Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/f942a1-c004-4484-bc1d-6b858209b5ee/1/KSUNvWYBdy4YdVAnXzSA_dxlq3c.roa
File:                     KSUNvWYBdy4YdVAnXzSA_dxlq3c.roa (raw, json)
Hash identifier:          r+AYd5x4wloqbdcvcL3nVXv/9WOqz9qSDvAaU5o0QB0=
Subject key identifier:   29:25:0D:BD:66:01:77:2E:18:75:50:27:5F:34:80:FD:DC:65:AB:77
Certificate issuer:       /CN=0ee592621d18309312c014c1122d94a4211fa82b
Certificate serial:       019DD9A966EDCE1E2790AA13033BE9F36C9C
Authority key identifier: 0E:E5:92:62:1D:18:30:93:12:C0:14:C1:12:2D:94:A4:21:1F:A8:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DuWSYh0YMJMSwBTBEi2UpCEfqCs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/f942a1-c004-4484-bc1d-6b858209b5ee/1/KSUNvWYBdy4YdVAnXzSA_dxlq3c.roa
Signing time:             Wed 29 Apr 2026 14:34:10 +0000
ROA not before:           Wed 29 Apr 2026 14:34:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     26548
IP address blocks:        94.154.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/f942a1-c004-4484-bc1d-6b858209b5ee/1/DuWSYh0YMJMSwBTBEi2UpCEfqCs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/f942a1-c004-4484-bc1d-6b858209b5ee/1/DuWSYh0YMJMSwBTBEi2UpCEfqCs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DuWSYh0YMJMSwBTBEi2UpCEfqCs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d9:a9:66:ed:ce:1e:27:90:aa:13:03:3b:e9:f3:6c:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ee592621d18309312c014c1122d94a4211fa82b
        Validity
            Not Before: Apr 29 14:34:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=29250dbd6601772e187550275f3480fddc65ab77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:11:fe:ee:2d:b0:40:b0:90:4c:4e:d1:ce:5c:
                    c7:ab:00:36:6e:3b:89:9d:47:3b:53:a2:63:1a:79:
                    cd:2c:69:e0:25:84:1b:c9:97:de:fc:03:43:cc:7b:
                    46:53:ab:c6:9c:2d:09:b2:94:1c:20:a4:cc:8d:41:
                    f2:84:ec:54:ae:a3:52:64:23:eb:90:f7:6b:95:a8:
                    5b:e3:18:d6:aa:b5:1e:f7:b6:1e:dd:76:57:fb:6b:
                    97:4e:2d:8f:62:4d:3b:43:d8:20:f1:07:7c:73:98:
                    08:3a:e0:db:61:e9:af:15:d5:b6:ef:d0:c5:e8:bc:
                    36:77:e6:23:2e:c2:16:62:d1:50:35:c2:21:c2:19:
                    8a:77:4f:8f:03:50:e6:69:03:ad:13:f3:95:52:4a:
                    c6:56:d9:19:b5:3c:6e:40:e9:8e:f4:ad:13:9b:65:
                    29:8e:97:5a:2a:90:cd:e6:1b:e5:ec:51:94:44:a2:
                    62:b8:47:c2:69:96:89:57:66:79:ab:a8:43:c0:96:
                    38:de:cc:d1:f3:88:98:b3:31:65:66:d1:42:64:61:
                    34:12:51:fe:bf:43:5d:7c:94:80:2c:ce:97:2a:08:
                    77:ea:e5:ff:f2:b7:93:c1:ef:34:24:96:bd:ee:58:
                    f6:7a:21:db:46:00:de:ba:b8:ee:88:47:6f:c3:62:
                    87:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:25:0D:BD:66:01:77:2E:18:75:50:27:5F:34:80:FD:DC:65:AB:77
            X509v3 Authority Key Identifier:
