Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/43d7fb-4c9b-4263-be15-988ee7fe70a9/1/KC3pwRJlxssQCjrX0g5HrbfU1EI.roa
File:                     KC3pwRJlxssQCjrX0g5HrbfU1EI.roa (raw, json)
Hash identifier:          si4EVd8souGe3WH04N57kO7Q5aV9/qU7ZKR+lctmJH4=
Subject key identifier:   28:2D:E9:C1:12:65:C6:CB:10:0A:3A:D7:D2:0E:47:AD:B7:D4:D4:42
Certificate issuer:       /CN=2a03fcc0403cc140ac17cc94abf64ba71954e7fc
Certificate serial:       019B7A5B7B9B66F8D5388DE86B4D10FC1BE7
Authority key identifier: 2A:03:FC:C0:40:3C:C1:40:AC:17:CC:94:AB:F6:4B:A7:19:54:E7:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KgP8wEA8wUCsF8yUq_ZLpxlU5_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/43d7fb-4c9b-4263-be15-988ee7fe70a9/1/KC3pwRJlxssQCjrX0g5HrbfU1EI.roa
Signing time:             Thu 01 Jan 2026 16:19:34 +0000
ROA not before:           Thu 01 Jan 2026 16:19:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212482
IP address blocks:        185.193.241.0/24 maxlen: 24
                          2a06:7ec0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/43d7fb-4c9b-4263-be15-988ee7fe70a9/1/KgP8wEA8wUCsF8yUq_ZLpxlU5_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/43d7fb-4c9b-4263-be15-988ee7fe70a9/1/KgP8wEA8wUCsF8yUq_ZLpxlU5_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KgP8wEA8wUCsF8yUq_ZLpxlU5_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 22:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:7b:9b:66:f8:d5:38:8d:e8:6b:4d:10:fc:1b:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a03fcc0403cc140ac17cc94abf64ba71954e7fc
        Validity
            Not Before: Jan  1 16:19:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=282de9c11265c6cb100a3ad7d20e47adb7d4d442
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:ab:d8:39:81:a8:42:2f:00:8a:15:a7:e6:83:
                    eb:ea:ca:1b:50:e3:2c:96:33:ac:c5:60:a5:68:89:
                    5a:d6:8a:95:26:3e:89:70:c6:f4:26:e2:4c:27:ff:
                    d1:aa:ef:99:d5:86:75:35:3e:55:0e:54:5d:44:bc:
                    f4:14:ea:c9:e8:38:8d:e4:c1:26:cf:c3:a6:92:16:
                    cc:cf:74:14:ae:ff:ec:a0:32:57:15:88:47:c7:88:
                    ea:df:3c:5d:af:94:fc:60:13:d2:c9:15:8b:8a:85:
                    77:27:75:15:00:75:12:73:cd:91:13:c8:e7:fc:a0:
                    e7:b5:11:99:be:b6:83:d6:b9:3c:96:7f:9b:17:c2:
                    56:62:27:53:6b:0e:e4:04:a4:ed:24:e4:25:04:10:
                    ce:30:67:b9:aa:a7:88:26:cf:4f:4d:e2:4f:29:1f:
                    a6:19:e1:f9:e6:b3:2a:d7:0f:24:66:63:9a:c7:c7:
                    7a:b2:13:4d:48:9b:94:d4:c7:45:35:86:1a:6c:80:
                    80:a1:96:1d:3a:6d:b4:a4:5e:d5:3f:26:a5:d4:ae:
                    b8:14:88:81:5e:5a:ad:29:c9:f9:3f:ec:70:dc:f7:
                    5e:76:90:80:43:60:57:3c:84:05:c6:e4:2a:5d:56:
                    a9:f2:df:c5:15:f9:86:8e:4e:95:b0:31:0d:7a:76:
                    89:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:2D:E9:C1:12:65:C6:CB:10:0A:3A:D7:D2:0E:47:AD:B7:D4:D4:42
            X509v3 Authority Key Identifier:
