Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/240c2a-1ebb-4844-8414-6697e40b0903/1/kwWcRmvRx5T1SfJjFcB0B4-fP7I.roa
File:                     kwWcRmvRx5T1SfJjFcB0B4-fP7I.roa (raw, json)
Hash identifier:          OTIeGatbvYqV42xgky/BM9cLbBpLjdn3WCjVIYmAW8s=
Subject key identifier:   93:05:9C:46:6B:D1:C7:94:F5:49:F2:63:15:C0:74:07:8F:9F:3F:B2
Certificate issuer:       /CN=45af3af167c3b759429827d0f0b7860cdf1ccea6
Certificate serial:       019B77588141849DCF63940476F9405089DB
Authority key identifier: 45:AF:3A:F1:67:C3:B7:59:42:98:27:D0:F0:B7:86:0C:DF:1C:CE:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ra868WfDt1lCmCfQ8LeGDN8czqY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/240c2a-1ebb-4844-8414-6697e40b0903/1/kwWcRmvRx5T1SfJjFcB0B4-fP7I.roa
Signing time:             Thu 01 Jan 2026 02:17:27 +0000
ROA not before:           Thu 01 Jan 2026 02:17:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215990
IP address blocks:        2001:678:1194::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/240c2a-1ebb-4844-8414-6697e40b0903/1/Ra868WfDt1lCmCfQ8LeGDN8czqY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/240c2a-1ebb-4844-8414-6697e40b0903/1/Ra868WfDt1lCmCfQ8LeGDN8czqY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ra868WfDt1lCmCfQ8LeGDN8czqY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:81:41:84:9d:cf:63:94:04:76:f9:40:50:89:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45af3af167c3b759429827d0f0b7860cdf1ccea6
        Validity
            Not Before: Jan  1 02:17:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=93059c466bd1c794f549f26315c074078f9f3fb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:29:cf:8a:0d:23:2c:9d:cc:b0:6c:6e:62:43:
                    37:ee:d8:2e:f7:14:9d:8c:f5:7b:d3:88:29:cc:a4:
                    40:70:52:f6:02:13:b2:e7:f8:29:f6:bf:aa:d9:55:
                    49:ef:c4:34:9d:4b:95:33:fa:86:94:77:9e:fe:b0:
                    c8:b7:5d:84:63:fd:6b:39:f2:7f:d4:26:67:23:9e:
                    f9:29:1b:fb:51:a9:2a:3d:29:ba:66:c4:53:09:e1:
                    5a:9c:e1:c3:dc:ee:36:21:06:4b:13:a2:57:19:6c:
                    24:77:a6:e3:2b:93:f3:8c:97:eb:d7:97:93:09:22:
                    e1:be:d0:5e:aa:ff:79:08:81:ee:32:f9:82:49:8a:
                    06:71:ae:aa:a4:e7:0a:80:b9:90:4f:63:9e:b5:cf:
                    a6:84:7f:4f:24:c3:bc:12:46:3f:c2:76:c4:21:13:
                    bf:e0:37:32:ce:23:8a:63:13:27:d8:d4:b1:c5:44:
                    62:c6:8b:6e:29:d6:ff:ed:06:bd:02:23:8a:fd:cb:
                    51:5f:20:99:b5:6f:d9:21:76:10:c7:85:49:de:24:
                    5d:ae:9a:ba:77:71:24:a0:70:9a:ae:3e:23:0e:3b:
                    ad:17:ed:f7:80:da:ed:b3:4c:f4:7f:f1:56:61:a6:
                    c5:30:30:d6:62:88:ab:89:b2:f1:b9:2e:6e:98:5e:
                    75:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:05:9C:46:6B:D1:C7:94:F5:49:F2:63:15:C0:74:07:8F:9F:3F:B2
            X509v3 Authority Key Identifier:
