Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/KsTzSaaFVIdfKiI35XLhL2mOYwY.roa
File:                     KsTzSaaFVIdfKiI35XLhL2mOYwY.roa (raw, json)
Hash identifier:          +4JAmHk3Gn/aestC45pzoS352L2AknY9Wetv1FFGjm0=
Subject key identifier:   2A:C4:F3:49:A6:85:54:87:5F:2A:22:37:E5:72:E1:2F:69:8E:63:06
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       019CF5906EAA2B1C29417AB2AF803C0A4233
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/KsTzSaaFVIdfKiI35XLhL2mOYwY.roa
Signing time:             Mon 16 Mar 2026 07:33:29 +0000
ROA not before:           Mon 16 Mar 2026 07:33:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     398465
IP address blocks:        94.103.60.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f5:90:6e:aa:2b:1c:29:41:7a:b2:af:80:3c:0a:42:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Mar 16 07:33:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2ac4f349a68554875f2a2237e572e12f698e6306
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:ee:7e:b2:11:3b:0e:1d:85:9e:f2:11:c6:dd:
                    7c:30:b0:96:04:39:aa:fe:dc:65:47:c8:4e:ca:bc:
                    b9:79:2e:5d:f2:48:24:6a:59:e3:d0:72:0f:90:f1:
                    b7:43:68:71:f9:ea:b8:68:2c:c1:a4:d2:ab:b9:76:
                    64:74:39:6e:77:13:bb:eb:00:2b:77:66:52:03:c1:
                    d5:b1:3c:7b:52:d6:8a:e1:0f:04:dd:23:ab:70:53:
                    ce:03:0d:44:56:07:e3:ef:f5:95:86:34:b3:c1:32:
                    48:46:32:f8:4c:55:fa:92:d6:fa:ee:95:7f:72:fc:
                    71:ab:4f:c2:54:f7:02:8f:ef:f3:84:9f:a4:38:59:
                    46:bb:b3:c9:de:33:81:49:37:f1:c8:b6:b5:02:95:
                    8a:ad:a2:68:80:bc:52:d6:1f:c2:53:35:64:35:d8:
                    76:78:3f:cb:5e:32:dc:41:e9:ab:3c:b8:6b:9b:ad:
                    a3:5b:de:42:6a:fd:f9:b8:b4:e5:a4:e1:e9:d8:77:
                    f8:6c:8d:b2:23:e5:da:cb:fc:e5:ec:9e:c1:01:97:
                    9d:9c:d2:4f:23:98:38:e9:42:24:46:d9:8f:87:c4:
                    b5:f6:76:fa:c9:30:65:fc:e9:fa:43:7d:a3:d7:ac:
                    2a:27:c8:b9:50:72:92:47:44:6b:a3:19:5c:16:e1:
                    19:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:C4:F3:49:A6:85:54:87:5F:2A:22:37:E5:72:E1:2F:69:8E:63:06
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/KsTzSaaFVIdfKiI35XLhL2mOYwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.103.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         41:61:57:ff:5c:4b:b2:ef:df:21:c3:33:ab:3c:0e:24:c5:9e:
         92:ee:c0:42:19:bd:21:e9:c5:05:83:a8:7a:57:da:cb:f4:1c:
         f4:ed:f2:c0:98:8d:49:a6:fa:61:cd:18:97:5b:b0:85:a0:77:
         32:05:8c:b2:52:e9:76:f7:67:8b:42:df:38:3e:01:f4:7f:0e:
         3d:84:b6:42:ee:55:0e:4b:29:e5:c0:db:5d:da:29:87:3e:8d:
         71:94:dc:d5:8b:60:e1:74:b3:60:3b:e9:99:b7:69:ef:63:ae:
         71:b4:e2:94:2e:9e:6d:e5:29:75:27:f8:cc:41:90:c9:66:58:
         bd:0e:c0:75:8e:c6:9b:b7:d1:79:e9:22:60:22:b9:79:7e:14:
         35:32:f3:3f:7f:86:9f:f2:d6:b8:8d:a7:db:ff:29:c2:8a:b1:
         e7:35:9b:d6:ce:13:68:d3:2b:29:f9:b4:fb:df:be:ea:91:ee:
         7c:54:b8:ce:13:ff:7d:ee:47:19:46:eb:79:32:1b:15:86:3d:
         f4:3c:d7:83:a6:03:94:09:b2:48:76:dd:7d:9d:14:82:aa:0d:
         eb:73:d1:dc:c3:15:eb:b0:d8:27:41:ab:2f:e7:15:63:b6:92:
         9e:73:41:fc:f8:df:6e:0c:46:17:d1:97:0b:cb:93:09:1b:c9:
         2b:c8:0c:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz1kG6qKxwpQXqyr4A8CkIzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjYwMzE2MDczMzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWM0ZjM0OWE2ODU1NDg3NWYyYTIyMzdlNTcyZTEyZjY5OGU2MzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAze5+shE7Dh2FnvIRxt18MLCWBDmq
/txlR8hOyry5eS5d8kgkalnj0HIPkPG3Q2hx+eq4aCzBpNKruXZkdDludxO76wAr
d2ZSA8HVsTx7UtaK4Q8E3SOrcFPOAw1EVgfj7/WVhjSzwTJIRjL4TFX6ktb67pV/
cvxxq0/CVPcCj+/zhJ+kOFlGu7PJ3jOBSTfxyLa1ApWKraJogLxS1h/CUzVkNdh2
eD/LXjLcQemrPLhrm62jW95Cav35uLTlpOHp2Hf4bI2yI+Xay/zl7J7BAZednNJP
I5g46UIkRtmPh8S19nb6yTBl/On6Q32j16wqJ8i5UHKSR0RroxlcFuEZBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCrE80mmhVSHXyoiN+Vy4S9pjmMGMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvS3NUelNhYUZWSWRmS2lJMzVYTGhMMm1PWXdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXmc8MA0G
CSqGSIb3DQEBCwUAA4IBAQBBYVf/XEuy798hwzOrPA4kxZ6S7sBCGb0h6cUFg6h6
V9rL9Bz07fLAmI1JpvphzRiXW7CFoHcyBYyyUul292eLQt84PgH0fw49hLZC7lUO
SynlwNtd2imHPo1xlNzVi2DhdLNgO+mZt2nvY65xtOKULp5t5Sl1J/jMQZDJZli9
DsB1jsabt9F56SJgIrl5fhQ1MvM/f4af8ta4jafb/ynCirHnNZvWzhNo0ysp+bT7
377qke58VLjOE/997kcZRut5MhsVhj30PNeDpgOUCbJIdt19nRSCqg3rc9HcwxXr
sNgnQasv5xVjtpKec0H8+N9uDEYX0ZcLy5MJG8kryAwA
-----END CERTIFICATE-----