Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/s-k1ngYmplGksaGOREgN9BJGCxA.roa
File:                     s-k1ngYmplGksaGOREgN9BJGCxA.roa (raw, json)
Hash identifier:          v8451Y1sdgzw7PHEqL54WEL0W6J9fljye8NbjDpHTpI=
Subject key identifier:   B3:E9:35:9E:06:26:A6:51:A4:B1:A1:8E:44:48:0D:F4:12:46:0B:10
Certificate issuer:       /CN=1f1e2eaaef0701595ac2754d0121217e7b91d739
Certificate serial:       019E5DC38AFA70457EAD957D2E7A1BA3B527
Authority key identifier: 1F:1E:2E:AA:EF:07:01:59:5A:C2:75:4D:01:21:21:7E:7B:91:D7:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/s-k1ngYmplGksaGOREgN9BJGCxA.roa
Signing time:             Mon 25 May 2026 06:12:36 +0000
ROA not before:           Mon 25 May 2026 06:12:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        89.18.60.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 00:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5d:c3:8a:fa:70:45:7e:ad:95:7d:2e:7a:1b:a3:b5:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f1e2eaaef0701595ac2754d0121217e7b91d739
        Validity
            Not Before: May 25 06:12:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b3e9359e0626a651a4b1a18e44480df412460b10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:6f:bb:3f:30:13:1d:52:cc:23:d6:6f:e7:94:
                    99:a2:b0:67:e1:55:83:2c:9b:2a:f3:51:4f:ed:31:
                    ba:38:aa:1e:16:55:db:1a:24:c8:f3:93:69:90:20:
                    7d:44:fd:df:34:20:b8:94:65:40:58:53:51:25:58:
                    15:43:98:5c:34:d9:6c:39:25:ed:71:9f:d4:a0:3e:
                    d2:c9:05:83:b1:fc:a7:c9:5b:e9:af:0a:da:fd:38:
                    0d:2e:bc:5c:52:3c:cb:e8:67:2d:31:17:be:36:4d:
                    0e:38:94:1c:b3:28:2f:08:71:fa:05:e1:1a:77:71:
                    a0:f6:c5:8c:0c:50:91:df:ad:d7:d1:28:44:6d:31:
                    17:be:43:d3:f9:59:21:02:30:30:63:42:01:81:30:
                    5a:dc:48:59:98:09:9a:58:47:5c:f7:b3:00:17:c9:
                    66:1d:d5:82:d4:f4:48:b3:9f:c0:78:5c:ee:e3:38:
                    6b:e4:cc:15:31:e7:38:b7:d7:db:c9:9a:38:d2:d9:
                    71:f6:aa:11:f6:e5:69:b1:dd:d2:81:9f:0e:e9:db:
                    d0:f8:96:81:21:77:ad:97:01:53:af:da:66:c1:20:
                    c2:3e:6c:a1:6a:e9:0c:96:46:07:94:5b:9c:bd:ef:
                    6a:4f:c6:4b:e2:ff:7a:86:db:02:4f:51:b4:1f:5e:
                    3a:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:E9:35:9E:06:26:A6:51:A4:B1:A1:8E:44:48:0D:F4:12:46:0B:10
            X509v3 Authority Key Identifier:
