Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/kDsPNHHspf1J3vE5ZjTU5waPI4A.roa
File:                     kDsPNHHspf1J3vE5ZjTU5waPI4A.roa (raw, json)
Hash identifier:          jHkCWaVOXIfrgVbY6k4D78W/CE+PQ282fNnCY/tP3ys=
Subject key identifier:   90:3B:0F:34:71:EC:A5:FD:49:DE:F1:39:66:34:D4:E7:06:8F:23:80
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       019CFB928238A1090FC10F545479183582BA
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/kDsPNHHspf1J3vE5ZjTU5waPI4A.roa
Signing time:             Tue 17 Mar 2026 11:33:28 +0000
ROA not before:           Tue 17 Mar 2026 11:33:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     30058
IP address blocks:        185.248.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fb:92:82:38:a1:09:0f:c1:0f:54:54:79:18:35:82:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: Mar 17 11:33:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=903b0f3471eca5fd49def1396634d4e7068f2380
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:16:41:61:e3:72:fc:4d:81:72:0b:d0:cb:15:
                    98:69:e6:57:6b:c2:d3:00:86:d7:e4:c3:31:f3:87:
                    bb:01:ed:d7:54:ed:ea:46:29:f7:83:91:b7:47:c3:
                    42:ed:83:25:2b:7b:b8:d7:d6:fe:48:46:53:2e:28:
                    c0:c4:fe:d9:22:57:73:34:e3:34:6a:51:fa:9b:4b:
                    0d:ca:c8:4c:b9:02:5c:d4:43:f4:3e:fc:7a:4b:4a:
                    bf:5a:61:9e:91:0b:f8:d1:c3:c5:ec:76:4c:53:ce:
                    eb:95:72:76:6b:b8:97:a4:24:11:1d:04:19:dc:ca:
                    82:78:06:8c:68:6e:7d:e1:0b:80:13:7f:0d:bc:c2:
                    c3:52:0f:19:85:3c:eb:f5:e8:2a:21:15:21:0c:4e:
                    7b:29:af:2e:86:d1:f3:b1:07:0e:49:ea:d1:2f:d7:
                    1e:a9:6e:c5:b9:59:ec:de:cc:ce:0b:b7:71:7a:f8:
                    4f:77:6c:91:8d:7f:e0:c3:e5:b7:3a:e8:05:15:f5:
                    9c:bb:ae:e9:48:ac:38:52:fd:fd:9b:b7:12:0e:61:
                    9f:1c:7e:0d:69:3c:46:86:9d:27:6b:ed:5e:70:8c:
                    af:6d:02:f1:a9:82:bd:18:20:27:60:a5:73:b0:54:
                    a3:6a:76:e9:55:a2:fe:b9:e2:00:7e:a5:2b:f4:f7:
                    79:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:3B:0F:34:71:EC:A5:FD:49:DE:F1:39:66:34:D4:E7:06:8F:23:80
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/kDsPNHHspf1J3vE5ZjTU5waPI4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.248.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:ad:a2:34:02:1c:e3:45:dc:ec:82:60:ca:73:b3:29:c6:b3:
         48:e6:1c:6d:e9:6b:60:1d:2e:ca:1b:38:ca:d8:03:fe:5e:7c:
         4e:20:87:21:c7:14:68:2b:2e:29:cc:af:0d:0f:bb:fb:8f:d8:
         ac:11:60:1a:a3:8a:00:a1:e1:3f:82:17:1f:c1:2d:bb:2f:c9:
         cc:a3:84:99:36:20:b3:f8:00:a6:78:0a:dd:97:d8:84:92:47:
         7f:2e:20:6b:90:69:34:26:7b:c4:cf:a0:99:6c:83:f1:dc:d5:
         36:09:6c:bc:3c:4f:e1:92:01:31:fe:d5:8b:3d:99:9e:16:d4:
         fe:90:bd:15:b2:16:36:06:8c:ad:0d:ec:28:9f:a5:f9:0c:9b:
         0f:21:07:c1:2a:9d:da:a0:53:07:2b:ba:00:2b:ec:7a:5a:e8:
         58:e6:17:70:c6:33:86:b0:a2:cc:4e:97:93:02:0b:d0:12:fd:
         48:c1:03:ad:56:db:88:a9:51:32:de:72:8d:d3:26:39:73:4e:
         3a:49:1e:2c:58:4d:8b:4c:2c:54:93:86:41:7f:89:85:c4:29:
         54:7b:64:16:f9:ed:f9:f6:6f:24:15:54:a5:ad:ec:02:4d:f8:
         9f:e0:84:9a:99:24:71:f4:7d:bf:4f:25:96:77:89:23:75:62:
         bc:6f:45:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz7koI4oQkPwQ9UVHkYNYK6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjYwMzE3MTEzMzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDNiMGYzNDcxZWNhNWZkNDlkZWYxMzk2NjM0ZDRlNzA2OGYyMzgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6hZBYeNy/E2BcgvQyxWYaeZXa8LT
AIbX5MMx84e7Ae3XVO3qRin3g5G3R8NC7YMlK3u419b+SEZTLijAxP7ZIldzNOM0
alH6m0sNyshMuQJc1EP0Pvx6S0q/WmGekQv40cPF7HZMU87rlXJ2a7iXpCQRHQQZ
3MqCeAaMaG594QuAE38NvMLDUg8ZhTzr9egqIRUhDE57Ka8uhtHzsQcOSerRL9ce
qW7FuVns3szOC7dxevhPd2yRjX/gw+W3OugFFfWcu67pSKw4Uv39m7cSDmGfHH4N
aTxGhp0na+1ecIyvbQLxqYK9GCAnYKVzsFSjanbpVaL+ueIAfqUr9Pd5jQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJA7DzRx7KX9Sd7xOWY01OcGjyOAMB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEva0RzUE5ISHNwZjFKM3ZFNVpqVFU1d2FQSTRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufiqMA0G
CSqGSIb3DQEBCwUAA4IBAQAHraI0AhzjRdzsgmDKc7MpxrNI5hxt6WtgHS7KGzjK
2AP+XnxOIIchxxRoKy4pzK8ND7v7j9isEWAao4oAoeE/ghcfwS27L8nMo4SZNiCz
+ACmeArdl9iEkkd/LiBrkGk0JnvEz6CZbIPx3NU2CWy8PE/hkgEx/tWLPZmeFtT+
kL0VshY2BoytDewon6X5DJsPIQfBKp3aoFMHK7oAK+x6WuhY5hdwxjOGsKLMTpeT
AgvQEv1IwQOtVtuIqVEy3nKN0yY5c046SR4sWE2LTCxUk4ZBf4mFxClUe2QW+e35
9m8kFVSlrewCTfif4ISamSRx9H2/TyWWd4kjdWK8b0Vi
-----END CERTIFICATE-----