Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/41b82b-cde0-4af6-952c-7e0c7d352671/1/KUy8l_kE9Ez8yOXsZsPg_xu8U88.roa
File:                     KUy8l_kE9Ez8yOXsZsPg_xu8U88.roa (raw, json)
Hash identifier:          Q8NXv7/aGohuJqdBeBqSqaYcBq21Vr5wijgoX0wzMFc=
Subject key identifier:   29:4C:BC:97:F9:04:F4:4C:FC:C8:E5:EC:66:C3:E0:FF:1B:BC:53:CF
Certificate issuer:       /CN=dec756af77dafebca10684d68556baacd7173617
Certificate serial:       019B76EB1176E27962858C8DEDE4D576082C
Authority key identifier: DE:C7:56:AF:77:DA:FE:BC:A1:06:84:D6:85:56:BA:AC:D7:17:36:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3sdWr3fa_ryhBoTWhVa6rNcXNhc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/41b82b-cde0-4af6-952c-7e0c7d352671/1/KUy8l_kE9Ez8yOXsZsPg_xu8U88.roa
Signing time:             Thu 01 Jan 2026 00:17:55 +0000
ROA not before:           Thu 01 Jan 2026 00:17:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39732
IP address blocks:        195.60.72.0/23 maxlen: 23
                          2001:67c:20f4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/41b82b-cde0-4af6-952c-7e0c7d352671/1/3sdWr3fa_ryhBoTWhVa6rNcXNhc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/41b82b-cde0-4af6-952c-7e0c7d352671/1/3sdWr3fa_ryhBoTWhVa6rNcXNhc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3sdWr3fa_ryhBoTWhVa6rNcXNhc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:11:76:e2:79:62:85:8c:8d:ed:e4:d5:76:08:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dec756af77dafebca10684d68556baacd7173617
        Validity
            Not Before: Jan  1 00:17:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=294cbc97f904f44cfcc8e5ec66c3e0ff1bbc53cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ea:b1:f7:6d:51:78:22:b6:4b:ba:e0:12:6c:
                    56:c1:97:25:5e:2b:d0:c7:f2:97:10:ee:59:32:98:
                    61:40:99:f9:f1:c3:69:8b:8f:39:4d:61:3c:5b:18:
                    8e:3a:e2:ab:d6:b5:56:38:6b:ac:2d:6f:0a:fa:10:
                    68:66:0d:0d:d3:2d:78:c2:cd:a4:05:37:4d:66:e4:
                    6f:e3:62:c0:1c:9d:33:70:5b:b9:20:73:00:55:88:
                    b2:be:a1:2e:7d:a7:a5:95:84:28:c7:7f:54:55:b7:
                    dd:8c:f9:81:6a:46:cd:0f:2e:37:44:00:f4:f2:44:
                    87:bf:52:83:39:14:56:ac:ea:5b:72:27:ba:16:8a:
                    db:df:b5:72:d8:8e:38:34:b0:8a:b1:03:4c:69:52:
                    9b:ef:fc:5d:e2:ff:41:86:1d:74:06:35:2e:dd:0e:
                    80:68:a0:25:79:d2:61:29:62:e4:0c:15:e2:9c:f3:
                    1a:a2:2c:b6:f6:f8:fa:3a:b2:74:8b:1a:a8:de:c7:
                    b4:9d:3e:f8:b5:de:2a:7d:1d:40:77:fd:05:e8:01:
                    de:10:95:d1:a3:2b:cd:cf:b6:03:18:3d:23:a3:27:
                    d7:5f:ac:0b:c9:9e:a9:7b:63:43:11:31:e4:a7:c7:
                    f2:f8:60:99:58:db:6f:fa:3f:24:be:9f:6d:07:0d:
                    3e:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:4C:BC:97:F9:04:F4:4C:FC:C8:E5:EC:66:C3:E0:FF:1B:BC:53:CF
            X509v3 Authority Key Identifier:
