Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/aXEcN_YtLwFMHTUKTvkXJQoNmzg.roa
File:                     aXEcN_YtLwFMHTUKTvkXJQoNmzg.roa (raw, json)
Hash identifier:          qT1As7YwI/zbJcDz9hELycuybqk3zb17vJS8xvBmvCA=
Subject key identifier:   69:71:1C:37:F6:2D:2F:01:4C:1D:35:0A:4E:F9:17:25:0A:0D:9B:38
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019EFDCDAF16C011D2AED74028F82639822A
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/aXEcN_YtLwFMHTUKTvkXJQoNmzg.roa
Signing time:             Thu 25 Jun 2026 08:02:55 +0000
ROA not before:           Thu 25 Jun 2026 08:02:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197328
IP address blocks:        45.88.136.0/24 maxlen: 24
                          45.88.137.0/24 maxlen: 24
                          45.94.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:fd:cd:af:16:c0:11:d2:ae:d7:40:28:f8:26:39:82:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jun 25 08:02:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=69711c37f62d2f014c1d350a4ef917250a0d9b38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:85:fc:64:11:6a:a3:13:1c:b6:2b:56:be:20:
                    35:6a:1f:f2:5e:64:f5:63:f4:69:df:ee:69:01:16:
                    f3:26:b8:83:19:59:a9:dd:b6:ab:61:35:71:fe:75:
                    f9:76:26:72:48:c0:f4:08:03:5e:62:7a:02:c6:b7:
                    b4:03:99:50:53:bf:64:7d:97:89:be:a3:c4:e9:b0:
                    d9:b7:1c:0b:2b:1a:01:f7:02:0b:a5:85:ce:1e:7f:
                    9d:d5:d9:f8:44:3c:8f:80:d5:4f:d7:8d:16:96:d2:
                    41:96:0d:5c:88:d8:87:09:d4:ec:95:6f:f1:96:aa:
                    85:c0:8f:4c:79:f5:6d:2a:e8:88:a9:92:37:b8:44:
                    5b:99:3f:db:6d:75:ce:ea:b0:d1:54:77:8e:84:aa:
                    10:34:62:29:b4:a0:d2:c1:95:80:9c:45:47:42:54:
                    d1:31:69:32:0b:15:0f:63:70:51:18:c4:75:09:30:
                    c1:28:f0:60:93:5a:cc:02:9b:51:23:2e:4d:79:47:
                    05:0e:6b:b2:db:0c:67:bf:8f:78:64:0e:b5:d8:35:
                    46:4f:e0:03:d5:6b:ed:ac:63:7c:7b:f6:b9:2c:18:
                    e8:28:52:4a:cd:14:d6:06:7b:81:00:69:1a:b1:4f:
                    40:37:63:0d:7d:ba:99:47:47:93:43:01:2b:57:ae:
                    1b:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:71:1C:37:F6:2D:2F:01:4C:1D:35:0A:4E:F9:17:25:0A:0D:9B:38
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/aXEcN_YtLwFMHTUKTvkXJQoNmzg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.136.0/23
                  45.94.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:61:28:32:82:e1:d3:7d:2d:1d:51:99:4f:69:ca:34:e7:23:
         19:f9:2e:ce:85:e7:3f:b1:09:02:b5:b0:aa:3a:0f:1f:73:45:
         62:0b:0c:43:17:2d:08:2e:f1:bf:b3:d8:c2:49:1b:15:b5:f7:
         27:ed:75:c5:4b:e0:e8:63:98:54:72:10:20:55:c9:a1:c3:ad:
         ab:46:4a:9f:dd:3d:06:a8:5c:f1:98:30:e3:3d:3c:35:4a:40:
         94:20:c9:fe:0f:71:48:cb:91:d4:74:0c:df:9a:c7:c0:7f:66:
         3f:92:6c:99:26:ab:1b:f8:5e:97:df:f1:8b:50:3b:c1:aa:12:
         0e:c1:42:11:1c:b1:db:33:8b:f4:c1:e1:95:1b:c9:45:78:26:
         15:d7:85:3d:72:be:54:ae:55:6f:1e:38:2f:90:87:0a:0c:e7:
         62:e9:41:23:f7:25:5d:02:82:d8:3c:b6:1e:5c:51:f5:29:53:
         18:73:56:b7:1e:1d:f8:56:88:cd:d5:fd:01:32:2b:85:80:d4:
         d4:cc:c3:e9:57:63:da:ff:6b:89:06:a4:6d:80:d7:b9:32:ce:
         c9:e1:33:0a:fb:da:33:3f:6c:7f:a3:4c:a7:f3:0b:0e:a0:27:
         40:a2:87:6e:8d:83:3e:a4:55:fd:64:63:33:a4:2d:e9:11:b0:
         70:ab:ea:f2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ79za8WwBHSrtdAKPgmOYIqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjYwNjI1MDgwMjU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTcxMWMzN2Y2MmQyZjAxNGMxZDM1MGE0ZWY5MTcyNTBhMGQ5YjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3IX8ZBFqoxMctitWviA1ah/yXmT1
Y/Rp3+5pARbzJriDGVmp3barYTVx/nX5diZySMD0CANeYnoCxre0A5lQU79kfZeJ
vqPE6bDZtxwLKxoB9wILpYXOHn+d1dn4RDyPgNVP140WltJBlg1ciNiHCdTslW/x
lqqFwI9MefVtKuiIqZI3uERbmT/bbXXO6rDRVHeOhKoQNGIptKDSwZWAnEVHQlTR
MWkyCxUPY3BRGMR1CTDBKPBgk1rMAptRIy5NeUcFDmuy2wxnv494ZA612DVGT+AD
1WvtrGN8e/a5LBjoKFJKzRTWBnuBAGkasU9AN2MNfbqZR0eTQwErV64bywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGlxHDf2LS8BTB01Ck75FyUKDZs4MB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvYVhFY05fWXRMd0ZNSFRVS1R2a1hKUW9ObXpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLViIAwQA
LV6qMA0GCSqGSIb3DQEBCwUAA4IBAQAmYSgyguHTfS0dUZlPaco05yMZ+S7Ohec/
sQkCtbCqOg8fc0ViCwxDFy0ILvG/s9jCSRsVtfcn7XXFS+DoY5hUchAgVcmhw62r
Rkqf3T0GqFzxmDDjPTw1SkCUIMn+D3FIy5HUdAzfmsfAf2Y/kmyZJqsb+F6X3/GL
UDvBqhIOwUIRHLHbM4v0weGVG8lFeCYV14U9cr5UrlVvHjgvkIcKDOdi6UEj9yVd
AoLYPLYeXFH1KVMYc1a3Hh34VojN1f0BMiuFgNTUzMPpV2Pa/2uJBqRtgNe5Ms7J
4TMK+9ozP2x/o0yn8wsOoCdAoodujYM+pFX9ZGMzpC3pEbBwq+ry
-----END CERTIFICATE-----