Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/Qd5aVGfWV7AT9z0yps7zLdQ5lYs.roa
File:                     Qd5aVGfWV7AT9z0yps7zLdQ5lYs.roa (raw, json)
Hash identifier:          aH9I99VPJHbgE7RP8D7UDhzblHaAfwL1UqYHcs/Hqo4=
Subject key identifier:   41:DE:5A:54:67:D6:57:B0:13:F7:3D:32:A6:CE:F3:2D:D4:39:95:8B
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       019DA93D4F729141817FCAAA2DE9CDE5AE07
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/Qd5aVGfWV7AT9z0yps7zLdQ5lYs.roa
Signing time:             Mon 20 Apr 2026 04:54:20 +0000
ROA not before:           Mon 20 Apr 2026 04:54:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        45.11.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Apr 2026 13:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a9:3d:4f:72:91:41:81:7f:ca:aa:2d:e9:cd:e5:ae:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Apr 20 04:54:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=41de5a5467d657b013f73d32a6cef32dd439958b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:31:a5:41:24:30:48:f7:73:b0:96:bd:56:0f:
                    75:1c:8e:ad:7a:72:82:4f:31:63:b7:48:4b:fe:c2:
                    34:2f:0e:e4:64:39:d8:62:97:2d:ee:54:57:9b:71:
                    b4:58:6f:62:e6:aa:94:9f:3e:e7:b9:16:57:13:4c:
                    5e:67:13:54:13:d4:7c:ba:2e:85:df:90:60:26:e4:
                    5c:32:4d:04:06:c2:a8:fb:ce:a5:16:af:ad:3f:2a:
                    71:83:3f:f1:08:9d:40:ff:09:c5:86:23:e9:7f:04:
                    c8:f0:90:27:e4:8e:a6:11:e1:cd:2c:8a:e7:9a:51:
                    fa:03:bb:b0:02:c9:0a:26:32:dd:1f:24:71:a1:1b:
                    01:4c:cb:e2:89:a1:e7:91:5e:0a:5e:a8:cd:ce:27:
                    bb:06:cb:63:20:b0:6e:fd:6c:6d:86:05:b5:95:a1:
                    57:d5:7b:53:66:be:a7:f6:ef:69:ec:2e:18:f1:35:
                    bb:8d:65:e4:41:8e:e3:37:87:e7:b4:37:8a:f6:86:
                    95:82:d1:cc:78:2c:3e:18:c2:04:81:32:39:0c:2c:
                    ed:f3:b5:66:c9:62:e7:1f:f8:c4:4c:cd:65:df:5b:
                    9c:35:61:57:ee:56:93:86:ed:70:70:fb:ee:70:9a:
                    73:7a:dd:dc:66:21:1a:58:17:a7:a8:47:35:32:c7:
                    1c:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:DE:5A:54:67:D6:57:B0:13:F7:3D:32:A6:CE:F3:2D:D4:39:95:8B
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/Qd5aVGfWV7AT9z0yps7zLdQ5lYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:7f:6c:fd:09:a8:87:36:45:a3:8b:53:38:6e:8e:d7:15:b2:
         30:7b:c1:31:c4:47:4d:9f:5c:31:48:a3:cc:cc:7f:69:9a:c5:
         de:35:2a:61:a6:3b:95:bb:1d:3f:2b:c0:21:cf:68:04:dd:06:
         c4:a8:01:79:15:a8:56:48:8a:75:f1:30:3f:f8:d2:10:7f:5e:
         8e:95:c7:ac:1d:ad:6d:e7:d0:f4:48:d7:8f:c3:b7:1a:58:05:
         38:fb:30:e5:eb:4a:3c:d5:66:c9:4a:ce:18:73:ae:16:01:83:
         e0:16:35:cd:07:f9:d3:c3:d9:22:33:7a:f5:8a:c0:63:e2:b4:
         ba:ca:d3:12:97:bc:64:39:8d:b2:0e:2b:30:2a:b4:0e:38:4a:
         d6:c9:e5:b9:f4:fd:a6:64:f5:9b:98:20:0a:55:89:9c:9a:41:
         84:ac:69:19:cd:9c:e7:81:93:88:8c:48:82:c8:8d:5e:2d:a0:
         c7:6d:a8:e4:95:9a:b8:1c:b1:6f:40:ad:42:ff:c8:c9:a8:2c:
         d7:f0:3d:f5:6f:66:57:26:0a:26:0a:7e:f0:9a:e7:2b:b8:44:
         f6:79:5b:64:45:b0:b6:49:26:cf:fc:b6:62:77:1e:ad:a9:62:
         4b:5e:39:11:9a:14:63:8e:2a:ec:dd:83:9c:67:05:64:8f:ec:
         2a:6f:08:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2pPU9ykUGBf8qqLenN5a4HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjYwNDIwMDQ1NDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWRlNWE1NDY3ZDY1N2IwMTNmNzNkMzJhNmNlZjMyZGQ0Mzk5NThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDGlQSQwSPdzsJa9Vg91HI6tenKC
TzFjt0hL/sI0Lw7kZDnYYpct7lRXm3G0WG9i5qqUnz7nuRZXE0xeZxNUE9R8ui6F
35BgJuRcMk0EBsKo+86lFq+tPypxgz/xCJ1A/wnFhiPpfwTI8JAn5I6mEeHNLIrn
mlH6A7uwAskKJjLdHyRxoRsBTMviiaHnkV4KXqjNzie7BstjILBu/WxthgW1laFX
1XtTZr6n9u9p7C4Y8TW7jWXkQY7jN4fntDeK9oaVgtHMeCw+GMIEgTI5DCzt87Vm
yWLnH/jETM1l31ucNWFX7laThu1wcPvucJpzet3cZiEaWBenqEc1MsccPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEHeWlRn1lewE/c9MqbO8y3UOZWLMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvUWQ1YVZHZldWN0FUOXoweXBzN3pMZFE1bFlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQu6MA0G
CSqGSIb3DQEBCwUAA4IBAQBNf2z9CaiHNkWji1M4bo7XFbIwe8ExxEdNn1wxSKPM
zH9pmsXeNSphpjuVux0/K8Ahz2gE3QbEqAF5FahWSIp18TA/+NIQf16OlcesHa1t
59D0SNePw7caWAU4+zDl60o81WbJSs4Yc64WAYPgFjXNB/nTw9kiM3r1isBj4rS6
ytMSl7xkOY2yDiswKrQOOErWyeW59P2mZPWbmCAKVYmcmkGErGkZzZzngZOIjEiC
yI1eLaDHbajklZq4HLFvQK1C/8jJqCzX8D31b2ZXJgomCn7wmucruET2eVtkRbC2
SSbP/LZidx6tqWJLXjkRmhRjjirs3YOcZwVkj+wqbwgT
-----END CERTIFICATE-----