Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/14f429-03b4-4423-bb4c-f0c33256fb22/1/kZq33BHakZDY4YJudXNmheZzloo.roa
File:                     kZq33BHakZDY4YJudXNmheZzloo.roa (raw, json)
Hash identifier:          KtUW+9Vb1TNUqTSbu6bQAx1rz4MVZIFaAepB6yKKaic=
Subject key identifier:   91:9A:B7:DC:11:DA:91:90:D8:E1:82:6E:75:73:66:85:E6:73:96:8A
Certificate issuer:       /CN=b793a547bf0be2deed7c84fe902e3366577a2314
Certificate serial:       019E200321F4511D1AE5B721F3CD9E90542A
Authority key identifier: B7:93:A5:47:BF:0B:E2:DE:ED:7C:84:FE:90:2E:33:66:57:7A:23:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t5OlR78L4t7tfIT-kC4zZld6IxQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/14f429-03b4-4423-bb4c-f0c33256fb22/1/kZq33BHakZDY4YJudXNmheZzloo.roa
Signing time:             Wed 13 May 2026 06:25:36 +0000
ROA not before:           Wed 13 May 2026 06:25:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34309
IP address blocks:        2.56.169.0/24 maxlen: 24
                          91.236.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/14f429-03b4-4423-bb4c-f0c33256fb22/1/t5OlR78L4t7tfIT-kC4zZld6IxQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/14f429-03b4-4423-bb4c-f0c33256fb22/1/t5OlR78L4t7tfIT-kC4zZld6IxQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t5OlR78L4t7tfIT-kC4zZld6IxQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:25:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:20:03:21:f4:51:1d:1a:e5:b7:21:f3:cd:9e:90:54:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b793a547bf0be2deed7c84fe902e3366577a2314
        Validity
            Not Before: May 13 06:25:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=919ab7dc11da9190d8e1826e75736685e673968a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:45:53:5e:2c:60:ef:58:0a:30:26:d6:76:fb:
                    33:ab:ba:53:a6:d2:76:5b:3f:d3:99:bd:36:4e:10:
                    aa:78:6d:88:28:a9:72:07:5e:a1:04:3a:f7:8f:f8:
                    dd:70:cd:ed:c1:1a:5d:7e:02:2a:f4:5e:44:92:11:
                    a2:b7:fe:aa:8f:d1:ee:f7:91:9b:ce:cc:a2:0a:52:
                    f9:55:2d:a7:1c:6c:93:0d:6d:d8:d0:f2:44:c9:90:
                    f7:d1:f7:7f:81:9b:89:ac:8c:24:c4:ca:50:f3:b6:
                    18:8f:58:03:e9:03:2f:fc:92:17:89:c7:6c:2f:40:
                    8a:6a:02:4a:2b:af:92:bd:87:76:4a:1e:0f:2e:9d:
                    0b:b7:b9:47:ec:4b:e8:5f:46:a1:0a:f2:4e:84:d3:
                    12:6f:9c:60:73:63:55:11:e3:85:84:c1:b7:98:d5:
                    af:25:ba:40:ff:d0:8b:3c:1c:04:ce:d8:1c:1a:e0:
                    5e:51:d8:72:da:bb:41:97:76:e9:87:4c:a5:c1:f9:
                    54:65:07:8b:f2:04:22:82:8d:86:98:f6:d5:f9:17:
                    f6:99:82:74:62:41:7d:d3:b2:8f:f0:ff:9b:32:e1:
                    2f:47:fe:e7:97:d8:2e:c3:0d:6e:61:5f:98:14:8e:
                    b8:b2:91:93:96:82:e8:0e:38:60:22:b3:1a:25:16:
                    6d:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:9A:B7:DC:11:DA:91:90:D8:E1:82:6E:75:73:66:85:E6:73:96:8A
            X509v3 Authority Key Identifier:
