Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/MMlFgVpjWuJZ86IKcIFw9eNL370.roa
File:                     MMlFgVpjWuJZ86IKcIFw9eNL370.roa (raw, json)
Hash identifier:          smVtIdINCfKeXVEXJVtemBmbEMoiDpLpVQHH59JbzsE=
Subject key identifier:   30:C9:45:81:5A:63:5A:E2:59:F3:A2:0A:70:81:70:F5:E3:4B:DF:BD
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019CD34A855DA13659C7DCED160AC6306951
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/MMlFgVpjWuJZ86IKcIFw9eNL370.roa
Signing time:             Mon 09 Mar 2026 15:50:02 +0000
ROA not before:           Mon 09 Mar 2026 15:50:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     272063
IP address blocks:        45.137.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Mar 2026 06:19:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d3:4a:85:5d:a1:36:59:c7:dc:ed:16:0a:c6:30:69:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Mar  9 15:50:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=30c945815a635ae259f3a20a708170f5e34bdfbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f1:43:4e:1a:e4:85:76:ea:8c:40:42:b2:72:
                    1a:22:86:99:cc:ce:cd:39:5b:4d:2a:c1:c4:de:af:
                    b6:e1:cd:52:b6:41:5f:f5:bf:9a:54:22:96:2e:0e:
                    4c:7f:fd:89:39:d7:0b:4f:30:37:25:b7:05:2a:19:
                    e5:aa:b2:bd:2e:ab:4f:29:2c:73:73:01:0d:9d:bc:
                    05:6e:05:8b:41:18:fa:ce:76:b7:27:ca:e1:1f:81:
                    45:08:5c:83:a9:36:34:5d:35:66:99:d0:25:24:42:
                    ce:5e:f8:d2:db:38:c6:44:62:41:0d:74:2a:c3:42:
                    e7:d2:bf:91:be:47:f8:34:2f:2c:a0:c2:07:e7:b4:
                    fa:b3:3c:27:e9:c5:92:19:a8:c7:9f:43:bd:56:47:
                    1e:87:78:ce:7b:57:cc:97:f0:4b:06:7d:38:8e:cd:
                    58:c2:a1:45:d9:5d:99:de:91:a3:50:81:8d:bd:d6:
                    1f:24:f3:78:64:98:41:07:ad:b6:63:6f:fc:0d:5f:
                    55:74:4e:21:0a:23:0a:e6:52:db:d5:1f:7e:42:cb:
                    2d:d8:12:31:da:a3:d9:45:f6:10:a0:ac:ac:f2:b7:
                    24:84:75:ac:df:71:e6:b0:42:3a:06:35:b2:53:5a:
                    6c:f7:d6:f7:18:4f:51:87:8e:08:34:ad:5c:bb:18:
                    44:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:C9:45:81:5A:63:5A:E2:59:F3:A2:0A:70:81:70:F5:E3:4B:DF:BD
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/MMlFgVpjWuJZ86IKcIFw9eNL370.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:b0:b2:49:79:9d:ff:8f:89:c1:37:9f:0c:c2:af:38:72:b2:
         06:45:d5:12:3e:5b:1b:4b:39:b1:12:85:95:c7:5c:0d:a4:5e:
         4c:9e:01:8f:6c:a0:b3:61:80:52:ef:da:1a:85:27:d0:2b:9f:
         cc:0e:0b:4a:05:72:f8:59:e1:a1:57:85:1f:b8:1f:1c:68:89:
         5b:c6:7b:b0:a1:90:81:07:d2:0c:70:a2:2b:62:7c:0d:1e:c9:
         cd:53:9c:2e:d3:a5:69:6e:0a:26:f5:bd:51:b4:a6:bc:99:75:
         05:92:8e:f0:50:49:c6:b0:37:27:1d:af:38:13:47:23:47:2f:
         2a:12:7e:2f:ca:4e:8a:5b:e9:35:fd:bb:01:a4:3a:34:14:70:
         83:99:9b:41:98:53:85:cc:10:73:39:86:5a:c3:c8:46:57:07:
         cc:7e:a8:09:38:80:1e:cb:e6:b7:44:7a:db:1e:6f:2e:01:36:
         6a:d7:fa:03:0f:35:76:52:d2:5b:15:a9:2c:b1:5d:40:11:76:
         01:0f:d2:06:21:5c:63:8b:21:d8:98:c3:29:94:ba:92:48:6a:
         40:f0:24:17:21:6f:d7:97:07:b7:8e:8e:7a:f8:65:74:24:66:
         80:1a:d8:8a:a7:95:38:43:c6:2d:9d:93:2f:e1:29:20:ae:45:
         f1:b9:fc:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzTSoVdoTZZx9ztFgrGMGlRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjYwMzA5MTU1MDAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGM5NDU4MTVhNjM1YWUyNTlmM2EyMGE3MDgxNzBmNWUzNGJkZmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfFDThrkhXbqjEBCsnIaIoaZzM7N
OVtNKsHE3q+24c1StkFf9b+aVCKWLg5Mf/2JOdcLTzA3JbcFKhnlqrK9LqtPKSxz
cwENnbwFbgWLQRj6zna3J8rhH4FFCFyDqTY0XTVmmdAlJELOXvjS2zjGRGJBDXQq
w0Ln0r+Rvkf4NC8soMIH57T6szwn6cWSGajHn0O9Vkceh3jOe1fMl/BLBn04js1Y
wqFF2V2Z3pGjUIGNvdYfJPN4ZJhBB622Y2/8DV9VdE4hCiMK5lLb1R9+Qsst2BIx
2qPZRfYQoKys8rckhHWs33HmsEI6BjWyU1ps99b3GE9Rh44INK1cuxhExQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDDJRYFaY1riWfOiCnCBcPXjS9+9MB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvTU1sRmdWcGpXdUpaODZJS2NJRnc5ZU5MMzcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYkPMA0G
CSqGSIb3DQEBCwUAA4IBAQCgsLJJeZ3/j4nBN58Mwq84crIGRdUSPlsbSzmxEoWV
x1wNpF5MngGPbKCzYYBS79oahSfQK5/MDgtKBXL4WeGhV4UfuB8caIlbxnuwoZCB
B9IMcKIrYnwNHsnNU5wu06Vpbgom9b1RtKa8mXUFko7wUEnGsDcnHa84E0cjRy8q
En4vyk6KW+k1/bsBpDo0FHCDmZtBmFOFzBBzOYZaw8hGVwfMfqgJOIAey+a3RHrb
Hm8uATZq1/oDDzV2UtJbFakssV1AEXYBD9IGIVxjiyHYmMMplLqSSGpA8CQXIW/X
lwe3jo56+GV0JGaAGtiKp5U4Q8YtnZMv4SkgrkXxufwt
-----END CERTIFICATE-----