Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/KVTaTVaCviOMdjZzS4Zc0zBw4OM.roa
File:                     KVTaTVaCviOMdjZzS4Zc0zBw4OM.roa (raw, json)
Hash identifier:          rWuvCKTHTIyhv2L4Mlx4/iHLNmlWT5ONGdBrJkW48EA=
Subject key identifier:   29:54:DA:4D:56:82:BE:23:8C:76:36:73:4B:86:5C:D3:30:70:E0:E3
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       019D71DF1B7F1BA76A168E1CED83867E4545
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/KVTaTVaCviOMdjZzS4Zc0zBw4OM.roa
Signing time:             Thu 09 Apr 2026 10:52:20 +0000
ROA not before:           Thu 09 Apr 2026 10:52:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202051
IP address blocks:        31.42.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:71:df:1b:7f:1b:a7:6a:16:8e:1c:ed:83:86:7e:45:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Apr  9 10:52:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2954da4d5682be238c7636734b865cd33070e0e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:3a:e7:ce:09:07:fe:b3:10:1d:c8:05:ab:13:
                    5b:f0:f9:9a:3c:d5:98:00:ca:4f:0e:7c:23:66:12:
                    06:d6:37:f5:58:3f:7c:f3:f4:8f:12:e3:b0:8f:2c:
                    13:a2:b5:1c:fb:d4:30:a3:2f:65:76:72:4a:92:89:
                    cb:3f:dd:a3:e5:e9:81:5f:cb:dd:1b:83:51:97:ef:
                    5e:be:d6:7f:4b:5d:18:f8:93:fc:86:db:38:01:38:
                    95:39:2a:c7:ca:d8:94:0e:e0:a1:4d:e2:a5:71:1f:
                    28:41:b4:86:3e:cb:ae:0a:4e:10:06:c2:e1:f1:54:
                    d8:2e:d7:f8:90:b6:63:67:a8:39:12:48:9a:c1:e0:
                    e9:4d:c6:2f:2a:1d:15:ab:bc:85:56:a8:83:14:ee:
                    ac:38:72:1e:d0:0d:46:5e:80:f7:16:75:c0:e8:14:
                    d9:ec:f0:87:9d:d1:fc:cf:aa:9c:e6:04:4a:df:e2:
                    74:96:71:b4:18:77:bc:62:2f:77:4b:8b:5d:4a:f0:
                    b4:cc:bf:16:b6:f2:a8:7c:73:d7:2f:fc:b3:68:62:
                    37:68:c8:b0:7c:e3:6f:f2:05:d9:49:9e:d9:a7:1e:
                    91:de:00:85:7c:03:36:d7:a6:dd:fb:90:c9:ec:86:
                    a9:01:b2:cf:41:9c:f6:11:60:b7:7b:70:a1:b3:fe:
                    ec:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:54:DA:4D:56:82:BE:23:8C:76:36:73:4B:86:5C:D3:30:70:E0:E3
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/KVTaTVaCviOMdjZzS4Zc0zBw4OM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.42.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:f0:37:a1:77:31:a7:53:77:cb:11:65:18:5d:f1:22:18:bf:
         b1:ab:19:64:b2:40:ce:88:33:d2:0c:ea:1d:da:ca:01:6a:16:
         5b:f1:f7:29:db:61:78:05:06:ac:7a:a9:ef:0e:87:8f:80:bc:
         66:65:87:1b:f0:4f:11:23:66:07:e3:68:50:1f:80:b4:53:cb:
         88:f1:32:85:14:65:1c:0e:d4:69:9d:6c:9e:05:de:41:72:82:
         84:64:81:82:2e:cf:49:b5:62:23:b8:de:68:14:70:94:30:a7:
         1c:49:64:0a:ae:07:53:09:03:1a:36:2c:75:0f:cc:07:b3:19:
         8f:05:03:cf:d2:3a:0c:fd:a0:c1:84:29:41:08:7e:13:0a:6f:
         46:ce:89:be:81:96:11:d7:ac:c7:e8:a1:8a:8d:b0:ab:c1:e0:
         ec:7a:a7:a2:c4:5b:6b:54:a4:c3:0b:57:16:8d:73:a1:f4:90:
         42:14:c9:9a:8f:ee:df:fc:3f:76:42:eb:2f:02:b4:1a:92:66:
         12:b1:f2:a9:3b:bc:f6:14:72:f8:24:39:7e:b9:63:7d:2a:ce:
         cd:9b:0d:c9:22:62:65:f5:08:42:bc:2f:d8:66:9b:1a:a2:84:
         ee:51:b8:46:8c:d5:16:8a:39:3d:4f:c9:6b:ae:c7:01:72:10:
         e3:19:c4:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1x3xt/G6dqFo4c7YOGfkVFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjYwNDA5MTA1MjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTU0ZGE0ZDU2ODJiZTIzOGM3NjM2NzM0Yjg2NWNkMzMwNzBlMGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujrnzgkH/rMQHcgFqxNb8PmaPNWY
AMpPDnwjZhIG1jf1WD988/SPEuOwjywTorUc+9Qwoy9ldnJKkonLP92j5emBX8vd
G4NRl+9evtZ/S10Y+JP8hts4ATiVOSrHytiUDuChTeKlcR8oQbSGPsuuCk4QBsLh
8VTYLtf4kLZjZ6g5EkiaweDpTcYvKh0Vq7yFVqiDFO6sOHIe0A1GXoD3FnXA6BTZ
7PCHndH8z6qc5gRK3+J0lnG0GHe8Yi93S4tdSvC0zL8WtvKofHPXL/yzaGI3aMiw
fONv8gXZSZ7Zpx6R3gCFfAM216bd+5DJ7IapAbLPQZz2EWC3e3Chs/7sqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFClU2k1Wgr4jjHY2c0uGXNMwcODjMB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvS1ZUYVRWYUN2aU9NZGpaelM0WmMwekJ3NE9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyp4MA0G
CSqGSIb3DQEBCwUAA4IBAQC78DehdzGnU3fLEWUYXfEiGL+xqxlkskDOiDPSDOod
2soBahZb8fcp22F4BQaseqnvDoePgLxmZYcb8E8RI2YH42hQH4C0U8uI8TKFFGUc
DtRpnWyeBd5BcoKEZIGCLs9JtWIjuN5oFHCUMKccSWQKrgdTCQMaNix1D8wHsxmP
BQPP0joM/aDBhClBCH4TCm9Gzom+gZYR16zH6KGKjbCrweDseqeixFtrVKTDC1cW
jXOh9JBCFMmaj+7f/D92QusvArQakmYSsfKpO7z2FHL4JDl+uWN9Ks7Nmw3JImJl
9QhCvC/YZpsaooTuUbhGjNUWijk9T8lrrscBchDjGcRQ
-----END CERTIFICATE-----