                keyid:B7:93:A5:47:BF:0B:E2:DE:ED:7C:84:FE:90:2E:33:66:57:7A:23:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t5OlR78L4t7tfIT-kC4zZld6IxQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/14f429-03b4-4423-bb4c-f0c33256fb22/1/kZq33BHakZDY4YJudXNmheZzloo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/14f429-03b4-4423-bb4c-f0c33256fb22/1/t5OlR78L4t7tfIT-kC4zZld6IxQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.169.0/24
                  91.236.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:0e:ee:5b:47:94:d2:06:11:f5:15:13:6a:48:ed:f5:93:b2:
         27:96:16:17:26:e2:73:1a:ac:33:02:60:34:30:7b:16:e5:67:
         49:91:88:a9:d2:f7:73:36:bd:23:f5:f3:34:0f:f8:fb:54:90:
         f8:c4:69:b1:eb:02:24:13:ef:94:da:00:87:f5:73:36:81:61:
         03:78:33:ff:7c:f1:a2:ef:2d:a6:c0:2d:e2:f1:8b:0c:89:4c:
         11:21:7d:52:4c:a2:91:41:4f:50:1e:d0:0b:c1:3f:53:a8:4b:
         89:ac:4e:c8:07:72:bd:76:ae:78:00:d5:60:dd:7a:ef:23:fb:
         b6:4e:61:6b:f5:b8:54:e9:af:bc:3a:b6:f5:f0:ec:da:b9:50:
         d4:83:4b:dd:88:1e:a0:4a:09:b5:99:43:01:45:a4:ce:74:8f:
         19:75:38:97:30:50:cf:fc:04:35:e3:8f:5e:5d:e4:93:89:f6:
         2c:18:ca:81:3b:8e:c9:cc:06:e1:c8:d5:f0:b6:41:4c:9c:09:
         76:a0:e8:40:08:f1:57:99:08:bf:b5:f1:3e:85:48:32:b1:2a:
         51:bf:1f:9b:48:64:7c:a1:41:d1:a2:e9:e3:de:07:c2:fa:88:
         e9:06:f0:f5:cd:30:aa:04:d4:aa:5e:14:5f:23:16:55:aa:54:
         7a:5b:61:e8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ4gAyH0UR0a5bch882ekFQqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3OTNhNTQ3YmYwYmUyZGVlZDdjODRmZTkwMmUzMzY2NTc3
YTIzMTQwHhcNMjYwNTEzMDYyNTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTlhYjdkYzExZGE5MTkwZDhlMTgyNmU3NTczNjY4NWU2NzM5NjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4UVTXixg71gKMCbWdvszq7pTptJ2
Wz/Tmb02ThCqeG2IKKlyB16hBDr3j/jdcM3twRpdfgIq9F5EkhGit/6qj9Hu95Gb
zsyiClL5VS2nHGyTDW3Y0PJEyZD30fd/gZuJrIwkxMpQ87YYj1gD6QMv/JIXicds
L0CKagJKK6+SvYd2Sh4PLp0Lt7lH7EvoX0ahCvJOhNMSb5xgc2NVEeOFhMG3mNWv
JbpA/9CLPBwEztgcGuBeUdhy2rtBl3bph0ylwflUZQeL8gQigo2GmPbV+Rf2mYJ0
YkF907KP8P+bMuEvR/7nl9guww1uYV+YFI64spGTloLoDjhgIrMaJRZt9wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJGat9wR2pGQ2OGCbnVzZoXmc5aKMB8GA1UdIwQY
MBaAFLeTpUe/C+Le7XyE/pAuM2ZXeiMUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDVPbFI3OEw0dDd0ZklULWtDNHpabGQ2SXhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8xNGY0MjktMDNiNC00NDIzLWJiNGMt
ZjBjMzMyNTZmYjIyLzEva1pxMzNCSGFrWkRZNFlKdWRYTm1oZVp6bG9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8xNGY0MjktMDNiNC00NDIzLWJiNGMtZjBjMzMyNTZmYjIy
LzEvdDVPbFI3OEw0dDd0ZklULWtDNHpabGQ2SXhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAjipAwQA
W+zcMA0GCSqGSIb3DQEBCwUAA4IBAQBMDu5bR5TSBhH1FRNqSO31k7InlhYXJuJz
GqwzAmA0MHsW5WdJkYip0vdzNr0j9fM0D/j7VJD4xGmx6wIkE++U2gCH9XM2gWED
eDP/fPGi7y2mwC3i8YsMiUwRIX1STKKRQU9QHtALwT9TqEuJrE7IB3K9dq54ANVg
3XrvI/u2TmFr9bhU6a+8Orb18OzauVDUg0vdiB6gSgm1mUMBRaTOdI8ZdTiXMFDP
/AQ1449eXeSTifYsGMqBO47JzAbhyNXwtkFMnAl2oOhACPFXmQi/tfE+hUgysSpR
vx+bSGR8oUHRounj3gfC+ojpBvD1zTCqBNSqXhRfIxZVqlR6W2Ho
-----END CERTIFICATE-----