Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/2cb63f-1613-459b-8115-554cabb9ad05/1/KarebT1i131F1F0b_jruzSe1lHY.roa
File:                     KarebT1i131F1F0b_jruzSe1lHY.roa (raw, json)
Hash identifier:          UoRIjXeKvZYwlceblJKfWjA69FlQT++n1NlR0R55ggI=
Subject key identifier:   29:AA:DE:6D:3D:62:D7:7D:45:D4:5D:1B:FE:3A:EE:CD:27:B5:94:76
Certificate issuer:       /CN=1f94d1a29cce26153b934fb47c2ee21674bb85cb
Certificate serial:       019B7DCB58C58484D28CDF1B688309EFCFA7
Authority key identifier: 1F:94:D1:A2:9C:CE:26:15:3B:93:4F:B4:7C:2E:E2:16:74:BB:85:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H5TRopzOJhU7k0-0fC7iFnS7hcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/2cb63f-1613-459b-8115-554cabb9ad05/1/KarebT1i131F1F0b_jruzSe1lHY.roa
Signing time:             Fri 02 Jan 2026 08:20:37 +0000
ROA not before:           Fri 02 Jan 2026 08:20:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212636
IP address blocks:        193.23.52.0/24 maxlen: 24
                          2a10:5ac0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/2cb63f-1613-459b-8115-554cabb9ad05/1/H5TRopzOJhU7k0-0fC7iFnS7hcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/2cb63f-1613-459b-8115-554cabb9ad05/1/H5TRopzOJhU7k0-0fC7iFnS7hcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H5TRopzOJhU7k0-0fC7iFnS7hcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 14:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:58:c5:84:84:d2:8c:df:1b:68:83:09:ef:cf:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f94d1a29cce26153b934fb47c2ee21674bb85cb
        Validity
            Not Before: Jan  2 08:20:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=29aade6d3d62d77d45d45d1bfe3aeecd27b59476
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:7f:6f:82:4b:64:6d:c2:07:09:ef:72:1d:bf:
                    be:27:db:33:1b:ac:09:8b:e2:33:84:29:96:e3:e4:
                    37:64:28:38:38:7f:e9:b8:82:25:62:5d:93:17:bd:
                    7c:4e:13:82:01:36:91:70:e9:da:ec:d8:a6:3b:68:
                    2a:5c:8e:93:7a:d3:d5:b9:0d:a3:ec:08:35:57:46:
                    51:b1:5f:66:1c:d6:f1:c0:7f:df:a2:e7:68:d7:d2:
                    36:c5:fc:e2:e3:00:da:eb:8d:26:a6:0f:34:41:dc:
                    e8:bd:b7:83:37:61:4b:2f:20:fd:75:73:c7:b4:0b:
                    ef:99:92:d9:0b:5c:80:04:ba:ba:80:ef:ed:84:c7:
                    6f:3b:33:2b:ea:2d:a0:6b:31:f4:b2:4c:92:24:1d:
                    9a:57:3c:61:23:22:c9:5b:c6:0c:1d:94:b9:72:af:
                    22:01:a8:cf:cf:8d:62:78:52:cb:07:65:b5:d1:0b:
                    78:a1:5b:95:ad:50:0f:6a:ba:db:f8:6d:61:37:06:
                    c2:d1:f1:25:4c:3c:d8:89:75:3c:67:44:dc:ff:f4:
                    97:2f:c4:59:7d:97:84:5c:1f:02:ae:30:7b:93:ac:
                    67:bc:83:4b:8a:33:b7:5a:de:e0:40:68:62:f5:9d:
                    4d:b7:84:fc:fd:ab:0b:72:4f:fd:d6:e7:e6:ec:04:
                    cf:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:AA:DE:6D:3D:62:D7:7D:45:D4:5D:1B:FE:3A:EE:CD:27:B5:94:76
            X509v3 Authority Key Identifier:
