Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/a94992-566b-4b6f-a689-a57604a3f6bb/1/kltDPSTcnTIrexoD1sMXoWEDfig.roa
File:                     kltDPSTcnTIrexoD1sMXoWEDfig.roa (raw, json)
Hash identifier:          +J8BVLpkJ8G69eEnylV5tiIBeDgKZy+3hkMu5nlYDBM=
Subject key identifier:   92:5B:43:3D:24:DC:9D:32:2B:7B:1A:03:D6:C3:17:A1:61:03:7E:28
Certificate issuer:       /CN=b8c8aa18730f4a83e2852c5692551abb5b1ee7ea
Certificate serial:       019D0AE58F77BB627F1890CDFBB3115B297D
Authority key identifier: B8:C8:AA:18:73:0F:4A:83:E2:85:2C:56:92:55:1A:BB:5B:1E:E7:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uMiqGHMPSoPihSxWklUau1se5-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/a94992-566b-4b6f-a689-a57604a3f6bb/1/kltDPSTcnTIrexoD1sMXoWEDfig.roa
Signing time:             Fri 20 Mar 2026 10:58:29 +0000
ROA not before:           Fri 20 Mar 2026 10:58:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     54339
IP address blocks:        89.38.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/a94992-566b-4b6f-a689-a57604a3f6bb/1/uMiqGHMPSoPihSxWklUau1se5-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/a94992-566b-4b6f-a689-a57604a3f6bb/1/uMiqGHMPSoPihSxWklUau1se5-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uMiqGHMPSoPihSxWklUau1se5-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0a:e5:8f:77:bb:62:7f:18:90:cd:fb:b3:11:5b:29:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8c8aa18730f4a83e2852c5692551abb5b1ee7ea
        Validity
            Not Before: Mar 20 10:58:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=925b433d24dc9d322b7b1a03d6c317a161037e28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:1d:20:10:7c:3b:be:04:95:27:48:8f:75:74:
                    8d:39:78:41:09:59:db:d1:2e:91:33:fa:9d:4b:82:
                    4e:83:cf:b7:99:7e:92:66:8c:c3:89:84:15:61:16:
                    9b:85:c2:90:f4:10:6d:6d:3c:53:17:ee:e5:a8:fe:
                    47:35:fe:bb:5c:5a:d5:82:dc:88:13:c4:43:67:a1:
                    57:16:03:e9:ee:60:56:9d:23:36:3b:05:e8:7c:d2:
                    b2:c1:1c:b9:d2:1b:8f:50:42:0c:da:9e:15:f5:32:
                    d3:d3:56:87:a1:55:2b:86:3f:0d:f1:35:1e:84:0d:
                    b0:cc:7e:ab:da:f6:cc:17:1f:fc:e9:6c:ba:8f:1b:
                    de:2d:f2:a8:d8:18:6e:12:2e:33:e4:75:fe:e4:5a:
                    fe:7c:16:d4:94:cc:ca:26:2e:58:02:ff:ff:f8:18:
                    a2:ba:13:fa:df:eb:38:ac:97:d6:f6:a1:76:09:38:
                    bd:70:d0:ec:e4:70:f3:3d:95:9b:58:88:29:3b:6d:
                    16:45:d5:f4:3e:55:f1:64:e5:42:7b:59:70:cb:35:
                    d2:ce:3f:0f:72:93:c7:e4:47:5c:92:56:35:a9:85:
                    d6:6b:a1:a1:4e:09:6f:0c:05:d8:8f:b8:a5:16:ea:
                    29:3f:87:3e:56:72:2a:0e:cf:5c:9b:ac:3a:0c:5e:
                    32:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:5B:43:3D:24:DC:9D:32:2B:7B:1A:03:D6:C3:17:A1:61:03:7E:28
            X509v3 Authority Key Identifier:
