Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/dRaseQyu-Nph0iq6jNpjMA8utUs.roa
File:                     dRaseQyu-Nph0iq6jNpjMA8utUs.roa (raw, json)
Hash identifier:          kKdPDgXGVZIaeEXS8aAW0c5rneF486SB0MjDMgks3Fo=
Subject key identifier:   75:16:AC:79:0C:AE:F8:DA:61:D2:2A:BA:8C:DA:63:30:0F:2E:B5:4B
Certificate issuer:       /CN=b45999899f76d2e2e4ccdfc817f9879cfac06bbe
Certificate serial:       019EA8CBD8206E36D3584FD7687573E57588
Authority key identifier: B4:59:99:89:9F:76:D2:E2:E4:CC:DF:C8:17:F9:87:9C:FA:C0:6B:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/dRaseQyu-Nph0iq6jNpjMA8utUs.roa
Signing time:             Mon 08 Jun 2026 19:53:11 +0000
ROA not before:           Mon 08 Jun 2026 19:53:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211484
IP address blocks:        80.174.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 08:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a8:cb:d8:20:6e:36:d3:58:4f:d7:68:75:73:e5:75:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b45999899f76d2e2e4ccdfc817f9879cfac06bbe
        Validity
            Not Before: Jun  8 19:53:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7516ac790caef8da61d22aba8cda63300f2eb54b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:c4:46:e9:69:3d:95:26:31:cd:81:f1:f4:f1:
                    89:50:8b:e0:fe:52:17:4b:ee:88:ca:1b:0d:05:04:
                    e8:22:97:37:0b:da:c5:eb:4b:cb:50:17:fa:ea:6e:
                    1d:e0:b3:93:5e:d0:e6:37:0f:66:35:ce:1c:dc:28:
                    85:a2:83:95:36:ed:ea:cf:7a:fd:47:8a:72:e4:38:
                    b8:29:10:64:5b:38:db:b1:9b:9b:4c:12:f5:d9:25:
                    86:46:39:93:73:be:9e:2e:53:70:df:67:c5:55:a7:
                    f1:81:27:c6:a0:c8:a8:c8:fb:31:f1:13:c4:27:4a:
                    be:7d:22:eb:1a:ed:e6:cd:47:ac:8e:89:bb:53:af:
                    ef:0f:1b:82:b2:9d:54:8c:ad:71:d0:a0:1f:be:b3:
                    a0:f8:db:35:7a:5c:24:88:bf:d0:66:17:da:42:3f:
                    95:59:1c:b8:95:d7:96:6d:dd:2c:ac:dd:04:f8:fb:
                    8d:f7:d7:ac:63:a8:29:ea:1e:2d:c7:e8:89:e7:a4:
                    f9:ed:4d:fa:1a:7d:f8:c8:82:44:45:8e:01:30:41:
                    e5:b2:7a:3f:21:bf:78:06:65:ac:56:f3:43:2f:15:
                    5f:1d:36:e2:c7:54:53:6e:3e:44:93:f4:00:b6:94:
                    24:8b:20:81:a7:6b:b7:c2:cc:dd:a6:df:89:78:34:
                    d1:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:16:AC:79:0C:AE:F8:DA:61:D2:2A:BA:8C:DA:63:30:0F:2E:B5:4B
            X509v3 Authority Key Identifier:
