Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/Vg59mkjZjPChn5V72yQkRuYsw5w.roa
File:                     Vg59mkjZjPChn5V72yQkRuYsw5w.roa (raw, json)
Hash identifier:          ZT1vWv2NLvyggQYSfbG/ST95n5y42mBT1SrPiyV/11c=
Subject key identifier:   56:0E:7D:9A:48:D9:8C:F0:A1:9F:95:7B:DB:24:24:46:E6:2C:C3:9C
Certificate issuer:       /CN=3a00807698f0b097d69ab3926917d1dcc838a624
Certificate serial:       019E8F9643ED584C2DFED66B1F9427C9045D
Authority key identifier: 3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/Vg59mkjZjPChn5V72yQkRuYsw5w.roa
Signing time:             Wed 03 Jun 2026 22:24:10 +0000
ROA not before:           Wed 03 Jun 2026 22:24:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     134823
IP address blocks:        45.11.78.0/24 maxlen: 24
                          45.11.78.24/32 maxlen: 32
                          45.11.78.25/32 maxlen: 32
                          45.11.78.161/32 maxlen: 32
                          45.11.78.254/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 10:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8f:96:43:ed:58:4c:2d:fe:d6:6b:1f:94:27:c9:04:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a00807698f0b097d69ab3926917d1dcc838a624
        Validity
            Not Before: Jun  3 22:24:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=560e7d9a48d98cf0a19f957bdb242446e62cc39c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:bd:8e:e4:dc:ea:5c:9d:77:e1:88:f6:52:d3:
                    78:18:f2:81:54:59:01:ad:14:fb:62:4e:f8:13:80:
                    1d:b5:cb:ea:9c:6e:24:06:26:74:ee:5c:ef:99:6f:
                    32:3b:2f:33:e6:17:02:75:bc:dc:fe:28:5b:dd:c0:
                    a0:3c:69:14:43:80:8e:ec:99:c8:d1:21:70:09:6f:
                    c3:8a:ad:cd:d6:b4:01:60:61:2b:43:32:60:29:b3:
                    0f:13:fe:99:92:47:7e:21:09:b7:3d:09:57:26:a8:
                    c1:06:59:a0:1f:61:6d:74:32:cf:5f:ef:cb:ba:f0:
                    16:26:b0:06:47:ff:39:38:1d:87:71:09:9b:29:3c:
                    7e:13:2c:b4:d0:29:4d:a0:2d:f2:51:df:33:c9:98:
                    eb:46:30:c9:f7:9a:9b:49:b9:22:1a:89:24:de:66:
                    56:38:a4:6c:f8:ca:be:0a:5c:5a:2f:77:16:89:38:
                    62:69:bb:42:36:2d:db:38:4c:f3:94:d3:24:79:07:
                    09:d4:34:0b:ab:a7:78:9a:9f:75:29:81:b4:1a:7d:
                    c5:9c:19:e6:f0:0b:1b:70:d0:d2:a9:3d:fb:c5:c1:
                    4f:0b:ab:3f:fe:f6:98:a2:bc:10:e6:9a:b4:72:81:
                    5e:c7:7a:3b:5b:c7:68:8f:b7:0a:ff:ed:1c:5f:ce:
                    8f:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:0E:7D:9A:48:D9:8C:F0:A1:9F:95:7B:DB:24:24:46:E6:2C:C3:9C
