Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/4VmR_FihzyMKRVwNqS1q32ma_4w.roa
File:                     4VmR_FihzyMKRVwNqS1q32ma_4w.roa (raw, json)
Hash identifier:          8llGmDSPV1S8WvDmecxyGu8AsVkz9E7OwToEbm9Afi8=
Subject key identifier:   E1:59:91:FC:58:A1:CF:23:0A:45:5C:0D:A9:2D:6A:DF:69:9A:FF:8C
Certificate issuer:       /CN=91d0c78c309a3e99dc9ab74f2cdc0484859e7530
Certificate serial:       019EA89976371EA47D5EE903F53C225AAFFE
Authority key identifier: 91:D0:C7:8C:30:9A:3E:99:DC:9A:B7:4F:2C:DC:04:84:85:9E:75:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kdDHjDCaPpncmrdPLNwEhIWedTA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/4VmR_FihzyMKRVwNqS1q32ma_4w.roa
Signing time:             Mon 08 Jun 2026 18:58:10 +0000
ROA not before:           Mon 08 Jun 2026 18:58:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51396
IP address blocks:        45.135.193.0/24 maxlen: 24
                          45.135.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/kdDHjDCaPpncmrdPLNwEhIWedTA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/kdDHjDCaPpncmrdPLNwEhIWedTA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kdDHjDCaPpncmrdPLNwEhIWedTA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 08:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a8:99:76:37:1e:a4:7d:5e:e9:03:f5:3c:22:5a:af:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91d0c78c309a3e99dc9ab74f2cdc0484859e7530
        Validity
            Not Before: Jun  8 18:58:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e15991fc58a1cf230a455c0da92d6adf699aff8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:23:06:f8:99:f2:49:f2:9a:7c:d7:e7:27:82:
                    a0:b3:90:9c:f6:02:2a:b0:33:1c:f2:02:c6:c4:4a:
                    93:e3:6e:35:c0:fc:5f:8c:c9:92:29:9b:8d:1b:fc:
                    3a:9e:4e:ec:9e:6c:df:b4:0d:fd:88:b8:f5:d6:7d:
                    ff:a6:80:ea:f8:5a:1a:0f:3e:26:f3:4a:9b:51:30:
                    64:82:59:fd:fd:75:56:00:51:1e:79:ec:84:5b:5e:
                    42:9d:9d:0a:c6:84:4c:86:b1:b6:74:16:f3:dd:54:
                    8e:67:e0:ad:4b:07:5f:d4:6f:ff:9a:38:2b:59:e3:
                    17:66:cd:ac:68:45:e3:57:23:9f:0f:a6:06:21:11:
                    4a:5f:93:fc:2d:96:e9:e7:8a:fe:0b:b5:12:4b:f4:
                    ac:12:12:3a:5a:72:98:b3:b8:4c:3f:e7:84:d8:c3:
                    c3:81:fb:8b:3d:7f:c0:f4:95:57:b2:ff:79:53:f0:
                    6e:37:8a:04:66:54:b5:17:f3:07:7d:f8:f8:49:74:
                    0b:a8:1b:0d:93:56:60:41:50:3f:4b:f4:eb:73:b0:
                    86:01:29:2c:e8:92:ae:f0:20:ff:7a:bf:8c:f2:9e:
                    85:43:e8:36:39:53:be:b0:2d:8d:e9:da:19:d5:cf:
                    26:e0:55:4b:b1:ce:7b:68:84:2f:c5:e6:6c:16:82:
                    fe:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:59:91:FC:58:A1:CF:23:0A:45:5C:0D:A9:2D:6A:DF:69:9A:FF:8C
            X509v3 Authority Key Identifier:
                keyid:91:D0:C7:8C:30:9A:3E:99:DC:9A:B7:4F:2C:DC:04:84:85:9E:75:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kdDHjDCaPpncmrdPLNwEhIWedTA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/4VmR_FihzyMKRVwNqS1q32ma_4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/kdDHjDCaPpncmrdPLNwEhIWedTA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.193.0-45.135.194.255

    Signature Algorithm: sha256WithRSAEncryption
         b5:08:e4:9d:5d:50:df:90:6d:c0:1b:fc:a1:e7:01:68:5d:5a:
         f3:58:40:38:3c:1e:99:f6:89:c9:2f:6c:b3:c1:d7:61:cc:09:
         73:f3:a4:c5:bb:6f:1f:76:52:ca:dd:ee:76:33:ca:bd:b2:ae:
         5a:de:af:f8:08:38:c8:20:ee:55:bd:f9:be:f3:05:ce:4b:53:
         3b:52:82:71:69:65:1c:ec:18:a0:a3:34:53:1c:73:70:5c:17:
         ed:99:53:bb:6e:d6:06:b8:ce:06:a1:38:c7:3d:b0:9f:22:0e:
         84:a3:72:26:b7:18:73:cb:5f:d9:21:02:85:1c:f2:f7:18:ab:
         e8:02:9c:bd:9b:b6:0f:63:e5:26:b8:b4:96:9b:66:24:f2:7f:
         79:f4:b8:8b:49:d7:e0:2d:05:e5:0c:18:81:a7:83:ba:aa:98:
         6c:1a:ae:52:5e:fa:86:d3:f7:0e:66:9d:9b:37:25:74:c6:b1:
         58:b5:29:0f:83:fa:f9:fc:ce:26:49:f0:99:11:ff:50:86:01:
         8b:c2:ba:ce:f5:a8:30:86:c6:25:56:2a:61:45:32:3c:1e:dd:
         bb:7a:48:dc:a1:b8:c9:52:a9:c7:13:6e:a2:dc:a2:4b:72:99:
         13:f3:ab:3a:cb:73:7d:eb:73:dd:7e:3b:b5:33:9a:00:28:9a:
         df:f9:00:6d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ6omXY3HqR9XukD9TwiWq/+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZDBjNzhjMzA5YTNlOTlkYzlhYjc0ZjJjZGMwNDg0ODU5
ZTc1MzAwHhcNMjYwNjA4MTg1ODEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTU5OTFmYzU4YTFjZjIzMGE0NTVjMGRhOTJkNmFkZjY5OWFmZjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqSMG+JnySfKafNfnJ4Kgs5Cc9gIq
sDMc8gLGxEqT4241wPxfjMmSKZuNG/w6nk7snmzftA39iLj11n3/poDq+FoaDz4m
80qbUTBkgln9/XVWAFEeeeyEW15CnZ0KxoRMhrG2dBbz3VSOZ+CtSwdf1G//mjgr
WeMXZs2saEXjVyOfD6YGIRFKX5P8LZbp54r+C7USS/SsEhI6WnKYs7hMP+eE2MPD
gfuLPX/A9JVXsv95U/BuN4oEZlS1F/MHffj4SXQLqBsNk1ZgQVA/S/Trc7CGASks
6JKu8CD/er+M8p6FQ+g2OVO+sC2N6doZ1c8m4FVLsc57aIQvxeZsFoL++QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOFZkfxYoc8jCkVcDaktat9pmv+MMB8GA1UdIwQY
MBaAFJHQx4wwmj6Z3Jq3TyzcBISFnnUwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2RESGpEQ2FQcG5jbXJkUExOd0VoSVdlZFRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8yOTNhMmYtMzk5Ny00OTdmLTllZjEt
NDg1MmM4ZmY4YWYyLzEvNFZtUl9GaWh6eU1LUlZ3TnFTMXEzMm1hXzR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS8yOTNhMmYtMzk5Ny00OTdmLTllZjEtNDg1MmM4ZmY4YWYy
LzEva2RESGpEQ2FQcG5jbXJkUExOd0VoSVdlZFRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAth8ED
BAAth8IwDQYJKoZIhvcNAQELBQADggEBALUI5J1dUN+QbcAb/KHnAWhdWvNYQDg8
Hpn2ickvbLPB12HMCXPzpMW7bx92Usrd7nYzyr2yrlrer/gIOMgg7lW9+b7zBc5L
UztSgnFpZRzsGKCjNFMcc3BcF+2ZU7tu1ga4zgahOMc9sJ8iDoSjcia3GHPLX9kh
AoUc8vcYq+gCnL2btg9j5Sa4tJabZiTyf3n0uItJ1+AtBeUMGIGng7qqmGwarlJe
+obT9w5mnZs3JXTGsVi1KQ+D+vn8ziZJ8JkR/1CGAYvCus71qDCGxiVWKmFFMjwe
3bt6SNyhuMlSqccTbqLcoktymRPzqzrLc33rc91+O7UzmgAomt/5AG0=
-----END CERTIFICATE-----