                keyid:B8:C8:AA:18:73:0F:4A:83:E2:85:2C:56:92:55:1A:BB:5B:1E:E7:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uMiqGHMPSoPihSxWklUau1se5-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/a94992-566b-4b6f-a689-a57604a3f6bb/1/kltDPSTcnTIrexoD1sMXoWEDfig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/a94992-566b-4b6f-a689-a57604a3f6bb/1/uMiqGHMPSoPihSxWklUau1se5-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.38.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:56:5a:92:82:a6:fc:fc:01:0d:a9:0b:61:ca:38:50:e3:0f:
         55:36:07:b4:fa:b3:68:6f:65:a2:8f:38:cb:bf:ca:b0:4a:ea:
         1f:5e:5f:27:05:f0:d3:23:58:d9:5b:bc:d2:e0:49:9a:01:2b:
         06:f7:73:ad:b8:15:61:59:a0:c5:fb:b4:4e:ec:43:20:0c:af:
         1d:4f:40:08:ce:a8:08:c7:0e:ca:e2:44:01:0f:83:3d:fe:ba:
         f4:e0:24:59:ba:a1:0f:6c:8f:ef:80:87:52:81:2a:b6:f1:1a:
         a4:7c:ce:89:61:b7:0e:b3:78:1c:9a:c0:24:23:f9:57:ea:d8:
         31:af:58:88:66:f6:50:d0:0a:78:91:69:b8:16:f1:e4:3a:15:
         c4:36:8d:45:d0:01:a0:37:85:1f:b5:f2:01:f1:de:43:31:4a:
         b6:40:12:58:82:9a:ba:d4:66:e7:24:f0:62:de:76:6e:b5:84:
         02:93:64:a3:97:9d:fc:ce:f1:fc:ee:9c:c2:19:42:ab:8b:63:
         e5:2a:f2:a7:7a:8a:52:ab:9c:28:40:07:ff:57:62:b3:10:31:
         34:c3:73:39:77:79:fb:76:f2:ab:79:14:bc:9b:ba:ec:dc:f4:
         75:e7:df:97:ab:f1:5d:41:f9:1a:32:46:83:cf:27:74:b2:70:
         9a:cc:78:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0K5Y93u2J/GJDN+7MRWyl9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4YzhhYTE4NzMwZjRhODNlMjg1MmM1NjkyNTUxYWJiNWIx
ZWU3ZWEwHhcNMjYwMzIwMTA1ODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjViNDMzZDI0ZGM5ZDMyMmI3YjFhMDNkNmMzMTdhMTYxMDM3ZTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtB0gEHw7vgSVJ0iPdXSNOXhBCVnb
0S6RM/qdS4JOg8+3mX6SZozDiYQVYRabhcKQ9BBtbTxTF+7lqP5HNf67XFrVgtyI
E8RDZ6FXFgPp7mBWnSM2OwXofNKywRy50huPUEIM2p4V9TLT01aHoVUrhj8N8TUe
hA2wzH6r2vbMFx/86Wy6jxveLfKo2BhuEi4z5HX+5Fr+fBbUlMzKJi5YAv//+Bii
uhP63+s4rJfW9qF2CTi9cNDs5HDzPZWbWIgpO20WRdX0PlXxZOVCe1lwyzXSzj8P
cpPH5EdcklY1qYXWa6GhTglvDAXYj7ilFuopP4c+VnIqDs9cm6w6DF4yewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJJbQz0k3J0yK3saA9bDF6FhA34oMB8GA1UdIwQY
MBaAFLjIqhhzD0qD4oUsVpJVGrtbHufqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdU1pcUdITVBTb1BpaFN4V2tsVWF1MXNlNS1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9hOTQ5OTItNTY2Yi00YjZmLWE2ODkt
YTU3NjA0YTNmNmJiLzEva2x0RFBTVGNuVElyZXhvRDFzTVhvV0VEZmlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9hOTQ5OTItNTY2Yi00YjZmLWE2ODktYTU3NjA0YTNmNmJi
LzEvdU1pcUdITVBTb1BpaFN4V2tsVWF1MXNlNS1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSYoMA0G
CSqGSIb3DQEBCwUAA4IBAQBsVlqSgqb8/AENqQthyjhQ4w9VNge0+rNob2WijzjL
v8qwSuofXl8nBfDTI1jZW7zS4EmaASsG93OtuBVhWaDF+7RO7EMgDK8dT0AIzqgI
xw7K4kQBD4M9/rr04CRZuqEPbI/vgIdSgSq28RqkfM6JYbcOs3gcmsAkI/lX6tgx
r1iIZvZQ0Ap4kWm4FvHkOhXENo1F0AGgN4UftfIB8d5DMUq2QBJYgpq61GbnJPBi
3nZutYQCk2Sjl538zvH87pzCGUKri2PlKvKneopSq5woQAf/V2KzEDE0w3M5d3n7
dvKreRS8m7rs3PR159+Xq/FdQfkaMkaDzyd0snCazHjk
-----END CERTIFICATE-----