            X509v3 Authority Key Identifier:
                keyid:3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/Vg59mkjZjPChn5V72yQkRuYsw5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:96:fe:de:1a:aa:62:99:76:ab:fd:c0:2c:d1:5e:bd:51:31:
         56:80:69:fe:69:14:db:b8:e7:f0:b4:0d:1f:67:52:57:1e:03:
         bb:96:ed:62:fe:14:32:8f:66:7e:7b:6c:a8:1f:a4:5d:de:3f:
         0a:90:cb:39:b1:c8:2d:e5:6b:8d:e0:d7:82:fc:48:d3:da:fb:
         4a:18:4c:39:df:71:93:24:aa:69:25:c0:b4:ac:d0:5a:d1:f4:
         84:1a:3f:08:7f:2c:93:91:72:64:8b:99:e8:96:ef:32:bc:1d:
         c2:c3:12:c5:13:d8:12:eb:0b:21:f0:03:ea:3c:15:19:04:24:
         2a:37:b3:65:a5:c6:2b:b1:02:2b:47:b1:c5:1b:bc:e2:0e:1f:
         d6:79:65:51:64:c0:2f:52:2d:14:ef:a8:b3:86:85:f4:5a:ae:
         e4:f6:64:b4:d3:ed:f4:6d:3d:13:b9:d0:bb:76:62:08:bc:04:
         2b:67:c5:71:d2:89:ef:86:08:e2:03:e4:49:8e:c4:d0:7a:d0:
         b9:e4:fb:73:d3:60:88:4f:47:bf:df:c9:1e:07:b7:41:e2:1e:
         17:e1:3d:0e:81:31:61:77:f1:2b:15:7e:1f:b5:91:c8:5e:9e:
         8a:79:e5:98:5e:1a:d3:0b:8b:ad:16:5e:bc:8c:7a:a3:9f:cb:
         0b:a2:09:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6PlkPtWEwt/tZrH5QnyQRdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMDA4MDc2OThmMGIwOTdkNjlhYjM5MjY5MTdkMWRjYzgz
OGE2MjQwHhcNMjYwNjAzMjIyNDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjBlN2Q5YTQ4ZDk4Y2YwYTE5Zjk1N2JkYjI0MjQ0NmU2MmNjMzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmr2O5NzqXJ134Yj2UtN4GPKBVFkB
rRT7Yk74E4AdtcvqnG4kBiZ07lzvmW8yOy8z5hcCdbzc/ihb3cCgPGkUQ4CO7JnI
0SFwCW/Diq3N1rQBYGErQzJgKbMPE/6Zkkd+IQm3PQlXJqjBBlmgH2FtdDLPX+/L
uvAWJrAGR/85OB2HcQmbKTx+Eyy00ClNoC3yUd8zyZjrRjDJ95qbSbkiGokk3mZW
OKRs+Mq+ClxaL3cWiThiabtCNi3bOEzzlNMkeQcJ1DQLq6d4mp91KYG0Gn3FnBnm
8AsbcNDSqT37xcFPC6s//vaYorwQ5pq0coFex3o7W8doj7cK/+0cX86PKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFYOfZpI2YzwoZ+Ve9skJEbmLMOcMB8GA1UdIwQY
MBaAFDoAgHaY8LCX1pqzkmkX0dzIOKYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMt
MTZhZmM0ZGZmZGQ0LzEvVmc1OW1ralpqUENobjVWNzJ5UWtSdVlzdzV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMtMTZhZmM0ZGZmZGQ0
LzEvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQtOMA0G
CSqGSIb3DQEBCwUAA4IBAQBUlv7eGqpimXar/cAs0V69UTFWgGn+aRTbuOfwtA0f
Z1JXHgO7lu1i/hQyj2Z+e2yoH6Rd3j8KkMs5scgt5WuN4NeC/EjT2vtKGEw533GT
JKppJcC0rNBa0fSEGj8IfyyTkXJki5nolu8yvB3CwxLFE9gS6wsh8APqPBUZBCQq
N7NlpcYrsQIrR7HFG7ziDh/WeWVRZMAvUi0U76izhoX0Wq7k9mS00+30bT0TudC7
dmIIvAQrZ8Vx0onvhgjiA+RJjsTQetC55Ptz02CIT0e/38keB7dB4h4X4T0OgTFh
d/ErFX4ftZHIXp6KeeWYXhrTC4utFl68jHqjn8sLogkI
-----END CERTIFICATE-----