Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/486c96-8e0f-4161-a00e-b8ea18eb75f4/1/kPRn4IPVWWUv814bPYd5aulY4vs.roa
File:                     kPRn4IPVWWUv814bPYd5aulY4vs.roa (raw, json)
Hash identifier:          pu7rhb9GulQsSqKDEhgigUvr3uxyKt/XFbT+d2vYueU=
Subject key identifier:   90:F4:67:E0:83:D5:59:65:2F:F3:5E:1B:3D:87:79:6A:E9:58:E2:FB
Certificate issuer:       /CN=c6a707934a762bbdf34fc0148f265ce124577213
Certificate serial:       019D830425B3BF07B7D3A2234932E3925561
Authority key identifier: C6:A7:07:93:4A:76:2B:BD:F3:4F:C0:14:8F:26:5C:E1:24:57:72:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xqcHk0p2K73zT8AUjyZc4SRXchM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/486c96-8e0f-4161-a00e-b8ea18eb75f4/1/kPRn4IPVWWUv814bPYd5aulY4vs.roa
Signing time:             Sun 12 Apr 2026 18:46:20 +0000
ROA not before:           Sun 12 Apr 2026 18:46:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     30860
IP address blocks:        5.252.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/486c96-8e0f-4161-a00e-b8ea18eb75f4/1/xqcHk0p2K73zT8AUjyZc4SRXchM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/486c96-8e0f-4161-a00e-b8ea18eb75f4/1/xqcHk0p2K73zT8AUjyZc4SRXchM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xqcHk0p2K73zT8AUjyZc4SRXchM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 21:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:83:04:25:b3:bf:07:b7:d3:a2:23:49:32:e3:92:55:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6a707934a762bbdf34fc0148f265ce124577213
        Validity
            Not Before: Apr 12 18:46:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=90f467e083d559652ff35e1b3d87796ae958e2fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:eb:4c:4c:f8:ff:e8:9d:09:df:de:d6:f3:1b:
                    36:9b:45:d5:a1:0f:b9:bc:59:1b:e9:f6:cc:ce:fc:
                    0f:80:6c:ef:68:de:fa:95:43:18:b4:4a:f5:f1:83:
                    1f:88:f1:fc:87:6c:60:79:9f:f7:2f:e3:1f:ff:dd:
                    6d:3b:41:36:54:06:37:7e:ed:b7:93:33:06:b5:ed:
                    c5:52:f1:a8:48:28:f1:e6:ff:31:58:7e:3a:c2:66:
                    06:07:04:8c:42:83:1f:2e:42:40:76:e8:d8:76:02:
                    77:9e:3d:4e:a3:76:a6:d5:d0:7d:70:0d:4b:cc:e5:
                    a7:aa:0f:72:e0:49:5f:81:eb:4b:0e:95:91:4a:e2:
                    72:7a:06:17:39:d0:c1:c2:79:90:e9:c8:8c:8c:c9:
                    54:2e:31:db:d9:a2:80:43:49:6b:b2:e6:c8:47:5f:
                    7e:2d:e9:d5:39:dd:c5:70:2b:ca:d9:4d:ba:45:94:
                    0a:ee:66:3b:19:00:5a:6e:f8:2a:db:39:6b:54:3a:
                    5d:f5:14:e5:3c:0e:6c:9a:ba:db:03:e9:5f:a8:44:
                    f9:38:0a:f8:85:c1:20:06:0e:59:a4:8b:91:fa:01:
                    5e:cf:44:e9:04:7a:38:e5:83:92:f9:06:e4:61:7c:
                    c0:04:37:a4:d2:e2:f8:66:1c:5b:2a:85:eb:75:60:
                    3b:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:F4:67:E0:83:D5:59:65:2F:F3:5E:1B:3D:87:79:6A:E9:58:E2:FB
            X509v3 Authority Key Identifier:
