Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/Ksd3OiB_AIxcmUtGOKUPQuXbBbs.roa
File:                     Ksd3OiB_AIxcmUtGOKUPQuXbBbs.roa (raw, json)
Hash identifier:          mbt2rFbow8jwUY5FOtfvQrtCibBO+H5M+VNJrWE5hUY=
Subject key identifier:   2A:C7:77:3A:20:7F:00:8C:5C:99:4B:46:38:A5:0F:42:E5:DB:05:BB
Certificate issuer:       /CN=a849204ca4f0eb4e56e08e099fe3785ce06ffeaa
Certificate serial:       019B7758CC088E1BCBDFBFA825763A8021CA
Authority key identifier: A8:49:20:4C:A4:F0:EB:4E:56:E0:8E:09:9F:E3:78:5C:E0:6F:FE:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qEkgTKTw605W4I4Jn-N4XOBv_qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/Ksd3OiB_AIxcmUtGOKUPQuXbBbs.roa
Signing time:             Thu 01 Jan 2026 02:17:46 +0000
ROA not before:           Thu 01 Jan 2026 02:17:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212988
IP address blocks:        185.232.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/qEkgTKTw605W4I4Jn-N4XOBv_qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/qEkgTKTw605W4I4Jn-N4XOBv_qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qEkgTKTw605W4I4Jn-N4XOBv_qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:cc:08:8e:1b:cb:df:bf:a8:25:76:3a:80:21:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a849204ca4f0eb4e56e08e099fe3785ce06ffeaa
        Validity
            Not Before: Jan  1 02:17:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2ac7773a207f008c5c994b4638a50f42e5db05bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:e3:1d:4f:d8:3f:b2:c4:df:d6:26:a0:ac:31:
                    ea:74:f3:26:dc:2e:65:4a:23:20:7f:31:f9:7d:8e:
                    7f:e1:2b:3c:ac:cd:ab:c6:9a:ff:93:87:ff:51:ea:
                    66:c6:55:5b:b9:ff:8c:83:a6:3d:56:c3:30:d9:af:
                    29:09:dc:34:92:b9:29:1e:0d:9a:3d:03:2e:77:bb:
                    29:de:e6:b2:6f:a6:d8:4e:3c:7b:33:ab:fa:e2:59:
                    1f:33:86:ab:b3:b0:07:d6:ac:c8:8e:b6:8e:8a:4d:
                    25:6d:3b:bc:4b:ed:05:c1:c5:27:3d:1f:67:6f:95:
                    40:e2:97:65:b8:4a:9c:f7:55:6f:da:9f:cf:a8:96:
                    8c:c5:2c:6a:a5:88:07:1d:d4:62:d9:73:f2:63:36:
                    8a:f4:6f:34:7d:24:75:92:15:11:48:06:e1:6f:3d:
                    a6:f2:40:b4:d0:cd:e9:30:97:a7:f1:53:ab:7a:87:
                    11:e3:6a:dd:ed:45:f7:be:86:3f:70:99:92:2e:47:
                    a0:23:88:c8:d9:ed:8d:32:c8:fa:d0:9b:7e:7e:ba:
                    c0:da:d4:3d:26:ce:36:26:5d:12:36:72:28:6a:34:
                    46:5a:6d:f5:d7:b6:19:cd:41:47:c8:62:0b:4a:4d:
                    b7:e3:66:44:36:5b:63:83:5d:1b:7d:65:4c:83:43:
                    46:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:C7:77:3A:20:7F:00:8C:5C:99:4B:46:38:A5:0F:42:E5:DB:05:BB
            X509v3 Authority Key Identifier:
