Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/KqVNK6Xme0cPxVeoYA1UU2lxOOY.roa
File:                     KqVNK6Xme0cPxVeoYA1UU2lxOOY.roa (raw, json)
Hash identifier:          MIoOFzwt/V5HT7GZKDIvvv/A7Dp/fZnnW6CGIxr8kmM=
Subject key identifier:   2A:A5:4D:2B:A5:E6:7B:47:0F:C5:57:A8:60:0D:54:53:69:71:38:E6
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019EA95C81BDBFB205A4FD57D13624E74463
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/KqVNK6Xme0cPxVeoYA1UU2lxOOY.roa
Signing time:             Mon 08 Jun 2026 22:31:12 +0000
ROA not before:           Mon 08 Jun 2026 22:31:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     174
IP address blocks:        2.26.188.0/24 maxlen: 24
                          2.26.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a9:5c:81:bd:bf:b2:05:a4:fd:57:d1:36:24:e7:44:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jun  8 22:31:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2aa54d2ba5e67b470fc557a8600d5453697138e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:70:3a:d0:1a:6b:bb:90:bd:e8:fb:55:96:40:
                    d0:27:66:e5:30:d7:cc:b6:e6:f7:51:8b:bd:d4:44:
                    2a:ca:12:58:90:21:07:ec:ea:f4:35:f0:89:ca:b4:
                    09:2c:3e:9c:99:2d:3b:cc:6a:d3:de:31:fc:3a:22:
                    68:62:ce:f5:88:ac:e5:a4:8c:b0:f6:8d:77:1f:86:
                    96:ab:99:a4:13:45:3a:bd:41:b1:c4:41:50:fd:0e:
                    53:a6:47:f5:e7:8c:39:cf:8c:e4:14:c5:e2:84:54:
                    f7:30:c5:c7:75:63:66:7c:72:4d:e1:03:fd:87:6a:
                    1a:4c:b9:00:72:45:6b:0e:3e:a8:bb:81:de:65:8b:
                    93:42:e0:c7:0f:7d:82:9c:dc:9f:e7:82:3d:ff:f5:
                    b2:77:24:0d:32:5a:3b:62:24:7b:9d:ed:8f:a3:d6:
                    6c:9f:ef:26:4f:00:0d:f2:64:41:c2:ef:03:06:7b:
                    54:19:2f:38:ae:cf:d7:a8:8d:2f:c9:c4:c6:a9:88:
                    43:22:bd:e3:12:7a:5f:71:98:dc:12:58:dd:b3:6c:
                    d0:17:5d:eb:22:3f:49:41:09:99:c4:0f:e7:7b:50:
                    64:d6:7e:4e:e8:d0:f8:15:95:fc:15:b4:b4:0d:1f:
                    94:17:be:59:0f:0b:16:ce:95:a1:f1:dd:b5:ec:72:
                    f3:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:A5:4D:2B:A5:E6:7B:47:0F:C5:57:A8:60:0D:54:53:69:71:38:E6
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/KqVNK6Xme0cPxVeoYA1UU2lxOOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.188.0/23

    Signature Algorithm: sha256WithRSAEncryption
         63:67:62:ef:05:0a:e7:d0:23:3d:86:47:84:0c:6a:d4:06:ee:
         c9:f4:88:3b:47:68:f2:0b:ed:c8:26:8a:f8:85:10:e5:eb:9d:
         ae:32:08:88:63:46:47:60:22:f0:7d:fc:38:d2:6c:3b:eb:30:
         74:21:04:e0:69:ae:ef:e2:67:16:d1:9b:46:50:02:67:48:f2:
         93:8f:57:fb:aa:6d:c9:82:0f:02:f1:6a:89:d0:3a:aa:45:06:
         e1:50:5f:7a:60:b9:2e:6a:4c:6b:0c:30:97:d3:1d:b3:c1:9c:
         9e:85:e6:49:e4:64:c8:80:39:f7:46:ef:c5:c3:dd:31:6d:13:
         9c:de:8d:5a:43:9d:b6:13:ee:26:3b:24:45:ef:22:78:53:68:
         55:56:33:e4:3a:7e:0c:3f:d2:96:b3:b1:d1:9b:4b:35:7c:f5:
         9d:46:66:54:7f:58:3f:77:c4:4f:58:08:9f:80:7e:26:3f:83:
         f2:ca:d7:5b:d9:60:3b:64:95:a2:7f:85:4e:47:af:8d:60:a0:
         3d:09:17:9e:0c:16:db:a0:33:e2:36:89:9f:e7:80:c4:c6:ba:
         76:85:c4:93:0e:fc:5a:4a:f4:06:8c:98:00:8c:a5:78:91:81:
         5f:48:be:3d:6a:4e:d6:23:48:31:5c:e7:d8:dd:da:7b:b8:e3:
         2d:47:9e:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6pXIG9v7IFpP1X0TYk50RjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNjA4MjIzMTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWE1NGQyYmE1ZTY3YjQ3MGZjNTU3YTg2MDBkNTQ1MzY5NzEzOGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHA60Bpru5C96PtVlkDQJ2blMNfM
tub3UYu91EQqyhJYkCEH7Or0NfCJyrQJLD6cmS07zGrT3jH8OiJoYs71iKzlpIyw
9o13H4aWq5mkE0U6vUGxxEFQ/Q5Tpkf154w5z4zkFMXihFT3MMXHdWNmfHJN4QP9
h2oaTLkAckVrDj6ou4HeZYuTQuDHD32CnNyf54I9//WydyQNMlo7YiR7ne2Po9Zs
n+8mTwAN8mRBwu8DBntUGS84rs/XqI0vycTGqYhDIr3jEnpfcZjcEljds2zQF13r
Ij9JQQmZxA/ne1Bk1n5O6ND4FZX8FbS0DR+UF75ZDwsWzpWh8d217HLz+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCqlTSul5ntHD8VXqGANVFNpcTjmMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvS3FWTks2WG1lMGNQeFZlb1lBMVVVMmx4T09ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBAhq8MA0G
CSqGSIb3DQEBCwUAA4IBAQBjZ2LvBQrn0CM9hkeEDGrUBu7J9Ig7R2jyC+3IJor4
hRDl652uMgiIY0ZHYCLwffw40mw76zB0IQTgaa7v4mcW0ZtGUAJnSPKTj1f7qm3J
gg8C8WqJ0DqqRQbhUF96YLkuakxrDDCX0x2zwZyeheZJ5GTIgDn3Ru/Fw90xbROc
3o1aQ522E+4mOyRF7yJ4U2hVVjPkOn4MP9KWs7HRm0s1fPWdRmZUf1g/d8RPWAif
gH4mP4Pyytdb2WA7ZJWif4VOR6+NYKA9CReeDBbboDPiNomf54DExrp2hcSTDvxa
SvQGjJgAjKV4kYFfSL49ak7WI0gxXOfY3dp7uOMtR56+
-----END CERTIFICATE-----