                keyid:45:AF:3A:F1:67:C3:B7:59:42:98:27:D0:F0:B7:86:0C:DF:1C:CE:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ra868WfDt1lCmCfQ8LeGDN8czqY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/240c2a-1ebb-4844-8414-6697e40b0903/1/kwWcRmvRx5T1SfJjFcB0B4-fP7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/240c2a-1ebb-4844-8414-6697e40b0903/1/Ra868WfDt1lCmCfQ8LeGDN8czqY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:1194::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:76:68:48:0e:da:5a:ec:69:77:20:c7:03:12:88:82:e9:43:
         a1:43:b6:5f:84:3b:8a:73:75:51:5a:61:77:53:4e:d5:8f:be:
         14:6c:c5:1f:aa:4a:66:9e:65:8f:a2:1d:c4:4c:91:c5:d6:c0:
         a7:97:b3:b0:cf:4f:fe:0a:17:70:63:f2:c5:1b:85:bd:d1:5c:
         5e:22:e5:72:e7:9b:9b:57:62:e5:5c:e8:31:a9:cb:34:34:d1:
         65:e1:fe:fa:84:da:79:98:1a:13:88:85:a9:ca:5c:da:0c:17:
         cd:4e:f4:7c:36:0b:f1:a8:55:de:ef:e0:b2:0d:5e:5c:46:bb:
         ed:d2:11:02:d0:09:44:81:16:b1:cd:5f:c1:c6:81:45:a3:ea:
         83:e5:b9:e7:3d:cc:eb:b2:94:85:00:22:57:61:99:29:b6:40:
         72:ac:5b:99:bf:d7:1e:72:bf:f4:dc:b5:02:88:c3:77:04:bd:
         9c:cc:6f:fe:1f:bc:fd:b8:7a:1f:ca:96:43:6b:d7:92:e8:3c:
         c8:5f:04:1d:5b:70:d9:aa:60:5c:51:51:fb:80:a9:37:58:04:
         29:cd:7f:20:eb:78:51:90:e9:b6:ff:84:b7:82:24:78:e1:51:
         ce:c9:a2:a8:c6:d5:c4:9a:a0:a8:06:80:27:be:8a:77:8a:1e:
         c3:a8:3a:3d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt3WIFBhJ3PY5QEdvlAUInbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1YWYzYWYxNjdjM2I3NTk0Mjk4MjdkMGYwYjc4NjBjZGYx
Y2NlYTYwHhcNMjYwMTAxMDIxNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzA1OWM0NjZiZDFjNzk0ZjU0OWYyNjMxNWMwNzQwNzhmOWYzZmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCnPig0jLJ3MsGxuYkM37tgu9xSd
jPV704gpzKRAcFL2AhOy5/gp9r+q2VVJ78Q0nUuVM/qGlHee/rDIt12EY/1rOfJ/
1CZnI575KRv7UakqPSm6ZsRTCeFanOHD3O42IQZLE6JXGWwkd6bjK5PzjJfr15eT
CSLhvtBeqv95CIHuMvmCSYoGca6qpOcKgLmQT2Oetc+mhH9PJMO8EkY/wnbEIRO/
4DcyziOKYxMn2NSxxURixotuKdb/7Qa9AiOK/ctRXyCZtW/ZIXYQx4VJ3iRdrpq6
d3EkoHCarj4jDjutF+33gNrts0z0f/FWYabFMDDWYoiribLxuS5umF51HQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJMFnEZr0ceU9UnyYxXAdAePnz+yMB8GA1UdIwQY
MBaAFEWvOvFnw7dZQpgn0PC3hgzfHM6mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmE4NjhXZkR0MWxDbUNmUThMZUdETjhjenFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8yNDBjMmEtMWViYi00ODQ0LTg0MTQt
NjY5N2U0MGIwOTAzLzEva3dXY1JtdlJ4NVQxU2ZKakZjQjBCNC1mUDdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8yNDBjMmEtMWViYi00ODQ0LTg0MTQtNjY5N2U0MGIwOTAz
LzEvUmE4NjhXZkR0MWxDbUNmUThMZUdETjhjenFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBGU
MA0GCSqGSIb3DQEBCwUAA4IBAQADdmhIDtpa7Gl3IMcDEoiC6UOhQ7ZfhDuKc3VR
WmF3U07Vj74UbMUfqkpmnmWPoh3ETJHF1sCnl7Owz0/+ChdwY/LFG4W90VxeIuVy
55ubV2LlXOgxqcs0NNFl4f76hNp5mBoTiIWpylzaDBfNTvR8NgvxqFXe7+CyDV5c
Rrvt0hEC0AlEgRaxzV/BxoFFo+qD5bnnPczrspSFACJXYZkptkByrFuZv9cecr/0
3LUCiMN3BL2czG/+H7z9uHofypZDa9eS6DzIXwQdW3DZqmBcUVH7gKk3WAQpzX8g
63hRkOm2/4S3giR44VHOyaKoxtXEmqCoBoAnvop3ih7DqDo9
-----END CERTIFICATE-----