Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/exkD1OK4Hvnq7WDRQcaaKq1Euks.roa
File:                     exkD1OK4Hvnq7WDRQcaaKq1Euks.roa (raw, json)
Hash identifier:          IsrStINn14DA+b2VDisHNBBp8fWAcpeosXN6wgANgE8=
Subject key identifier:   7B:19:03:D4:E2:B8:1E:F9:EA:ED:60:D1:41:C6:9A:2A:AD:44:BA:4B
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       019E5F7020B072A63C18FDFD3AF6150B80AA
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/exkD1OK4Hvnq7WDRQcaaKq1Euks.roa
Signing time:             Mon 25 May 2026 14:00:44 +0000
ROA not before:           Mon 25 May 2026 14:00:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214822
IP address blocks:        45.153.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5f:70:20:b0:72:a6:3c:18:fd:fd:3a:f6:15:0b:80:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: May 25 14:00:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7b1903d4e2b81ef9eaed60d141c69a2aad44ba4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:57:02:d1:37:15:79:fd:1c:06:cf:f3:b3:00:
                    6d:46:fd:0b:5c:31:45:46:67:77:cf:9a:e4:f0:b6:
                    40:74:48:2d:a2:b3:52:42:e1:24:f6:7b:80:84:70:
                    ee:5b:99:db:5d:4f:75:c5:ae:2e:8d:67:87:99:18:
                    62:46:56:f7:b6:b1:03:bb:ff:e0:24:21:78:af:a9:
                    39:88:8c:ff:41:95:1d:1e:2b:c7:a6:ae:34:2c:df:
                    82:1f:55:72:43:74:e8:f3:72:a7:44:ca:ea:b1:0f:
                    31:52:63:29:50:b9:44:96:f6:ce:f5:a2:23:ba:08:
                    b7:f5:ee:61:bb:ce:0d:fa:d8:1d:81:9d:af:05:f5:
                    83:ae:83:35:08:7a:f4:aa:52:15:55:82:67:bd:c4:
                    dd:ed:9c:e4:93:23:46:58:2b:da:bb:4a:c5:05:52:
                    8e:7a:fd:e9:87:7c:a3:ac:86:13:30:99:ea:2f:9b:
                    15:c2:23:d6:0b:4a:4e:2e:0c:b2:85:6a:71:63:89:
                    0b:0c:ff:cf:c5:fe:b5:2d:3f:27:b1:03:80:1c:26:
                    d8:c0:c0:bb:4d:b8:9f:9f:2a:c8:f1:89:0c:30:43:
                    3b:e6:0e:7a:f8:b6:b8:88:0a:94:e0:49:26:b5:c5:
                    9e:9e:3d:a5:de:e7:fe:b7:47:15:3a:69:7a:df:15:
                    a4:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:19:03:D4:E2:B8:1E:F9:EA:ED:60:D1:41:C6:9A:2A:AD:44:BA:4B
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/exkD1OK4Hvnq7WDRQcaaKq1Euks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:11:1f:67:44:67:fc:77:a4:2d:9f:f9:a2:ed:89:20:00:27:
         d4:73:ba:6a:ca:7e:c4:c3:85:7c:95:9a:d6:b4:a0:eb:f3:88:
         26:7e:4a:77:80:cf:91:35:7e:ce:39:e2:9a:cd:d5:9c:4a:88:
         a8:03:b8:25:b7:8b:f1:3b:1b:3c:5f:a1:eb:5e:ed:45:9e:53:
         82:18:3a:be:49:02:d7:8a:78:eb:05:bb:b1:d3:fb:8b:59:4f:
         9e:c9:71:39:28:fd:a9:bd:40:02:7c:a1:17:ae:fd:38:7c:cb:
         75:b3:05:ee:d1:9d:f6:f1:08:3e:ac:e1:aa:18:b4:ed:2a:2b:
         2c:ce:94:5c:2e:81:6d:dc:30:04:86:83:65:02:af:c8:96:56:
         2c:81:0a:83:73:08:57:eb:cb:49:fc:7e:85:f3:90:71:7a:49:
         6e:c2:8b:89:3a:4b:03:ff:bd:84:a2:8c:3d:6c:05:74:3c:97:
         e0:d0:67:ae:76:94:8e:11:a5:16:8c:a8:1e:c4:42:61:06:06:
         a0:2d:91:0f:51:65:4b:0b:7a:97:05:b9:8e:f1:7b:70:45:f2:
         a5:ef:5b:4f:e3:00:37:a9:51:22:d0:fd:e4:89:55:71:8a:a6:
         d2:41:db:84:d0:b4:0e:70:a8:13:f6:ab:d1:17:21:01:72:5b:
         2c:90:c6:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5fcCCwcqY8GP39OvYVC4CqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjYwNTI1MTQwMDQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjE5MDNkNGUyYjgxZWY5ZWFlZDYwZDE0MWM2OWEyYWFkNDRiYTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlcC0TcVef0cBs/zswBtRv0LXDFF
Rmd3z5rk8LZAdEgtorNSQuEk9nuAhHDuW5nbXU91xa4ujWeHmRhiRlb3trEDu//g
JCF4r6k5iIz/QZUdHivHpq40LN+CH1VyQ3To83KnRMrqsQ8xUmMpULlElvbO9aIj
ugi39e5hu84N+tgdgZ2vBfWDroM1CHr0qlIVVYJnvcTd7ZzkkyNGWCvau0rFBVKO
ev3ph3yjrIYTMJnqL5sVwiPWC0pOLgyyhWpxY4kLDP/Pxf61LT8nsQOAHCbYwMC7
TbifnyrI8YkMMEM75g56+La4iAqU4EkmtcWenj2l3uf+t0cVOml63xWkDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHsZA9TiuB756u1g0UHGmiqtRLpLMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvZXhrRDFPSzRIdm5xN1dEUlFjYWFLcTFFdWtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZnmMA0G
CSqGSIb3DQEBCwUAA4IBAQCDER9nRGf8d6Qtn/mi7YkgACfUc7pqyn7Ew4V8lZrW
tKDr84gmfkp3gM+RNX7OOeKazdWcSoioA7glt4vxOxs8X6HrXu1FnlOCGDq+SQLX
injrBbux0/uLWU+eyXE5KP2pvUACfKEXrv04fMt1swXu0Z328Qg+rOGqGLTtKiss
zpRcLoFt3DAEhoNlAq/IllYsgQqDcwhX68tJ/H6F85BxekluwouJOksD/72Eoow9
bAV0PJfg0GeudpSOEaUWjKgexEJhBgagLZEPUWVLC3qXBbmO8XtwRfKl71tP4wA3
qVEi0P3kiVVxiqbSQduE0LQOcKgT9qvRFyEBclsskMaO
-----END CERTIFICATE-----