Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/JSMfcV7RK2ruKnLigywhduy53Uc.roa
File:                     JSMfcV7RK2ruKnLigywhduy53Uc.roa (raw, json)
Hash identifier:          Xbu5ABMEvGeOoy0m2G1AgHRI379vhPolViXKS9fwUnE=
Subject key identifier:   25:23:1F:71:5E:D1:2B:6A:EE:2A:72:E2:83:2C:21:76:EC:B9:DD:47
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019E2BAE90EA6936A54BD48D4E4E89609485
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/JSMfcV7RK2ruKnLigywhduy53Uc.roa
Signing time:             Fri 15 May 2026 12:48:41 +0000
ROA not before:           Fri 15 May 2026 12:48:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     399989
IP address blocks:        45.129.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 17:49:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2b:ae:90:ea:69:36:a5:4b:d4:8d:4e:4e:89:60:94:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: May 15 12:48:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=25231f715ed12b6aee2a72e2832c2176ecb9dd47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:95:3d:15:16:46:2a:ed:90:e4:17:c5:48:f5:
                    97:eb:40:9c:38:68:20:40:8b:c4:63:8b:7a:0b:0c:
                    a1:90:95:b9:45:e6:1a:0d:2f:7c:5a:a5:22:8b:68:
                    9e:36:23:88:4c:54:f7:aa:0f:7d:b4:b6:44:5d:22:
                    f4:91:fd:dd:a3:bb:cf:3d:d8:8e:f7:5a:fd:79:0c:
                    97:d0:c4:b6:8a:5e:b4:4f:3e:3f:c6:bb:b6:36:d1:
                    6d:d9:3b:28:fc:49:3c:de:f1:aa:70:52:43:50:3c:
                    cd:0e:9c:64:ce:b1:7f:07:ed:f9:db:57:23:cd:46:
                    0e:f6:b6:5c:cb:6b:c7:ab:50:c2:95:06:76:38:0c:
                    3b:b7:43:83:8f:c0:e3:50:c4:60:81:90:03:da:3c:
                    2c:3d:35:ee:ea:31:81:dc:40:e0:eb:4d:54:98:ce:
                    52:5e:cc:1f:db:df:85:48:53:9b:a2:18:ab:f3:a7:
                    f4:bb:a2:fb:b3:44:6b:7e:ec:fe:04:71:ea:ad:e5:
                    b1:5e:78:52:0b:c5:d7:00:84:c3:4d:52:66:23:64:
                    be:d9:93:8d:c9:88:47:01:58:7d:54:b7:5d:4a:98:
                    60:b3:4a:d4:05:cd:03:d0:56:b6:a3:5f:27:7f:1d:
                    0c:9f:50:86:61:75:b0:88:55:84:94:dc:0e:cf:27:
                    88:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:23:1F:71:5E:D1:2B:6A:EE:2A:72:E2:83:2C:21:76:EC:B9:DD:47
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/JSMfcV7RK2ruKnLigywhduy53Uc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:9a:0d:20:d1:fc:25:8d:af:fe:88:11:27:64:3a:90:2e:2b:
         3c:38:a5:7a:91:fd:14:5b:c9:01:b6:1a:ef:09:f3:54:e2:22:
         d3:cb:d4:60:a9:ad:ee:c2:3d:3f:66:bb:33:a1:62:aa:39:11:
         b1:41:b7:5c:bf:25:03:ed:05:2b:19:c4:3f:1c:11:e0:1f:9c:
         93:67:8c:30:81:e6:82:3c:21:6c:eb:15:ce:0d:0f:58:d1:58:
         fa:7e:20:6b:fd:9e:73:f5:53:27:59:a7:9a:92:05:e5:2d:ff:
         80:56:73:1c:4b:46:03:ae:d1:1a:5c:a9:b9:10:ae:a3:f3:27:
         0c:dd:6a:37:b5:d3:75:b7:9b:f4:18:f8:09:06:b7:56:f8:4d:
         c2:d2:43:17:84:16:9e:5f:18:bb:f9:0d:77:f7:c4:48:27:71:
         74:24:47:36:6d:83:a4:3a:9b:93:d9:f5:08:96:77:84:44:08:
         ba:ac:84:2d:2a:ad:75:9d:3b:24:05:68:69:92:ad:58:20:8a:
         4a:ec:5e:4e:cf:31:ee:ca:0b:c2:cf:98:3e:68:2f:8f:a2:e4:
         74:f5:ef:d1:a3:ff:45:7b:f6:dc:6d:a6:90:b7:14:43:38:6b:
         83:9e:84:52:a9:55:91:83:9a:03:84:69:a3:9b:42:2b:37:92:
         6b:4e:f9:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4rrpDqaTalS9SNTk6JYJSFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwNTE1MTI0ODQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTIzMWY3MTVlZDEyYjZhZWUyYTcyZTI4MzJjMjE3NmVjYjlkZDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmJU9FRZGKu2Q5BfFSPWX60CcOGgg
QIvEY4t6CwyhkJW5ReYaDS98WqUii2ieNiOITFT3qg99tLZEXSL0kf3do7vPPdiO
91r9eQyX0MS2il60Tz4/xru2NtFt2Tso/Ek83vGqcFJDUDzNDpxkzrF/B+3521cj
zUYO9rZcy2vHq1DClQZ2OAw7t0ODj8DjUMRggZAD2jwsPTXu6jGB3EDg601UmM5S
Xswf29+FSFObohir86f0u6L7s0Rrfuz+BHHqreWxXnhSC8XXAITDTVJmI2S+2ZON
yYhHAVh9VLddSphgs0rUBc0D0Fa2o18nfx0Mn1CGYXWwiFWElNwOzyeITQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCUjH3Fe0Stq7ipy4oMsIXbsud1HMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvSlNNZmNWN1JLMnJ1S25MaWd5d2hkdXk1M1VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYF/MA0G
CSqGSIb3DQEBCwUAA4IBAQAOmg0g0fwlja/+iBEnZDqQLis8OKV6kf0UW8kBthrv
CfNU4iLTy9Rgqa3uwj0/ZrszoWKqORGxQbdcvyUD7QUrGcQ/HBHgH5yTZ4wwgeaC
PCFs6xXODQ9Y0Vj6fiBr/Z5z9VMnWaeakgXlLf+AVnMcS0YDrtEaXKm5EK6j8ycM
3Wo3tdN1t5v0GPgJBrdW+E3C0kMXhBaeXxi7+Q1398RIJ3F0JEc2bYOkOpuT2fUI
lneERAi6rIQtKq11nTskBWhpkq1YIIpK7F5OzzHuygvCz5g+aC+PouR09e/Ro/9F
e/bcbaaQtxRDOGuDnoRSqVWRg5oDhGmjm0IrN5JrTvme
-----END CERTIFICATE-----