Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/a_baIkGFreZCkQEDrTUpOc9RljI.roa
File:                     a_baIkGFreZCkQEDrTUpOc9RljI.roa (raw, json)
Hash identifier:          oCF0GgcCbPHk3wbbPuSP852CME0/FbCGLSMKdZU6cDI=
Subject key identifier:   6B:F6:DA:22:41:85:AD:E6:42:91:01:03:AD:35:29:39:CF:51:96:32
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       019E5B523D2077E324C6CDD8CEC0FA14CAF3
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/a_baIkGFreZCkQEDrTUpOc9RljI.roa
Signing time:             Sun 24 May 2026 18:49:36 +0000
ROA not before:           Sun 24 May 2026 18:49:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214432
IP address blocks:        45.145.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Jun 2026 14:52:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5b:52:3d:20:77:e3:24:c6:cd:d8:ce:c0:fa:14:ca:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: May 24 18:49:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6bf6da224185ade642910103ad352939cf519632
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:01:f8:66:7a:a2:0e:25:32:1c:70:a5:83:df:
                    43:16:e1:cd:0d:a9:da:57:41:68:c9:4b:2f:36:24:
                    7f:b5:3f:ea:d6:81:8e:91:a2:f8:e6:18:fc:a2:2d:
                    04:a7:a1:7e:85:b5:13:52:65:39:01:1a:65:2a:e7:
                    3d:7a:83:6f:33:44:f8:63:d3:9c:40:a1:ea:d1:49:
                    27:f1:29:63:d4:f9:9b:17:9a:dc:e7:07:c0:d5:26:
                    07:1f:da:b0:f6:5a:7a:36:cc:ec:52:40:87:95:18:
                    e8:93:08:89:c1:5b:01:73:81:7f:53:85:8c:d4:a6:
                    1f:9a:d7:27:90:43:98:a6:aa:a6:9b:e7:54:b0:22:
                    f9:3d:f7:b2:37:f9:f0:5f:79:7a:76:50:5c:26:21:
                    b2:c7:d7:d0:11:97:59:3d:86:f7:41:d2:fb:85:89:
                    b2:86:49:a4:ef:56:8e:30:aa:7f:9a:92:73:a8:cf:
                    f0:bb:c4:85:3b:ad:3b:73:9c:f2:cc:b8:68:ab:b8:
                    3e:b8:02:c6:bf:64:eb:46:66:e3:bf:13:af:72:54:
                    fc:6d:2e:9e:9e:ac:67:f3:67:3e:93:a3:2a:d1:78:
                    77:eb:8d:ee:96:be:45:43:68:f2:8c:3f:e7:fa:fb:
                    ef:b2:b4:a8:13:00:8a:b0:82:77:02:2c:ba:cb:06:
                    fb:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:F6:DA:22:41:85:AD:E6:42:91:01:03:AD:35:29:39:CF:51:96:32
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/a_baIkGFreZCkQEDrTUpOc9RljI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:1d:54:9b:4a:3f:91:c0:54:01:15:f2:ee:ae:82:12:52:a6:
         51:2b:ae:e0:bd:c3:a3:76:36:8b:3b:73:b0:e6:ac:36:ca:53:
         95:4f:4a:f5:ce:b9:28:75:89:25:aa:ae:a3:f7:5d:8b:00:7f:
         59:e4:b1:a4:7f:8a:3d:75:d1:ab:43:06:1c:3c:08:7b:d9:8f:
         7e:28:84:39:e7:18:cb:bb:9c:b4:db:5d:2a:77:ba:a0:2c:0d:
         a5:3a:37:4b:b7:87:0d:80:7c:4f:82:a9:04:63:cc:2f:cc:e7:
         77:9d:ff:c1:85:9b:16:f4:c4:8e:a8:4d:15:46:b7:be:d6:c0:
         23:6b:f1:d2:c2:29:2e:31:19:9d:07:dc:9b:ff:dd:29:10:5a:
         aa:9a:e6:07:34:b4:77:04:7e:54:0b:87:9c:38:d9:cd:bc:9a:
         15:f2:70:18:96:fc:f2:25:20:73:e6:6d:b2:51:99:7a:c6:b8:
         47:fc:7a:6e:e0:8f:e3:fc:0b:37:da:cb:8b:96:49:d6:84:b3:
         72:3f:ee:ec:b7:3e:c6:2c:e3:3a:95:1f:4c:9c:82:e0:d6:15:
         3e:74:34:06:67:08:f3:ed:62:70:1a:cd:31:9c:ab:e3:23:bf:
         71:50:68:97:22:e7:eb:6b:d7:d4:79:6e:1e:eb:73:f1:f0:4e:
         05:38:9a:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5bUj0gd+Mkxs3YzsD6FMrzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjYwNTI0MTg0OTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmY2ZGEyMjQxODVhZGU2NDI5MTAxMDNhZDM1MjkzOWNmNTE5NjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhQH4ZnqiDiUyHHClg99DFuHNDana
V0FoyUsvNiR/tT/q1oGOkaL45hj8oi0Ep6F+hbUTUmU5ARplKuc9eoNvM0T4Y9Oc
QKHq0Ukn8Slj1PmbF5rc5wfA1SYHH9qw9lp6NszsUkCHlRjokwiJwVsBc4F/U4WM
1KYfmtcnkEOYpqqmm+dUsCL5PfeyN/nwX3l6dlBcJiGyx9fQEZdZPYb3QdL7hYmy
hkmk71aOMKp/mpJzqM/wu8SFO607c5zyzLhoq7g+uALGv2TrRmbjvxOvclT8bS6e
nqxn82c+k6Mq0Xh3643ulr5FQ2jyjD/n+vvvsrSoEwCKsIJ3Aiy6ywb75wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGv22iJBha3mQpEBA601KTnPUZYyMB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvYV9iYUlrR0ZyZVpDa1FFRHJUVXBPYzlSbGpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQtMzMyNDdjOGUxYzFm
LzEvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZGZMA0G
CSqGSIb3DQEBCwUAA4IBAQA8HVSbSj+RwFQBFfLuroISUqZRK67gvcOjdjaLO3Ow
5qw2ylOVT0r1zrkodYklqq6j912LAH9Z5LGkf4o9ddGrQwYcPAh72Y9+KIQ55xjL
u5y0210qd7qgLA2lOjdLt4cNgHxPgqkEY8wvzOd3nf/BhZsW9MSOqE0VRre+1sAj
a/HSwikuMRmdB9yb/90pEFqqmuYHNLR3BH5UC4ecONnNvJoV8nAYlvzyJSBz5m2y
UZl6xrhH/Hpu4I/j/As32suLlknWhLNyP+7stz7GLOM6lR9MnILg1hU+dDQGZwjz
7WJwGs0xnKvjI79xUGiXIufra9fUeW4e63Px8E4FOJoG
-----END CERTIFICATE-----