Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/KwJb_DZ--AljuNl4MuxtHJuaC-g.roa
File:                     KwJb_DZ--AljuNl4MuxtHJuaC-g.roa (raw, json)
Hash identifier:          tBkzN8n1ZRPBVuvCiUPm//JfGZVDeWqax3guh/J59JM=
Subject key identifier:   2B:02:5B:FC:36:7E:F8:09:63:B8:D9:78:32:EC:6D:1C:9B:9A:0B:E8
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019D24D605699F2F146D1A2B3D1AAB37E1EC
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/KwJb_DZ--AljuNl4MuxtHJuaC-g.roa
Signing time:             Wed 25 Mar 2026 11:51:38 +0000
ROA not before:           Wed 25 Mar 2026 11:51:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214025
IP address blocks:        178.253.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:24:d6:05:69:9f:2f:14:6d:1a:2b:3d:1a:ab:37:e1:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Mar 25 11:51:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2b025bfc367ef80963b8d97832ec6d1c9b9a0be8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:b5:14:b2:e4:ad:0b:fa:46:63:d7:8b:8c:f5:
                    e6:14:8c:c6:9c:43:3a:42:e0:df:20:8f:0b:ad:21:
                    a4:d1:08:df:e4:2e:63:1e:4a:33:4f:c7:a7:06:61:
                    45:8f:a7:3f:c8:50:87:ae:37:23:21:75:62:a5:3c:
                    32:99:03:69:01:86:43:84:26:aa:97:f4:b1:3f:df:
                    06:98:89:96:47:94:aa:5e:24:62:77:3b:6a:3c:1b:
                    68:12:0d:6f:a5:9e:95:2f:67:50:9e:21:74:38:b1:
                    84:51:72:8d:f6:8b:fb:d1:08:72:7c:05:7d:92:7f:
                    17:95:7c:27:73:32:58:10:1d:82:e6:7d:9b:d1:84:
                    e1:7e:ba:e1:70:54:75:74:22:f0:45:05:1f:5c:71:
                    f6:b0:7c:87:1c:d2:5f:4f:7d:65:6c:46:ce:d4:06:
                    42:ee:fe:83:d6:d2:4e:1d:1c:85:d4:e9:f9:4b:5f:
                    8c:e8:8d:fc:3a:05:2f:8a:f7:48:58:49:b7:fe:26:
                    23:5d:43:c2:4e:d8:d7:8f:56:06:95:38:24:bd:0f:
                    e2:01:67:98:aa:d3:d6:be:3d:06:21:81:4e:3a:5a:
                    31:5a:4f:86:63:46:f7:be:9a:f4:00:71:e2:2e:88:
                    4a:0e:8b:a6:e2:03:c8:2e:7c:0b:5d:9e:41:18:1a:
                    a8:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:02:5B:FC:36:7E:F8:09:63:B8:D9:78:32:EC:6D:1C:9B:9A:0B:E8
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/KwJb_DZ--AljuNl4MuxtHJuaC-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:37:77:1b:70:89:57:62:1a:e5:91:f7:5e:ec:33:2f:d2:a3:
         48:cf:c8:61:4f:a4:42:a0:7d:03:8d:01:14:99:3e:37:f7:9b:
         a9:3d:30:91:da:1d:0c:5b:50:22:42:aa:55:32:fc:1f:3f:1f:
         af:ec:a2:4b:ba:82:5c:2b:58:b9:b8:4f:61:50:6e:77:e8:ca:
         dc:08:18:ae:dd:5a:37:23:39:34:1d:b0:00:75:c1:7d:f3:1c:
         ca:fa:6a:fd:16:b1:9a:26:e0:ff:8a:da:3a:bd:0d:40:c3:a9:
         3f:24:20:4a:e8:48:f0:f1:53:b3:49:15:bc:45:09:0c:e0:49:
         0d:8a:5c:02:4e:04:10:f8:33:f4:82:e9:af:d5:42:80:09:e9:
         09:66:73:6a:bc:27:1f:c4:d4:57:21:24:98:20:b3:be:14:c9:
         fa:85:f9:d8:30:70:d4:5e:ef:eb:32:bc:1f:8b:cf:7d:bf:55:
         18:57:e7:ed:3d:48:82:4e:a9:1f:37:0a:77:6c:73:a3:a6:3b:
         4b:e5:9c:ec:08:36:5e:cd:66:0c:1f:c3:1a:fb:ab:27:5d:e3:
         41:80:30:7a:e6:17:83:fa:45:1d:18:5e:93:4f:03:9c:2f:01:
         b5:a0:f4:8e:98:61:07:5a:a4:d7:17:47:30:b6:79:f3:21:d6:
         9d:b4:41:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0k1gVpny8UbRorPRqrN+HsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwMzI1MTE1MTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjAyNWJmYzM2N2VmODA5NjNiOGQ5NzgzMmVjNmQxYzliOWEwYmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzrUUsuStC/pGY9eLjPXmFIzGnEM6
QuDfII8LrSGk0Qjf5C5jHkozT8enBmFFj6c/yFCHrjcjIXVipTwymQNpAYZDhCaq
l/SxP98GmImWR5SqXiRidztqPBtoEg1vpZ6VL2dQniF0OLGEUXKN9ov70QhyfAV9
kn8XlXwnczJYEB2C5n2b0YThfrrhcFR1dCLwRQUfXHH2sHyHHNJfT31lbEbO1AZC
7v6D1tJOHRyF1On5S1+M6I38OgUvivdIWEm3/iYjXUPCTtjXj1YGlTgkvQ/iAWeY
qtPWvj0GIYFOOloxWk+GY0b3vpr0AHHiLohKDoum4gPILnwLXZ5BGBqo4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCsCW/w2fvgJY7jZeDLsbRybmgvoMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvS3dKYl9EWi0tQWxqdU5sNE11eHRISnVhQy1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv3SMA0G
CSqGSIb3DQEBCwUAA4IBAQARN3cbcIlXYhrlkfde7DMv0qNIz8hhT6RCoH0DjQEU
mT4395upPTCR2h0MW1AiQqpVMvwfPx+v7KJLuoJcK1i5uE9hUG536MrcCBiu3Vo3
Izk0HbAAdcF98xzK+mr9FrGaJuD/ito6vQ1Aw6k/JCBK6Ejw8VOzSRW8RQkM4EkN
ilwCTgQQ+DP0gumv1UKACekJZnNqvCcfxNRXISSYILO+FMn6hfnYMHDUXu/rMrwf
i899v1UYV+ftPUiCTqkfNwp3bHOjpjtL5ZzsCDZezWYMH8Ma+6snXeNBgDB65heD
+kUdGF6TTwOcLwG1oPSOmGEHWqTXF0cwtnnzIdadtEFZ
-----END CERTIFICATE-----