                keyid:2A:03:FC:C0:40:3C:C1:40:AC:17:CC:94:AB:F6:4B:A7:19:54:E7:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KgP8wEA8wUCsF8yUq_ZLpxlU5_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/43d7fb-4c9b-4263-be15-988ee7fe70a9/1/KC3pwRJlxssQCjrX0g5HrbfU1EI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/43d7fb-4c9b-4263-be15-988ee7fe70a9/1/KgP8wEA8wUCsF8yUq_ZLpxlU5_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.193.241.0/24
                IPv6:
                  2a06:7ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7d:c1:b7:c0:9f:2f:26:53:99:f6:f0:58:9b:f6:52:cd:42:85:
         7e:d5:51:ae:78:c8:8b:11:29:6f:86:2e:02:7f:05:28:13:02:
         62:49:ae:3a:98:fe:32:7d:37:88:b1:37:75:c1:7c:af:89:35:
         5c:16:26:7f:27:7d:7b:2a:e7:36:2d:f8:82:13:67:a3:b6:2c:
         a4:90:66:2d:00:d3:d8:bc:db:28:87:8c:36:2a:5c:9f:d0:51:
         0b:20:48:ee:78:2c:ad:78:13:58:36:6a:8f:af:2d:1f:65:80:
         70:09:fc:43:cd:18:e3:0f:a9:5c:7f:1e:97:55:6f:7f:d2:61:
         28:23:c8:ef:ae:16:0c:1a:37:58:62:ed:46:62:a2:31:97:c8:
         26:4d:64:a6:dc:d0:b6:26:81:a7:9d:51:bb:da:de:e8:6c:c1:
         3e:24:79:6d:b2:7e:08:a5:c0:3a:05:c5:cc:b7:3d:97:fa:42:
         61:fc:2e:9b:b2:87:fe:92:fd:bf:43:c1:7c:4f:23:36:e2:97:
         03:f3:50:e7:d9:ad:e7:7e:3c:66:bb:35:23:ff:14:68:8d:27:
         f0:a3:e1:33:c1:a2:0c:0b:54:df:e6:5c:18:79:d0:58:db:99:
         30:99:37:76:95:61:ef:7d:e0:89:7d:18:1c:e9:70:59:69:a0:
         85:00:53:79
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt6W3ubZvjVOI3oa00Q/BvnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhMDNmY2MwNDAzY2MxNDBhYzE3Y2M5NGFiZjY0YmE3MTk1
NGU3ZmMwHhcNMjYwMTAxMTYxOTM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODJkZTljMTEyNjVjNmNiMTAwYTNhZDdkMjBlNDdhZGI3ZDRkNDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6avYOYGoQi8AihWn5oPr6sobUOMs
ljOsxWClaIla1oqVJj6JcMb0JuJMJ//Rqu+Z1YZ1NT5VDlRdRLz0FOrJ6DiN5MEm
z8OmkhbMz3QUrv/soDJXFYhHx4jq3zxdr5T8YBPSyRWLioV3J3UVAHUSc82RE8jn
/KDntRGZvraD1rk8ln+bF8JWYidTaw7kBKTtJOQlBBDOMGe5qqeIJs9PTeJPKR+m
GeH55rMq1w8kZmOax8d6shNNSJuU1MdFNYYabICAoZYdOm20pF7VPyal1K64FIiB
XlqtKcn5P+xw3PdedpCAQ2BXPIQFxuQqXVap8t/FFfmGjk6VsDENenaJGwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCgt6cESZcbLEAo619IOR6231NRCMB8GA1UdIwQY
MBaAFCoD/MBAPMFArBfMlKv2S6cZVOf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2dQOHdFQTh3VUNzRjh5VXFfWkxweGxVNV93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi80M2Q3ZmItNGM5Yi00MjYzLWJlMTUt
OTg4ZWU3ZmU3MGE5LzEvS0MzcHdSSmx4c3NRQ2pyWDBnNUhyYmZVMUVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi80M2Q3ZmItNGM5Yi00MjYzLWJlMTUtOTg4ZWU3ZmU3MGE5
LzEvS2dQOHdFQTh3VUNzRjh5VXFfWkxweGxVNV93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAucHxMA0E
AgACMAcDBQMqBn7AMA0GCSqGSIb3DQEBCwUAA4IBAQB9wbfAny8mU5n28Fib9lLN
QoV+1VGueMiLESlvhi4CfwUoEwJiSa46mP4yfTeIsTd1wXyviTVcFiZ/J317Kuc2
LfiCE2ejtiykkGYtANPYvNsoh4w2Klyf0FELIEjueCyteBNYNmqPry0fZYBwCfxD
zRjjD6lcfx6XVW9/0mEoI8jvrhYMGjdYYu1GYqIxl8gmTWSm3NC2JoGnnVG72t7o
bME+JHltsn4IpcA6BcXMtz2X+kJh/C6bsof+kv2/Q8F8TyM24pcD81Dn2a3nfjxm
uzUj/xRojSfwo+EzwaIMC1Tf5lwYedBY25kwmTd2lWHvfeCJfRgc6XBZaaCFAFN5
-----END CERTIFICATE-----