Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/04ivd0G4ostaA6Au_040kM7S310.roa
File:                     04ivd0G4ostaA6Au_040kM7S310.roa (raw, json)
Hash identifier:          XZ6K55LfIGjxOOtK3Q/DodIyTTX+TG8RNvlgof+mc3s=
Subject key identifier:   D3:88:AF:77:41:B8:A2:CB:5A:03:A0:2E:FF:4E:34:90:CE:D2:DF:5D
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019E01CB4F82971AFC2209A29490CA80C77F
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/04ivd0G4ostaA6Au_040kM7S310.roa
Signing time:             Thu 07 May 2026 09:36:01 +0000
ROA not before:           Thu 07 May 2026 09:36:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211619
IP address blocks:        45.9.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 May 2026 04:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:01:cb:4f:82:97:1a:fc:22:09:a2:94:90:ca:80:c7:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May  7 09:36:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d388af7741b8a2cb5a03a02eff4e3490ced2df5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:fb:0d:93:e1:95:a7:da:ce:f6:52:d0:7a:6c:
                    fc:06:2b:7a:76:94:8a:34:39:29:91:de:e3:c1:2d:
                    91:97:12:35:31:ff:a7:a7:c0:84:61:f0:63:95:d0:
                    79:9e:0e:cd:bf:df:46:12:29:5d:fc:5b:64:8d:3d:
                    1d:78:fd:48:08:73:2c:05:d9:cc:bc:76:5c:f7:87:
                    f5:c6:74:84:5f:4c:bc:24:db:ef:f6:c4:71:e4:5e:
                    87:6d:63:0f:0a:8e:ac:c4:a6:c6:6f:36:38:1c:56:
                    db:d4:da:7c:ec:27:94:0a:9f:03:70:eb:b5:a3:ac:
                    73:08:d5:98:5b:3a:53:6a:ab:24:ae:05:83:66:fb:
                    e5:49:bc:bb:dd:35:2a:3e:4a:22:ed:ce:ca:98:0e:
                    fd:d9:e7:55:89:f7:1c:6a:f7:ac:c3:b6:c0:d0:ea:
                    84:fd:9c:b2:90:66:40:b7:67:d8:12:c6:ad:a0:3a:
                    82:c8:77:83:09:07:36:a3:76:d1:6b:04:3b:36:5b:
                    9e:c2:13:15:a1:27:51:57:3d:7b:b4:6b:57:b2:c0:
                    73:3b:4b:d7:fc:5e:8a:ff:eb:72:cb:fb:7c:5c:a3:
                    d5:6f:01:f5:a2:be:de:4b:8f:bc:b3:12:50:25:93:
                    92:79:6e:fa:42:b2:04:10:ec:9a:f8:b8:9c:c0:7c:
                    45:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:88:AF:77:41:B8:A2:CB:5A:03:A0:2E:FF:4E:34:90:CE:D2:DF:5D
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/04ivd0G4ostaA6Au_040kM7S310.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:57:3e:66:78:c6:f0:41:50:cc:3e:b5:74:6e:18:a1:ad:e9:
         8e:bf:78:c1:4b:02:4a:fa:9e:04:f1:bf:61:d1:51:d8:4f:37:
         18:57:3c:17:fa:ba:dd:fe:ec:c6:26:c6:32:dd:cf:eb:33:6d:
         be:e0:f1:93:12:35:26:bd:9f:ed:d4:ae:ef:87:3b:3a:d1:a9:
         78:22:06:80:f1:d4:72:bd:9c:94:aa:d3:84:92:be:2b:97:59:
         a2:43:66:ce:ad:39:8f:8d:ce:f1:7a:bf:51:3b:0c:b3:12:11:
         14:e6:ec:cf:b6:44:73:66:2c:f4:7a:63:bf:46:63:25:d7:53:
         2e:9f:77:27:4a:7f:90:a3:a7:34:e5:59:0b:d7:e1:83:61:6b:
         2d:a7:16:9e:09:b3:26:df:ec:a6:c7:9d:fa:46:7a:ee:98:32:
         31:ba:b5:a2:d8:66:6f:e6:6e:3b:0f:59:71:b4:24:f0:7f:01:
         77:55:e5:7b:aa:36:96:8a:42:72:a2:da:42:7e:74:0c:9f:e4:
         fd:0b:a5:63:6b:07:25:29:b3:a4:91:59:f2:0e:fe:32:92:57:
         fd:67:7d:f6:56:27:ce:dd:a2:bf:01:56:2d:53:61:d0:5c:86:
         d8:84:c0:53:27:ce:8f:ab:3f:81:c9:ca:1c:a9:61:03:9c:33:
         66:6e:a6:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4By0+Clxr8IgmilJDKgMd/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwNTA3MDkzNjAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzg4YWY3NzQxYjhhMmNiNWEwM2EwMmVmZjRlMzQ5MGNlZDJkZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/sNk+GVp9rO9lLQemz8Bit6dpSK
NDkpkd7jwS2RlxI1Mf+np8CEYfBjldB5ng7Nv99GEild/FtkjT0deP1ICHMsBdnM
vHZc94f1xnSEX0y8JNvv9sRx5F6HbWMPCo6sxKbGbzY4HFbb1Np87CeUCp8DcOu1
o6xzCNWYWzpTaqskrgWDZvvlSby73TUqPkoi7c7KmA792edVifccavesw7bA0OqE
/ZyykGZAt2fYEsatoDqCyHeDCQc2o3bRawQ7NluewhMVoSdRVz17tGtXssBzO0vX
/F6K/+tyy/t8XKPVbwH1or7eS4+8sxJQJZOSeW76QrIEEOya+LicwHxFPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNOIr3dBuKLLWgOgLv9ONJDO0t9dMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMDRpdmQwRzRvc3RhQTZBdV8wNDBrTTdTMzEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQmcMA0G
CSqGSIb3DQEBCwUAA4IBAQCcVz5meMbwQVDMPrV0bhihremOv3jBSwJK+p4E8b9h
0VHYTzcYVzwX+rrd/uzGJsYy3c/rM22+4PGTEjUmvZ/t1K7vhzs60al4IgaA8dRy
vZyUqtOEkr4rl1miQ2bOrTmPjc7xer9ROwyzEhEU5uzPtkRzZiz0emO/RmMl11Mu
n3cnSn+Qo6c05VkL1+GDYWstpxaeCbMm3+ymx536RnrumDIxurWi2GZv5m47D1lx
tCTwfwF3VeV7qjaWikJyotpCfnQMn+T9C6VjawclKbOkkVnyDv4yklf9Z332VifO
3aK/AVYtU2HQXIbYhMBTJ86Pqz+BycocqWEDnDNmbqag
-----END CERTIFICATE-----