Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/1qKLqB7YGK13o6kurhGQsYZetmo.roa
File:                     1qKLqB7YGK13o6kurhGQsYZetmo.roa (raw, json)
Hash identifier:          1gJBGB9klrHZSwVL2SLeIR4sc4/6k+hLxWUNUcJftrk=
Subject key identifier:   D6:A2:8B:A8:1E:D8:18:AD:77:A3:A9:2E:AE:11:90:B1:86:5E:B6:6A
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       019E13417275362FC0082AEC54CB3F1213B2
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/1qKLqB7YGK13o6kurhGQsYZetmo.roa
Signing time:             Sun 10 May 2026 18:58:36 +0000
ROA not before:           Sun 10 May 2026 18:58:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        45.11.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 17:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:13:41:72:75:36:2f:c0:08:2a:ec:54:cb:3f:12:13:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: May 10 18:58:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d6a28ba81ed818ad77a3a92eae1190b1865eb66a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:56:b0:d8:f7:b9:43:21:ff:7a:b5:be:31:2d:
                    82:83:0c:bd:59:19:ed:c3:30:42:78:72:08:f3:76:
                    a7:7c:7f:6d:06:87:36:67:b5:79:25:2b:96:d1:4e:
                    11:e9:79:81:d4:25:a1:e8:c7:68:71:af:27:1b:fc:
                    e6:37:d2:67:b0:1d:22:c4:e5:cb:ea:16:24:25:3f:
                    41:78:cb:66:12:64:64:f3:78:39:59:57:1c:10:3d:
                    29:36:b7:a7:27:45:bc:55:f6:ee:7e:41:1e:c7:fc:
                    64:e6:c7:a8:e4:86:b0:a2:0d:17:86:20:74:46:c2:
                    ee:2b:33:64:e9:b8:9a:fa:f8:0b:8a:88:01:cc:36:
                    d1:a9:48:8e:ce:70:27:6d:33:1d:2b:71:c4:eb:d1:
                    a4:fc:e8:11:7b:be:04:e3:43:5b:89:3c:4c:7d:10:
                    8b:71:1b:72:06:45:75:91:c1:24:ac:27:35:fc:40:
                    ee:77:9d:41:ad:a5:5d:ea:bc:44:b6:4f:7b:8e:4b:
                    5c:f4:3c:60:e7:0f:c0:45:2e:b7:d8:a6:35:4d:0d:
                    ba:a3:2c:88:ab:a7:c1:27:ff:17:8e:70:83:ec:19:
                    5f:32:f5:99:e8:0d:c1:30:e0:9f:d1:b2:7e:33:0c:
                    a2:8a:79:0d:02:c4:45:ab:63:45:91:92:9a:c0:f6:
                    cc:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:A2:8B:A8:1E:D8:18:AD:77:A3:A9:2E:AE:11:90:B1:86:5E:B6:6A
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/1qKLqB7YGK13o6kurhGQsYZetmo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:58:0c:2f:67:80:f7:5d:3a:db:1d:4a:f8:60:00:21:e0:60:
         fb:07:3e:c1:ff:af:b7:71:01:7b:57:cd:1a:90:5d:0e:3a:89:
         12:62:ec:42:49:5f:09:d2:a4:21:d1:99:b8:db:97:09:33:1a:
         44:97:91:c9:ef:b3:99:eb:05:4b:a9:e2:4e:63:8c:b8:92:11:
         80:2a:a6:43:44:a7:13:b7:8d:73:ed:15:53:0e:2f:c1:3b:a2:
         3d:99:a3:b1:c5:02:26:cb:f4:96:3c:2d:84:40:d5:f1:d9:b6:
         1b:af:0f:17:c8:be:42:9b:c5:c0:11:71:c0:d6:19:5d:86:0c:
         d1:a7:d4:63:48:16:bd:e6:d9:54:2b:ae:00:d3:59:9f:75:e1:
         33:cb:59:ff:75:cb:55:2a:41:6e:10:ff:ff:38:37:51:81:bf:
         f6:f4:71:0e:15:46:32:3d:b0:b7:4a:23:f9:b2:2e:35:81:96:
         69:10:22:7f:e3:57:eb:96:ca:54:dd:2e:e7:3c:f8:46:7d:99:
         45:ac:d8:91:7d:d0:9c:55:a4:e5:9c:12:9c:a4:f6:eb:71:45:
         51:a9:54:0a:ef:54:ea:f8:5a:6e:33:94:27:ac:b3:53:d7:b1:
         4a:d5:be:95:9b:fb:c8:80:13:50:52:e7:f3:88:02:7c:e3:60:
         18:de:17:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4TQXJ1Ni/ACCrsVMs/EhOyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjYwNTEwMTg1ODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmEyOGJhODFlZDgxOGFkNzdhM2E5MmVhZTExOTBiMTg2NWViNjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1aw2Pe5QyH/erW+MS2Cgwy9WRnt
wzBCeHII83anfH9tBoc2Z7V5JSuW0U4R6XmB1CWh6Mdoca8nG/zmN9JnsB0ixOXL
6hYkJT9BeMtmEmRk83g5WVccED0pNrenJ0W8VfbufkEex/xk5seo5Iawog0XhiB0
RsLuKzNk6bia+vgLiogBzDbRqUiOznAnbTMdK3HE69Gk/OgRe74E40NbiTxMfRCL
cRtyBkV1kcEkrCc1/EDud51BraVd6rxEtk97jktc9Dxg5w/ARS632KY1TQ26oyyI
q6fBJ/8XjnCD7BlfMvWZ6A3BMOCf0bJ+MwyiinkNAsRFq2NFkZKawPbM9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNaii6ge2Bitd6OpLq4RkLGGXrZqMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvMXFLTHFCN1lHSzEzbzZrdXJoR1FzWVpldG1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQu6MA0G
CSqGSIb3DQEBCwUAA4IBAQBsWAwvZ4D3XTrbHUr4YAAh4GD7Bz7B/6+3cQF7V80a
kF0OOokSYuxCSV8J0qQh0Zm425cJMxpEl5HJ77OZ6wVLqeJOY4y4khGAKqZDRKcT
t41z7RVTDi/BO6I9maOxxQImy/SWPC2EQNXx2bYbrw8XyL5Cm8XAEXHA1hldhgzR
p9RjSBa95tlUK64A01mfdeEzy1n/dctVKkFuEP//ODdRgb/29HEOFUYyPbC3SiP5
si41gZZpECJ/41frlspU3S7nPPhGfZlFrNiRfdCcVaTlnBKcpPbrcUVRqVQK71Tq
+FpuM5QnrLNT17FK1b6Vm/vIgBNQUufziAJ842AY3he1
-----END CERTIFICATE-----