                keyid:A8:49:20:4C:A4:F0:EB:4E:56:E0:8E:09:9F:E3:78:5C:E0:6F:FE:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qEkgTKTw605W4I4Jn-N4XOBv_qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/Ksd3OiB_AIxcmUtGOKUPQuXbBbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/qEkgTKTw605W4I4Jn-N4XOBv_qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:37:4c:32:e4:92:26:75:8c:4e:a1:2c:c5:66:e6:d2:bd:e1:
         b0:59:50:6e:77:17:13:ca:bd:3d:ac:bb:d6:3a:de:35:cf:2f:
         0e:c0:3c:1e:52:2a:b7:7c:75:7e:b4:df:b8:7b:4a:cf:6f:f0:
         d2:fb:8d:af:cd:e8:fc:69:c3:b3:15:47:4c:56:87:e2:f2:cd:
         4a:94:e2:40:bc:01:dd:ae:4b:ba:21:72:36:2d:19:dc:85:48:
         c3:13:35:62:b4:66:bf:70:c9:1d:e8:0f:49:8f:24:16:21:3e:
         0f:27:a4:d8:cd:55:02:97:e7:69:16:9a:f2:6c:48:27:f7:55:
         30:6e:3b:11:cc:f2:36:b7:07:3c:d0:c8:ec:a9:c0:75:54:db:
         48:53:f3:4f:36:2b:4e:e9:08:3f:7b:54:6c:4e:42:5f:f8:29:
         64:09:4d:e4:05:59:46:47:94:76:37:a1:af:a7:12:02:30:52:
         60:a6:67:98:15:d7:7c:c8:60:d8:48:6a:3a:5b:cb:6a:c0:70:
         67:1f:34:e2:16:17:30:6b:cb:2e:09:25:1e:84:75:8d:0b:c1:
         de:e4:df:d6:7d:ee:18:90:d7:de:7b:3d:56:ee:7a:07:e5:ff:
         f7:15:44:d0:d8:44:15:6f:8d:c9:6a:eb:b5:0b:5c:0c:b9:2d:
         47:d9:ae:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WMwIjhvL37+oJXY6gCHKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NDkyMDRjYTRmMGViNGU1NmUwOGUwOTlmZTM3ODVjZTA2
ZmZlYWEwHhcNMjYwMTAxMDIxNzQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWM3NzczYTIwN2YwMDhjNWM5OTRiNDYzOGE1MGY0MmU1ZGIwNWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2eMdT9g/ssTf1iagrDHqdPMm3C5l
SiMgfzH5fY5/4Ss8rM2rxpr/k4f/UepmxlVbuf+Mg6Y9VsMw2a8pCdw0krkpHg2a
PQMud7sp3uayb6bYTjx7M6v64lkfM4ars7AH1qzIjraOik0lbTu8S+0FwcUnPR9n
b5VA4pdluEqc91Vv2p/PqJaMxSxqpYgHHdRi2XPyYzaK9G80fSR1khURSAbhbz2m
8kC00M3pMJen8VOreocR42rd7UX3voY/cJmSLkegI4jI2e2NMsj60Jt+frrA2tQ9
Js42Jl0SNnIoajRGWm3117YZzUFHyGILSk2342ZENltjg10bfWVMg0NGdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCrHdzogfwCMXJlLRjilD0Ll2wW7MB8GA1UdIwQY
MBaAFKhJIEyk8OtOVuCOCZ/jeFzgb/6qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUVrZ1RLVHc2MDVXNEk0Sm4tTjRYT0J2X3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi80NWIyM2YtMzAyYi00MWYyLTk0OTYt
OWNjYmIwODQyOGZhLzEvS3NkM09pQl9BSXhjbVV0R09LVVBRdVhiQmJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi80NWIyM2YtMzAyYi00MWYyLTk0OTYtOWNjYmIwODQyOGZh
LzEvcUVrZ1RLVHc2MDVXNEk0Sm4tTjRYT0J2X3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueiFMA0G
CSqGSIb3DQEBCwUAA4IBAQAvN0wy5JImdYxOoSzFZubSveGwWVBudxcTyr09rLvW
Ot41zy8OwDweUiq3fHV+tN+4e0rPb/DS+42vzej8acOzFUdMVofi8s1KlOJAvAHd
rku6IXI2LRnchUjDEzVitGa/cMkd6A9JjyQWIT4PJ6TYzVUCl+dpFprybEgn91Uw
bjsRzPI2twc80MjsqcB1VNtIU/NPNitO6Qg/e1RsTkJf+ClkCU3kBVlGR5R2N6Gv
pxICMFJgpmeYFdd8yGDYSGo6W8tqwHBnHzTiFhcwa8suCSUehHWNC8He5N/Wfe4Y
kNfeez1W7noH5f/3FUTQ2EQVb43Jauu1C1wMuS1H2a7X
-----END CERTIFICATE-----