Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/HlS2rnke21fiK-hsmtWKKB_pLDI.roa
File:                     HlS2rnke21fiK-hsmtWKKB_pLDI.roa (raw, json)
Hash identifier:          L2Sl4qGMrO/Jovva6LYwHin0pb1+mlYaf349b+L8VUs=
Subject key identifier:   1E:54:B6:AE:79:1E:DB:57:E2:2B:E8:6C:9A:D5:8A:28:1F:E9:2C:32
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019EDA7394EF60586CC16A954FC11C4A0FDD
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/HlS2rnke21fiK-hsmtWKKB_pLDI.roa
Signing time:             Thu 18 Jun 2026 11:17:48 +0000
ROA not before:           Thu 18 Jun 2026 11:17:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43109
IP address blocks:        45.81.112.0/24 maxlen: 24
                          2a12:9f00:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Jun 2026 19:57:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:da:73:94:ef:60:58:6c:c1:6a:95:4f:c1:1c:4a:0f:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jun 18 11:17:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1e54b6ae791edb57e22be86c9ad58a281fe92c32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:77:6f:78:60:37:85:9a:e6:0a:72:67:88:26:
                    8d:5b:9f:79:36:bc:f9:2b:12:74:92:be:f3:26:e6:
                    90:af:b5:a4:1d:f2:22:ef:73:ae:48:2b:fa:11:bf:
                    d8:2d:e3:8d:a7:5e:8e:f6:25:62:2f:d3:20:ba:8c:
                    44:ad:43:9a:f1:0b:73:d8:28:00:b6:79:14:c9:df:
                    3e:73:f2:06:c2:91:18:28:f2:c8:a2:67:6d:a2:a9:
                    13:0c:52:02:c0:8a:e4:0c:78:b9:35:a6:50:ce:9e:
                    5f:09:4e:2f:21:f8:86:34:4f:2b:ca:43:d8:a3:fb:
                    13:ea:61:3c:42:ae:4e:14:43:d7:8a:43:ee:60:f3:
                    43:73:00:61:9f:06:04:3d:92:3d:19:3e:20:5e:0c:
                    db:39:59:36:6f:29:41:2d:af:0f:93:72:53:73:98:
                    9b:96:61:7c:05:fd:c4:5d:d5:55:da:ba:66:26:97:
                    a8:99:20:01:2d:b7:56:47:dd:fb:1e:2c:ae:bb:3b:
                    79:8f:a0:90:18:1f:03:75:1d:e3:da:e2:25:78:24:
                    1a:93:e5:89:fc:1d:92:19:c4:0f:67:37:3e:d9:e2:
                    0a:c6:22:19:0f:33:74:e4:9a:ca:a5:5e:5d:34:05:
                    44:9a:19:d9:73:32:91:41:db:1f:62:62:aa:9e:38:
                    c1:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:54:B6:AE:79:1E:DB:57:E2:2B:E8:6C:9A:D5:8A:28:1F:E9:2C:32
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/HlS2rnke21fiK-hsmtWKKB_pLDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.112.0/24
                IPv6:
                  2a12:9f00:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:a0:3b:8b:6f:01:20:2b:ba:4e:af:bf:7c:59:8f:8d:c2:bf:
         7b:88:38:6e:d1:0a:ae:6c:69:96:1d:b7:2e:96:0e:7b:e5:ff:
         49:00:42:79:bd:c6:3f:61:22:64:96:59:a8:dd:0f:56:89:8b:
         73:3d:4b:e7:32:f3:95:3a:41:10:76:05:14:8d:c4:57:b4:ec:
         44:cc:48:f3:27:d1:f3:cb:cd:04:fe:00:66:b4:c3:ff:54:ba:
         b2:84:81:56:8f:52:92:9f:a3:8c:b8:ea:9b:9a:1b:ce:71:e5:
         eb:1d:d5:07:db:18:e4:0b:5a:b0:c0:88:e7:11:2f:25:ec:ce:
         5d:66:ab:38:be:a9:a5:24:83:ce:0c:15:bb:35:54:33:73:b4:
         ab:c5:f1:d0:2b:7d:63:a0:fd:f2:23:0b:a6:fc:9c:cc:f3:13:
         66:b7:80:eb:5d:df:36:e5:81:3f:c4:75:d0:c2:f3:2d:d0:eb:
         8d:e7:d6:14:55:d0:7d:ae:be:d0:ef:60:10:b2:b8:75:bc:f7:
         09:ca:ef:b1:fa:0c:b1:80:44:7b:7a:34:5c:19:7a:98:ed:60:
         9f:3f:1b:9c:c1:87:76:7e:1f:3d:17:c1:a9:50:f6:84:ee:54:
         e6:a5:21:29:b0:9a:09:02:51:32:52:b7:39:f7:13:e3:e3:2a:
         1b:26:5a:25
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ7ac5TvYFhswWqVT8EcSg/dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjYwNjE4MTExNzQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTU0YjZhZTc5MWVkYjU3ZTIyYmU4NmM5YWQ1OGEyODFmZTkyYzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6HdveGA3hZrmCnJniCaNW595Nrz5
KxJ0kr7zJuaQr7WkHfIi73OuSCv6Eb/YLeONp16O9iViL9MguoxErUOa8Qtz2CgA
tnkUyd8+c/IGwpEYKPLIomdtoqkTDFICwIrkDHi5NaZQzp5fCU4vIfiGNE8rykPY
o/sT6mE8Qq5OFEPXikPuYPNDcwBhnwYEPZI9GT4gXgzbOVk2bylBLa8Pk3JTc5ib
lmF8Bf3EXdVV2rpmJpeomSABLbdWR937Hiyuuzt5j6CQGB8DdR3j2uIleCQak+WJ
/B2SGcQPZzc+2eIKxiIZDzN05JrKpV5dNAVEmhnZczKRQdsfYmKqnjjBYwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFB5Utq55HttX4ivobJrViigf6SwyMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvSGxTMnJua2UyMWZpSy1oc210V0tLQl9wTERJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALVFwMA8E
AgACMAkDBwAqEp8AAAEwDQYJKoZIhvcNAQELBQADggEBABKgO4tvASAruk6vv3xZ
j43Cv3uIOG7RCq5saZYdty6WDnvl/0kAQnm9xj9hImSWWajdD1aJi3M9S+cy85U6
QRB2BRSNxFe07ETMSPMn0fPLzQT+AGa0w/9UurKEgVaPUpKfo4y46puaG85x5esd
1QfbGOQLWrDAiOcRLyXszl1mqzi+qaUkg84MFbs1VDNztKvF8dArfWOg/fIjC6b8
nMzzE2a3gOtd3zblgT/EddDC8y3Q643n1hRV0H2uvtDvYBCyuHW89wnK77H6DLGA
RHt6NFwZepjtYJ8/G5zBh3Z+Hz0XwalQ9oTuVOalISmwmgkCUTJStzn3E+PjKhsm
WiU=
-----END CERTIFICATE-----