Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/a_KDbooKgX9EfPLLdcA4IpITipg.roa
File:                     a_KDbooKgX9EfPLLdcA4IpITipg.roa (raw, json)
Hash identifier:          RCQVZiZYnKBpMqhDAPS0QIUF6mLMkG55kiDCTl986CU=
Subject key identifier:   6B:F2:83:6E:8A:0A:81:7F:44:7C:F2:CB:75:C0:38:22:92:13:8A:98
Certificate issuer:       /CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
Certificate serial:       019D8BAF6330245EC5CBB1E0BAA945D9BBD1
Authority key identifier: D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/a_KDbooKgX9EfPLLdcA4IpITipg.roa
Signing time:             Tue 14 Apr 2026 11:10:20 +0000
ROA not before:           Tue 14 Apr 2026 11:10:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214026
IP address blocks:        85.149.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8b:af:63:30:24:5e:c5:cb:b1:e0:ba:a9:45:d9:bb:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
        Validity
            Not Before: Apr 14 11:10:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6bf2836e8a0a817f447cf2cb75c0382292138a98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:a4:12:49:a5:2f:63:98:3d:ea:5d:77:22:44:
                    af:07:69:6c:11:4c:6c:f8:43:52:17:b7:45:dd:76:
                    10:87:2f:18:40:ee:f7:13:98:3d:4b:13:3c:0b:35:
                    54:42:47:69:33:68:8f:dd:8e:dd:ee:c0:53:34:48:
                    8f:e9:3c:fd:46:3f:ce:cb:2e:39:66:eb:09:7a:aa:
                    c3:92:6a:c9:10:44:41:b2:37:d9:e1:3f:21:b2:e1:
                    f9:80:47:4b:85:97:b3:98:03:68:d5:d4:ea:34:8e:
                    ea:71:0e:cf:e9:48:4e:6c:9f:64:56:25:59:29:af:
                    e6:04:ba:29:d4:82:d9:0a:5d:da:b6:b0:72:2f:6f:
                    92:71:76:02:14:35:9d:b6:e9:3f:23:34:2f:cb:de:
                    b8:50:37:08:9e:61:3c:b9:cf:63:fd:1b:e1:fc:9b:
                    41:4f:9f:55:6b:30:59:3d:e4:ba:8c:73:ad:40:e7:
                    94:f1:5f:cd:5c:bf:f8:c8:eb:f0:2d:54:88:4a:f1:
                    a0:79:8d:90:80:fd:c7:ba:53:44:a7:3d:25:dc:92:
                    13:ec:9f:9d:47:80:b2:2c:79:ec:be:f5:d8:66:62:
                    35:4a:08:5a:67:8d:58:ca:5e:e2:67:4a:b8:fc:b5:
                    f6:4a:68:18:32:81:ca:35:e9:cf:a1:0e:69:78:c6:
                    6a:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:F2:83:6E:8A:0A:81:7F:44:7C:F2:CB:75:C0:38:22:92:13:8A:98
            X509v3 Authority Key Identifier:
                keyid:D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/a_KDbooKgX9EfPLLdcA4IpITipg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.149.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:b8:49:c1:4f:63:c7:8f:94:87:7a:d9:35:0f:4c:f9:48:c2:
         fc:fb:5a:26:f3:66:21:dc:6a:d9:e9:3b:79:74:b8:0b:87:23:
         09:3d:0a:d4:ed:b6:a8:30:20:72:b7:9d:0c:ed:3b:6c:e1:92:
         4d:a6:f9:99:89:f2:a9:bf:d1:36:3f:57:25:0f:eb:e4:6f:90:
         dc:be:1a:0d:e6:d0:2a:ca:34:c8:18:f8:39:f9:e7:19:77:82:
         bd:02:b1:d8:46:b3:6d:28:6b:5b:11:6a:c9:61:a5:a7:69:18:
         7d:25:6f:9d:ba:a7:61:7a:d0:d1:c2:96:13:3c:d1:7a:a9:0f:
         e1:e5:c4:18:e7:cb:91:f9:47:0c:1c:b7:c3:fc:93:25:a0:44:
         42:85:35:dd:a8:9a:fd:63:a5:23:4b:fa:e6:19:46:f9:12:7c:
         cc:10:cc:92:2f:82:9e:41:ad:ce:43:5a:f0:29:5f:39:bf:e0:
         8d:7f:ab:68:d0:04:a0:c7:a5:e2:2e:de:13:0a:9b:4f:a6:3e:
         7e:35:53:25:d6:8c:0b:e9:7d:01:17:55:45:5b:5f:01:bc:0c:
         06:34:c7:37:99:cf:4c:ed:55:94:9e:a1:f3:ea:ca:44:84:3c:
         51:f0:2a:5c:4a:08:32:6f:7e:2b:bf:14:65:b7:79:81:6b:92:
         3d:66:71:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2Lr2MwJF7Fy7HguqlF2bvRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDNjYTJjMjMxYWZkZjNiMDM1NWM3N2E3Y2JiMjI2Zjgx
Yjc0ZGUwHhcNMjYwNDE0MTExMDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmYyODM2ZThhMGE4MTdmNDQ3Y2YyY2I3NWMwMzgyMjkyMTM4YTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqQSSaUvY5g96l13IkSvB2lsEUxs
+ENSF7dF3XYQhy8YQO73E5g9SxM8CzVUQkdpM2iP3Y7d7sBTNEiP6Tz9Rj/Oyy45
ZusJeqrDkmrJEERBsjfZ4T8hsuH5gEdLhZezmANo1dTqNI7qcQ7P6UhObJ9kViVZ
Ka/mBLop1ILZCl3atrByL2+ScXYCFDWdtuk/IzQvy964UDcInmE8uc9j/Rvh/JtB
T59VazBZPeS6jHOtQOeU8V/NXL/4yOvwLVSISvGgeY2QgP3HulNEpz0l3JIT7J+d
R4CyLHnsvvXYZmI1SghaZ41Yyl7iZ0q4/LX2SmgYMoHKNenPoQ5peMZqwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGvyg26KCoF/RHzyy3XAOCKSE4qYMB8GA1UdIwQY
MBaAFNjTyiwjGv3zsDVcd6fLsib4G3TeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTkt
OTkxMjhiZjZhODQxLzEvYV9LRGJvb0tnWDlFZlBMTGRjQTRJcElUaXBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTktOTkxMjhiZjZhODQx
LzEvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVZXbMA0G
CSqGSIb3DQEBCwUAA4IBAQB6uEnBT2PHj5SHetk1D0z5SML8+1om82Yh3GrZ6Tt5
dLgLhyMJPQrU7baoMCByt50M7Tts4ZJNpvmZifKpv9E2P1clD+vkb5DcvhoN5tAq
yjTIGPg5+ecZd4K9ArHYRrNtKGtbEWrJYaWnaRh9JW+duqdhetDRwpYTPNF6qQ/h
5cQY58uR+UcMHLfD/JMloERChTXdqJr9Y6UjS/rmGUb5EnzMEMySL4KeQa3OQ1rw
KV85v+CNf6to0ASgx6XiLt4TCptPpj5+NVMl1owL6X0BF1VFW18BvAwGNMc3mc9M
7VWUnqHz6spEhDxR8CpcSggyb34rvxRlt3mBa5I9ZnFQ
-----END CERTIFICATE-----