Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/d2bb68-9bc7-4791-8528-0c495477ca10/1/_Kvo8y_R7krVK88kzx8nMzPfxVY.roa
File:                     _Kvo8y_R7krVK88kzx8nMzPfxVY.roa (raw, json)
Hash identifier:          hJFEckwW05pWdYupq2RWtNuX2TmzieG8g1SpfTLtVnQ=
Subject key identifier:   FC:AB:E8:F3:2F:D1:EE:4A:D5:2B:CF:24:CF:1F:27:33:33:DF:C5:56
Certificate issuer:       /CN=b5427ea49f972d19c56393a689e7cbeb990d5d7a
Certificate serial:       019DB03882B07808414C29499A8F3FF83F3E
Authority key identifier: B5:42:7E:A4:9F:97:2D:19:C5:63:93:A6:89:E7:CB:EB:99:0D:5D:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tUJ-pJ-XLRnFY5OmiefL65kNXXo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/d2bb68-9bc7-4791-8528-0c495477ca10/1/_Kvo8y_R7krVK88kzx8nMzPfxVY.roa
Signing time:             Tue 21 Apr 2026 13:26:26 +0000
ROA not before:           Tue 21 Apr 2026 13:26:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215366
IP address blocks:        45.67.157.0/24 maxlen: 24
                          2a09:7ac1::/32 maxlen: 32
                          2a09:7ac1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/d2bb68-9bc7-4791-8528-0c495477ca10/1/tUJ-pJ-XLRnFY5OmiefL65kNXXo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/d2bb68-9bc7-4791-8528-0c495477ca10/1/tUJ-pJ-XLRnFY5OmiefL65kNXXo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tUJ-pJ-XLRnFY5OmiefL65kNXXo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b0:38:82:b0:78:08:41:4c:29:49:9a:8f:3f:f8:3f:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5427ea49f972d19c56393a689e7cbeb990d5d7a
        Validity
            Not Before: Apr 21 13:26:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fcabe8f32fd1ee4ad52bcf24cf1f273333dfc556
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c2:a9:63:ac:de:e7:fb:64:6b:44:76:56:12:
                    c7:14:30:ad:2f:71:56:03:fb:50:f1:fb:a3:44:f2:
                    01:64:bd:fb:3d:0a:76:8e:c4:b7:75:c6:b9:d6:31:
                    7b:36:12:76:c5:2b:f6:79:c6:2e:cc:0d:f1:c6:e7:
                    e8:12:8c:c4:d4:b7:3b:2c:96:7e:3f:8c:f2:d8:f9:
                    a1:ad:1a:e6:e3:3b:57:32:27:b3:38:b4:a4:58:1a:
                    42:8e:29:67:80:74:a8:67:b7:19:53:e7:45:81:82:
                    d0:9c:eb:06:92:de:b3:6d:ab:79:ca:05:13:a6:29:
                    2c:72:49:27:a5:6f:e0:2b:44:64:d6:19:55:53:28:
                    41:45:a7:56:45:3d:a2:4c:49:35:db:c1:e4:9d:f9:
                    0f:f5:4d:e5:60:08:38:0a:fa:a9:03:53:59:e6:ab:
                    fc:48:99:8e:63:58:54:d6:c2:11:1b:16:5b:50:5c:
                    35:9f:b9:c1:38:e0:b6:75:cc:46:61:b3:d6:8d:e2:
                    63:d7:b0:59:fc:71:ab:b0:67:41:84:57:57:db:58:
                    db:45:eb:38:9d:8f:0d:7b:77:1c:91:f6:aa:c4:7d:
                    42:bb:38:3e:c2:b0:3e:2b:04:36:88:14:e3:54:ad:
                    e5:34:af:12:3b:89:aa:39:7d:57:d2:a7:ca:ed:c9:
                    66:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:AB:E8:F3:2F:D1:EE:4A:D5:2B:CF:24:CF:1F:27:33:33:DF:C5:56
            X509v3 Authority Key Identifier:
                keyid:B5:42:7E:A4:9F:97:2D:19:C5:63:93:A6:89:E7:CB:EB:99:0D:5D:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tUJ-pJ-XLRnFY5OmiefL65kNXXo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/d2bb68-9bc7-4791-8528-0c495477ca10/1/_Kvo8y_R7krVK88kzx8nMzPfxVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/d2bb68-9bc7-4791-8528-0c495477ca10/1/tUJ-pJ-XLRnFY5OmiefL65kNXXo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.157.0/24
                IPv6:
                  2a09:7ac1::/32

    Signature Algorithm: sha256WithRSAEncryption
         5e:b1:f3:2a:74:39:f3:0f:da:c8:20:9b:bd:f8:a7:18:bb:97:
         ce:2e:63:61:60:84:98:46:73:03:69:11:bd:ff:f6:fd:98:99:
         d6:b8:b0:02:7f:b5:0a:a3:d3:30:6e:a7:a9:08:91:fa:45:39:
         1a:4a:98:f3:d8:3e:28:41:1b:89:7e:4f:69:39:1d:d7:d2:38:
         24:47:f3:5b:4b:7e:67:00:24:98:f5:65:c9:b3:8a:04:86:dc:
         3f:29:ae:22:96:dc:bd:a1:4b:c6:bf:3c:71:e2:a4:2e:21:e2:
         2c:da:1f:78:25:03:78:0a:fc:2d:47:b6:e8:b1:c3:22:a2:6d:
         5b:05:8b:c7:57:98:42:b3:58:2e:df:a4:e1:ba:7e:9d:fa:96:
         b0:cd:15:6d:94:95:b9:8f:a6:83:ad:76:a0:65:95:75:78:7d:
         05:03:53:3b:cb:36:5d:c0:60:12:a9:56:4b:be:0b:80:47:0e:
         a2:0c:7e:f3:1e:a3:f3:7f:c7:21:20:09:1a:03:dd:fe:4e:51:
         6e:fd:1e:1f:5c:87:06:a9:e0:13:53:d7:be:42:ad:43:c9:08:
         c5:55:98:2f:40:43:34:09:4c:5d:8e:8d:45:65:76:8d:b1:b6:
         81:2d:fe:13:a6:3f:cf:f5:aa:84:24:15:73:ae:73:ab:eb:d4:
         21:b7:39:a1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ2wOIKweAhBTClJmo8/+D8+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NDI3ZWE0OWY5NzJkMTljNTYzOTNhNjg5ZTdjYmViOTkw
ZDVkN2EwHhcNMjYwNDIxMTMyNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2FiZThmMzJmZDFlZTRhZDUyYmNmMjRjZjFmMjczMzMzZGZjNTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsKpY6ze5/tka0R2VhLHFDCtL3FW
A/tQ8fujRPIBZL37PQp2jsS3dca51jF7NhJ2xSv2ecYuzA3xxufoEozE1Lc7LJZ+
P4zy2PmhrRrm4ztXMiezOLSkWBpCjilngHSoZ7cZU+dFgYLQnOsGkt6zbat5ygUT
piksckknpW/gK0Rk1hlVUyhBRadWRT2iTEk128HknfkP9U3lYAg4CvqpA1NZ5qv8
SJmOY1hU1sIRGxZbUFw1n7nBOOC2dcxGYbPWjeJj17BZ/HGrsGdBhFdX21jbRes4
nY8Ne3cckfaqxH1Cuzg+wrA+KwQ2iBTjVK3lNK8SO4mqOX1X0qfK7clm/QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPyr6PMv0e5K1SvPJM8fJzMz38VWMB8GA1UdIwQY
MBaAFLVCfqSfly0ZxWOTponny+uZDV16MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFVKLXBKLVhMUm5GWTVPbWllZkw2NWtOWFhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9kMmJiNjgtOWJjNy00NzkxLTg1Mjgt
MGM0OTU0NzdjYTEwLzEvX0t2bzh5X1I3a3JWSzg4a3p4OG5NelBmeFZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9kMmJiNjgtOWJjNy00NzkxLTg1MjgtMGM0OTU0NzdjYTEw
LzEvdFVKLXBKLVhMUm5GWTVPbWllZkw2NWtOWFhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALUOdMA0E
AgACMAcDBQAqCXrBMA0GCSqGSIb3DQEBCwUAA4IBAQBesfMqdDnzD9rIIJu9+KcY
u5fOLmNhYISYRnMDaRG9//b9mJnWuLACf7UKo9MwbqepCJH6RTkaSpjz2D4oQRuJ
fk9pOR3X0jgkR/NbS35nACSY9WXJs4oEhtw/Ka4ilty9oUvGvzxx4qQuIeIs2h94
JQN4CvwtR7boscMiom1bBYvHV5hCs1gu36Thun6d+pawzRVtlJW5j6aDrXagZZV1
eH0FA1M7yzZdwGASqVZLvguARw6iDH7zHqPzf8chIAkaA93+TlFu/R4fXIcGqeAT
U9e+Qq1DyQjFVZgvQEM0CUxdjo1FZXaNsbaBLf4Tpj/P9aqEJBVzrnOr69Qhtzmh
-----END CERTIFICATE-----