Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/54e78c-5dd0-4f26-b56e-eb306a8d4ab5/1/pz4XEwrMbdg_cx_AdmXuju5dUJo.roa
File:                     pz4XEwrMbdg_cx_AdmXuju5dUJo.roa (raw, json)
Hash identifier:          oHNUzHLoaTml1g0VmhwxJ9UogXzKrXPobmrpdng65ps=
Subject key identifier:   A7:3E:17:13:0A:CC:6D:D8:3F:73:1F:C0:76:65:EE:8E:EE:5D:50:9A
Certificate issuer:       /CN=2d26fe9a7e21a773f61d65123f83e2828fd0429f
Certificate serial:       019F03A81A78897CA8A75640270C7A3963A2
Authority key identifier: 2D:26:FE:9A:7E:21:A7:73:F6:1D:65:12:3F:83:E2:82:8F:D0:42:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LSb-mn4hp3P2HWUSP4Pigo_QQp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/54e78c-5dd0-4f26-b56e-eb306a8d4ab5/1/pz4XEwrMbdg_cx_AdmXuju5dUJo.roa
Signing time:             Fri 26 Jun 2026 11:19:36 +0000
ROA not before:           Fri 26 Jun 2026 11:19:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35075
IP address blocks:        45.11.48.0/22 maxlen: 22
                          217.22.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/54e78c-5dd0-4f26-b56e-eb306a8d4ab5/1/LSb-mn4hp3P2HWUSP4Pigo_QQp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/54e78c-5dd0-4f26-b56e-eb306a8d4ab5/1/LSb-mn4hp3P2HWUSP4Pigo_QQp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LSb-mn4hp3P2HWUSP4Pigo_QQp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:03:a8:1a:78:89:7c:a8:a7:56:40:27:0c:7a:39:63:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d26fe9a7e21a773f61d65123f83e2828fd0429f
        Validity
            Not Before: Jun 26 11:19:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a73e17130acc6dd83f731fc07665ee8eee5d509a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:7a:d1:5c:63:07:a0:b0:b6:a1:e2:27:2b:d1:
                    b2:43:e8:23:ad:a0:5b:a9:71:7b:2e:2d:bd:04:a2:
                    c3:84:34:ba:e5:9b:eb:34:59:9e:64:16:0a:7c:a4:
                    42:e5:70:9a:db:8d:10:cf:5f:c2:2c:33:35:2f:07:
                    bc:f1:93:95:1d:39:98:88:19:4f:7c:1a:2c:6a:2d:
                    53:ff:82:a4:fa:93:d2:32:0e:c4:54:66:03:ac:ae:
                    2c:fe:cd:a4:5e:9e:eb:d5:fe:b9:2d:00:11:42:28:
                    46:80:d1:d6:5d:d1:1a:1e:18:10:f3:03:81:ed:4d:
                    f5:50:31:46:c5:49:97:cb:3a:d4:34:3f:1e:00:95:
                    c5:c2:0f:33:01:56:da:68:d0:9f:58:c1:ae:f9:74:
                    d0:fa:b5:03:79:70:62:62:df:00:68:be:c8:3c:de:
                    fd:5b:37:cb:95:ca:3e:60:ad:c8:c5:e0:65:97:e5:
                    fb:b7:5b:de:d2:ca:f0:99:db:75:5b:b8:88:3c:e0:
                    1f:ea:28:05:17:39:3e:f7:6a:cc:3b:e3:7e:03:51:
                    6c:45:fa:ab:58:46:e3:77:c1:44:52:6a:6d:2f:bc:
                    67:0f:88:d7:68:75:ce:1d:04:be:f5:fe:09:bf:b8:
                    5a:02:7c:e0:27:09:b9:82:61:3a:53:66:72:42:7d:
                    d4:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:3E:17:13:0A:CC:6D:D8:3F:73:1F:C0:76:65:EE:8E:EE:5D:50:9A
            X509v3 Authority Key Identifier:
