Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/kq44_YSao4xarZ3UzRbMoXju18M.roa
File:                     kq44_YSao4xarZ3UzRbMoXju18M.roa (raw, json)
Hash identifier:          teErPnk8kDcG/KJgD5tURhtYGclTad72VmuAyvKyV2U=
Subject key identifier:   92:AE:38:FD:84:9A:A3:8C:5A:AD:9D:D4:CD:16:CC:A1:78:EE:D7:C3
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       019EAB313F26BB1B6B686EE6234945F06CC6
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/kq44_YSao4xarZ3UzRbMoXju18M.roa
Signing time:             Tue 09 Jun 2026 07:03:11 +0000
ROA not before:           Tue 09 Jun 2026 07:03:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205007
IP address blocks:        150.251.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 05:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ab:31:3f:26:bb:1b:6b:68:6e:e6:23:49:45:f0:6c:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: Jun  9 07:03:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=92ae38fd849aa38c5aad9dd4cd16cca178eed7c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:5c:ab:46:b0:1d:f3:ce:a9:6c:94:78:b3:2a:
                    3d:b7:f8:f9:45:1e:ff:06:b4:59:f4:83:bc:23:8b:
                    5a:75:af:d6:e3:0a:84:31:c7:ee:59:1a:5f:1e:b3:
                    a5:b5:30:39:53:a5:2e:14:14:19:1c:2f:47:90:17:
                    39:6e:e6:12:7a:17:db:3f:db:de:11:b8:65:6e:6c:
                    d8:da:cf:ea:27:2a:67:c9:56:8d:16:c1:00:70:59:
                    45:29:18:fb:cf:b9:9a:66:fe:cc:43:20:fe:78:d7:
                    cd:7f:06:15:bf:d3:0c:96:69:13:53:c2:6f:52:65:
                    5b:24:04:e6:37:96:47:48:49:0e:e4:f4:c9:f8:99:
                    ff:3d:51:85:16:ee:67:77:ff:75:97:00:30:85:e7:
                    ce:13:9f:87:b2:3d:4e:ef:4e:ab:9b:e4:23:01:da:
                    40:38:a4:de:93:aa:7e:83:fc:77:0f:66:7c:85:1a:
                    8b:5c:ab:5b:74:ae:f8:d5:1d:5d:2b:b3:2a:71:2a:
                    80:7d:36:7d:ac:ad:31:dd:c1:c8:3b:31:35:c9:d5:
                    76:22:72:97:32:96:0d:6e:23:6f:36:f7:c0:b4:b8:
                    e9:df:c0:b3:b8:c4:22:1a:cc:79:66:80:8b:d6:ad:
                    58:4a:ce:bf:0a:30:71:36:7a:0f:50:58:b9:ab:6e:
                    56:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:AE:38:FD:84:9A:A3:8C:5A:AD:9D:D4:CD:16:CC:A1:78:EE:D7:C3
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/kq44_YSao4xarZ3UzRbMoXju18M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.251.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:ea:f2:94:f2:2c:8c:3c:86:1b:13:9d:b0:7c:ff:1e:7c:06:
         63:13:20:ed:aa:eb:4f:7b:0e:a7:30:93:07:4e:c7:0f:4b:91:
         c5:1d:a8:78:e0:d6:f3:ce:fd:2d:7d:8b:93:f9:5c:07:36:64:
         2d:e1:18:9c:48:cc:6c:ca:0a:e0:e6:34:b2:dd:6c:ff:5e:c3:
         9a:fb:70:1e:ad:22:e3:c6:2b:09:6f:a3:52:b0:c6:19:99:76:
         61:d0:ae:19:ff:3f:3e:02:34:a6:a1:8a:3a:f0:0d:c2:1f:0f:
         43:ce:cf:5f:38:ae:0a:e0:12:30:4a:62:18:8b:da:eb:6e:15:
         d9:08:1f:41:4e:1e:f4:00:78:7d:a5:d4:4a:92:80:1a:c4:76:
         b0:eb:48:ba:fe:eb:0a:4d:46:23:56:74:85:60:bd:ad:8d:cf:
         f9:08:52:33:c8:9d:73:19:8d:9f:ea:e0:79:b9:89:78:be:20:
         fd:ea:86:84:29:96:3d:67:c6:fa:c6:d2:75:86:48:d3:1c:ba:
         85:8c:16:27:33:89:5e:4e:c3:7d:99:2f:ed:35:54:5e:23:75:
         95:15:88:85:03:46:56:df:35:b3:dc:ca:7b:52:07:36:78:ed:
         12:06:b0:70:db:d4:3f:84:e4:c4:d6:42:57:41:18:26:88:d9:
         73:ab:a0:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6rMT8muxtraG7mI0lF8GzGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjYwNjA5MDcwMzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmFlMzhmZDg0OWFhMzhjNWFhZDlkZDRjZDE2Y2NhMTc4ZWVkN2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVyrRrAd886pbJR4syo9t/j5RR7/
BrRZ9IO8I4tada/W4wqEMcfuWRpfHrOltTA5U6UuFBQZHC9HkBc5buYSehfbP9ve
EbhlbmzY2s/qJypnyVaNFsEAcFlFKRj7z7maZv7MQyD+eNfNfwYVv9MMlmkTU8Jv
UmVbJATmN5ZHSEkO5PTJ+Jn/PVGFFu5nd/91lwAwhefOE5+Hsj1O706rm+QjAdpA
OKTek6p+g/x3D2Z8hRqLXKtbdK741R1dK7MqcSqAfTZ9rK0x3cHIOzE1ydV2InKX
MpYNbiNvNvfAtLjp38CzuMQiGsx5ZoCL1q1YSs6/CjBxNnoPUFi5q25W8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJKuOP2EmqOMWq2d1M0WzKF47tfDMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEva3E0NF9ZU2FvNHhhclozVXpSYk1vWGp1MThNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlvuJMA0G
CSqGSIb3DQEBCwUAA4IBAQAd6vKU8iyMPIYbE52wfP8efAZjEyDtqutPew6nMJMH
TscPS5HFHah44Nbzzv0tfYuT+VwHNmQt4RicSMxsygrg5jSy3Wz/XsOa+3AerSLj
xisJb6NSsMYZmXZh0K4Z/z8+AjSmoYo68A3CHw9Dzs9fOK4K4BIwSmIYi9rrbhXZ
CB9BTh70AHh9pdRKkoAaxHaw60i6/usKTUYjVnSFYL2tjc/5CFIzyJ1zGY2f6uB5
uYl4viD96oaEKZY9Z8b6xtJ1hkjTHLqFjBYnM4leTsN9mS/tNVReI3WVFYiFA0ZW
3zWz3Mp7Ugc2eO0SBrBw29Q/hOTE1kJXQRgmiNlzq6AT
-----END CERTIFICATE-----