Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/KluRcqzajt5NKKtsXPOxDda7akI.roa
File:                     KluRcqzajt5NKKtsXPOxDda7akI.roa (raw, json)
Hash identifier:          zGTQ13vN7lvbq3YvrqjjFmI7sRLKlEZTIN2XpYjnbW4=
Subject key identifier:   2A:5B:91:72:AC:DA:8E:DE:4D:28:AB:6C:5C:F3:B1:0D:D6:BB:6A:42
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       019EA1B84B6EA8C5B278DCE5C8AAC3FADC63
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/KluRcqzajt5NKKtsXPOxDda7akI.roa
Signing time:             Sun 07 Jun 2026 10:54:30 +0000
ROA not before:           Sun 07 Jun 2026 10:54:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48539
IP address blocks:        89.28.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a1:b8:4b:6e:a8:c5:b2:78:dc:e5:c8:aa:c3:fa:dc:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Jun  7 10:54:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2a5b9172acda8ede4d28ab6c5cf3b10dd6bb6a42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:eb:f6:b2:82:0f:7a:eb:d8:e1:0b:eb:36:fe:
                    08:d7:fc:26:34:89:27:7b:c9:c4:b7:cd:42:43:89:
                    eb:33:1a:d2:e5:c4:02:20:23:f0:e8:66:a6:7c:e4:
                    c6:3d:fe:82:19:79:24:2f:f7:b6:de:d3:70:7c:c6:
                    80:99:f0:7e:28:6b:7c:2e:22:bf:72:bf:19:23:d7:
                    d0:69:22:32:42:04:d1:d4:15:8a:ad:01:63:d5:49:
                    01:c7:64:b3:d2:7b:91:58:19:cb:76:66:1c:37:f3:
                    cd:af:aa:0a:38:6f:94:f0:de:a9:9a:49:b0:6d:4d:
                    1d:2d:b5:67:84:e8:98:7c:92:a6:1d:ed:18:73:1a:
                    45:89:01:e0:90:2b:d3:fd:9e:ff:dd:94:24:91:f8:
                    51:a0:a0:b3:cb:34:29:57:ce:82:fe:d9:28:78:b6:
                    92:4c:d0:67:73:4e:09:4a:3f:7b:b4:bc:10:68:8d:
                    45:78:10:0b:31:ba:69:9f:79:ba:83:36:80:16:9b:
                    de:e3:fb:c9:98:41:25:45:b5:21:2e:9d:62:61:c6:
                    8e:40:ed:f6:ec:94:26:7a:07:2a:90:c0:d2:49:38:
                    9c:d0:93:e7:5e:28:fa:2b:37:95:35:d8:91:e2:82:
                    e8:cf:fc:89:2a:01:d7:b4:7e:33:1a:e0:6c:e6:5f:
                    e7:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:5B:91:72:AC:DA:8E:DE:4D:28:AB:6C:5C:F3:B1:0D:D6:BB:6A:42
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/KluRcqzajt5NKKtsXPOxDda7akI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.28.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:4d:10:d4:04:05:49:32:af:c2:81:51:29:ab:ca:63:88:e5:
         dc:91:e0:06:95:d3:c5:19:69:02:61:df:e7:11:a2:8f:90:f9:
         d5:f7:3c:7a:2b:c7:19:89:10:b7:57:32:99:8a:61:73:11:6d:
         56:67:91:f4:e5:eb:5f:f9:d2:3d:12:42:ad:25:64:0b:7a:25:
         5b:09:9f:b6:f7:aa:78:c0:8d:68:a7:33:92:b1:0b:6a:a8:72:
         4b:05:1b:55:e2:da:70:ca:c7:c1:b6:9c:9f:fb:8a:dd:62:97:
         4c:73:b9:14:ef:72:00:52:8e:f4:89:ab:47:b4:6d:bd:96:fa:
         cc:ce:4f:ba:b3:29:ac:af:78:16:2c:6a:1a:1a:f1:bb:b2:ac:
         1e:ba:1a:57:ae:25:37:44:d8:ed:f8:bb:e5:02:a0:73:18:a3:
         f0:6c:f3:ca:c5:2b:fe:9a:02:84:a2:94:ff:1b:52:a8:73:eb:
         38:bb:dc:aa:f2:3f:9e:71:1d:e1:ef:57:70:61:d8:44:f4:75:
         66:05:db:59:3e:ff:62:89:80:1e:76:70:07:5f:b1:63:7c:e5:
         63:84:56:0b:08:31:ef:a3:86:b7:d3:f7:77:b7:11:c0:2c:c2:
         e4:3c:1a:44:96:c9:0b:70:5a:66:a1:bc:22:a1:a4:41:39:88:
         43:a3:59:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6huEtuqMWyeNzlyKrD+txjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjYwNjA3MTA1NDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTViOTE3MmFjZGE4ZWRlNGQyOGFiNmM1Y2YzYjEwZGQ2YmI2YTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuv2soIPeuvY4QvrNv4I1/wmNIkn
e8nEt81CQ4nrMxrS5cQCICPw6GamfOTGPf6CGXkkL/e23tNwfMaAmfB+KGt8LiK/
cr8ZI9fQaSIyQgTR1BWKrQFj1UkBx2Sz0nuRWBnLdmYcN/PNr6oKOG+U8N6pmkmw
bU0dLbVnhOiYfJKmHe0YcxpFiQHgkCvT/Z7/3ZQkkfhRoKCzyzQpV86C/tkoeLaS
TNBnc04JSj97tLwQaI1FeBALMbppn3m6gzaAFpve4/vJmEElRbUhLp1iYcaOQO32
7JQmegcqkMDSSTic0JPnXij6KzeVNdiR4oLoz/yJKgHXtH4zGuBs5l/n6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCpbkXKs2o7eTSirbFzzsQ3Wu2pCMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvS2x1UmNxemFqdDVOS0t0c1hQT3hEZGE3YWtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRzPMA0G
CSqGSIb3DQEBCwUAA4IBAQAMTRDUBAVJMq/CgVEpq8pjiOXckeAGldPFGWkCYd/n
EaKPkPnV9zx6K8cZiRC3VzKZimFzEW1WZ5H05etf+dI9EkKtJWQLeiVbCZ+296p4
wI1opzOSsQtqqHJLBRtV4tpwysfBtpyf+4rdYpdMc7kU73IAUo70iatHtG29lvrM
zk+6symsr3gWLGoaGvG7sqweuhpXriU3RNjt+LvlAqBzGKPwbPPKxSv+mgKEopT/
G1Koc+s4u9yq8j+ecR3h71dwYdhE9HVmBdtZPv9iiYAednAHX7FjfOVjhFYLCDHv
o4a30/d3txHALMLkPBpElskLcFpmobwioaRBOYhDo1l1
-----END CERTIFICATE-----