Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/4sHcg46CKKDvMyDChpwWDh0Egl4.roa
File:                     4sHcg46CKKDvMyDChpwWDh0Egl4.roa (raw, json)
Hash identifier:          w75qFMjuUV9F/cJXn+EoOEYDQsrts8ozrq3p5+rPA14=
Subject key identifier:   E2:C1:DC:83:8E:82:28:A0:EF:33:20:C2:86:9C:16:0E:1D:04:82:5E
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       019E36941CBCFF81CC948167F1D073CA14B0
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/4sHcg46CKKDvMyDChpwWDh0Egl4.roa
Signing time:             Sun 17 May 2026 15:35:36 +0000
ROA not before:           Sun 17 May 2026 15:35:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210819
IP address blocks:        45.140.166.0/24 maxlen: 24
                          2a0e:4006::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 00:11:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:36:94:1c:bc:ff:81:cc:94:81:67:f1:d0:73:ca:14:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: May 17 15:35:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e2c1dc838e8228a0ef3320c2869c160e1d04825e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:48:79:0b:e3:da:dc:bd:1b:b6:97:4c:ba:fb:
                    ea:71:63:9f:dc:99:f8:da:81:ac:9a:7f:b1:38:84:
                    e7:85:b9:99:7a:da:ff:96:d2:d8:30:50:29:22:46:
                    5b:aa:3d:ac:80:25:cc:e3:8e:c3:56:da:77:91:9a:
                    3e:fc:87:6d:c3:1d:d0:62:fa:5a:6b:34:1a:86:03:
                    6e:d1:34:9c:3b:af:c3:9a:85:ff:60:0c:dc:36:f0:
                    ca:78:9d:4e:c3:b3:8f:31:ea:7f:97:83:e9:2e:63:
                    53:db:f1:ec:29:a3:b8:59:8d:e2:2c:01:7f:44:1d:
                    2c:ce:1d:02:01:2f:3f:66:99:a8:22:66:cb:69:9a:
                    7c:eb:6a:75:24:a4:bb:71:9c:64:0a:63:5d:24:c2:
                    78:e8:87:28:aa:38:c6:03:6a:43:ab:34:70:41:1a:
                    0d:4e:3b:f9:03:9d:30:48:a7:16:38:eb:0c:db:b7:
                    7d:08:12:9e:21:ea:06:b4:31:cc:63:f8:fb:1e:b0:
                    2f:63:ac:25:30:23:b9:88:ac:91:3e:87:26:54:60:
                    59:53:f4:c2:57:0e:cc:31:6d:d0:35:53:5f:29:2b:
                    b0:aa:b0:88:04:a6:66:40:c4:ac:3c:e3:e2:54:99:
                    5d:71:f6:89:8e:a7:ac:98:5b:ec:31:b3:39:06:a9:
                    73:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:C1:DC:83:8E:82:28:A0:EF:33:20:C2:86:9C:16:0E:1D:04:82:5E
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/4sHcg46CKKDvMyDChpwWDh0Egl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.166.0/24
                IPv6:
                  2a0e:4006::/32

    Signature Algorithm: sha256WithRSAEncryption
         b5:b2:81:14:f5:d9:0b:86:6e:24:d5:6f:79:8c:e4:f2:ac:93:
         34:34:aa:63:c2:5a:db:8d:5f:63:0b:5b:14:04:82:74:aa:c6:
         10:f7:ee:7f:b6:eb:46:c7:6c:fa:0d:98:48:10:c0:2a:58:17:
         d8:52:eb:dc:c0:ea:5e:03:6b:de:6b:3b:e1:9d:b0:d1:0b:0b:
         82:89:00:b0:24:1e:ab:88:eb:8d:8c:ae:02:88:2f:42:9b:8f:
         98:0b:f4:92:7b:75:04:52:42:d9:a3:68:46:52:81:f0:c8:cc:
         b2:cb:08:8e:19:77:ef:4d:11:e6:46:ad:3f:ce:2a:0e:9d:6d:
         81:2b:6b:76:e1:d2:71:f5:a5:6f:25:d7:07:da:4f:a6:60:b8:
         6e:b1:d8:e1:30:4a:df:13:65:46:ce:ca:2e:09:da:a3:ce:0c:
         75:06:9c:7f:8e:70:e3:24:86:c2:c9:b2:e6:ab:93:e0:6a:3f:
         69:46:15:3c:d2:ab:75:dd:25:8a:c6:f8:57:e2:d6:33:b7:b6:
         11:74:85:83:97:f4:cc:b9:29:6a:23:cf:4a:08:f2:85:85:94:
         a9:b1:46:66:bb:b2:ee:24:60:ac:e6:97:22:5e:2b:4e:7b:ce:
         a0:80:73:a9:87:3e:d6:16:b2:30:dd:2c:c2:3c:22:bf:2a:a5:
         de:8e:f5:08
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ42lBy8/4HMlIFn8dBzyhSwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjYwNTE3MTUzNTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmMxZGM4MzhlODIyOGEwZWYzMzIwYzI4NjljMTYwZTFkMDQ4MjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0h5C+Pa3L0btpdMuvvqcWOf3Jn4
2oGsmn+xOITnhbmZetr/ltLYMFApIkZbqj2sgCXM447DVtp3kZo+/Idtwx3QYvpa
azQahgNu0TScO6/DmoX/YAzcNvDKeJ1Ow7OPMep/l4PpLmNT2/HsKaO4WY3iLAF/
RB0szh0CAS8/ZpmoImbLaZp862p1JKS7cZxkCmNdJMJ46IcoqjjGA2pDqzRwQRoN
Tjv5A50wSKcWOOsM27d9CBKeIeoGtDHMY/j7HrAvY6wlMCO5iKyRPocmVGBZU/TC
Vw7MMW3QNVNfKSuwqrCIBKZmQMSsPOPiVJldcfaJjqesmFvsMbM5BqlzOwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOLB3IOOgiig7zMgwoacFg4dBIJeMB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEvNHNIY2c0NkNLS0R2TXlEQ2hwd1dEaDBFZ2w0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEtNGJkNjNhZGM3MzU0
LzEvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALYymMA0E
AgACMAcDBQAqDkAGMA0GCSqGSIb3DQEBCwUAA4IBAQC1soEU9dkLhm4k1W95jOTy
rJM0NKpjwlrbjV9jC1sUBIJ0qsYQ9+5/tutGx2z6DZhIEMAqWBfYUuvcwOpeA2ve
azvhnbDRCwuCiQCwJB6riOuNjK4CiC9Cm4+YC/SSe3UEUkLZo2hGUoHwyMyyywiO
GXfvTRHmRq0/zioOnW2BK2t24dJx9aVvJdcH2k+mYLhusdjhMErfE2VGzsouCdqj
zgx1Bpx/jnDjJIbCybLmq5Pgaj9pRhU80qt13SWKxvhX4tYzt7YRdIWDl/TMuSlq
I89KCPKFhZSpsUZmu7LuJGCs5pciXitOe86ggHOphz7WFrIw3SzCPCK/KqXejvUI
-----END CERTIFICATE-----