Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/7daf58-14e8-47c0-a4c7-c652bc7266ef/1/kcx511HkgH6_p24UHLo0MXG7V-A.roa
File:                     kcx511HkgH6_p24UHLo0MXG7V-A.roa (raw, json)
Hash identifier:          dNUOg34buyXeNE8RHao0TAiuQSfhv2tTmHDrugM/EPM=
Subject key identifier:   91:CC:79:D7:51:E4:80:7E:BF:A7:6E:14:1C:BA:34:31:71:BB:57:E0
Certificate issuer:       /CN=f5647b9adf27faf77df8082c5551b73756ac3def
Certificate serial:       019D0B45AFC03119AB5F7597AAF017B21741
Authority key identifier: F5:64:7B:9A:DF:27:FA:F7:7D:F8:08:2C:55:51:B7:37:56:AC:3D:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9WR7mt8n-vd9-AgsVVG3N1asPe8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/7daf58-14e8-47c0-a4c7-c652bc7266ef/1/kcx511HkgH6_p24UHLo0MXG7V-A.roa
Signing time:             Fri 20 Mar 2026 12:43:29 +0000
ROA not before:           Fri 20 Mar 2026 12:43:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58302
IP address blocks:        193.35.52.0/22 maxlen: 22
                          2001:67c:29f4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/7daf58-14e8-47c0-a4c7-c652bc7266ef/1/9WR7mt8n-vd9-AgsVVG3N1asPe8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/7daf58-14e8-47c0-a4c7-c652bc7266ef/1/9WR7mt8n-vd9-AgsVVG3N1asPe8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9WR7mt8n-vd9-AgsVVG3N1asPe8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0b:45:af:c0:31:19:ab:5f:75:97:aa:f0:17:b2:17:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5647b9adf27faf77df8082c5551b73756ac3def
        Validity
            Not Before: Mar 20 12:43:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=91cc79d751e4807ebfa76e141cba343171bb57e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ff:26:97:75:d0:52:f3:f9:d0:68:30:78:27:
                    0c:49:a2:b2:c9:82:5f:94:c9:c3:c3:a2:d7:88:43:
                    8f:0b:53:fd:8d:70:da:9c:8a:1f:26:37:49:19:3e:
                    de:60:82:6d:11:e8:66:cb:99:78:9b:83:4c:6e:7c:
                    b6:30:37:32:a5:81:b5:e4:be:28:b3:4f:0e:ad:08:
                    f1:ff:00:67:27:2b:e7:df:64:8c:6f:b4:c5:17:19:
                    9f:fe:7f:3f:2a:21:fc:64:f3:7d:f8:61:61:e8:e1:
                    32:59:40:c4:02:31:e7:b5:37:63:db:e3:1a:8e:ab:
                    9b:1b:6e:ce:db:b6:ef:62:f1:8c:48:19:ef:6f:41:
                    45:63:ee:62:ae:c4:36:b4:01:30:3f:fa:bd:62:5d:
                    81:63:6e:2c:bc:43:48:6e:0d:d3:3d:bd:2a:65:3c:
                    5c:21:b1:0d:47:dc:28:54:64:4c:f0:01:42:b5:e0:
                    a0:55:7b:6f:2f:0b:61:07:f0:3d:c8:f9:7a:88:36:
                    e9:a6:c2:a3:ca:dc:16:7f:e0:f8:b2:11:b5:8e:48:
                    fb:1b:d0:20:4d:2b:a4:1c:76:29:bd:a6:7d:01:04:
                    76:79:e0:92:65:d7:e8:4e:f2:94:55:2d:74:fb:a5:
                    02:45:6a:8d:7b:84:98:c7:80:ba:5e:43:77:3c:28:
                    ce:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:CC:79:D7:51:E4:80:7E:BF:A7:6E:14:1C:BA:34:31:71:BB:57:E0
            X509v3 Authority Key Identifier:
                keyid:F5:64:7B:9A:DF:27:FA:F7:7D:F8:08:2C:55:51:B7:37:56:AC:3D:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9WR7mt8n-vd9-AgsVVG3N1asPe8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/7daf58-14e8-47c0-a4c7-c652bc7266ef/1/kcx511HkgH6_p24UHLo0MXG7V-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/7daf58-14e8-47c0-a4c7-c652bc7266ef/1/9WR7mt8n-vd9-AgsVVG3N1asPe8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.52.0/22
                IPv6:
                  2001:67c:29f4::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:18:46:5c:df:17:81:e7:e1:45:f2:eb:b5:03:72:15:03:6c:
         c5:bc:5a:6c:89:ff:98:57:80:89:3e:3f:3f:11:2a:72:c0:33:
         2b:48:d7:6d:d6:a0:e8:dc:46:d9:3e:6f:8d:2b:ee:c2:51:58:
         b7:ab:d0:da:6e:84:81:e3:81:40:8f:fe:9d:08:a3:91:55:6f:
         c5:9f:94:23:24:20:8d:e0:38:83:34:ac:60:1e:e6:47:ce:0c:
         98:11:f1:1e:2b:9f:7a:e6:e4:89:85:5b:e1:ff:dd:f1:60:63:
         71:f1:6d:9e:f1:39:60:b7:d0:44:a6:8f:08:01:ce:de:21:58:
         bb:d4:c9:58:13:64:93:24:32:69:69:19:19:f8:67:01:74:ba:
         0f:ad:a0:59:1a:66:97:b2:5c:8a:27:7f:8e:c0:e4:2a:8e:a2:
         81:e0:20:2d:43:1b:1b:82:0c:cf:8b:18:78:c2:ea:7a:a0:c2:
         1f:b9:1c:9e:28:d1:df:48:11:49:37:f0:50:75:cb:18:bf:3b:
         2a:97:3a:45:cd:09:17:f1:f6:7c:f5:f8:f1:bc:a5:95:60:be:
         7b:93:bf:72:77:93:51:63:f3:78:8f:81:f2:49:6e:aa:59:69:
         c5:5d:4f:f1:4e:b1:43:79:37:b3:7c:52:30:87:8a:34:c8:89:
         e4:17:79:e1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ0LRa/AMRmrX3WXqvAXshdBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1NjQ3YjlhZGYyN2ZhZjc3ZGY4MDgyYzU1NTFiNzM3NTZh
YzNkZWYwHhcNMjYwMzIwMTI0MzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWNjNzlkNzUxZTQ4MDdlYmZhNzZlMTQxY2JhMzQzMTcxYmI1N2UwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApP8ml3XQUvP50GgweCcMSaKyyYJf
lMnDw6LXiEOPC1P9jXDanIofJjdJGT7eYIJtEehmy5l4m4NMbny2MDcypYG15L4o
s08OrQjx/wBnJyvn32SMb7TFFxmf/n8/KiH8ZPN9+GFh6OEyWUDEAjHntTdj2+Ma
jqubG27O27bvYvGMSBnvb0FFY+5irsQ2tAEwP/q9Yl2BY24svENIbg3TPb0qZTxc
IbENR9woVGRM8AFCteCgVXtvLwthB/A9yPl6iDbppsKjytwWf+D4shG1jkj7G9Ag
TSukHHYpvaZ9AQR2eeCSZdfoTvKUVS10+6UCRWqNe4SYx4C6XkN3PCjOGwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJHMeddR5IB+v6duFBy6NDFxu1fgMB8GA1UdIwQY
MBaAFPVke5rfJ/r3ffgILFVRtzdWrD3vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVdSN210OG4tdmQ5LUFnc1ZWRzNOMWFzUGU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi83ZGFmNTgtMTRlOC00N2MwLWE0Yzct
YzY1MmJjNzI2NmVmLzEva2N4NTExSGtnSDZfcDI0VUhMbzBNWEc3Vi1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi83ZGFmNTgtMTRlOC00N2MwLWE0YzctYzY1MmJjNzI2NmVm
LzEvOVdSN210OG4tdmQ5LUFnc1ZWRzNOMWFzUGU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCwSM0MA8E
AgACMAkDBwAgAQZ8KfQwDQYJKoZIhvcNAQELBQADggEBABgYRlzfF4Hn4UXy67UD
chUDbMW8WmyJ/5hXgIk+Pz8RKnLAMytI123WoOjcRtk+b40r7sJRWLer0NpuhIHj
gUCP/p0Io5FVb8WflCMkII3gOIM0rGAe5kfODJgR8R4rn3rm5ImFW+H/3fFgY3Hx
bZ7xOWC30ESmjwgBzt4hWLvUyVgTZJMkMmlpGRn4ZwF0ug+toFkaZpeyXIonf47A
5CqOooHgIC1DGxuCDM+LGHjC6nqgwh+5HJ4o0d9IEUk38FB1yxi/OyqXOkXNCRfx
9nz1+PG8pZVgvnuTv3J3k1Fj83iPgfJJbqpZacVdT/FOsUN5N7N8UjCHijTIieQX
eeE=
-----END CERTIFICATE-----