Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/KbgHbTZeSb8nQoKqbIKdjKhyfbc.roa
File:                     KbgHbTZeSb8nQoKqbIKdjKhyfbc.roa (raw, json)
Hash identifier:          9ezdLN/yHLP+5oUDn1zF586wXGrVPN/X0BUws1srKrM=
Subject key identifier:   29:B8:07:6D:36:5E:49:BF:27:42:82:AA:6C:82:9D:8C:A8:72:7D:B7
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       019A34569F8563B121F134183FD1535B3DBC
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/KbgHbTZeSb8nQoKqbIKdjKhyfbc.roa
Signing time:             Thu 30 Oct 2025 08:58:03 +0000
ROA not before:           Thu 30 Oct 2025 08:58:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     153589
IP address blocks:        192.71.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 13:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:34:56:9f:85:63:b1:21:f1:34:18:3f:d1:53:5b:3d:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Oct 30 08:58:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29b8076d365e49bf274282aa6c829d8ca8727db7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:3b:80:98:ac:0f:4f:39:8a:22:ca:e2:83:f1:
                    5b:3c:47:d2:7b:54:47:b8:51:3f:ef:13:5e:e1:3c:
                    73:c0:f5:a3:39:88:c7:1b:1b:74:1d:2a:5a:2d:b7:
                    0e:3f:75:bf:66:b1:41:ab:96:d1:0f:8e:d8:d5:3b:
                    11:f5:76:22:6c:ed:92:c0:44:51:ec:bb:bc:bd:83:
                    9d:df:3e:ed:67:74:00:38:1e:00:62:72:f7:f9:17:
                    c0:7a:6d:21:c4:2a:dd:10:52:97:ff:fc:42:30:f3:
                    5c:4c:a0:ef:17:3c:fa:d2:c7:63:20:9f:cd:1b:1f:
                    26:bf:c8:60:ab:f9:e4:8b:2b:42:27:35:aa:4f:15:
                    46:98:dc:97:f9:4f:20:d9:ff:61:a1:54:77:33:68:
                    cf:b5:87:a9:d9:6d:5a:db:15:4a:b9:c5:74:36:8b:
                    08:df:b0:5d:f6:1f:64:e9:77:ce:3d:1c:c2:54:59:
                    3a:47:68:52:a3:d7:3d:13:d9:1d:12:08:f1:0a:2f:
                    b0:33:ea:a9:ee:73:8e:f0:07:9c:25:a3:6b:b2:de:
                    f6:80:56:18:c0:81:ce:94:1f:62:94:d6:46:14:91:
                    99:fa:8a:ec:cf:46:80:4c:3a:f8:82:d8:17:29:b0:
                    4c:f5:b1:d7:41:55:dd:44:6d:75:dd:74:af:1c:d5:
                    0a:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:B8:07:6D:36:5E:49:BF:27:42:82:AA:6C:82:9D:8C:A8:72:7D:B7
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/KbgHbTZeSb8nQoKqbIKdjKhyfbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.71.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:b7:a2:da:75:ae:da:45:89:f3:9e:3f:e8:f1:33:6c:96:b1:
         98:37:2d:1a:70:40:f2:61:14:16:92:eb:fc:db:09:54:18:f9:
         8d:9f:16:f4:41:a7:30:55:bb:e0:2f:a7:34:72:a2:24:3d:82:
         aa:45:d6:01:2d:75:6d:bd:38:aa:02:51:a7:51:34:c8:c4:c7:
         8e:c6:8d:99:52:3a:6a:68:95:f6:60:06:f8:34:7a:fc:66:af:
         fc:e1:a9:d5:f6:6f:d7:f8:46:1f:50:db:eb:56:1c:ad:32:45:
         c7:ce:5a:23:4d:3e:03:80:e2:bd:0f:d6:37:9a:9d:15:24:6b:
         29:39:6c:ab:4b:c5:e6:3d:12:c4:53:30:c3:f4:a7:c0:c1:98:
         a0:7c:e1:91:17:f9:1a:3e:bf:53:08:d0:39:ad:32:0a:7a:e0:
         9c:04:87:f7:63:1c:8d:08:cd:78:08:fb:79:52:14:a8:79:2c:
         1b:2c:68:10:84:35:03:ac:50:e7:33:d9:49:03:69:72:bd:7d:
         67:9b:ba:13:10:4c:0a:2a:0f:76:97:ed:61:1b:f0:36:e6:6b:
         e8:dd:4a:e3:b6:7b:e6:50:59:f9:1c:47:23:27:cf:06:87:96:
         cd:39:ca:56:ea:d5:28:07:6b:d4:6e:46:d6:b6:70:eb:d3:d9:
         2e:98:ca:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZo0Vp+FY7Eh8TQYP9FTWz28MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUxMDMwMDg1ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWI4MDc2ZDM2NWU0OWJmMjc0MjgyYWE2YzgyOWQ4Y2E4NzI3ZGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTuAmKwPTzmKIsrig/FbPEfSe1RH
uFE/7xNe4TxzwPWjOYjHGxt0HSpaLbcOP3W/ZrFBq5bRD47Y1TsR9XYibO2SwERR
7Lu8vYOd3z7tZ3QAOB4AYnL3+RfAem0hxCrdEFKX//xCMPNcTKDvFzz60sdjIJ/N
Gx8mv8hgq/nkiytCJzWqTxVGmNyX+U8g2f9hoVR3M2jPtYep2W1a2xVKucV0NosI
37Bd9h9k6XfOPRzCVFk6R2hSo9c9E9kdEgjxCi+wM+qp7nOO8AecJaNrst72gFYY
wIHOlB9ilNZGFJGZ+orsz0aATDr4gtgXKbBM9bHXQVXdRG113XSvHNUKywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCm4B202Xkm/J0KCqmyCnYyocn23MB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvS2JnSGJUWmVTYjhuUW9LcWJJS2RqS2h5ZmJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwEehMA0G
CSqGSIb3DQEBCwUAA4IBAQCtt6Lada7aRYnznj/o8TNslrGYNy0acEDyYRQWkuv8
2wlUGPmNnxb0QacwVbvgL6c0cqIkPYKqRdYBLXVtvTiqAlGnUTTIxMeOxo2ZUjpq
aJX2YAb4NHr8Zq/84anV9m/X+EYfUNvrVhytMkXHzlojTT4DgOK9D9Y3mp0VJGsp
OWyrS8XmPRLEUzDD9KfAwZigfOGRF/kaPr9TCNA5rTIKeuCcBIf3YxyNCM14CPt5
UhSoeSwbLGgQhDUDrFDnM9lJA2lyvX1nm7oTEEwKKg92l+1hG/A25mvo3Urjtnvm
UFn5HEcjJ88Gh5bNOcpW6tUoB2vUbkbWtnDr09kumMra
-----END CERTIFICATE-----