Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/10c000-77b0-466d-b4cf-445400d703c8/1/kBCB2dunkrqzg_SLB8-xM23RZt0.roa
File:                     kBCB2dunkrqzg_SLB8-xM23RZt0.roa (raw, json)
Hash identifier:          7JjO+kfaDrDk7G2Fc1zLFdd1555LJH9UCjrEULuO84w=
Subject key identifier:   90:10:81:D9:DB:A7:92:BA:B3:83:F4:8B:07:CF:B1:33:6D:D1:66:DD
Certificate issuer:       /CN=cfcab8c9d217ac3079c3014b18d446e213f19492
Certificate serial:       019B77C6E9A3160F7CB66D99D5A746D206AC
Authority key identifier: CF:CA:B8:C9:D2:17:AC:30:79:C3:01:4B:18:D4:46:E2:13:F1:94:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z8q4ydIXrDB5wwFLGNRG4hPxlJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/10c000-77b0-466d-b4cf-445400d703c8/1/kBCB2dunkrqzg_SLB8-xM23RZt0.roa
Signing time:             Thu 01 Jan 2026 04:18:03 +0000
ROA not before:           Thu 01 Jan 2026 04:18:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204265
IP address blocks:        194.76.12.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/10c000-77b0-466d-b4cf-445400d703c8/1/z8q4ydIXrDB5wwFLGNRG4hPxlJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/10c000-77b0-466d-b4cf-445400d703c8/1/z8q4ydIXrDB5wwFLGNRG4hPxlJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z8q4ydIXrDB5wwFLGNRG4hPxlJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:e9:a3:16:0f:7c:b6:6d:99:d5:a7:46:d2:06:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcab8c9d217ac3079c3014b18d446e213f19492
        Validity
            Not Before: Jan  1 04:18:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=901081d9dba792bab383f48b07cfb1336dd166dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:d9:23:bb:65:68:f1:77:7e:db:e3:a0:11:2a:
                    79:48:0a:02:5a:83:0b:0f:9f:5e:47:1a:3f:bb:1d:
                    e1:19:86:c8:00:89:f3:5b:7c:1e:10:1e:ac:12:5f:
                    9a:ad:47:db:26:3d:d4:e7:a7:8a:23:80:d9:6a:4f:
                    9e:32:75:76:28:2a:20:a6:c2:1d:6f:4b:30:0b:14:
                    65:97:c3:f2:77:4d:8a:0a:7c:7e:26:33:f5:d4:b8:
                    1b:9f:76:dd:14:a2:c2:13:40:e3:b7:9e:f6:de:95:
                    4a:c5:d1:58:53:e7:06:95:b1:c3:95:9a:fc:3c:d1:
                    ff:4b:2a:35:b6:08:a5:9f:b5:5d:53:2e:01:fe:a9:
                    8a:cd:63:3d:88:b3:b5:84:15:bc:31:e1:e4:26:fe:
                    33:38:a8:52:41:f4:ca:62:ec:3d:f0:9d:6f:e4:53:
                    c2:0f:19:84:37:2d:2f:54:ec:f1:8b:57:9f:00:6f:
                    61:da:45:ec:ca:62:0e:35:56:99:f8:de:e2:80:f1:
                    2e:0c:07:65:d7:8c:4a:d8:88:1e:59:e9:e6:1a:be:
                    99:53:47:21:6e:a6:a3:34:0e:59:f7:a9:49:99:42:
                    70:4b:79:bd:2f:61:a2:a7:f4:23:ac:af:52:7a:f6:
                    76:2f:fa:0e:e4:ed:28:68:7b:5e:f3:76:c3:8e:47:
                    1b:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:10:81:D9:DB:A7:92:BA:B3:83:F4:8B:07:CF:B1:33:6D:D1:66:DD
            X509v3 Authority Key Identifier:
                keyid:CF:CA:B8:C9:D2:17:AC:30:79:C3:01:4B:18:D4:46:E2:13:F1:94:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z8q4ydIXrDB5wwFLGNRG4hPxlJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/10c000-77b0-466d-b4cf-445400d703c8/1/kBCB2dunkrqzg_SLB8-xM23RZt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/10c000-77b0-466d-b4cf-445400d703c8/1/z8q4ydIXrDB5wwFLGNRG4hPxlJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         bd:96:1b:03:13:d5:5a:fb:3c:9d:3d:c0:d8:2c:9a:08:ab:0e:
         1e:68:03:3a:7e:65:c8:0f:0d:7f:07:6f:12:b3:f0:44:4f:ba:
         0c:c0:b4:dc:55:f4:22:a5:12:ae:2c:86:ea:c8:04:01:98:85:
         bf:54:1d:9f:29:18:a9:36:c0:c7:df:ea:21:23:35:4d:12:1a:
         6e:aa:12:e1:fd:fc:41:a2:52:28:35:31:3f:85:5f:cc:a7:25:
         b2:aa:50:6b:e4:20:fc:c2:9c:c1:36:a7:79:59:bf:a7:82:3a:
         d4:f9:c4:0d:22:d0:ad:91:75:68:e9:42:d6:b1:19:53:9f:f5:
         b6:a2:13:4e:5a:1f:c4:36:b1:fc:66:5e:1d:69:e0:1d:d0:1d:
         ae:f9:a0:6a:4f:14:0d:80:cd:a0:77:c9:7f:7d:75:8a:9d:b9:
         2c:16:ac:0a:7b:2c:1e:a3:40:b6:13:79:7f:c6:c2:02:3a:46:
         2b:02:97:4f:b9:d0:63:39:00:b6:ba:39:c9:ab:4f:11:ce:41:
         9c:f5:38:ba:85:cb:26:92:da:2b:fd:39:d7:8a:0b:df:1c:db:
         2c:55:8d:4c:18:87:d2:4e:74:1d:74:53:fa:55:32:60:0e:26:
         0b:c5:02:ed:2e:8b:36:7b:94:7c:7d:57:43:1b:26:1c:fd:48:
         d9:ed:f0:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xumjFg98tm2Z1adG0gasMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2FiOGM5ZDIxN2FjMzA3OWMzMDE0YjE4ZDQ0NmUyMTNm
MTk0OTIwHhcNMjYwMTAxMDQxODAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDEwODFkOWRiYTc5MmJhYjM4M2Y0OGIwN2NmYjEzMzZkZDE2NmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodkju2Vo8Xd+2+OgESp5SAoCWoML
D59eRxo/ux3hGYbIAInzW3weEB6sEl+arUfbJj3U56eKI4DZak+eMnV2KCogpsId
b0swCxRll8Pyd02KCnx+JjP11Lgbn3bdFKLCE0Djt5723pVKxdFYU+cGlbHDlZr8
PNH/Syo1tgiln7VdUy4B/qmKzWM9iLO1hBW8MeHkJv4zOKhSQfTKYuw98J1v5FPC
DxmENy0vVOzxi1efAG9h2kXsymIONVaZ+N7igPEuDAdl14xK2IgeWenmGr6ZU0ch
bqajNA5Z96lJmUJwS3m9L2Gip/QjrK9SevZ2L/oO5O0oaHte83bDjkcbYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJAQgdnbp5K6s4P0iwfPsTNt0WbdMB8GA1UdIwQY
MBaAFM/KuMnSF6wwecMBSxjURuIT8ZSSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejhxNHlkSVhyREI1d3dGTEdOUkc0aFB4bEpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8xMGMwMDAtNzdiMC00NjZkLWI0Y2Yt
NDQ1NDAwZDcwM2M4LzEva0JDQjJkdW5rcnF6Z19TTEI4LXhNMjNSWnQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8xMGMwMDAtNzdiMC00NjZkLWI0Y2YtNDQ1NDAwZDcwM2M4
LzEvejhxNHlkSVhyREI1d3dGTEdOUkc0aFB4bEpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwkwMMA0G
CSqGSIb3DQEBCwUAA4IBAQC9lhsDE9Va+zydPcDYLJoIqw4eaAM6fmXIDw1/B28S
s/BET7oMwLTcVfQipRKuLIbqyAQBmIW/VB2fKRipNsDH3+ohIzVNEhpuqhLh/fxB
olIoNTE/hV/MpyWyqlBr5CD8wpzBNqd5Wb+ngjrU+cQNItCtkXVo6ULWsRlTn/W2
ohNOWh/ENrH8Zl4daeAd0B2u+aBqTxQNgM2gd8l/fXWKnbksFqwKeyweo0C2E3l/
xsICOkYrApdPudBjOQC2ujnJq08RzkGc9Ti6hcsmktor/TnXigvfHNssVY1MGIfS
TnQddFP6VTJgDiYLxQLtLos2e5R8fVdDGyYc/UjZ7fDW
-----END CERTIFICATE-----