                keyid:1F:94:D1:A2:9C:CE:26:15:3B:93:4F:B4:7C:2E:E2:16:74:BB:85:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H5TRopzOJhU7k0-0fC7iFnS7hcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/2cb63f-1613-459b-8115-554cabb9ad05/1/KarebT1i131F1F0b_jruzSe1lHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/2cb63f-1613-459b-8115-554cabb9ad05/1/H5TRopzOJhU7k0-0fC7iFnS7hcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.52.0/24
                IPv6:
                  2a10:5ac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         8b:e3:27:15:70:2b:1b:15:46:ec:2d:48:57:30:ad:2f:b3:30:
         4a:33:97:9f:1f:80:fd:b5:5b:e2:1d:81:b5:d2:4e:b5:df:f9:
         9d:4e:0d:bc:06:b6:57:56:55:84:95:1d:2d:2e:06:3f:71:e7:
         3d:16:83:b6:bc:61:99:6f:de:94:83:1a:83:08:4a:ba:69:fb:
         e8:cd:e8:b4:97:2c:b1:5c:3c:9f:40:14:e7:b0:a2:9c:17:45:
         6f:11:bb:4a:cd:4b:b9:e5:3a:aa:59:d1:62:d3:12:d0:0c:50:
         2a:2a:3d:61:9e:f6:e7:d7:eb:2b:56:6b:99:87:82:6e:78:8f:
         5d:1e:f7:34:cd:b2:8d:88:a4:27:e3:4d:80:aa:29:05:25:00:
         d2:13:7a:b5:83:ed:3b:68:6b:d2:9a:f6:21:74:ca:d0:4f:5d:
         1b:50:71:5e:e2:a9:89:5f:c7:2a:1f:56:53:90:bd:9a:32:db:
         f7:07:1e:07:33:b3:73:0c:c2:3c:97:ff:20:38:16:6b:b9:8c:
         ef:9f:df:3f:c9:28:c7:b7:b4:bc:f2:1e:5d:d6:8c:91:2f:ca:
         61:d0:c0:d6:b7:6d:f9:c5:c8:f8:e8:cc:86:a2:1b:89:a6:00:
         50:49:c2:b0:a4:b0:2a:c6:f4:41:99:3d:33:40:fb:24:f3:e0:
         46:c1:f0:d5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt9y1jFhITSjN8baIMJ78+nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmOTRkMWEyOWNjZTI2MTUzYjkzNGZiNDdjMmVlMjE2NzRi
Yjg1Y2IwHhcNMjYwMTAyMDgyMDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWFhZGU2ZDNkNjJkNzdkNDVkNDVkMWJmZTNhZWVjZDI3YjU5NDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp39vgktkbcIHCe9yHb++J9szG6wJ
i+IzhCmW4+Q3ZCg4OH/puIIlYl2TF718ThOCATaRcOna7NimO2gqXI6TetPVuQ2j
7Ag1V0ZRsV9mHNbxwH/foudo19I2xfzi4wDa640mpg80QdzovbeDN2FLLyD9dXPH
tAvvmZLZC1yABLq6gO/thMdvOzMr6i2gazH0skySJB2aVzxhIyLJW8YMHZS5cq8i
AajPz41ieFLLB2W10Qt4oVuVrVAParrb+G1hNwbC0fElTDzYiXU8Z0Tc//SXL8RZ
fZeEXB8CrjB7k6xnvINLijO3Wt7gQGhi9Z1Nt4T8/asLck/91ufm7ATP0wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCmq3m09Ytd9RdRdG/467s0ntZR2MB8GA1UdIwQY
MBaAFB+U0aKcziYVO5NPtHwu4hZ0u4XLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDVUUm9wek9KaFU3azAtMGZDN2lGblM3aGNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8yY2I2M2YtMTYxMy00NTliLTgxMTUt
NTU0Y2FiYjlhZDA1LzEvS2FyZWJUMWkxMzFGMUYwYl9qcnV6U2UxbEhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8yY2I2M2YtMTYxMy00NTliLTgxMTUtNTU0Y2FiYjlhZDA1
LzEvSDVUUm9wek9KaFU3azAtMGZDN2lGblM3aGNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwRc0MA0E
AgACMAcDBQMqEFrAMA0GCSqGSIb3DQEBCwUAA4IBAQCL4ycVcCsbFUbsLUhXMK0v
szBKM5efH4D9tVviHYG10k613/mdTg28BrZXVlWElR0tLgY/cec9FoO2vGGZb96U
gxqDCEq6afvozei0lyyxXDyfQBTnsKKcF0VvEbtKzUu55TqqWdFi0xLQDFAqKj1h
nvbn1+srVmuZh4JueI9dHvc0zbKNiKQn402AqikFJQDSE3q1g+07aGvSmvYhdMrQ
T10bUHFe4qmJX8cqH1ZTkL2aMtv3Bx4HM7NzDMI8l/8gOBZruYzvn98/ySjHt7S8
8h5d1oyRL8ph0MDWt235xcj46MyGohuJpgBQScKwpLAqxvRBmT0zQPsk8+BGwfDV
-----END CERTIFICATE-----