Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/kveMMocsfLZh918Y0_FGgyBzNLM.roa
File:                     kveMMocsfLZh918Y0_FGgyBzNLM.roa (raw, json)
Hash identifier:          vKnrq5ifdIB9dF0mtCayO5eOs+Yvg54hMTnFEcoDZaU=
Subject key identifier:   92:F7:8C:32:87:2C:7C:B6:61:F7:5F:18:D3:F1:46:83:20:73:34:B3
Certificate issuer:       /CN=40dde71b41bffb1b516e07b0c61391bdf4d3bf11
Certificate serial:       019CF80AE7267A7D99E1F5F904742A8E94FD
Authority key identifier: 40:DD:E7:1B:41:BF:FB:1B:51:6E:07:B0:C6:13:91:BD:F4:D3:BF:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QN3nG0G_-xtRbgewxhORvfTTvxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/kveMMocsfLZh918Y0_FGgyBzNLM.roa
Signing time:             Mon 16 Mar 2026 19:06:29 +0000
ROA not before:           Mon 16 Mar 2026 19:06:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215224
IP address blocks:        92.60.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/QN3nG0G_-xtRbgewxhORvfTTvxE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/QN3nG0G_-xtRbgewxhORvfTTvxE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QN3nG0G_-xtRbgewxhORvfTTvxE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f8:0a:e7:26:7a:7d:99:e1:f5:f9:04:74:2a:8e:94:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40dde71b41bffb1b516e07b0c61391bdf4d3bf11
        Validity
            Not Before: Mar 16 19:06:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=92f78c32872c7cb661f75f18d3f14683207334b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:35:42:86:51:74:45:96:ea:ac:1f:66:31:45:
                    83:6e:0c:45:45:47:b1:af:d4:8c:d5:d0:90:87:98:
                    99:c4:99:2d:d2:95:4a:6b:1f:06:46:27:52:76:fb:
                    11:de:e7:b0:18:61:dd:a6:57:f2:c5:91:1a:52:d7:
                    68:c8:f3:e3:0f:bc:c9:b8:6e:47:6c:99:81:3b:8d:
                    2c:c1:b5:41:dd:88:96:2e:a0:3d:05:88:39:a2:4d:
                    19:f1:a5:7d:d4:d0:1b:92:99:1e:70:95:1f:49:30:
                    df:fe:99:ed:48:ff:ed:0c:b2:a6:d9:88:43:6b:24:
                    80:19:0b:c2:83:56:5c:45:3c:88:07:a9:b4:e0:ee:
                    42:1f:c2:e3:bc:75:99:9a:75:c2:6c:02:62:ea:df:
                    11:03:9d:53:bb:8c:7b:26:42:26:d2:5f:5e:7e:db:
                    63:d6:56:9e:0a:5e:b0:23:25:5f:0e:59:bf:e6:a8:
                    a9:6d:d5:57:dd:f5:40:a6:4b:0a:5f:23:9c:f6:12:
                    d3:20:27:f1:18:3e:0f:08:fa:65:05:09:e1:89:aa:
                    24:18:c3:80:93:8f:88:0c:25:37:ef:22:25:21:06:
                    10:f9:8f:5d:df:ab:3a:9c:50:f6:64:8a:61:d2:a2:
                    d9:e2:8a:3c:a6:1b:bd:3c:79:24:81:ae:53:ff:0f:
                    4c:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:F7:8C:32:87:2C:7C:B6:61:F7:5F:18:D3:F1:46:83:20:73:34:B3
            X509v3 Authority Key Identifier:
