Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/FWeLMrqzdI4hd96orsYQfK_d0Zc.roa
File:                     FWeLMrqzdI4hd96orsYQfK_d0Zc.roa (raw, json)
Hash identifier:          /u234PjKVouqOKntVh4TgCtWCyFv7L7LbMqlU2f96A4=
Subject key identifier:   15:67:8B:32:BA:B3:74:8E:21:77:DE:A8:AE:C6:10:7C:AF:DD:D1:97
Certificate issuer:       /CN=e7c07db9880133c5cdce005bca111b552cd14c53
Certificate serial:       019D302CD4E0D3E9759AC2412A152F54F2AA
Authority key identifier: E7:C0:7D:B9:88:01:33:C5:CD:CE:00:5B:CA:11:1B:55:2C:D1:4C:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/58B9uYgBM8XNzgBbyhEbVSzRTFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/FWeLMrqzdI4hd96orsYQfK_d0Zc.roa
Signing time:             Fri 27 Mar 2026 16:42:17 +0000
ROA not before:           Fri 27 Mar 2026 16:42:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25538
IP address blocks:        45.12.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/58B9uYgBM8XNzgBbyhEbVSzRTFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/58B9uYgBM8XNzgBbyhEbVSzRTFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/58B9uYgBM8XNzgBbyhEbVSzRTFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:30:2c:d4:e0:d3:e9:75:9a:c2:41:2a:15:2f:54:f2:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7c07db9880133c5cdce005bca111b552cd14c53
        Validity
            Not Before: Mar 27 16:42:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=15678b32bab3748e2177dea8aec6107cafddd197
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:6f:13:6f:ce:71:9c:03:1a:1d:ba:28:01:2d:
                    ad:ed:b7:4e:19:e6:3d:3f:b9:9f:07:55:cd:93:1f:
                    f8:30:fd:42:29:3e:ed:8b:ca:de:c5:83:7e:ee:5b:
                    f3:9f:cb:d9:53:0d:81:dc:88:fe:b0:cd:bc:39:43:
                    4e:e6:10:3a:22:df:83:38:48:a7:10:50:ad:47:c9:
                    8f:08:20:33:a6:ae:71:10:93:3e:69:a0:c9:0f:a0:
                    3b:d0:45:c2:71:da:74:c9:00:bf:46:2d:5a:25:cc:
                    e3:63:ef:4b:05:4e:19:31:96:2c:2d:da:f9:28:a9:
                    3e:07:ce:16:f6:20:27:fe:27:d1:d2:97:24:05:28:
                    b7:08:d2:fd:19:ed:86:76:5d:d3:56:46:5c:81:10:
                    ae:48:76:6e:bc:5a:99:b4:73:62:1b:fd:4e:e3:eb:
                    90:29:c7:f3:68:ce:f0:c5:9b:16:58:6d:5f:65:6c:
                    12:90:2e:4f:7a:ae:5b:85:bd:95:df:9e:9e:2e:08:
                    9c:c3:ce:0f:ce:47:e9:50:c3:87:b2:c6:95:7e:80:
                    67:36:d9:82:11:23:d8:f4:85:fa:f6:1c:b4:96:3e:
                    88:f7:cf:df:5a:0a:e8:10:04:cf:8c:60:a4:bf:c4:
                    0e:50:ac:d7:46:6a:5f:3e:76:48:53:e5:c6:9c:93:
                    fb:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:67:8B:32:BA:B3:74:8E:21:77:DE:A8:AE:C6:10:7C:AF:DD:D1:97
            X509v3 Authority Key Identifier:
                keyid:E7:C0:7D:B9:88:01:33:C5:CD:CE:00:5B:CA:11:1B:55:2C:D1:4C:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/58B9uYgBM8XNzgBbyhEbVSzRTFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/FWeLMrqzdI4hd96orsYQfK_d0Zc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/58B9uYgBM8XNzgBbyhEbVSzRTFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:1f:0f:a7:75:f7:d2:54:21:a8:8a:6d:60:99:5c:1a:2f:ea:
         55:c8:1f:fb:35:1f:d0:6d:61:fe:c8:6c:03:f1:be:b5:d8:e8:
         01:40:a9:ee:fc:5d:2e:40:7d:fe:16:94:18:72:4c:aa:93:a4:
         d5:e1:65:5b:48:39:49:29:f5:40:36:03:63:7b:0e:0f:c9:70:
         b3:1f:e3:3b:7b:10:68:35:99:16:8c:00:5a:b0:b5:37:23:b4:
         06:65:38:9d:61:ac:fb:2d:e1:b5:a0:3f:e3:93:49:f7:4f:f0:
         e5:51:08:c5:7a:59:f5:8a:62:37:6a:63:8f:2f:2d:a1:f3:0f:
         ac:c8:fd:d3:ad:ef:1e:c5:d2:d8:a7:96:94:95:ae:b3:8f:05:
         48:cf:16:63:d4:ad:62:34:88:50:0c:e6:31:6b:f4:1d:29:f1:
         10:91:dd:0e:9a:53:40:8f:c1:62:7b:01:dd:ac:cb:36:c5:3f:
         f8:0c:19:0b:c7:6e:fa:ca:fe:c7:f9:05:22:ec:14:08:76:8a:
         08:e8:ad:b4:41:64:95:e9:a4:13:e2:0e:30:c6:73:d4:99:96:
         c4:09:b6:c6:52:86:61:71:80:2c:b7:0d:fb:93:ff:1f:d4:4a:
         90:2b:63:90:66:84:02:3c:89:85:60:72:d5:6f:a2:e0:40:db:
         15:97:3e:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0wLNTg0+l1msJBKhUvVPKqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3YzA3ZGI5ODgwMTMzYzVjZGNlMDA1YmNhMTExYjU1MmNk
MTRjNTMwHhcNMjYwMzI3MTY0MjE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTY3OGIzMmJhYjM3NDhlMjE3N2RlYThhZWM2MTA3Y2FmZGRkMTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnG8Tb85xnAMaHbooAS2t7bdOGeY9
P7mfB1XNkx/4MP1CKT7ti8rexYN+7lvzn8vZUw2B3Ij+sM28OUNO5hA6It+DOEin
EFCtR8mPCCAzpq5xEJM+aaDJD6A70EXCcdp0yQC/Ri1aJczjY+9LBU4ZMZYsLdr5
KKk+B84W9iAn/ifR0pckBSi3CNL9Ge2Gdl3TVkZcgRCuSHZuvFqZtHNiG/1O4+uQ
KcfzaM7wxZsWWG1fZWwSkC5Peq5bhb2V356eLgicw84PzkfpUMOHssaVfoBnNtmC
ESPY9IX69hy0lj6I98/fWgroEATPjGCkv8QOUKzXRmpfPnZIU+XGnJP7UQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBVnizK6s3SOIXfeqK7GEHyv3dGXMB8GA1UdIwQY
MBaAFOfAfbmIATPFzc4AW8oRG1Us0UxTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNThCOXVZZ0JNOFhOemdCYnloRWJWU3pSVEZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi84Y2RkNDktYzA5NC00YzZhLTkxOGMt
MGFhNDYzY2RmY2EwLzEvRldlTE1ycXpkSTRoZDk2b3JzWVFmS19kMFpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi84Y2RkNDktYzA5NC00YzZhLTkxOGMtMGFhNDYzY2RmY2Ew
LzEvNThCOXVZZ0JNOFhOemdCYnloRWJWU3pSVEZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQyrMA0G
CSqGSIb3DQEBCwUAA4IBAQCKHw+ndffSVCGoim1gmVwaL+pVyB/7NR/QbWH+yGwD
8b612OgBQKnu/F0uQH3+FpQYckyqk6TV4WVbSDlJKfVANgNjew4PyXCzH+M7exBo
NZkWjABasLU3I7QGZTidYaz7LeG1oD/jk0n3T/DlUQjFeln1imI3amOPLy2h8w+s
yP3Tre8exdLYp5aUla6zjwVIzxZj1K1iNIhQDOYxa/QdKfEQkd0OmlNAj8FiewHd
rMs2xT/4DBkLx276yv7H+QUi7BQIdooI6K20QWSV6aQT4g4wxnPUmZbECbbGUoZh
cYAstw37k/8f1EqQK2OQZoQCPImFYHLVb6LgQNsVlz63
-----END CERTIFICATE-----