Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/64d2dc-1c7d-47a0-ad37-45437d16cf73/1/KpOVliaxx-PBOI1CU_TAZ5HhafU.roa
File:                     KpOVliaxx-PBOI1CU_TAZ5HhafU.roa (raw, json)
Hash identifier:          ABc8FPfWa63f8LmgxSlPOmwLetsBlnynj8+00ypF/DQ=
Subject key identifier:   2A:93:95:96:26:B1:C7:E3:C1:38:8D:42:53:F4:C0:67:91:E1:69:F5
Certificate issuer:       /CN=9177ba4c654da982f6211575fcc81c4f09cb3a1b
Certificate serial:       019B77C70236BC2DFB27FA4B9F40D2457DF6
Authority key identifier: 91:77:BA:4C:65:4D:A9:82:F6:21:15:75:FC:C8:1C:4F:09:CB:3A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kXe6TGVNqYL2IRV1_MgcTwnLOhs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/64d2dc-1c7d-47a0-ad37-45437d16cf73/1/KpOVliaxx-PBOI1CU_TAZ5HhafU.roa
Signing time:             Thu 01 Jan 2026 04:18:09 +0000
ROA not before:           Thu 01 Jan 2026 04:18:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205716
IP address blocks:        46.254.156.0/22 maxlen: 22
                          185.96.216.0/22 maxlen: 22
                          185.208.244.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/64d2dc-1c7d-47a0-ad37-45437d16cf73/1/kXe6TGVNqYL2IRV1_MgcTwnLOhs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/64d2dc-1c7d-47a0-ad37-45437d16cf73/1/kXe6TGVNqYL2IRV1_MgcTwnLOhs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kXe6TGVNqYL2IRV1_MgcTwnLOhs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:02:36:bc:2d:fb:27:fa:4b:9f:40:d2:45:7d:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9177ba4c654da982f6211575fcc81c4f09cb3a1b
        Validity
            Not Before: Jan  1 04:18:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2a93959626b1c7e3c1388d4253f4c06791e169f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:48:31:1d:7f:23:42:3d:ec:71:37:8b:30:cf:
                    4b:21:0c:9e:a8:1a:4e:a9:cd:ad:4f:b2:c8:92:37:
                    8e:0a:e0:26:71:30:7f:0f:59:08:c1:ed:25:6a:60:
                    3b:b8:ae:7f:0f:57:ac:11:92:8e:13:25:20:8a:87:
                    da:54:95:48:20:57:73:2e:50:a7:84:b0:11:b6:a5:
                    3c:a9:d6:ca:cc:21:98:3c:5f:2c:08:6a:fa:3c:2f:
                    f5:13:2d:c4:fc:0c:b8:87:c1:d3:50:82:97:3c:41:
                    9d:f5:3b:36:de:5e:37:21:ae:11:f4:10:1f:78:f7:
                    af:d5:83:18:85:90:9e:31:52:42:cb:14:33:61:62:
                    97:c0:8e:da:32:f7:74:7e:86:40:5b:f5:f1:b9:1f:
                    e9:bf:f1:b3:5a:75:51:e3:c0:69:14:06:a1:7c:37:
                    b4:0f:da:a0:7d:62:3b:2f:9a:f0:b3:94:01:53:9b:
                    7a:4f:42:e7:80:0e:a9:62:33:17:c1:9a:bd:ed:4b:
                    42:e1:5d:2f:00:73:9f:8f:ce:4e:98:11:5c:ee:5e:
                    83:db:70:7b:3d:d9:dc:a8:c3:76:3f:71:ab:67:3a:
                    45:7d:c5:27:be:d1:3f:ea:30:a5:bd:3f:13:26:16:
                    2a:24:fb:10:f9:1a:a8:ce:b3:32:d0:da:e8:3a:23:
                    25:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:93:95:96:26:B1:C7:E3:C1:38:8D:42:53:F4:C0:67:91:E1:69:F5
            X509v3 Authority Key Identifier:
                keyid:91:77:BA:4C:65:4D:A9:82:F6:21:15:75:FC:C8:1C:4F:09:CB:3A:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kXe6TGVNqYL2IRV1_MgcTwnLOhs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/64d2dc-1c7d-47a0-ad37-45437d16cf73/1/KpOVliaxx-PBOI1CU_TAZ5HhafU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/64d2dc-1c7d-47a0-ad37-45437d16cf73/1/kXe6TGVNqYL2IRV1_MgcTwnLOhs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.254.156.0/22
                  185.96.216.0/22
                  185.208.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         31:8b:ad:1f:d1:d5:27:aa:d3:dd:a4:d3:68:a1:95:44:a5:38:
         1a:de:45:a2:69:40:23:1f:0f:3c:e7:5a:b3:01:6b:63:5e:57:
         41:4f:45:a9:54:3b:20:9d:8b:97:9d:54:47:40:77:81:0f:84:
         5b:15:bd:8a:cc:c2:0c:78:6e:d4:82:7a:69:1f:be:5e:ed:36:
         a7:5b:cc:d4:20:11:08:70:c3:ac:81:ab:74:74:9d:2a:d7:8e:
         e5:9c:52:70:d4:14:e1:d8:23:11:5c:29:91:df:c0:92:af:76:
         12:e4:cd:27:fe:f6:22:c8:19:91:34:fc:14:55:55:98:c1:7b:
         1f:48:88:68:14:47:03:1a:ca:fe:37:0e:5e:8e:3d:6c:a4:77:
         8d:78:bc:1e:6f:8b:0d:80:20:35:7e:d2:8f:42:60:f6:20:68:
         89:04:c3:13:7d:a4:b1:66:ae:9f:77:5a:e8:ee:37:34:9a:35:
         6f:2d:8a:80:c9:8a:fb:b7:f7:5d:12:c8:51:9a:e0:48:4f:7e:
         b0:a7:5c:8b:8e:e9:0e:7e:db:be:60:15:c5:ce:c7:31:9e:78:
         a7:a4:cb:2f:65:3f:c5:5b:61:01:84:1d:90:c4:0b:41:38:eb:
         d4:11:e6:2c:08:1a:15:1a:c6:7c:5a:57:41:d0:c0:4a:90:e2:
         35:cc:ac:e3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZt3xwI2vC37J/pLn0DSRX32MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNzdiYTRjNjU0ZGE5ODJmNjIxMTU3NWZjYzgxYzRmMDlj
YjNhMWIwHhcNMjYwMTAxMDQxODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTkzOTU5NjI2YjFjN2UzYzEzODhkNDI1M2Y0YzA2NzkxZTE2OWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3EgxHX8jQj3scTeLMM9LIQyeqBpO
qc2tT7LIkjeOCuAmcTB/D1kIwe0lamA7uK5/D1esEZKOEyUgiofaVJVIIFdzLlCn
hLARtqU8qdbKzCGYPF8sCGr6PC/1Ey3E/Ay4h8HTUIKXPEGd9Ts23l43Ia4R9BAf
ePev1YMYhZCeMVJCyxQzYWKXwI7aMvd0foZAW/XxuR/pv/GzWnVR48BpFAahfDe0
D9qgfWI7L5rws5QBU5t6T0LngA6pYjMXwZq97UtC4V0vAHOfj85OmBFc7l6D23B7
PdncqMN2P3GrZzpFfcUnvtE/6jClvT8TJhYqJPsQ+RqozrMy0NroOiMlYwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCqTlZYmscfjwTiNQlP0wGeR4Wn1MB8GA1UdIwQY
MBaAFJF3ukxlTamC9iEVdfzIHE8JyzobMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1hlNlRHVk5xWUwySVJWMV9NZ2NUd25MT2hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My82NGQyZGMtMWM3ZC00N2EwLWFkMzct
NDU0MzdkMTZjZjczLzEvS3BPVmxpYXh4LVBCT0kxQ1VfVEFaNUhoYWZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My82NGQyZGMtMWM3ZC00N2EwLWFkMzctNDU0MzdkMTZjZjcz
LzEva1hlNlRHVk5xWUwySVJWMV9NZ2NUd25MT2hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLv6cAwQC
uWDYAwQCudD0MA0GCSqGSIb3DQEBCwUAA4IBAQAxi60f0dUnqtPdpNNooZVEpTga
3kWiaUAjHw8851qzAWtjXldBT0WpVDsgnYuXnVRHQHeBD4RbFb2KzMIMeG7Ugnpp
H75e7TanW8zUIBEIcMOsgat0dJ0q147lnFJw1BTh2CMRXCmR38CSr3YS5M0n/vYi
yBmRNPwUVVWYwXsfSIhoFEcDGsr+Nw5ejj1spHeNeLweb4sNgCA1ftKPQmD2IGiJ
BMMTfaSxZq6fd1ro7jc0mjVvLYqAyYr7t/ddEshRmuBIT36wp1yLjukOftu+YBXF
zscxnninpMsvZT/FW2EBhB2QxAtBOOvUEeYsCBoVGsZ8WldB0MBKkOI1zKzj
-----END CERTIFICATE-----