Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/7ba2d0-7a28-4b8e-a67d-43219669a30b/1/MKKIUDUGz4Z95WLC3D6fWiIbk4U.roa
File:                     MKKIUDUGz4Z95WLC3D6fWiIbk4U.roa (raw, json)
Hash identifier:          WBcMg0RsrWd3UHeoKkaLJ8RBFUBx59miWOsFBpkS46c=
Subject key identifier:   30:A2:88:50:35:06:CF:86:7D:E5:62:C2:DC:3E:9F:5A:22:1B:93:85
Certificate issuer:       /CN=2b5d0851911bc949d0f47c5d33d0a607b378cdf1
Certificate serial:       019CF5B166046D654E99A91FB2AA94995046
Authority key identifier: 2B:5D:08:51:91:1B:C9:49:D0:F4:7C:5D:33:D0:A6:07:B3:78:CD:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K10IUZEbyUnQ9HxdM9CmB7N4zfE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/7ba2d0-7a28-4b8e-a67d-43219669a30b/1/MKKIUDUGz4Z95WLC3D6fWiIbk4U.roa
Signing time:             Mon 16 Mar 2026 08:09:29 +0000
ROA not before:           Mon 16 Mar 2026 08:09:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     28885
IP address blocks:        185.255.204.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/7ba2d0-7a28-4b8e-a67d-43219669a30b/1/K10IUZEbyUnQ9HxdM9CmB7N4zfE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/7ba2d0-7a28-4b8e-a67d-43219669a30b/1/K10IUZEbyUnQ9HxdM9CmB7N4zfE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K10IUZEbyUnQ9HxdM9CmB7N4zfE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 17:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f5:b1:66:04:6d:65:4e:99:a9:1f:b2:aa:94:99:50:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b5d0851911bc949d0f47c5d33d0a607b378cdf1
        Validity
            Not Before: Mar 16 08:09:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=30a288503506cf867de562c2dc3e9f5a221b9385
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:80:25:27:3b:80:38:71:8f:55:de:c7:c0:43:
                    76:6f:b6:96:6e:78:4a:c4:ff:9e:80:42:c4:78:e2:
                    23:2e:80:e2:7f:a9:cf:6b:76:cb:e5:41:04:d8:ed:
                    87:42:04:01:6a:a8:a9:75:da:d1:29:1e:4a:88:34:
                    e5:87:8f:5e:45:41:22:dd:d1:a2:18:3e:b8:d4:9d:
                    db:00:81:77:12:5c:bb:92:5c:03:1b:1a:48:52:d6:
                    50:d3:7c:3b:d4:4b:35:5c:f7:50:fb:94:7c:56:be:
                    14:0f:87:e7:d3:38:8d:8d:b3:d3:2e:19:fd:93:c1:
                    92:7f:21:d5:93:5a:ce:6f:19:8f:6e:95:3b:95:bc:
                    70:c9:e2:df:ee:43:3c:eb:b3:a1:b6:ae:e9:c6:9d:
                    c3:f0:10:0e:e1:6d:af:34:d3:e9:29:6b:5c:32:13:
                    88:b1:d1:dc:e6:96:3e:16:93:ca:d9:3c:8c:53:7f:
                    94:09:fd:85:fd:6c:0d:d2:75:a3:04:62:cd:f2:f9:
                    57:c5:e4:b5:5c:a4:43:f8:b3:b1:3d:99:c0:39:0d:
                    56:75:58:16:0a:7e:6b:67:0e:b1:43:18:ec:69:46:
                    a8:b0:e3:3a:71:15:b4:46:62:69:48:86:1e:10:e8:
                    91:ab:9a:20:97:b4:a4:f6:f6:fb:25:03:7b:ad:33:
                    53:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:A2:88:50:35:06:CF:86:7D:E5:62:C2:DC:3E:9F:5A:22:1B:93:85
            X509v3 Authority Key Identifier:
