Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/kukH01xPLlTBz247GbTGc3lbklU.roa
File:                     kukH01xPLlTBz247GbTGc3lbklU.roa (raw, json)
Hash identifier:          ihqpT+7lBiQwLFYGEZgqLSp2KH+KvSwRzzz598E3tgY=
Subject key identifier:   92:E9:07:D3:5C:4F:2E:54:C1:CF:6E:3B:19:B4:C6:73:79:5B:92:55
Certificate issuer:       /CN=1a4dc22595fc1f588fbc4dde07c1c394998f33a7
Certificate serial:       019D20605C558FFF0D11C0CBCA9AE3875B28
Authority key identifier: 1A:4D:C2:25:95:FC:1F:58:8F:BC:4D:DE:07:C1:C3:94:99:8F:33:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/kukH01xPLlTBz247GbTGc3lbklU.roa
Signing time:             Tue 24 Mar 2026 15:04:39 +0000
ROA not before:           Tue 24 Mar 2026 15:04:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56582
IP address blocks:        131.222.216.0/24 maxlen: 24
                          131.222.217.0/24 maxlen: 24
                          131.222.218.0/24 maxlen: 24
                          131.222.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:20:60:5c:55:8f:ff:0d:11:c0:cb:ca:9a:e3:87:5b:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a4dc22595fc1f588fbc4dde07c1c394998f33a7
        Validity
            Not Before: Mar 24 15:04:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=92e907d35c4f2e54c1cf6e3b19b4c673795b9255
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:c4:c7:bc:db:32:18:9d:3e:13:6b:d6:7b:b7:
                    b8:85:18:21:8e:18:0b:5e:df:27:48:f6:99:f9:49:
                    b0:e8:ba:bb:59:09:f2:11:12:ea:55:e6:79:53:ee:
                    37:9c:b2:63:8b:4d:74:85:e6:85:f5:15:35:a8:fa:
                    52:09:1c:f5:3d:e6:09:76:7a:1b:94:e0:18:18:d8:
                    c3:f9:10:30:74:ee:9e:c8:53:c0:30:f4:a7:d4:68:
                    26:62:e8:a5:e1:33:07:85:d8:14:4a:43:99:55:0c:
                    6e:c6:24:09:13:63:02:9e:bd:d3:4a:41:37:b1:ef:
                    ec:6e:2f:c0:89:5a:c5:a7:f9:61:18:93:27:8c:57:
                    f1:80:11:09:5f:8c:45:cd:a6:89:f6:22:35:8b:49:
                    2e:b2:2f:7b:a7:32:a2:aa:e1:1e:14:1c:28:36:1c:
                    91:9e:31:b6:51:d5:89:db:4c:1c:15:a5:b1:e2:6b:
                    5e:7e:24:d0:95:7b:95:02:ed:37:f4:87:25:95:7e:
                    dd:d9:b5:89:e1:61:ee:89:55:59:2f:ab:6f:2d:20:
                    e0:3c:8c:23:74:e4:f0:8c:c7:78:75:c0:0b:ea:f9:
                    b2:01:6f:b8:7a:e7:b0:f1:2d:57:d3:ce:e0:97:8e:
                    26:3b:17:c9:6c:bd:e3:57:8b:99:5c:5d:c7:c4:0a:
                    e7:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:E9:07:D3:5C:4F:2E:54:C1:CF:6E:3B:19:B4:C6:73:79:5B:92:55
            X509v3 Authority Key Identifier:
