFeyZm/jqBr+frMQtw2vPk20F1jj0z4WtMd8jgLZ74wv/fvQC
HUx1NayrJ1rpw7VUurl2OcUqqHRB0ec0iRGh/Bnn72dUhLOBFcy+Qq2+o74watTV
V3CoqWLKQZshu5oE+GQ1AF4VHfmckJMMNKoT3vpcW4ryHcq272qkm3kwioPh8Jax
3TdFRv2TE7AbZRuckWyKXamnieuBK13/S5gKBcV1fepyWDrj8+gYi05u5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFChEflPmkWHJDmc6Z+z21jmr7nkYMB8GA1UdIwQY
MBaAFGQWvHIcdAwQ/HsNixs1ii019Ii3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkJhOGNoeDBEQkQ4ZXcyTEd6V0tMVFgwaUxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy82ZGIyNjQtNzNkNC00M2FjLWE5N2Ut
NTkwYjFiMmE0NjA5LzEvS0VSLVUtYVJZY2tPWnpwbjdQYldPYXZ1ZVJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy82ZGIyNjQtNzNkNC00M2FjLWE5N2UtNTkwYjFiMmE0NjA5
LzEvWkJhOGNoeDBEQkQ4ZXcyTEd6V0tMVFgwaUxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9UzMA0G
CSqGSIb3DQEBCwUAA4IBAQDegDI3OzNR1ldOgl4S/XR+yluWzOrX7kpnKK5XXHHs
gbsO138GxX15pC6II+H+7qqOWvL++wkM+PguZYMhGbrb6E1yU5w3BqAREhygazxa
X/HlaD5jajoFNhcbzhiYmrYVlg6C/VlbT9Nk8defvQrphC8e/oRnb32sQCrUShv6
k/1rjygg3eyjOx9BNfKJnlnib4CM5dedwWSywWUkrGDRrCJKGTeYpJnZgZNVncNl
fONP6FdlDk088QnZbIS+T0mhB1IAXBz8ppzfLsif+6J+LVRtZ2CogMk+3g+ggCo9
7D3VQKedRXPijpkqh7I/50bgK6BznKc+LVPSZFozTsUy
-----END CERTIFICATE-----