                keyid:2D:26:FE:9A:7E:21:A7:73:F6:1D:65:12:3F:83:E2:82:8F:D0:42:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LSb-mn4hp3P2HWUSP4Pigo_QQp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/54e78c-5dd0-4f26-b56e-eb306a8d4ab5/1/pz4XEwrMbdg_cx_AdmXuju5dUJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/54e78c-5dd0-4f26-b56e-eb306a8d4ab5/1/LSb-mn4hp3P2HWUSP4Pigo_QQp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.48.0/22
                  217.22.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:c5:1b:8b:9d:6a:73:a4:27:fd:68:fc:04:87:57:47:56:e3:
         da:f8:95:98:a2:af:2f:24:79:23:dd:84:34:bd:39:b2:25:a4:
         b3:97:80:11:29:bf:f1:da:a1:7a:77:33:f6:8a:99:a5:8f:eb:
         ca:68:d8:75:48:b4:6b:9f:e2:53:28:e2:29:a7:fb:ea:4b:c8:
         ba:9a:44:5e:88:32:e4:5c:f8:e7:e6:14:ef:f0:3e:5b:50:8e:
         b4:ec:51:74:1e:51:79:17:7e:d7:a2:2d:1a:98:ac:b4:39:53:
         70:14:65:4c:48:38:33:3d:9a:8a:37:87:7a:93:7f:92:56:11:
         75:5b:e7:a1:78:db:d5:26:91:35:e6:bc:0f:77:2b:b2:d7:49:
         53:93:86:4a:fe:2b:26:62:3b:e8:06:0e:9e:49:17:eb:fd:29:
         7f:1d:86:d4:8b:aa:c6:51:6d:87:aa:77:dc:20:72:35:dc:b5:
         6e:bf:4b:11:31:3a:ce:6e:93:d2:54:44:98:22:0f:6b:a8:43:
         ae:7a:56:d8:37:53:b8:60:c9:fc:64:7e:f9:e2:71:1d:ee:37:
         55:b3:3c:17:bd:c3:8c:3d:9e:94:f3:a1:7c:f9:99:4d:8e:6e:
         bc:9a:ba:50:f7:68:f7:3f:51:fb:65:34:6f:8a:2b:91:3e:5b:
         d5:e9:95:fd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ8DqBp4iXyop1ZAJwx6OWOiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMjZmZTlhN2UyMWE3NzNmNjFkNjUxMjNmODNlMjgyOGZk
MDQyOWYwHhcNMjYwNjI2MTExOTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzNlMTcxMzBhY2M2ZGQ4M2Y3MzFmYzA3NjY1ZWU4ZWVlNWQ1MDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonrRXGMHoLC2oeInK9GyQ+gjraBb
qXF7Li29BKLDhDS65ZvrNFmeZBYKfKRC5XCa240Qz1/CLDM1Lwe88ZOVHTmYiBlP
fBosai1T/4Kk+pPSMg7EVGYDrK4s/s2kXp7r1f65LQARQihGgNHWXdEaHhgQ8wOB
7U31UDFGxUmXyzrUND8eAJXFwg8zAVbaaNCfWMGu+XTQ+rUDeXBiYt8AaL7IPN79
WzfLlco+YK3IxeBll+X7t1ve0srwmdt1W7iIPOAf6igFFzk+92rMO+N+A1FsRfqr
WEbjd8FEUmptL7xnD4jXaHXOHQS+9f4Jv7haAnzgJwm5gmE6U2ZyQn3UuwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKc+FxMKzG3YP3MfwHZl7o7uXVCaMB8GA1UdIwQY
MBaAFC0m/pp+Iadz9h1lEj+D4oKP0EKfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFNiLW1uNGhwM1AySFdVU1A0UGlnb19RUXA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy81NGU3OGMtNWRkMC00ZjI2LWI1NmUt
ZWIzMDZhOGQ0YWI1LzEvcHo0WEV3ck1iZGdfY3hfQWRtWHVqdTVkVUpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy81NGU3OGMtNWRkMC00ZjI2LWI1NmUtZWIzMDZhOGQ0YWI1
LzEvTFNiLW1uNGhwM1AySFdVU1A0UGlnb19RUXA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLQswAwQA
2RYOMA0GCSqGSIb3DQEBCwUAA4IBAQBWxRuLnWpzpCf9aPwEh1dHVuPa+JWYoq8v
JHkj3YQ0vTmyJaSzl4ARKb/x2qF6dzP2ipmlj+vKaNh1SLRrn+JTKOIpp/vqS8i6
mkReiDLkXPjn5hTv8D5bUI607FF0HlF5F37Xoi0amKy0OVNwFGVMSDgzPZqKN4d6
k3+SVhF1W+eheNvVJpE15rwPdyuy10lTk4ZK/ismYjvoBg6eSRfr/Sl/HYbUi6rG
UW2HqnfcIHI13LVuv0sRMTrObpPSVESYIg9rqEOuelbYN1O4YMn8ZH754nEd7jdV
szwXvcOMPZ6U86F8+ZlNjm68mrpQ92j3P1H7ZTRviiuRPlvV6ZX9
-----END CERTIFICATE-----
Generated at Fri Jul 3 20:53:04 2026 by rpki-client