Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/KSVsA1c-7P7cH9JS5_JUMURuaNU.roa
File:                     KSVsA1c-7P7cH9JS5_JUMURuaNU.roa (raw, json)
Hash identifier:          Kl2E+uF5quB4HEwd9INOul6imf3x57vRN78mYSJU6Xg=
Subject key identifier:   29:25:6C:03:57:3E:EC:FE:DC:1F:D2:52:E7:F2:54:31:44:6E:68:D5
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019D0B4208EFC7034BA0584E38DF8F352159
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/KSVsA1c-7P7cH9JS5_JUMURuaNU.roa
Signing time:             Fri 20 Mar 2026 12:39:30 +0000
ROA not before:           Fri 20 Mar 2026 12:39:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199863
IP address blocks:        2a0c:b641:ac0::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0b:42:08:ef:c7:03:4b:a0:58:4e:38:df:8f:35:21:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Mar 20 12:39:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=29256c03573eecfedc1fd252e7f25431446e68d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:a1:78:11:37:ad:1c:67:be:57:2e:68:2c:28:
                    49:85:6f:eb:0a:15:d2:ae:c9:0e:b7:8b:77:1f:2c:
                    a4:43:ce:3d:2b:87:68:53:df:e2:ce:0f:8d:67:41:
                    14:94:f6:a9:61:a2:c1:e8:d6:a0:77:3c:41:7b:48:
                    e4:a5:18:f2:48:43:2d:ad:a8:a0:d7:86:c7:c9:f2:
                    ff:f2:94:0b:ee:c3:6f:ab:1d:ca:d7:87:67:a3:0b:
                    45:34:82:5b:b3:32:79:e0:40:28:75:c9:5a:4e:ef:
                    79:01:5e:dc:44:c4:40:58:25:2e:89:7c:0a:cf:53:
                    36:2d:1a:b1:77:06:0f:e5:5e:81:81:d1:72:c6:dc:
                    f2:f4:05:9d:b2:14:b1:fc:01:a0:9a:b9:7e:93:ac:
                    f6:2c:69:bd:90:2d:27:79:1b:d6:4a:d5:b2:d1:0c:
                    25:01:6f:4e:84:f8:06:e0:a8:bf:9b:92:88:3e:ab:
                    1f:91:3d:ab:31:c7:54:b5:31:7c:c9:46:06:f3:d6:
                    81:8a:8d:ae:85:66:ce:0e:89:2c:29:40:6d:9e:72:
                    29:49:4d:f2:39:89:27:7a:7f:99:9e:e6:56:b2:b5:
                    b9:4b:9e:26:e6:f3:36:b3:fe:2b:a2:54:dd:e6:85:
                    0a:7e:04:c4:64:4c:d4:21:cd:42:f1:83:15:28:3c:
                    3d:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:25:6C:03:57:3E:EC:FE:DC:1F:D2:52:E7:F2:54:31:44:6E:68:D5
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/KSVsA1c-7P7cH9JS5_JUMURuaNU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:ac0::/44

    Signature Algorithm: sha256WithRSAEncryption
         58:f6:e6:9a:41:5a:8c:ee:b6:3b:d0:ab:06:27:0b:80:75:4e:
         e9:a5:43:0e:29:cc:17:06:74:41:d6:c1:a0:15:16:8a:44:4a:
         e3:82:7b:0a:f9:a8:5f:09:3a:1b:88:01:b3:1c:56:bd:5f:a0:
         33:f2:9b:f7:49:fe:b2:c3:31:a4:80:53:82:33:47:97:32:db:
         13:f9:bc:57:a8:74:a3:cc:49:57:b9:34:d8:c1:40:be:b7:57:
         fd:58:0a:4c:27:88:4c:16:0a:85:3d:02:94:cc:be:3c:4e:d7:
         7f:21:03:10:e8:e6:14:8e:42:2e:65:7d:08:8d:3a:03:11:70:
         83:58:7b:fa:76:81:b0:a7:05:44:47:a9:fb:dc:c0:7e:94:8e:
         05:11:a7:ea:e1:f0:cc:92:d0:7f:9a:2a:f8:68:9e:10:87:70:
         41:76:34:bd:16:54:f3:fa:0c:fe:12:01:35:78:3e:b9:d9:ac:
         d0:d1:dc:ea:4c:a0:9d:5d:58:77:b0:7d:fb:25:78:57:02:9c:
         8f:88:59:96:4b:df:e9:ea:9e:67:b7:c8:b8:33:d6:0e:7b:8b:
         7d:0e:12:3e:0a:5e:4f:7f:4a:d7:58:82:d6:b0:17:0a:24:53:
         ed:64:2b:04:24:3a:6b:7a:84:98:6f:c3:22:a8:6c:ad:2a:97:
         b3:26:c3:33
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ0LQgjvxwNLoFhOON+PNSFZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwMzIwMTIzOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTI1NmMwMzU3M2VlY2ZlZGMxZmQyNTJlN2YyNTQzMTQ0NmU2OGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzKF4ETetHGe+Vy5oLChJhW/rChXS
rskOt4t3HyykQ849K4doU9/izg+NZ0EUlPapYaLB6NagdzxBe0jkpRjySEMtraig
14bHyfL/8pQL7sNvqx3K14dnowtFNIJbszJ54EAodclaTu95AV7cRMRAWCUuiXwK
z1M2LRqxdwYP5V6BgdFyxtzy9AWdshSx/AGgmrl+k6z2LGm9kC0neRvWStWy0Qwl
AW9OhPgG4Ki/m5KIPqsfkT2rMcdUtTF8yUYG89aBio2uhWbODoksKUBtnnIpSU3y
OYknen+ZnuZWsrW5S54m5vM2s/4rolTd5oUKfgTEZEzUIc1C8YMVKDw9IQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCklbANXPuz+3B/SUufyVDFEbmjVMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvS1NWc0ExYy03UDdjSDlKUzVfSlVNVVJ1YU5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQrA
MA0GCSqGSIb3DQEBCwUAA4IBAQBY9uaaQVqM7rY70KsGJwuAdU7ppUMOKcwXBnRB
1sGgFRaKRErjgnsK+ahfCTobiAGzHFa9X6Az8pv3Sf6ywzGkgFOCM0eXMtsT+bxX
qHSjzElXuTTYwUC+t1f9WApMJ4hMFgqFPQKUzL48Ttd/IQMQ6OYUjkIuZX0IjToD
EXCDWHv6doGwpwVER6n73MB+lI4FEafq4fDMktB/mir4aJ4Qh3BBdjS9FlTz+gz+
EgE1eD652azQ0dzqTKCdXVh3sH37JXhXApyPiFmWS9/p6p5nt8i4M9YOe4t9DhI+
Cl5Pf0rXWILWsBcKJFPtZCsEJDpreoSYb8MiqGytKpezJsMz
-----END CERTIFICATE-----