                keyid:C6:A7:07:93:4A:76:2B:BD:F3:4F:C0:14:8F:26:5C:E1:24:57:72:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xqcHk0p2K73zT8AUjyZc4SRXchM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/486c96-8e0f-4161-a00e-b8ea18eb75f4/1/kPRn4IPVWWUv814bPYd5aulY4vs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/486c96-8e0f-4161-a00e-b8ea18eb75f4/1/xqcHk0p2K73zT8AUjyZc4SRXchM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:57:23:e6:9e:e4:4d:57:0d:93:97:b8:0f:e0:dc:17:58:2c:
         d0:53:58:dd:7f:9d:87:0d:fb:8f:09:55:d3:4d:6d:0e:ea:92:
         e3:4c:3a:d6:42:e9:c9:72:fe:99:3c:13:77:b2:75:a2:f6:f2:
         88:9b:f0:51:27:e8:f2:ad:58:4e:17:3e:c8:3f:d5:07:d5:fa:
         3e:97:52:87:9b:73:0b:1a:51:e3:44:94:ba:df:27:10:d1:99:
         74:3c:7d:2b:4f:50:7a:a2:5b:cd:ef:49:2d:d7:3d:32:f6:34:
         71:d7:63:2e:4a:6c:14:49:75:eb:84:7f:b5:0f:79:ae:00:1f:
         49:d9:86:3b:9e:e9:a3:73:2f:56:d8:6d:af:f6:c7:cb:da:05:
         20:1b:6c:b6:ca:3d:4a:d3:7c:30:69:1a:20:85:58:11:d7:38:
         48:40:7f:02:c1:61:2e:9b:35:f4:71:46:46:81:ab:d1:c6:98:
         55:bd:4c:de:a4:53:8a:f0:9a:0b:65:fd:e5:f0:e0:11:33:fd:
         2e:25:24:06:94:16:8e:3c:2b:2a:77:d2:f4:45:fd:73:92:29:
         c0:1e:18:ed:ec:35:ae:23:fc:5e:1c:2d:8e:53:79:44:dc:74:
         58:71:f6:f7:2d:f2:6b:07:83:83:6c:c7:cd:c4:70:bb:cd:f7:
         42:37:97:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2DBCWzvwe306IjSTLjklVhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2YTcwNzkzNGE3NjJiYmRmMzRmYzAxNDhmMjY1Y2UxMjQ1
NzcyMTMwHhcNMjYwNDEyMTg0NjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGY0NjdlMDgzZDU1OTY1MmZmMzVlMWIzZDg3Nzk2YWU5NThlMmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnutMTPj/6J0J397W8xs2m0XVoQ+5
vFkb6fbMzvwPgGzvaN76lUMYtEr18YMfiPH8h2xgeZ/3L+Mf/91tO0E2VAY3fu23
kzMGte3FUvGoSCjx5v8xWH46wmYGBwSMQoMfLkJAdujYdgJ3nj1Oo3am1dB9cA1L
zOWnqg9y4ElfgetLDpWRSuJyegYXOdDBwnmQ6ciMjMlULjHb2aKAQ0lrsubIR19+
LenVOd3FcCvK2U26RZQK7mY7GQBabvgq2zlrVDpd9RTlPA5smrrbA+lfqET5OAr4
hcEgBg5ZpIuR+gFez0TpBHo45YOS+QbkYXzABDek0uL4ZhxbKoXrdWA73wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJD0Z+CD1VllL/NeGz2HeWrpWOL7MB8GA1UdIwQY
MBaAFManB5NKdiu980/AFI8mXOEkV3ITMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHFjSGswcDJLNzN6VDhBVWp5WmM0U1JYY2hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi80ODZjOTYtOGUwZi00MTYxLWEwMGUt
YjhlYTE4ZWI3NWY0LzEva1BSbjRJUFZXV1V2ODE0YlBZZDVhdWxZNHZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi80ODZjOTYtOGUwZi00MTYxLWEwMGUtYjhlYTE4ZWI3NWY0
LzEveHFjSGswcDJLNzN6VDhBVWp5WmM0U1JYY2hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABfyaMA0G
CSqGSIb3DQEBCwUAA4IBAQAaVyPmnuRNVw2Tl7gP4NwXWCzQU1jdf52HDfuPCVXT
TW0O6pLjTDrWQunJcv6ZPBN3snWi9vKIm/BRJ+jyrVhOFz7IP9UH1fo+l1KHm3ML
GlHjRJS63ycQ0Zl0PH0rT1B6olvN70kt1z0y9jRx12MuSmwUSXXrhH+1D3muAB9J
2YY7numjcy9W2G2v9sfL2gUgG2y2yj1K03wwaRoghVgR1zhIQH8CwWEumzX0cUZG
gavRxphVvUzepFOK8JoLZf3l8OARM/0uJSQGlBaOPCsqd9L0Rf1zkinAHhjt7DWu
I/xeHC2OU3lE3HRYcfb3LfJrB4ODbMfNxHC7zfdCN5f2
-----END CERTIFICATE-----