                keyid:1F:1E:2E:AA:EF:07:01:59:5A:C2:75:4D:01:21:21:7E:7B:91:D7:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/s-k1ngYmplGksaGOREgN9BJGCxA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.18.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4f:3f:db:fe:00:fd:d0:5d:95:4f:1f:d5:c2:28:93:82:f8:b0:
         06:c6:9c:08:e6:a1:f1:86:08:a7:ea:bc:23:63:2f:4d:3a:5e:
         4f:54:b5:80:5a:1f:ed:60:78:dc:78:4f:69:68:3f:38:0f:77:
         0a:94:84:90:a3:90:98:bc:82:af:3f:7d:f5:dc:66:5f:77:9f:
         58:10:8c:d7:6e:1f:6a:b5:75:7d:b2:65:ba:21:0e:1c:95:fb:
         67:09:bb:62:4f:97:b9:8b:65:19:e7:0c:f2:7b:2c:a5:1b:ce:
         3d:bd:b2:aa:09:d2:87:f4:70:04:c0:c6:26:af:b1:39:8b:fe:
         db:b3:85:39:ce:e0:29:86:cf:0d:fb:f9:b0:de:eb:75:4a:63:
         db:bf:68:e9:d5:10:dc:01:7b:63:c1:ed:b4:2d:10:68:a4:c7:
         7c:be:d4:56:ec:c1:48:4a:dc:be:aa:84:bd:38:b5:a5:82:ae:
         f6:a7:fe:23:47:d7:83:62:df:da:0f:3c:0a:69:b6:fe:19:70:
         0a:74:a6:2b:b4:b5:b5:13:92:d3:d6:60:5a:e4:9b:3b:6d:e0:
         0e:e3:84:71:24:50:c1:5d:7c:42:0c:ac:b9:ed:e9:c1:d8:b8:
         b6:e0:8c:3c:67:1d:1e:d1:7e:3e:22:8b:c0:63:47:b2:36:44:
         10:78:34:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5dw4r6cEV+rZV9Lnobo7UnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmMWUyZWFhZWYwNzAxNTk1YWMyNzU0ZDAxMjEyMTdlN2I5
MWQ3MzkwHhcNMjYwNTI1MDYxMjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2U5MzU5ZTA2MjZhNjUxYTRiMWExOGU0NDQ4MGRmNDEyNDYwYjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsm+7PzATHVLMI9Zv55SZorBn4VWD
LJsq81FP7TG6OKoeFlXbGiTI85NpkCB9RP3fNCC4lGVAWFNRJVgVQ5hcNNlsOSXt
cZ/UoD7SyQWDsfynyVvprwra/TgNLrxcUjzL6GctMRe+Nk0OOJQcsygvCHH6BeEa
d3Gg9sWMDFCR363X0ShEbTEXvkPT+VkhAjAwY0IBgTBa3EhZmAmaWEdc97MAF8lm
HdWC1PRIs5/AeFzu4zhr5MwVMec4t9fbyZo40tlx9qoR9uVpsd3SgZ8O6dvQ+JaB
IXetlwFTr9pmwSDCPmyhaukMlkYHlFucve9qT8ZL4v96htsCT1G0H1469wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLPpNZ4GJqZRpLGhjkRIDfQSRgsQMB8GA1UdIwQY
MBaAFB8eLqrvBwFZWsJ1TQEhIX57kdc5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHg0dXF1OEhBVmxhd25WTkFTRWhmbnVSMXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS80ZDZmZmQtMWZhYy00OTdmLTgxMGMt
MmIzNGI4NDMzYmI1LzEvcy1rMW5nWW1wbEdrc2FHT1JFZ045QkpHQ3hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS80ZDZmZmQtMWZhYy00OTdmLTgxMGMtMmIzNGI4NDMzYmI1
LzEvSHg0dXF1OEhBVmxhd25WTkFTRWhmbnVSMXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWRI8MA0G
CSqGSIb3DQEBCwUAA4IBAQBPP9v+AP3QXZVPH9XCKJOC+LAGxpwI5qHxhgin6rwj
Yy9NOl5PVLWAWh/tYHjceE9paD84D3cKlISQo5CYvIKvP3313GZfd59YEIzXbh9q
tXV9smW6IQ4clftnCbtiT5e5i2UZ5wzyeyylG849vbKqCdKH9HAEwMYmr7E5i/7b
s4U5zuAphs8N+/mw3ut1SmPbv2jp1RDcAXtjwe20LRBopMd8vtRW7MFISty+qoS9
OLWlgq72p/4jR9eDYt/aDzwKabb+GXAKdKYrtLW1E5LT1mBa5Js7beAO44RxJFDB
XXxCDKy57enB2Li24Iw8Zx0e0X4+IovAY0eyNkQQeDRg
-----END CERTIFICATE-----