Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/erhifgEIKHOXhe3VK4MKk11oBpo.roa
File:                     erhifgEIKHOXhe3VK4MKk11oBpo.roa (raw, json)
Hash identifier:          fZ+m/xUWWhfiiY8bU85AgyX6zrsIJTBj8ntaXjVnjO0=
Subject key identifier:   7A:B8:62:7E:01:08:28:73:97:85:ED:D5:2B:83:0A:93:5D:68:06:9A
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019DF7F8D537217D04E8C8D03D5B2FEC5F29
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/erhifgEIKHOXhe3VK4MKk11oBpo.roa
Signing time:             Tue 05 May 2026 11:49:32 +0000
ROA not before:           Tue 05 May 2026 11:49:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205719
IP address blocks:        45.136.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 May 2026 21:44:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f7:f8:d5:37:21:7d:04:e8:c8:d0:3d:5b:2f:ec:5f:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: May  5 11:49:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7ab8627e010828739785edd52b830a935d68069a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:55:21:8a:f7:34:e3:61:d3:2b:40:44:bd:ad:
                    35:d4:7d:6b:dc:30:00:6f:19:3b:4f:56:2f:17:e8:
                    36:19:39:46:8e:f3:e8:5c:38:ff:f4:0e:b6:f4:8a:
                    78:9d:ee:38:56:57:84:8f:d3:51:ec:8a:74:04:0e:
                    05:1b:f5:4e:e7:0d:99:2e:27:6e:3b:6a:c8:a5:b1:
                    92:15:d3:84:c0:ca:9b:96:f8:f4:e2:17:2a:e6:d8:
                    9e:d8:fd:bb:54:36:83:09:69:84:82:51:66:f2:cf:
                    0e:29:0d:1e:33:78:95:03:7a:f4:6d:c0:ce:0c:27:
                    c7:c7:d7:9e:d7:f4:49:40:de:60:87:98:50:af:2a:
                    e9:b5:5a:0b:70:1c:82:1c:6d:ec:cc:e3:e0:77:f2:
                    19:5f:c0:ec:93:1d:07:ec:06:9b:22:15:54:bd:83:
                    3e:82:a7:9e:1c:57:9a:bf:bc:53:6f:66:df:6f:38:
                    f5:d9:b2:63:20:8f:e6:2f:e8:d6:ca:8c:da:3d:19:
                    39:a9:3e:7d:15:0e:60:c3:67:49:19:c6:e1:6d:a9:
                    a8:69:ab:90:9c:12:b5:2f:13:83:db:e1:0c:70:fa:
                    71:ce:86:57:47:75:ab:69:ef:43:87:78:48:ca:8f:
                    68:15:d2:03:70:3d:02:a3:a9:0e:fe:d9:9f:c5:02:
                    ad:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:B8:62:7E:01:08:28:73:97:85:ED:D5:2B:83:0A:93:5D:68:06:9A
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/erhifgEIKHOXhe3VK4MKk11oBpo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:0c:8d:df:b9:d3:a8:3a:b0:8f:2b:1c:d7:f2:7d:46:9b:02:
         c6:25:5a:fb:97:fa:a5:88:79:de:cb:56:74:bc:1e:b7:44:8e:
         7a:b2:57:7c:fb:ba:5f:93:d3:d4:78:25:ed:56:4c:56:5b:48:
         4a:ec:b4:0d:be:dc:e1:de:3e:38:27:8d:dd:3e:81:18:5c:5d:
         16:16:d8:b2:90:df:5e:94:8d:f9:b3:7b:63:19:37:66:9f:0b:
         e8:45:01:9b:94:a8:43:09:73:2a:ba:d5:fa:83:2e:e5:3e:c6:
         46:07:44:38:a3:7a:0c:1f:dd:58:9b:25:da:98:7e:be:b2:12:
         86:98:7c:69:e3:44:42:91:16:fd:e9:10:aa:75:63:24:82:4a:
         50:4a:8c:57:39:17:22:c1:93:34:46:43:98:93:66:b1:45:a3:
         b3:33:33:4c:f2:3b:5a:e3:11:85:f5:94:41:7a:dc:ce:c6:ab:
         69:da:34:f8:55:c7:d2:1c:16:2a:be:cc:98:99:96:d7:a6:fe:
         26:04:0b:7d:2d:9a:45:a0:03:9e:6c:12:33:88:ff:ef:c6:24:
         06:3a:6e:53:04:a4:00:9a:73:79:03:dc:14:b5:b3:bf:7e:29:
         51:56:be:3d:a0:d8:61:e5:6c:e2:68:26:3e:7f:d5:03:70:54:
         ee:4f:4c:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ33+NU3IX0E6MjQPVsv7F8pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwNTA1MTE0OTMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWI4NjI3ZTAxMDgyODczOTc4NWVkZDUyYjgzMGE5MzVkNjgwNjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA41Uhivc042HTK0BEva011H1r3DAA
bxk7T1YvF+g2GTlGjvPoXDj/9A629Ip4ne44VleEj9NR7Ip0BA4FG/VO5w2ZLidu
O2rIpbGSFdOEwMqblvj04hcq5tie2P27VDaDCWmEglFm8s8OKQ0eM3iVA3r0bcDO
DCfHx9ee1/RJQN5gh5hQryrptVoLcByCHG3szOPgd/IZX8Dskx0H7AabIhVUvYM+
gqeeHFeav7xTb2bfbzj12bJjII/mL+jWyozaPRk5qT59FQ5gw2dJGcbhbamoaauQ
nBK1LxOD2+EMcPpxzoZXR3Wrae9Dh3hIyo9oFdIDcD0Co6kO/tmfxQKtBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHq4Yn4BCChzl4Xt1SuDCpNdaAaaMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvZXJoaWZnRUlLSE9YaGUzVks0TUtrMTFvQnBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYjkMA0G
CSqGSIb3DQEBCwUAA4IBAQCmDI3fudOoOrCPKxzX8n1GmwLGJVr7l/qliHney1Z0
vB63RI56sld8+7pfk9PUeCXtVkxWW0hK7LQNvtzh3j44J43dPoEYXF0WFtiykN9e
lI35s3tjGTdmnwvoRQGblKhDCXMqutX6gy7lPsZGB0Q4o3oMH91YmyXamH6+shKG
mHxp40RCkRb96RCqdWMkgkpQSoxXORciwZM0RkOYk2axRaOzMzNM8jta4xGF9ZRB
etzOxqtp2jT4VcfSHBYqvsyYmZbXpv4mBAt9LZpFoAOebBIziP/vxiQGOm5TBKQA
mnN5A9wUtbO/filRVr49oNhh5WziaCY+f9UDcFTuT0wn
-----END CERTIFICATE-----