                keyid:2B:5D:08:51:91:1B:C9:49:D0:F4:7C:5D:33:D0:A6:07:B3:78:CD:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K10IUZEbyUnQ9HxdM9CmB7N4zfE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/7ba2d0-7a28-4b8e-a67d-43219669a30b/1/MKKIUDUGz4Z95WLC3D6fWiIbk4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/7ba2d0-7a28-4b8e-a67d-43219669a30b/1/K10IUZEbyUnQ9HxdM9CmB7N4zfE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2d:57:3b:6d:b8:68:90:ab:21:6e:26:5b:4a:8a:ee:9a:97:86:
         52:f0:86:af:bd:49:2d:20:09:9f:6a:02:10:af:5c:6a:68:12:
         27:c5:2d:9e:db:16:ac:2c:47:9f:c4:6a:03:39:49:04:86:b8:
         fc:5d:27:fd:a2:39:be:99:92:ff:a1:ec:eb:7e:f8:28:1e:ea:
         60:a8:ff:f7:11:7f:a9:b9:0b:bc:23:e4:14:c4:89:83:9f:7e:
         48:ef:cc:e4:3a:71:2a:f3:e0:24:97:f4:f5:f1:3c:57:62:64:
         72:ea:4e:33:42:5a:19:31:7b:7f:4f:14:75:7d:29:1a:1a:c6:
         36:5f:58:a6:46:dc:cc:da:b7:0f:37:62:0a:aa:4f:74:1f:3d:
         d0:c9:61:e3:ad:8f:0d:c8:44:ee:fb:62:f9:c9:22:1a:d0:df:
         c0:df:c7:ab:57:be:1c:81:a8:8b:11:8a:26:4e:ec:15:35:2e:
         aa:c5:7e:16:a8:07:46:6f:63:8e:1f:3b:d4:65:51:f6:31:f6:
         4c:a1:ab:be:b4:f1:7a:00:6e:ba:2b:ef:8e:c0:47:6e:9c:c0:
         03:6e:23:f6:93:4d:81:cc:c2:9a:dd:e3:c7:19:3a:26:ee:d3:
         7c:bc:c0:99:06:36:54:86:44:77:ee:0a:30:7b:fc:45:2e:23:
         f5:d5:dd:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz1sWYEbWVOmakfsqqUmVBGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNWQwODUxOTExYmM5NDlkMGY0N2M1ZDMzZDBhNjA3YjM3
OGNkZjEwHhcNMjYwMzE2MDgwOTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGEyODg1MDM1MDZjZjg2N2RlNTYyYzJkYzNlOWY1YTIyMWI5Mzg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtoAlJzuAOHGPVd7HwEN2b7aWbnhK
xP+egELEeOIjLoDif6nPa3bL5UEE2O2HQgQBaqipddrRKR5KiDTlh49eRUEi3dGi
GD641J3bAIF3Ely7klwDGxpIUtZQ03w71Es1XPdQ+5R8Vr4UD4fn0ziNjbPTLhn9
k8GSfyHVk1rObxmPbpU7lbxwyeLf7kM867Ohtq7pxp3D8BAO4W2vNNPpKWtcMhOI
sdHc5pY+FpPK2TyMU3+UCf2F/WwN0nWjBGLN8vlXxeS1XKRD+LOxPZnAOQ1WdVgW
Cn5rZw6xQxjsaUaosOM6cRW0RmJpSIYeEOiRq5ogl7Sk9vb7JQN7rTNTOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDCiiFA1Bs+GfeViwtw+n1oiG5OFMB8GA1UdIwQY
MBaAFCtdCFGRG8lJ0PR8XTPQpgezeM3xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzEwSVVaRWJ5VW5ROUh4ZE05Q21CN040emZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy83YmEyZDAtN2EyOC00YjhlLWE2N2Qt
NDMyMTk2NjlhMzBiLzEvTUtLSVVEVUd6NFo5NVdMQzNENmZXaUliazRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy83YmEyZDAtN2EyOC00YjhlLWE2N2QtNDMyMTk2NjlhMzBi
LzEvSzEwSVVaRWJ5VW5ROUh4ZE05Q21CN040emZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuf/MMA0G
CSqGSIb3DQEBCwUAA4IBAQAtVzttuGiQqyFuJltKiu6al4ZS8IavvUktIAmfagIQ
r1xqaBInxS2e2xasLEefxGoDOUkEhrj8XSf9ojm+mZL/oezrfvgoHupgqP/3EX+p
uQu8I+QUxImDn35I78zkOnEq8+Akl/T18TxXYmRy6k4zQloZMXt/TxR1fSkaGsY2
X1imRtzM2rcPN2IKqk90Hz3QyWHjrY8NyETu+2L5ySIa0N/A38erV74cgaiLEYom
TuwVNS6qxX4WqAdGb2OOHzvUZVH2MfZMoau+tPF6AG66K++OwEdunMADbiP2k02B
zMKa3ePHGTom7tN8vMCZBjZUhkR37gowe/xFLiP11d1j
-----END CERTIFICATE-----