                keyid:B4:59:99:89:9F:76:D2:E2:E4:CC:DF:C8:17:F9:87:9C:FA:C0:6B:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/dRaseQyu-Nph0iq6jNpjMA8utUs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.174.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:e7:1d:f2:d0:4d:1c:c7:12:67:df:78:14:91:06:ce:de:8a:
         f5:ce:14:ac:89:f3:f4:90:76:c4:81:9e:46:4d:0c:16:b5:22:
         42:ab:13:75:4b:e8:9d:66:59:14:5d:81:1f:1c:a7:e0:ee:5a:
         22:7c:ef:ef:71:c9:c6:d4:4e:0a:10:f4:f7:0b:ad:11:64:f0:
         fd:c4:7e:b5:46:96:8d:d2:fb:75:6c:2d:48:b0:a0:34:44:ff:
         04:4b:99:10:e2:c6:85:5f:e0:91:5d:c3:b1:56:d9:d1:68:37:
         90:00:f6:69:b7:87:3b:8b:a6:0a:82:41:3b:98:a6:49:07:e9:
         d4:be:79:26:9a:e1:e7:b4:36:ee:7b:11:c2:08:07:f0:95:bc:
         30:3f:05:f4:3b:f3:83:74:13:b9:e7:66:fd:b1:a3:bd:53:17:
         e1:a8:31:bf:72:39:32:a3:ab:e7:3a:45:0f:27:f3:47:6b:04:
         67:2a:58:22:fa:9c:d1:3f:d4:1a:b1:9e:7c:b3:bb:d8:77:f0:
         44:3a:f4:32:55:f0:7f:e9:5a:39:32:67:b8:80:dc:27:e9:c3:
         c6:b9:e4:23:46:dc:63:50:9e:28:84:83:2a:8e:50:ec:99:1a:
         fe:a9:a6:3b:b1:3b:d6:f0:4d:01:68:40:c6:7b:c7:d5:e9:06:
         c7:33:9f:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6oy9ggbjbTWE/XaHVz5XWIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NTk5OTg5OWY3NmQyZTJlNGNjZGZjODE3Zjk4NzljZmFj
MDZiYmUwHhcNMjYwNjA4MTk1MzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTE2YWM3OTBjYWVmOGRhNjFkMjJhYmE4Y2RhNjMzMDBmMmViNTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8RG6Wk9lSYxzYHx9PGJUIvg/lIX
S+6IyhsNBQToIpc3C9rF60vLUBf66m4d4LOTXtDmNw9mNc4c3CiFooOVNu3qz3r9
R4py5Di4KRBkWzjbsZubTBL12SWGRjmTc76eLlNw32fFVafxgSfGoMioyPsx8RPE
J0q+fSLrGu3mzUesjom7U6/vDxuCsp1UjK1x0KAfvrOg+Ns1elwkiL/QZhfaQj+V
WRy4ldeWbd0srN0E+PuN99esY6gp6h4tx+iJ56T57U36Gn34yIJERY4BMEHlsno/
Ib94BmWsVvNDLxVfHTbix1RTbj5Ek/QAtpQkiyCBp2u3wszdpt+JeDTRkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHUWrHkMrvjaYdIquozaYzAPLrVLMB8GA1UdIwQY
MBaAFLRZmYmfdtLi5MzfyBf5h5z6wGu+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEZtWmlaOTIwdUxrek5fSUZfbUhuUHJBYTc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9jYjdiMjEtMzM1Yy00MmNhLTg1OWUt
NzM0MjhmOWM3YmZmLzEvZFJhc2VReXUtTnBoMGlxNmpOcGpNQTh1dFVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9jYjdiMjEtMzM1Yy00MmNhLTg1OWUtNzM0MjhmOWM3YmZm
LzEvdEZtWmlaOTIwdUxrek5fSUZfbUhuUHJBYTc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUK56MA0G
CSqGSIb3DQEBCwUAA4IBAQBc5x3y0E0cxxJn33gUkQbO3or1zhSsifP0kHbEgZ5G
TQwWtSJCqxN1S+idZlkUXYEfHKfg7loifO/vccnG1E4KEPT3C60RZPD9xH61RpaN
0vt1bC1IsKA0RP8ES5kQ4saFX+CRXcOxVtnRaDeQAPZpt4c7i6YKgkE7mKZJB+nU
vnkmmuHntDbuexHCCAfwlbwwPwX0O/ODdBO552b9saO9UxfhqDG/cjkyo6vnOkUP
J/NHawRnKlgi+pzRP9QasZ58s7vYd/BEOvQyVfB/6Vo5Mme4gNwn6cPGueQjRtxj
UJ4ohIMqjlDsmRr+qaY7sTvW8E0BaEDGe8fV6QbHM5/9
-----END CERTIFICATE-----