Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/55354e-bce7-4a5d-b561-9113fd7afd6c/1/kngS6K-zD_8sUA397D-FmyaEEHM.roa
File:                     kngS6K-zD_8sUA397D-FmyaEEHM.roa (raw, json)
Hash identifier:          EsRQ0EgBwWquSNWV/LYzcwJWySX++9Ff9+FU6ey8IeQ=
Subject key identifier:   92:78:12:E8:AF:B3:0F:FF:2C:50:0D:FD:EC:3F:85:9B:26:84:10:73
Certificate issuer:       /CN=e290e9cc3b7e363d726bd702750b53f29b050a7d
Certificate serial:       019DCABE0F9B3D0D630F801CEB21ED993209
Authority key identifier: E2:90:E9:CC:3B:7E:36:3D:72:6B:D7:02:75:0B:53:F2:9B:05:0A:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4pDpzDt-Nj1ya9cCdQtT8psFCn0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/55354e-bce7-4a5d-b561-9113fd7afd6c/1/kngS6K-zD_8sUA397D-FmyaEEHM.roa
Signing time:             Sun 26 Apr 2026 17:02:26 +0000
ROA not before:           Sun 26 Apr 2026 17:02:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62201
IP address blocks:        185.149.200.0/22 maxlen: 25
                          2a07:6a00::/29 maxlen: 34
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/55354e-bce7-4a5d-b561-9113fd7afd6c/1/4pDpzDt-Nj1ya9cCdQtT8psFCn0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/55354e-bce7-4a5d-b561-9113fd7afd6c/1/4pDpzDt-Nj1ya9cCdQtT8psFCn0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4pDpzDt-Nj1ya9cCdQtT8psFCn0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ca:be:0f:9b:3d:0d:63:0f:80:1c:eb:21:ed:99:32:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e290e9cc3b7e363d726bd702750b53f29b050a7d
        Validity
            Not Before: Apr 26 17:02:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=927812e8afb30fff2c500dfdec3f859b26841073
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:36:ff:1f:e0:f9:f8:37:f8:77:86:01:94:eb:
                    87:f8:9f:5d:20:1c:b1:ff:cf:24:a2:e5:c2:8e:31:
                    66:b5:9b:e6:08:69:32:04:1c:f2:3b:ba:b7:0a:25:
                    ee:5c:09:48:7b:52:2a:b2:8c:09:77:0c:1d:a6:66:
                    20:93:16:2a:a2:0c:c2:9e:48:d4:ad:5f:42:23:21:
                    5a:c8:24:56:6d:19:ac:54:0d:93:6c:f9:f9:9c:b1:
                    15:5e:35:99:f1:75:15:26:6f:ef:8d:37:a6:02:87:
                    e8:10:78:ef:92:9a:1f:62:94:f5:90:c8:b8:15:64:
                    91:fd:1b:64:c8:c9:34:33:02:ed:fa:54:45:fc:88:
                    34:28:d1:bb:9b:a8:8f:3a:5b:95:c3:8e:9b:57:d3:
                    dc:01:28:e6:e0:a5:47:45:56:be:03:39:0b:3d:ce:
                    fe:7e:ab:ec:93:f1:c6:60:08:45:c9:8d:1c:17:ba:
                    42:b4:cb:2d:d3:41:52:0a:66:20:50:46:3e:af:b4:
                    98:86:71:d1:48:c0:38:d7:5d:ab:14:a7:d2:d2:de:
                    b1:40:1f:ea:8b:5a:36:09:dc:89:d1:12:2f:ac:68:
                    43:b4:df:0f:a8:13:f9:00:8e:53:47:73:cc:3c:73:
                    dd:25:49:7a:c9:65:a1:62:d6:b5:c2:c4:30:b3:33:
                    18:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:78:12:E8:AF:B3:0F:FF:2C:50:0D:FD:EC:3F:85:9B:26:84:10:73
            X509v3 Authority Key Identifier:
