Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/ntsMqdMKh5NTLScrKm_ZDNJcAbs.roa
File:                     ntsMqdMKh5NTLScrKm_ZDNJcAbs.roa (raw, json)
Hash identifier:          Xz29MFWsWwRe+2THJkBYp4Aaz0hw4PkxamrpM2/go8M=
Subject key identifier:   9E:DB:0C:A9:D3:0A:87:93:53:2D:27:2B:2A:6F:D9:0C:D2:5C:01:BB
Certificate issuer:       /CN=b45999899f76d2e2e4ccdfc817f9879cfac06bbe
Certificate serial:       019E6ABE033B03003DC01689131B57E4EAE0
Authority key identifier: B4:59:99:89:9F:76:D2:E2:E4:CC:DF:C8:17:F9:87:9C:FA:C0:6B:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/ntsMqdMKh5NTLScrKm_ZDNJcAbs.roa
Signing time:             Wed 27 May 2026 18:41:37 +0000
ROA not before:           Wed 27 May 2026 18:41:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     395470
IP address blocks:        80.174.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jun 2026 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:6a:be:03:3b:03:00:3d:c0:16:89:13:1b:57:e4:ea:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b45999899f76d2e2e4ccdfc817f9879cfac06bbe
        Validity
            Not Before: May 27 18:41:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9edb0ca9d30a8793532d272b2a6fd90cd25c01bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:00:e9:5d:f9:23:84:84:dd:6a:bb:44:92:b5:
                    88:33:58:24:39:9c:ad:e5:1c:99:7f:d2:84:c0:8b:
                    1e:c9:98:6b:06:b7:53:cf:f7:15:c0:c7:ec:51:91:
                    bb:6c:42:e7:56:fa:7b:54:48:bb:c7:57:60:d8:b8:
                    71:71:11:9f:73:c0:1c:1a:eb:c8:56:16:6d:96:a4:
                    c4:22:38:1e:90:d6:40:8c:52:e1:65:f1:15:ac:d5:
                    1d:bc:a7:16:c1:e0:83:5b:77:7b:19:ff:dc:5e:13:
                    06:f1:3a:72:8f:20:99:27:ea:6f:ff:bf:f3:5e:7d:
                    a4:05:2a:6d:86:ec:05:04:13:52:68:c8:dd:b3:15:
                    f0:0a:07:4b:3d:f7:38:a8:b7:08:e6:32:1c:e7:e6:
                    7f:99:ce:54:72:38:eb:05:73:ce:8d:c7:73:76:c1:
                    5b:13:c9:d4:f5:f0:69:38:18:b3:6d:76:08:60:3b:
                    da:6c:65:0e:d0:f3:11:11:88:91:39:f2:17:1c:66:
                    14:17:aa:58:be:de:8c:2b:77:70:84:4a:af:ca:0e:
                    11:70:12:ce:52:4b:72:bd:0d:90:75:0c:54:ff:c1:
                    ba:ab:e9:96:f0:79:58:48:c7:1b:52:8b:35:a6:2d:
                    5d:24:97:50:c6:ce:88:4c:5e:d4:74:32:e6:32:87:
                    dd:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:DB:0C:A9:D3:0A:87:93:53:2D:27:2B:2A:6F:D9:0C:D2:5C:01:BB
            X509v3 Authority Key Identifier:
