Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/qHmSmEGjdAI53hj937cc8ERiz9A.roa
File:                     qHmSmEGjdAI53hj937cc8ERiz9A.roa (raw, json)
Hash identifier:          8oTWgrmmhlssVMObTrpxEtft9zZ2VRpNzHqP8d9w3ls=
Subject key identifier:   A8:79:92:98:41:A3:74:02:39:DE:18:FD:DF:B7:1C:F0:44:62:CF:D0
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019F18FCDF0AAD74A910947678822A572FE2
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/qHmSmEGjdAI53hj937cc8ERiz9A.roa
Signing time:             Tue 30 Jun 2026 14:44:12 +0000
ROA not before:           Tue 30 Jun 2026 14:44:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203273
IP address blocks:        45.9.117.0/24 maxlen: 24
                          45.86.245.0/24 maxlen: 24
                          45.94.37.0/24 maxlen: 24
                          45.94.39.0/24 maxlen: 24
                          45.129.124.0/24 maxlen: 24
                          45.129.126.0/24 maxlen: 24
                          45.131.215.0/24 maxlen: 24
                          45.133.209.0/24 maxlen: 24
                          45.133.210.0/24 maxlen: 24
                          45.137.42.0/24 maxlen: 24
                          45.137.43.0/24 maxlen: 24
                          185.99.98.0/24 maxlen: 24
                          185.126.64.0/24 maxlen: 24
                          194.62.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 20:30:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:18:fc:df:0a:ad:74:a9:10:94:76:78:82:2a:57:2f:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jun 30 14:44:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a879929841a3740239de18fddfb71cf04462cfd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:27:ae:9f:2c:9d:1a:9f:ff:98:94:15:fd:64:
                    83:2f:aa:2f:da:a3:19:1b:d7:0b:62:b7:db:79:ef:
                    65:f3:ca:ed:72:0a:3d:71:1c:33:04:0e:81:5e:43:
                    2d:51:58:20:2b:f6:72:e1:79:66:86:8e:36:81:ce:
                    6c:4d:ca:49:84:a1:16:ba:d3:5f:32:55:33:cc:1d:
                    e7:6a:57:7b:39:66:0f:a3:a0:74:2e:5c:78:3a:06:
                    8b:e6:5d:d9:99:a7:5f:ab:f8:55:a8:f0:7c:b8:4e:
                    b8:29:01:5d:da:ca:19:bd:8b:7f:65:cb:cc:e3:ff:
                    3e:58:9e:9e:e2:39:31:d1:b3:68:c8:03:b5:a0:6b:
                    71:97:a2:45:47:1b:b2:11:39:88:5a:56:38:90:bf:
                    3b:f3:ff:54:12:cd:86:4d:14:ef:93:8c:d7:46:0a:
                    e0:6a:13:f4:5b:d7:fd:1a:f2:d8:7d:57:0d:5d:be:
                    fe:87:0e:67:b8:0d:e8:69:58:2b:51:45:c6:3b:c7:
                    a3:a3:d3:f8:e9:59:28:13:74:f2:14:82:17:90:ba:
                    dc:a9:7d:b3:69:a1:15:a2:09:b7:fe:93:9d:a3:35:
                    3e:3e:04:1a:70:67:49:32:8e:34:4a:55:f9:41:8e:
                    d4:45:62:25:fe:e5:20:16:a9:78:ad:23:a1:12:f4:
                    b1:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:79:92:98:41:A3:74:02:39:DE:18:FD:DF:B7:1C:F0:44:62:CF:D0