                keyid:E2:90:E9:CC:3B:7E:36:3D:72:6B:D7:02:75:0B:53:F2:9B:05:0A:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4pDpzDt-Nj1ya9cCdQtT8psFCn0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/55354e-bce7-4a5d-b561-9113fd7afd6c/1/kngS6K-zD_8sUA397D-FmyaEEHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/55354e-bce7-4a5d-b561-9113fd7afd6c/1/4pDpzDt-Nj1ya9cCdQtT8psFCn0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.200.0/22
                IPv6:
                  2a07:6a00::/29

    Signature Algorithm: sha256WithRSAEncryption
         7b:94:77:aa:7a:56:f0:6f:4c:84:21:32:cf:4f:0f:5a:52:3c:
         60:95:2b:1a:a6:6e:50:6f:2a:26:7f:2b:48:af:eb:60:81:78:
         74:93:9f:53:dc:cf:70:8f:13:97:0e:8b:ca:f2:1f:75:df:4e:
         89:51:5e:00:fd:73:7e:3e:b1:98:04:19:6d:bb:01:c4:5d:9f:
         6a:31:3c:0e:09:77:35:95:c8:0f:79:e0:bb:0f:79:ef:c5:bf:
         3a:27:7b:21:9d:02:e5:24:b3:fe:6f:00:d9:93:52:34:84:46:
         ef:a4:c1:3c:aa:57:a0:bc:ca:33:c2:f8:9f:92:e6:e1:d3:93:
         3e:3a:2e:ce:a3:5d:a2:f3:f4:b4:bf:38:d5:1a:94:ed:6b:2c:
         3c:5a:3f:29:f6:2a:84:9c:56:34:3a:ea:2b:01:eb:ee:74:b8:
         a4:08:3f:14:c4:46:42:18:0a:3d:9c:4e:96:4a:23:e6:cb:f2:
         8b:82:61:47:bf:25:c0:cd:ce:6f:6d:6b:78:d7:82:e3:b0:c5:
         fd:b0:19:b9:89:b7:6a:50:93:89:6a:0d:34:38:69:65:52:fb:
         19:c0:55:a4:d6:58:22:a1:ff:5c:8e:6a:33:d6:eb:46:42:e2:
         a8:ee:32:21:cd:72:0b:ba:80:81:fb:c4:14:0a:cc:09:74:26:
         73:4f:59:78
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ3Kvg+bPQ1jD4Ac6yHtmTIJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyOTBlOWNjM2I3ZTM2M2Q3MjZiZDcwMjc1MGI1M2YyOWIw
NTBhN2QwHhcNMjYwNDI2MTcwMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mjc4MTJlOGFmYjMwZmZmMmM1MDBkZmRlYzNmODU5YjI2ODQxMDczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDb/H+D5+Df4d4YBlOuH+J9dIByx
/88kouXCjjFmtZvmCGkyBBzyO7q3CiXuXAlIe1IqsowJdwwdpmYgkxYqogzCnkjU
rV9CIyFayCRWbRmsVA2TbPn5nLEVXjWZ8XUVJm/vjTemAofoEHjvkpofYpT1kMi4
FWSR/RtkyMk0MwLt+lRF/Ig0KNG7m6iPOluVw46bV9PcASjm4KVHRVa+AzkLPc7+
fqvsk/HGYAhFyY0cF7pCtMst00FSCmYgUEY+r7SYhnHRSMA4112rFKfS0t6xQB/q
i1o2CdyJ0RIvrGhDtN8PqBP5AI5TR3PMPHPdJUl6yWWhYta1wsQwszMYzQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJJ4Euivsw//LFAN/ew/hZsmhBBzMB8GA1UdIwQY
MBaAFOKQ6cw7fjY9cmvXAnULU/KbBQp9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHBEcHpEdC1OajF5YTljQ2RRdFQ4cHNGQ24wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC81NTM1NGUtYmNlNy00YTVkLWI1NjEt
OTExM2ZkN2FmZDZjLzEva25nUzZLLXpEXzhzVUEzOTdELUZteWFFRUhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC81NTM1NGUtYmNlNy00YTVkLWI1NjEtOTExM2ZkN2FmZDZj
LzEvNHBEcHpEdC1OajF5YTljQ2RRdFQ4cHNGQ24wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZXIMA0E
AgACMAcDBQMqB2oAMA0GCSqGSIb3DQEBCwUAA4IBAQB7lHeqelbwb0yEITLPTw9a
UjxglSsapm5QbyomfytIr+tggXh0k59T3M9wjxOXDovK8h91306JUV4A/XN+PrGY
BBltuwHEXZ9qMTwOCXc1lcgPeeC7D3nvxb86J3shnQLlJLP+bwDZk1I0hEbvpME8
qlegvMozwvifkubh05M+Oi7Oo12i8/S0vzjVGpTtayw8Wj8p9iqEnFY0OuorAevu
dLikCD8UxEZCGAo9nE6WSiPmy/KLgmFHvyXAzc5vbWt414LjsMX9sBm5ibdqUJOJ
ag00OGllUvsZwFWk1lgiof9cjmoz1utGQuKo7jIhzXILuoCB+8QUCswJdCZzT1l4
-----END CERTIFICATE-----