                keyid:B4:59:99:89:9F:76:D2:E2:E4:CC:DF:C8:17:F9:87:9C:FA:C0:6B:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/ntsMqdMKh5NTLScrKm_ZDNJcAbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.174.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:c1:e4:e5:2d:9f:44:96:61:a6:ce:a8:30:3e:67:c1:7a:6a:
         9e:ce:6a:19:e8:b3:5d:03:10:cc:04:32:a2:13:08:9d:79:9f:
         0c:0f:8c:30:30:28:ea:f8:42:0c:28:9f:e4:b1:a2:c1:86:e6:
         69:69:87:b2:e4:72:6f:dc:73:57:13:c1:1c:f0:26:46:84:f9:
         b4:90:d9:c0:cd:a1:08:35:f9:06:71:3f:f4:1f:ff:4b:81:9d:
         69:d3:08:85:ab:89:ed:b2:4e:fb:22:9f:86:17:04:38:45:82:
         a9:95:16:09:52:9b:97:31:85:7f:58:8a:05:ac:a4:20:8a:7a:
         22:7f:8c:16:c7:87:e8:75:d6:15:21:44:d9:f4:e7:11:42:71:
         68:96:73:a3:96:35:3e:96:6f:9c:21:f5:ea:51:b9:05:a5:3e:
         41:85:58:aa:06:42:9e:85:94:e7:89:f1:fc:66:f0:9c:7f:54:
         6f:f3:4e:85:91:7a:33:51:02:05:f4:fb:2d:7d:5a:56:db:57:
         f4:2c:0a:28:d2:95:30:bb:0a:ef:37:4a:7e:20:3a:6e:e1:b2:
         a5:39:b0:61:7b:76:0d:76:4d:6f:f7:3e:85:5f:91:30:4d:e3:
         88:bb:17:af:5e:50:36:9d:c2:89:8e:0a:b7:61:4d:c2:a4:be:
         70:8f:b9:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5qvgM7AwA9wBaJExtX5OrgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NTk5OTg5OWY3NmQyZTJlNGNjZGZjODE3Zjk4NzljZmFj
MDZiYmUwHhcNMjYwNTI3MTg0MTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWRiMGNhOWQzMGE4NzkzNTMyZDI3MmIyYTZmZDkwY2QyNWMwMWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwDpXfkjhITdartEkrWIM1gkOZyt
5RyZf9KEwIseyZhrBrdTz/cVwMfsUZG7bELnVvp7VEi7x1dg2LhxcRGfc8AcGuvI
VhZtlqTEIjgekNZAjFLhZfEVrNUdvKcWweCDW3d7Gf/cXhMG8TpyjyCZJ+pv/7/z
Xn2kBSpthuwFBBNSaMjdsxXwCgdLPfc4qLcI5jIc5+Z/mc5UcjjrBXPOjcdzdsFb
E8nU9fBpOBizbXYIYDvabGUO0PMREYiROfIXHGYUF6pYvt6MK3dwhEqvyg4RcBLO
UktyvQ2QdQxU/8G6q+mW8HlYSMcbUos1pi1dJJdQxs6ITF7UdDLmMofdCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ7bDKnTCoeTUy0nKypv2QzSXAG7MB8GA1UdIwQY
MBaAFLRZmYmfdtLi5MzfyBf5h5z6wGu+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEZtWmlaOTIwdUxrek5fSUZfbUhuUHJBYTc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9jYjdiMjEtMzM1Yy00MmNhLTg1OWUt
NzM0MjhmOWM3YmZmLzEvbnRzTXFkTUtoNU5UTFNjckttX1pETkpjQWJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9jYjdiMjEtMzM1Yy00MmNhLTg1OWUtNzM0MjhmOWM3YmZm
LzEvdEZtWmlaOTIwdUxrek5fSUZfbUhuUHJBYTc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUK52MA0G
CSqGSIb3DQEBCwUAA4IBAQB+weTlLZ9ElmGmzqgwPmfBemqezmoZ6LNdAxDMBDKi
EwideZ8MD4wwMCjq+EIMKJ/ksaLBhuZpaYey5HJv3HNXE8Ec8CZGhPm0kNnAzaEI
NfkGcT/0H/9LgZ1p0wiFq4ntsk77Ip+GFwQ4RYKplRYJUpuXMYV/WIoFrKQginoi
f4wWx4foddYVIUTZ9OcRQnFolnOjljU+lm+cIfXqUbkFpT5BhViqBkKehZTnifH8
ZvCcf1Rv806FkXozUQIF9PstfVpW21f0LAoo0pUwuwrvN0p+IDpu4bKlObBhe3YN
dk1v9z6FX5EwTeOIuxevXlA2ncKJjgq3YU3CpL5wj7kT
-----END CERTIFICATE-----