                keyid:0E:E5:92:62:1D:18:30:93:12:C0:14:C1:12:2D:94:A4:21:1F:A8:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DuWSYh0YMJMSwBTBEi2UpCEfqCs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/f942a1-c004-4484-bc1d-6b858209b5ee/1/KSUNvWYBdy4YdVAnXzSA_dxlq3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/f942a1-c004-4484-bc1d-6b858209b5ee/1/DuWSYh0YMJMSwBTBEi2UpCEfqCs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:57:37:24:3b:ee:a2:30:3d:85:19:34:db:ee:44:4b:74:50:
         3d:fb:5b:6c:77:37:fc:64:5a:24:a1:d5:5c:89:e3:0b:ea:7a:
         55:a7:99:bb:bf:21:01:97:37:87:45:05:c7:cd:99:5e:07:79:
         c6:d3:ee:ce:ec:9d:d0:1c:7b:4c:83:35:26:b5:08:68:a0:d2:
         cc:d3:95:cd:23:65:bd:66:b3:9c:ba:1d:b1:87:23:86:09:f1:
         7b:68:ca:32:04:65:60:3c:54:a3:79:e0:84:cf:e9:c0:58:f8:
         d4:02:bd:a9:94:cd:a3:66:4e:aa:9e:44:fa:c7:ef:bc:d0:8c:
         9c:4e:61:d3:8a:73:fa:e8:53:1e:91:ba:c3:d5:36:c6:e1:5e:
         10:c9:10:46:80:1d:fa:b4:6a:d7:f0:3c:15:dd:e2:90:b5:21:
         6d:33:2e:a1:80:06:b0:41:cf:c3:cb:4a:50:02:07:11:13:08:
         9d:ea:b2:aa:cc:f5:8e:8b:7f:b6:93:e9:d3:b4:4a:46:86:12:
         b9:6d:d1:a6:a2:2a:70:7d:14:21:d6:6e:12:c6:f8:d0:a4:11:
         ba:95:b4:d1:5b:ff:fe:f4:93:68:8b:72:2a:c5:32:ae:47:a0:
         76:b8:4c:89:25:77:b7:1d:1c:f4:0e:3b:bb:94:fe:2c:ce:9b:
         73:8d:21:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3ZqWbtzh4nkKoTAzvp82ycMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZTU5MjYyMWQxODMwOTMxMmMwMTRjMTEyMmQ5NGE0MjEx
ZmE4MmIwHhcNMjYwNDI5MTQzNDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTI1MGRiZDY2MDE3NzJlMTg3NTUwMjc1ZjM0ODBmZGRjNjVhYjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4BH+7i2wQLCQTE7RzlzHqwA2bjuJ
nUc7U6JjGnnNLGngJYQbyZfe/ANDzHtGU6vGnC0JspQcIKTMjUHyhOxUrqNSZCPr
kPdrlahb4xjWqrUe97Ye3XZX+2uXTi2PYk07Q9gg8Qd8c5gIOuDbYemvFdW279DF
6Lw2d+YjLsIWYtFQNcIhwhmKd0+PA1DmaQOtE/OVUkrGVtkZtTxuQOmO9K0Tm2Up
jpdaKpDN5hvl7FGURKJiuEfCaZaJV2Z5q6hDwJY43szR84iYszFlZtFCZGE0ElH+
v0NdfJSALM6XKgh36uX/8reTwe80JJa97lj2eiHbRgDeurjuiEdvw2KHaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCklDb1mAXcuGHVQJ180gP3cZat3MB8GA1UdIwQY
MBaAFA7lkmIdGDCTEsAUwRItlKQhH6grMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHVXU1loMFlNSk1Td0JUQkVpMlVwQ0VmcUNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9mOTQyYTEtYzAwNC00NDg0LWJjMWQt
NmI4NTgyMDliNWVlLzEvS1NVTnZXWUJkeTRZZFZBblh6U0FfZHhscTNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9mOTQyYTEtYzAwNC00NDg0LWJjMWQtNmI4NTgyMDliNWVl
LzEvRHVXU1loMFlNSk1Td0JUQkVpMlVwQ0VmcUNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpp/MA0G
CSqGSIb3DQEBCwUAA4IBAQCYVzckO+6iMD2FGTTb7kRLdFA9+1tsdzf8ZFokodVc
ieML6npVp5m7vyEBlzeHRQXHzZleB3nG0+7O7J3QHHtMgzUmtQhooNLM05XNI2W9
ZrOcuh2xhyOGCfF7aMoyBGVgPFSjeeCEz+nAWPjUAr2plM2jZk6qnkT6x++80Iyc
TmHTinP66FMekbrD1TbG4V4QyRBGgB36tGrX8DwV3eKQtSFtMy6hgAawQc/Dy0pQ
AgcREwid6rKqzPWOi3+2k+nTtEpGhhK5bdGmoipwfRQh1m4SxvjQpBG6lbTRW//+
9JNoi3IqxTKuR6B2uEyJJXe3HRz0Dju7lP4szptzjSHU
-----END CERTIFICATE-----