Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/ad1301-149c-4c21-98b3-446a8913d4b8/1/K3--tSHrK6jHY5tkxG0drJwKCRw.roa
File:                     K3--tSHrK6jHY5tkxG0drJwKCRw.roa (raw, json)
Hash identifier:          FEwiaAI6iVYZhO3Y0U4cLdmpsBfhF+ZTk9nAW/Qd0gc=
Subject key identifier:   2B:7F:BE:B5:21:EB:2B:A8:C7:63:9B:64:C4:6D:1D:AC:9C:0A:09:1C
Certificate issuer:       /CN=b26bb4333efe9e14c4831b05821416e5c55bdf42
Certificate serial:       019CDA20396858C76011D1FDD202C2DD763F
Authority key identifier: B2:6B:B4:33:3E:FE:9E:14:C4:83:1B:05:82:14:16:E5:C5:5B:DF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/smu0Mz7-nhTEgxsFghQW5cVb30I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/ad1301-149c-4c21-98b3-446a8913d4b8/1/K3--tSHrK6jHY5tkxG0drJwKCRw.roa
Signing time:             Tue 10 Mar 2026 23:41:10 +0000
ROA not before:           Tue 10 Mar 2026 23:41:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        91.212.235.0/24 maxlen: 24
                          2001:7f8:9f::/48 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/ad1301-149c-4c21-98b3-446a8913d4b8/1/smu0Mz7-nhTEgxsFghQW5cVb30I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/ad1301-149c-4c21-98b3-446a8913d4b8/1/smu0Mz7-nhTEgxsFghQW5cVb30I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/smu0Mz7-nhTEgxsFghQW5cVb30I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:da:20:39:68:58:c7:60:11:d1:fd:d2:02:c2:dd:76:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b26bb4333efe9e14c4831b05821416e5c55bdf42
        Validity
            Not Before: Mar 10 23:41:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2b7fbeb521eb2ba8c7639b64c46d1dac9c0a091c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:c7:11:b7:de:ef:0d:fb:41:62:a7:fe:45:a9:
                    75:a9:c7:6a:55:98:cc:24:37:68:07:fc:e5:b5:71:
                    99:74:f6:4f:69:6f:57:cd:6d:ac:75:a5:4c:ae:28:
                    13:18:3c:c3:05:82:9b:20:74:80:04:dd:77:df:1e:
                    ee:21:5d:9a:f3:6e:e4:73:cb:b1:21:93:a7:de:44:
                    cf:25:af:93:25:cc:ea:cd:6b:d5:74:70:f1:e3:04:
                    2f:52:1f:b3:ce:59:b8:ea:87:9a:47:b5:63:56:e7:
                    1d:f0:0c:fb:72:a2:32:a5:7e:fd:d7:87:22:d9:80:
                    1e:ff:04:2e:27:ec:28:f6:48:18:42:ae:a8:5f:8b:
                    cc:20:e7:53:41:99:95:ea:68:e8:2b:05:ba:37:4a:
                    de:fe:5f:36:c6:fc:b8:c8:50:dc:36:ad:46:50:fd:
                    9a:b6:87:1b:f1:3f:c2:7d:ca:f4:1f:41:00:96:92:
                    cd:9a:2c:aa:a5:0b:9a:f1:b0:19:a2:17:26:27:f7:
                    e7:97:80:df:58:c2:96:79:64:85:54:38:99:6b:22:
                    d1:90:d6:a2:ce:f0:c1:9b:cc:64:3a:ba:88:50:ad:
                    aa:28:7d:19:5b:51:69:e8:c4:ed:cd:1b:dd:68:27:
                    b5:06:90:1e:05:b9:02:0b:11:53:81:9d:40:52:22:
                    d3:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:7F:BE:B5:21:EB:2B:A8:C7:63:9B:64:C4:6D:1D:AC:9C:0A:09:1C
            X509v3 Authority Key Identifier:
                keyid:B2:6B:B4:33:3E:FE:9E:14:C4:83:1B:05:82:14:16:E5:C5:5B:DF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/smu0Mz7-nhTEgxsFghQW5cVb30I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/ad1301-149c-4c21-98b3-446a8913d4b8/1/K3--tSHrK6jHY5tkxG0drJwKCRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/ad1301-149c-4c21-98b3-446a8913d4b8/1/smu0Mz7-nhTEgxsFghQW5cVb30I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.235.0/24
                IPv6:
                  2001:7f8:9f::/48

    Signature Algorithm: sha256WithRSAEncryption
         0e:52:5d:32:3b:ec:e4:4f:c7:15:95:7c:97:8c:cd:8a:12:47:
         2f:7a:25:92:89:e4:42:3e:96:0b:ab:32:47:08:f0:7b:57:ed:
         c4:d2:aa:c6:c2:58:0a:6a:ce:a9:a3:31:aa:8d:06:6f:48:ec:
         09:c0:ba:f5:6b:ef:ee:eb:2c:95:4f:a8:46:94:66:48:69:7b:
         1b:76:41:9b:55:e1:bb:0c:92:3f:f8:2d:d7:43:8c:be:d2:53:
         26:3d:9f:3e:dd:c2:f9:66:93:9c:5e:13:d3:0e:b5:5f:85:06:
         93:58:14:09:64:da:70:bf:7e:39:7f:d6:57:05:ae:ac:78:49:
         6d:93:81:9e:af:75:93:6a:ab:3c:a4:f4:c3:96:e4:de:57:f5:
         65:06:4b:b4:67:e7:f3:40:46:cc:7c:7b:35:be:43:e2:36:45:
         90:18:9c:47:3a:91:2b:f5:b5:b0:32:4f:de:cf:7b:d9:61:04:
         2a:07:8f:cb:13:5e:ee:60:5a:3f:7d:19:a3:45:bf:dd:c7:ab:
         f7:f8:df:75:b6:81:73:8a:22:b2:88:bd:3e:d8:5a:24:b9:bd:
         c3:79:e5:c4:5a:48:b6:0c:41:53:e2:f9:49:41:2d:48:f3:fd:
         99:84:c7:ee:38:3e:b8:d8:81:74:74:1b:b1:3f:0b:dd:6e:d3:
         f7:84:dc:78
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZzaIDloWMdgEdH90gLC3XY/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNmJiNDMzM2VmZTllMTRjNDgzMWIwNTgyMTQxNmU1YzU1
YmRmNDIwHhcNMjYwMzEwMjM0MTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjdmYmViNTIxZWIyYmE4Yzc2MzliNjRjNDZkMWRhYzljMGEwOTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxMcRt97vDftBYqf+Ral1qcdqVZjM
JDdoB/zltXGZdPZPaW9XzW2sdaVMrigTGDzDBYKbIHSABN133x7uIV2a827kc8ux
IZOn3kTPJa+TJczqzWvVdHDx4wQvUh+zzlm46oeaR7VjVucd8Az7cqIypX7914ci
2YAe/wQuJ+wo9kgYQq6oX4vMIOdTQZmV6mjoKwW6N0re/l82xvy4yFDcNq1GUP2a
tocb8T/Cfcr0H0EAlpLNmiyqpQua8bAZohcmJ/fnl4DfWMKWeWSFVDiZayLRkNai
zvDBm8xkOrqIUK2qKH0ZW1Fp6MTtzRvdaCe1BpAeBbkCCxFTgZ1AUiLTfQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCt/vrUh6yuox2ObZMRtHaycCgkcMB8GA1UdIwQY
MBaAFLJrtDM+/p4UxIMbBYIUFuXFW99CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc211ME16Ny1uaFRFZ3hzRmdoUVc1Y1ZiMzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hZDEzMDEtMTQ5Yy00YzIxLTk4YjMt
NDQ2YTg5MTNkNGI4LzEvSzMtLXRTSHJLNmpIWTV0a3hHMGRySndLQ1J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hZDEzMDEtMTQ5Yy00YzIxLTk4YjMtNDQ2YTg5MTNkNGI4
LzEvc211ME16Ny1uaFRFZ3hzRmdoUVc1Y1ZiMzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9TrMA8E
AgACMAkDBwAgAQf4AJ8wDQYJKoZIhvcNAQELBQADggEBAA5SXTI77ORPxxWVfJeM
zYoSRy96JZKJ5EI+lgurMkcI8HtX7cTSqsbCWApqzqmjMaqNBm9I7AnAuvVr7+7r
LJVPqEaUZkhpext2QZtV4bsMkj/4LddDjL7SUyY9nz7dwvlmk5xeE9MOtV+FBpNY
FAlk2nC/fjl/1lcFrqx4SW2TgZ6vdZNqqzyk9MOW5N5X9WUGS7Rn5/NARsx8ezW+
Q+I2RZAYnEc6kSv1tbAyT97Pe9lhBCoHj8sTXu5gWj99GaNFv93Hq/f433W2gXOK
IrKIvT7YWiS5vcN55cRaSLYMQVPi+UlBLUjz/ZmEx+44PrjYgXR0G7E/C91u0/eE
3Hg=
-----END CERTIFICATE-----