                keyid:1A:4D:C2:25:95:FC:1F:58:8F:BC:4D:DE:07:C1:C3:94:99:8F:33:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/kukH01xPLlTBz247GbTGc3lbklU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.222.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8f:3c:bb:9d:4b:a8:62:ca:e5:bb:50:c4:5e:30:db:a4:89:55:
         a9:59:1f:e8:fd:3b:17:68:9b:3b:7d:95:fc:ba:c5:dc:dd:e6:
         93:44:4b:71:51:9f:30:27:67:74:4a:ab:c5:dc:e6:41:aa:f1:
         20:9f:15:8a:4a:c9:a5:d8:b6:e3:c4:9f:53:de:80:f3:3b:a9:
         9c:43:86:da:85:9a:ce:66:7b:99:b8:fe:c2:e8:8b:f5:a6:64:
         44:02:53:ee:4e:41:bc:72:71:4f:9a:b1:03:56:e1:ff:55:fd:
         4a:2f:7e:3d:23:32:5e:21:64:88:a0:90:c1:46:47:d3:36:6c:
         7b:74:9c:93:83:c6:28:f4:b0:9b:85:07:6b:34:5b:3e:2e:d6:
         4a:5d:23:a7:76:0e:39:35:15:e3:d5:07:a8:1f:1b:a8:e0:38:
         bc:56:2a:c3:b0:04:3f:e8:41:e2:18:3b:e2:91:8c:9f:38:f0:
         99:61:dd:3f:ab:34:b1:d7:2b:f9:83:35:22:c2:ba:4b:e6:c1:
         ae:05:e3:4e:0b:1c:de:e3:66:b0:12:b9:5e:6c:3c:a0:7f:40:
         1b:6d:be:b4:0a:df:ec:5a:9e:b6:79:64:39:fe:38:3e:85:19:
         95:bb:3d:96:e6:5f:65:9b:8a:96:d3:90:ad:45:79:73:ce:58:
         55:76:b5:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0gYFxVj/8NEcDLyprjh1soMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNGRjMjI1OTVmYzFmNTg4ZmJjNGRkZTA3YzFjMzk0OTk4
ZjMzYTcwHhcNMjYwMzI0MTUwNDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmU5MDdkMzVjNGYyZTU0YzFjZjZlM2IxOWI0YzY3Mzc5NWI5MjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3sTHvNsyGJ0+E2vWe7e4hRghjhgL
Xt8nSPaZ+Umw6Lq7WQnyERLqVeZ5U+43nLJji010heaF9RU1qPpSCRz1PeYJdnob
lOAYGNjD+RAwdO6eyFPAMPSn1GgmYuil4TMHhdgUSkOZVQxuxiQJE2MCnr3TSkE3
se/sbi/AiVrFp/lhGJMnjFfxgBEJX4xFzaaJ9iI1i0kusi97pzKiquEeFBwoNhyR
njG2UdWJ20wcFaWx4mtefiTQlXuVAu039IcllX7d2bWJ4WHuiVVZL6tvLSDgPIwj
dOTwjMd4dcAL6vmyAW+4euew8S1X087gl44mOxfJbL3jV4uZXF3HxArnlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJLpB9NcTy5Uwc9uOxm0xnN5W5JVMB8GA1UdIwQY
MBaAFBpNwiWV/B9Yj7xN3gfBw5SZjzOnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2szQ0paWDhIMWlQdkUzZUI4SERsSm1QTTZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8wZjEyZjItOGEyYi00MzQ2LWI2YjYt
MmI3OGIxOWI1YTg3LzEva3VrSDAxeFBMbFRCejI0N0diVEdjM2xia2xVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8wZjEyZjItOGEyYi00MzQ2LWI2YjYtMmI3OGIxOWI1YTg3
LzEvR2szQ0paWDhIMWlQdkUzZUI4SERsSm1QTTZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCg97YMA0G
CSqGSIb3DQEBCwUAA4IBAQCPPLudS6hiyuW7UMReMNukiVWpWR/o/TsXaJs7fZX8
usXc3eaTREtxUZ8wJ2d0SqvF3OZBqvEgnxWKSsml2LbjxJ9T3oDzO6mcQ4bahZrO
ZnuZuP7C6Iv1pmREAlPuTkG8cnFPmrEDVuH/Vf1KL349IzJeIWSIoJDBRkfTNmx7
dJyTg8Yo9LCbhQdrNFs+LtZKXSOndg45NRXj1QeoHxuo4Di8VirDsAQ/6EHiGDvi
kYyfOPCZYd0/qzSx1yv5gzUiwrpL5sGuBeNOCxze42awErlebDygf0Abbb60Ct/s
Wp62eWQ5/jg+hRmVuz2W5l9lm4qW05CtRXlzzlhVdrVz
-----END CERTIFICATE-----