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/qHmSmEGjdAI53hj937cc8ERiz9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.117.0/24
                  45.86.245.0/24
                  45.94.37.0/24
                  45.94.39.0/24
                  45.129.124.0/24
                  45.129.126.0/24
                  45.131.215.0/24
                  45.133.209.0-45.133.210.255
                  45.137.42.0/23
                  185.99.98.0/24
                  185.126.64.0/24
                  194.62.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:e1:35:4b:77:c3:2b:9f:f9:47:b7:38:76:b7:1c:b0:9b:e5:
         26:c1:f9:d8:28:d3:78:83:04:a7:d0:d8:e5:43:12:9a:b9:2b:
         b9:97:38:ac:ee:ae:50:6b:04:ea:38:b5:98:21:57:c6:28:e6:
         c1:b8:d6:5e:8c:8a:f3:df:20:0b:57:6a:b4:97:fa:f8:e0:93:
         d3:13:6e:65:0f:86:7c:92:ae:7c:cd:47:56:48:c9:67:7a:f2:
         06:e6:c6:ec:bd:87:d2:dd:ac:38:c4:b1:bb:31:10:7d:58:00:
         89:40:c4:95:fe:85:f0:9f:0c:82:e2:9f:0e:84:2c:63:7d:d1:
         51:35:46:47:2d:63:be:17:f2:52:f5:79:1c:c0:25:51:9b:5e:
         bd:5a:f3:c7:ce:65:b9:f1:d4:d9:d2:14:fe:54:4d:52:59:53:
         a2:b5:7a:a5:78:80:eb:56:aa:10:b1:14:d4:95:c2:af:c0:ac:
         75:b2:5f:fc:96:5d:60:78:e4:16:b4:02:34:04:6a:7a:58:67:
         a3:06:a7:3d:24:d8:a6:c6:e6:35:48:e0:92:db:25:c9:cd:16:
         d3:bd:f3:63:0a:16:8f:ae:a5:0c:35:1c:ca:e2:fa:b8:6f:5e:
         e8:0c:19:ee:2b:cd:84:84:a7:02:f7:8d:a6:7e:9d:17:98:db:
         3d:7a:b1:a8
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAZ8Y/N8KrXSpEJR2eIIqVy/iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwNjMwMTQ0NDEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODc5OTI5ODQxYTM3NDAyMzlkZTE4ZmRkZmI3MWNmMDQ0NjJjZmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5yeunyydGp//mJQV/WSDL6ov2qMZ
G9cLYrfbee9l88rtcgo9cRwzBA6BXkMtUVggK/Zy4Xlmho42gc5sTcpJhKEWutNf
MlUzzB3nald7OWYPo6B0Llx4OgaL5l3Zmadfq/hVqPB8uE64KQFd2soZvYt/ZcvM
4/8+WJ6e4jkx0bNoyAO1oGtxl6JFRxuyETmIWlY4kL878/9UEs2GTRTvk4zXRgrg
ahP0W9f9GvLYfVcNXb7+hw5nuA3oaVgrUUXGO8ejo9P46VkoE3TyFIIXkLrcqX2z
aaEVogm3/pOdozU+PgQacGdJMo40SlX5QY7URWIl/uUgFql4rSOhEvSxXwIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFKh5kphBo3QCOd4Y/d+3HPBEYs/QMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvcUhtU21FR2pkQUk1M2hqOTM3Y2M4RVJpejlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQALQl1AwQA
LVb1AwQALV4lAwQALV4nAwQALYF8AwQALYF+AwQALYPXMAwDBAAthdEDBAAthdID
BAEtiSoDBAC5Y2IDBAC5fkADBADCPkIwDQYJKoZIhvcNAQELBQADggEBALnhNUt3
wyuf+Ue3OHa3HLCb5SbB+dgo03iDBKfQ2OVDEpq5K7mXOKzurlBrBOo4tZghV8Yo
5sG41l6MivPfIAtXarSX+vjgk9MTbmUPhnySrnzNR1ZIyWd68gbmxuy9h9LdrDjE
sbsxEH1YAIlAxJX+hfCfDILinw6ELGN90VE1RkctY74X8lL1eRzAJVGbXr1a88fO
Zbnx1NnSFP5UTVJZU6K1eqV4gOtWqhCxFNSVwq/ArHWyX/yWXWB45Ba0AjQEanpY
Z6MGpz0k2KbG5jVI4JLbJcnNFtO982MKFo+upQw1HMri+rhvXugMGe4rzYSEpwL3
jaZ+nReY2z16sag=
-----END CERTIFICATE-----
Generated at Wed Jul 1 02:33:59 2026 by rpki-client