                keyid:40:DD:E7:1B:41:BF:FB:1B:51:6E:07:B0:C6:13:91:BD:F4:D3:BF:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QN3nG0G_-xtRbgewxhORvfTTvxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/kveMMocsfLZh918Y0_FGgyBzNLM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/QN3nG0G_-xtRbgewxhORvfTTvxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.60.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:5b:68:72:b2:2e:f9:bd:f1:83:fc:6e:5d:78:08:75:99:9a:
         2d:12:0f:c0:ab:5c:84:9c:c1:b9:92:71:5e:03:a1:65:ff:69:
         b5:30:4a:ed:b6:c9:49:3c:99:e0:2b:8b:e1:da:e5:60:5f:e3:
         f8:74:4a:c9:bf:e3:c0:d0:19:44:c8:ae:5e:5c:91:86:eb:e9:
         a9:b4:57:0d:a3:7f:20:0e:6e:d9:17:11:bf:c4:1c:66:f8:f1:
         25:89:24:7d:00:bf:f7:91:28:04:fb:55:11:32:e9:20:44:f5:
         35:58:8c:3b:fc:af:2b:3d:72:ad:04:8a:af:38:21:96:c1:50:
         de:4e:af:22:42:dd:1c:c3:0e:c0:75:d5:6d:ef:02:e3:d6:e0:
         c2:28:5b:c5:cc:8b:ef:37:74:59:e6:6f:ea:2d:1a:d8:e2:a9:
         a4:f4:59:42:c8:a7:a0:73:9c:7d:c6:ac:ab:59:ee:2b:54:1b:
         55:9c:59:e9:a2:0c:0b:38:51:62:bd:d9:5d:8f:00:aa:8a:f9:
         87:4e:bb:73:45:c5:fd:57:90:ab:32:c1:ff:6e:85:3b:85:d5:
         e8:c9:f4:ce:72:14:e3:e7:7f:66:f0:52:84:0f:0d:cc:8c:1a:
         c2:2c:6b:6d:25:86:ef:ee:a3:f1:f5:ef:62:70:b1:8b:d0:4f:
         5e:63:f9:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz4Cucmen2Z4fX5BHQqjpT9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZGRlNzFiNDFiZmZiMWI1MTZlMDdiMGM2MTM5MWJkZjRk
M2JmMTEwHhcNMjYwMzE2MTkwNjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmY3OGMzMjg3MmM3Y2I2NjFmNzVmMThkM2YxNDY4MzIwNzMzNGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3TVChlF0RZbqrB9mMUWDbgxFRUex
r9SM1dCQh5iZxJkt0pVKax8GRidSdvsR3uewGGHdplfyxZEaUtdoyPPjD7zJuG5H
bJmBO40swbVB3YiWLqA9BYg5ok0Z8aV91NAbkpkecJUfSTDf/pntSP/tDLKm2YhD
aySAGQvCg1ZcRTyIB6m04O5CH8LjvHWZmnXCbAJi6t8RA51Tu4x7JkIm0l9efttj
1laeCl6wIyVfDlm/5qipbdVX3fVApksKXyOc9hLTICfxGD4PCPplBQnhiaokGMOA
k4+IDCU37yIlIQYQ+Y9d36s6nFD2ZIph0qLZ4oo8phu9PHkkga5T/w9M+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJL3jDKHLHy2YfdfGNPxRoMgczSzMB8GA1UdIwQY
MBaAFEDd5xtBv/sbUW4HsMYTkb30078RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUU4zbkcwR18teHRSYmdld3hoT1J2ZlRUdnhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy85NTYyYmYtOTJiYy00NmViLTlkMTYt
MmJhZGNlNDY2ODUzLzEva3ZlTU1vY3NmTFpoOTE4WTBfRkdneUJ6TkxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy85NTYyYmYtOTJiYy00NmViLTlkMTYtMmJhZGNlNDY2ODUz
LzEvUU4zbkcwR18teHRSYmdld3hoT1J2ZlRUdnhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXDxFMA0G
CSqGSIb3DQEBCwUAA4IBAQAZW2hysi75vfGD/G5deAh1mZotEg/Aq1yEnMG5knFe
A6Fl/2m1MErttslJPJngK4vh2uVgX+P4dErJv+PA0BlEyK5eXJGG6+mptFcNo38g
Dm7ZFxG/xBxm+PEliSR9AL/3kSgE+1URMukgRPU1WIw7/K8rPXKtBIqvOCGWwVDe
Tq8iQt0cww7AddVt7wLj1uDCKFvFzIvvN3RZ5m/qLRrY4qmk9FlCyKegc5x9xqyr
We4rVBtVnFnpogwLOFFivdldjwCqivmHTrtzRcX9V5CrMsH/boU7hdXoyfTOchTj
539m8FKEDw3MjBrCLGttJYbv7qPx9e9icLGL0E9eY/l3
-----END CERTIFICATE-----