Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/tnFy0E1wZEMSqmgm07Rc4lz79OY.roa
File:                     tnFy0E1wZEMSqmgm07Rc4lz79OY.roa (raw, json)
Hash identifier:          95qmKrINH3B/oym0sDCdRiN0ghQaT+WZMlnIVqhdwQ4=
Subject key identifier:   B6:71:72:D0:4D:70:64:43:12:AA:68:26:D3:B4:5C:E2:5C:FB:F4:E6
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019EA978139533710472D3C83B5B97F37D59
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/tnFy0E1wZEMSqmgm07Rc4lz79OY.roa
Signing time:             Mon 08 Jun 2026 23:01:19 +0000
ROA not before:           Mon 08 Jun 2026 23:01:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205007
IP address blocks:        45.12.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Jun 2026 19:19:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a9:78:13:95:33:71:04:72:d3:c8:3b:5b:97:f3:7d:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jun  8 23:01:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b67172d04d70644312aa6826d3b45ce25cfbf4e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:cd:75:77:e3:4d:52:0b:46:cf:24:36:55:f8:
                    86:fc:c9:b9:9b:1c:85:a5:1d:9c:27:e4:f5:f2:c2:
                    6a:08:a7:53:84:c6:89:0b:29:6c:29:3e:86:b2:ac:
                    62:77:1f:fe:9a:77:03:df:68:cf:62:ae:83:b0:77:
                    83:ed:ec:cb:58:37:a8:34:69:1f:2e:9e:fe:e7:97:
                    f3:db:65:d0:64:ae:79:6e:dd:84:24:80:30:f9:b2:
                    10:77:e2:46:4e:71:4c:03:0f:20:62:10:2e:c8:8d:
                    82:31:3e:61:0a:46:ed:53:72:c1:6f:67:a3:13:6f:
                    15:cb:5f:eb:e7:5e:d3:ed:0b:b6:22:6c:79:32:97:
                    40:ce:7c:de:47:14:a1:3c:f5:38:be:0a:23:a7:61:
                    63:3d:da:9e:6b:92:4b:85:87:fa:61:0f:30:0e:75:
                    6e:0c:19:25:26:34:94:72:42:3b:6e:79:ff:79:65:
                    56:71:65:22:39:84:5a:f2:5d:ae:85:b9:11:25:6c:
                    1e:cc:d5:3d:46:4d:27:86:9e:2a:17:a8:0a:9a:60:
                    81:e1:80:82:e0:93:a7:ea:7f:be:1e:f1:e1:21:ba:
                    72:19:13:e5:d0:6a:f0:d1:14:de:37:a2:79:f0:10:
                    d3:06:8a:23:e0:68:ea:d6:75:62:ea:af:3b:a9:ca:
                    6d:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:71:72:D0:4D:70:64:43:12:AA:68:26:D3:B4:5C:E2:5C:FB:F4:E6
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/tnFy0E1wZEMSqmgm07Rc4lz79OY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:b0:e6:f1:12:0c:be:a5:4f:af:89:79:db:ac:a2:ab:2d:84:
         1b:4a:f5:e2:47:c0:05:3d:8e:aa:6f:09:38:72:68:59:96:f5:
         c8:63:d2:8e:90:27:dd:01:3e:65:10:47:6b:51:c1:46:0b:9c:
         74:2e:dd:02:60:0b:45:a2:34:fa:5f:b0:25:af:4b:c4:40:16:
         f5:44:9b:99:a7:64:83:10:cf:b2:4f:cb:78:f3:84:ad:4f:29:
         f2:93:7d:69:73:1d:57:8b:70:37:91:34:0b:71:18:32:06:5e:
         22:14:c6:eb:47:3b:15:23:6b:07:1b:ec:2a:1e:89:8b:87:b5:
         67:ff:a5:50:27:b7:ce:45:84:6b:9e:28:69:b9:c6:e5:42:b5:
         1c:1b:ed:02:65:1b:e5:54:9f:ca:43:23:ae:a3:54:3e:39:bc:
         c3:10:6e:90:34:33:10:ad:f3:e8:eb:24:ff:6b:08:34:e9:2b:
         55:c0:53:42:6e:75:05:bd:3e:91:1b:11:6a:66:9f:64:02:e9:
         12:ec:7e:cb:bc:31:56:72:8c:19:93:49:17:01:7e:eb:43:95:
         85:37:ad:ab:f6:ca:bd:0e:41:c7:94:3d:75:20:d7:06:76:ca:
         d4:84:03:0b:2c:92:02:d6:40:a5:b9:64:e4:6b:96:38:9f:65:
         09:60:54:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6peBOVM3EEctPIO1uX831ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjYwNjA4MjMwMTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjcxNzJkMDRkNzA2NDQzMTJhYTY4MjZkM2I0NWNlMjVjZmJmNGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAss11d+NNUgtGzyQ2VfiG/Mm5mxyF
pR2cJ+T18sJqCKdThMaJCylsKT6Gsqxidx/+mncD32jPYq6DsHeD7ezLWDeoNGkf
Lp7+55fz22XQZK55bt2EJIAw+bIQd+JGTnFMAw8gYhAuyI2CMT5hCkbtU3LBb2ej
E28Vy1/r517T7Qu2Imx5MpdAznzeRxShPPU4vgojp2FjPdqea5JLhYf6YQ8wDnVu
DBklJjSUckI7bnn/eWVWcWUiOYRa8l2uhbkRJWwezNU9Rk0nhp4qF6gKmmCB4YCC
4JOn6n++HvHhIbpyGRPl0Grw0RTeN6J58BDTBooj4Gjq1nVi6q87qcptyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLZxctBNcGRDEqpoJtO0XOJc+/TmMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvdG5GeTBFMXdaRU1TcW1nbTA3UmM0bHo3OU9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQxFMA0G
CSqGSIb3DQEBCwUAA4IBAQCBsObxEgy+pU+viXnbrKKrLYQbSvXiR8AFPY6qbwk4
cmhZlvXIY9KOkCfdAT5lEEdrUcFGC5x0Lt0CYAtFojT6X7Alr0vEQBb1RJuZp2SD
EM+yT8t484StTynyk31pcx1Xi3A3kTQLcRgyBl4iFMbrRzsVI2sHG+wqHomLh7Vn
/6VQJ7fORYRrnihpucblQrUcG+0CZRvlVJ/KQyOuo1Q+ObzDEG6QNDMQrfPo6yT/
awg06StVwFNCbnUFvT6RGxFqZp9kAukS7H7LvDFWcowZk0kXAX7rQ5WFN62r9sq9
DkHHlD11INcGdsrUhAMLLJIC1kCluWTka5Y4n2UJYFR2
-----END CERTIFICATE-----