Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/dEF7T2e2imDNta404898Iv7kZnA.roa
File:                     dEF7T2e2imDNta404898Iv7kZnA.roa (raw, json)
Hash identifier:          jLoGmzZxaIi26s4+T97FVjVOU6UxjCvJz9IvL/E5vvc=
Subject key identifier:   74:41:7B:4F:67:B6:8A:60:CD:B5:AE:34:E3:CF:7C:22:FE:E4:66:70
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       019CFD933974F61DD7E140BC937E3B4A292F
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/dEF7T2e2imDNta404898Iv7kZnA.roa
Signing time:             Tue 17 Mar 2026 20:53:29 +0000
ROA not before:           Tue 17 Mar 2026 20:53:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208142
IP address blocks:        45.132.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Mar 2026 23:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fd:93:39:74:f6:1d:d7:e1:40:bc:93:7e:3b:4a:29:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Mar 17 20:53:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=74417b4f67b68a60cdb5ae34e3cf7c22fee46670
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:36:46:8e:58:5b:14:d9:78:f2:fa:6f:fa:b0:
                    52:49:97:c0:38:42:2f:ec:13:55:0d:14:b8:e1:00:
                    cf:9a:bb:b4:5c:55:3d:76:81:80:71:63:a8:3d:0a:
                    a6:c5:77:ad:4a:b9:41:ca:67:ca:f4:4d:6a:2a:2c:
                    e4:e0:42:9a:d4:53:9b:ff:91:68:8d:ef:fe:93:ef:
                    a4:53:d6:c0:a5:cb:2e:b3:ec:1c:fa:36:43:82:79:
                    cd:78:f3:ea:9b:20:04:ac:a3:e5:86:84:38:ec:33:
                    55:9b:1b:7f:e7:52:c3:0a:b5:8d:08:d3:42:d9:9f:
                    e9:c2:c7:41:a2:10:5e:96:77:50:66:e8:d8:5e:d6:
                    22:5f:3f:3f:62:c9:27:08:56:83:07:43:e1:b2:bb:
                    06:05:a7:71:be:b3:25:09:b9:41:b0:52:3e:c4:07:
                    29:4e:dc:87:cf:e4:18:56:8c:e0:d5:9d:92:52:f6:
                    57:57:f8:cc:0f:88:75:cb:ea:49:b8:4e:fb:0a:af:
                    38:51:09:f2:73:3e:41:95:44:de:82:6a:ad:92:79:
                    d7:ac:2f:28:58:9d:00:30:83:6f:ed:75:e6:fa:9f:
                    3e:75:fe:d5:5c:a6:05:0d:f6:d6:48:1c:8c:fc:5f:
                    67:95:ec:cc:60:0a:ed:30:ba:bb:c1:57:4c:7a:6c:
                    81:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:41:7B:4F:67:B6:8A:60:CD:B5:AE:34:E3:CF:7C:22:FE:E4:66:70
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/dEF7T2e2imDNta404898Iv7kZnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:a0:7a:b3:c2:8a:96:52:c8:7b:47:f7:8e:02:3c:b5:4f:1b:
         92:90:d3:15:34:61:5a:2a:f9:da:93:40:69:79:d4:9c:c0:f9:
         10:60:c6:39:6d:49:eb:5c:b3:56:41:d2:3d:6d:02:fc:48:7c:
         04:5a:64:dd:5f:9d:17:bb:76:4b:5e:94:95:85:b4:c9:9c:2e:
         c0:4f:16:e2:cd:bb:de:3b:fd:62:77:a2:30:ca:ac:3b:a1:8a:
         9e:21:b8:ca:c1:91:e0:1c:86:e2:54:5c:de:b6:cc:87:75:d3:
         50:67:64:c9:62:32:65:bb:aa:3c:97:3e:b9:a4:dc:5b:60:b8:
         17:a1:e8:11:d9:89:cc:21:d4:7b:d8:fa:03:cc:81:a0:b5:42:
         11:8f:bb:97:fb:26:24:45:7f:7b:8b:ce:9b:0e:dc:d6:9b:64:
         ac:70:b0:6b:61:3f:16:84:8e:42:c9:3a:4d:6b:9f:39:b5:05:
         a2:47:92:4c:72:a1:51:57:17:0c:69:86:75:a6:12:a9:21:86:
         2d:a1:2e:a9:a5:1d:7e:fa:17:0c:d6:59:aa:5f:76:c0:11:82:
         32:07:97:0b:d2:28:37:ea:d3:86:dc:dd:86:26:c6:dd:c6:71:
         61:46:97:9b:e1:5f:6b:fa:eb:2f:9f:47:a8:f7:75:d8:62:10:
         3c:71:b8:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz9kzl09h3X4UC8k347SikvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjYwMzE3MjA1MzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDQxN2I0ZjY3YjY4YTYwY2RiNWFlMzRlM2NmN2MyMmZlZTQ2NjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTZGjlhbFNl48vpv+rBSSZfAOEIv
7BNVDRS44QDPmru0XFU9doGAcWOoPQqmxXetSrlBymfK9E1qKizk4EKa1FOb/5Fo
je/+k++kU9bApcsus+wc+jZDgnnNePPqmyAErKPlhoQ47DNVmxt/51LDCrWNCNNC
2Z/pwsdBohBelndQZujYXtYiXz8/YsknCFaDB0PhsrsGBadxvrMlCblBsFI+xAcp
TtyHz+QYVozg1Z2SUvZXV/jMD4h1y+pJuE77Cq84UQnycz5BlUTegmqtknnXrC8o
WJ0AMINv7XXm+p8+df7VXKYFDfbWSByM/F9nlezMYArtMLq7wVdMemyBQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHRBe09ntopgzbWuNOPPfCL+5GZwMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvZEVGN1QyZTJpbUROdGE0MDQ4OThJdjdrWm5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYQxMA0G
CSqGSIb3DQEBCwUAA4IBAQCHoHqzwoqWUsh7R/eOAjy1TxuSkNMVNGFaKvnak0Bp
edScwPkQYMY5bUnrXLNWQdI9bQL8SHwEWmTdX50Xu3ZLXpSVhbTJnC7ATxbizbve
O/1id6Iwyqw7oYqeIbjKwZHgHIbiVFzetsyHddNQZ2TJYjJlu6o8lz65pNxbYLgX
oegR2YnMIdR72PoDzIGgtUIRj7uX+yYkRX97i86bDtzWm2SscLBrYT8WhI5CyTpN
a585tQWiR5JMcqFRVxcMaYZ1phKpIYYtoS6ppR1++hcM1lmqX3bAEYIyB5cL0ig3
6tOG3N2GJsbdxnFhRpeb4V9r+usvn0eo93XYYhA8cbiW
-----END CERTIFICATE-----