                keyid:DE:C7:56:AF:77:DA:FE:BC:A1:06:84:D6:85:56:BA:AC:D7:17:36:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3sdWr3fa_ryhBoTWhVa6rNcXNhc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/41b82b-cde0-4af6-952c-7e0c7d352671/1/KUy8l_kE9Ez8yOXsZsPg_xu8U88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/41b82b-cde0-4af6-952c-7e0c7d352671/1/3sdWr3fa_ryhBoTWhVa6rNcXNhc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.60.72.0/23
                IPv6:
                  2001:67c:20f4::/48

    Signature Algorithm: sha256WithRSAEncryption
         40:7a:d4:0f:37:40:dc:70:86:b3:1c:6c:fb:04:c1:5c:86:e0:
         e5:33:af:b3:6d:a9:dd:f9:28:a6:ca:12:59:1c:39:f1:3d:ea:
         53:1f:dd:f7:a7:43:0d:05:e4:cb:63:5a:54:3d:f6:7b:cc:f3:
         9c:94:c6:9b:26:56:08:a7:dc:17:a7:26:79:f5:e4:28:da:de:
         4c:e4:72:18:36:cb:df:ff:f2:91:f2:9b:9e:f2:84:f3:a0:91:
         be:1f:a8:d0:89:0f:50:07:1d:3d:cc:68:e9:95:d2:16:3a:c1:
         cb:ed:92:76:98:b0:a7:ee:89:16:a8:a5:a0:f3:4d:7c:fb:a4:
         ab:47:f2:f7:83:15:25:86:35:f2:1a:be:4a:d6:ac:41:b4:5a:
         5e:55:b5:e3:db:01:45:57:b3:94:e2:bb:4b:d0:38:1a:55:9c:
         6b:c5:cb:4a:8a:13:2a:4c:d0:46:3f:03:a8:b9:e6:10:95:70:
         10:0a:a9:7d:32:1c:33:51:50:49:33:9d:95:12:8f:ed:ee:aa:
         a5:39:7c:13:d3:59:30:00:4e:92:48:bc:47:68:d3:f2:b0:7b:
         42:5f:69:22:3f:23:e0:d8:63:1e:a6:50:a4:40:ea:04:af:25:
         10:19:0c:da:40:0b:29:56:13:8a:69:25:7d:c6:96:9c:0e:6b:
         3b:5e:0e:01
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZt26xF24nlihYyN7eTVdggsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlYzc1NmFmNzdkYWZlYmNhMTA2ODRkNjg1NTZiYWFjZDcx
NzM2MTcwHhcNMjYwMTAxMDAxNzU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTRjYmM5N2Y5MDRmNDRjZmNjOGU1ZWM2NmMzZTBmZjFiYmM1M2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxuqx921ReCK2S7rgEmxWwZclXivQ
x/KXEO5ZMphhQJn58cNpi485TWE8WxiOOuKr1rVWOGusLW8K+hBoZg0N0y14ws2k
BTdNZuRv42LAHJ0zcFu5IHMAVYiyvqEufaellYQox39UVbfdjPmBakbNDy43RAD0
8kSHv1KDORRWrOpbcie6Forb37Vy2I44NLCKsQNMaVKb7/xd4v9Bhh10BjUu3Q6A
aKAledJhKWLkDBXinPMaoiy29vj6OrJ0ixqo3se0nT74td4qfR1Ad/0F6AHeEJXR
oyvNz7YDGD0joyfXX6wLyZ6pe2NDETHkp8fy+GCZWNtv+j8kvp9tBw0+9QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFClMvJf5BPRM/Mjl7GbD4P8bvFPPMB8GA1UdIwQY
MBaAFN7HVq932v68oQaE1oVWuqzXFzYXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3NkV3IzZmFfcnloQm9UV2hWYTZyTmNYTmhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS80MWI4MmItY2RlMC00YWY2LTk1MmMt
N2UwYzdkMzUyNjcxLzEvS1V5OGxfa0U5RXo4eU9Yc1pzUGdfeHU4VTg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS80MWI4MmItY2RlMC00YWY2LTk1MmMtN2UwYzdkMzUyNjcx
LzEvM3NkV3IzZmFfcnloQm9UV2hWYTZyTmNYTmhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBwzxIMA8E
AgACMAkDBwAgAQZ8IPQwDQYJKoZIhvcNAQELBQADggEBAEB61A83QNxwhrMcbPsE
wVyG4OUzr7Ntqd35KKbKElkcOfE96lMf3fenQw0F5MtjWlQ99nvM85yUxpsmVgin
3BenJnn15Cja3kzkchg2y9//8pHym57yhPOgkb4fqNCJD1AHHT3MaOmV0hY6wcvt
knaYsKfuiRaopaDzTXz7pKtH8veDFSWGNfIavkrWrEG0Wl5VtePbAUVXs5Tiu0vQ
OBpVnGvFy0qKEypM0EY/A6i55hCVcBAKqX0yHDNRUEkznZUSj+3uqqU5fBPTWTAA
TpJIvEdo0/Kwe0JfaSI/I+DYYx6mUKRA6gSvJRAZDNpACylWE4ppJX3GlpwOazte
DgE=
-----END CERTIFICATE-----