Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/ZFC2U3uQIhdNpB72KbpGlziRc2o.roa
File:                     ZFC2U3uQIhdNpB72KbpGlziRc2o.roa (raw, json)
Hash identifier:          z5uebA6QMfVds8/qjjHA8y0xgv3fGyNQU+YomK8H6Hs=
Subject key identifier:   64:50:B6:53:7B:90:22:17:4D:A4:1E:F6:29:BA:46:97:38:91:73:6A
Certificate issuer:       /CN=6cd98c2c54b0cbea134e27a981cfdde73236e055
Certificate serial:       019E2963A51FCB7600C634700E010648F6B9
Authority key identifier: 6C:D9:8C:2C:54:B0:CB:EA:13:4E:27:A9:81:CF:DD:E7:32:36:E0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/ZFC2U3uQIhdNpB72KbpGlziRc2o.roa
Signing time:             Fri 15 May 2026 02:07:36 +0000
ROA not before:           Fri 15 May 2026 02:07:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13537
IP address blocks:        45.153.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 17:56:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:29:63:a5:1f:cb:76:00:c6:34:70:0e:01:06:48:f6:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cd98c2c54b0cbea134e27a981cfdde73236e055
        Validity
            Not Before: May 15 02:07:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6450b6537b9022174da41ef629ba46973891736a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:f3:db:27:7e:da:02:db:55:de:30:64:34:5b:
                    9c:6f:ce:a0:e1:75:f9:ef:3b:82:34:85:23:65:8a:
                    4c:0d:cd:19:1a:92:00:c9:d2:32:33:ed:bd:a1:92:
                    90:b5:0c:4a:60:b7:5d:36:0b:b8:9b:79:c0:c6:c7:
                    94:10:41:50:52:5a:b5:c2:cf:a3:0d:46:47:e6:af:
                    58:5c:fe:1d:08:7a:f5:97:e4:46:ea:72:d3:26:cb:
                    6b:6b:b8:a7:91:fd:1a:b5:05:26:ca:74:e5:eb:49:
                    16:07:56:cc:22:17:85:99:b3:b5:8d:75:35:36:41:
                    71:13:a8:40:fb:76:92:68:26:f0:04:ed:02:61:ed:
                    df:dd:53:0b:8a:71:56:df:81:57:22:8a:67:f5:b8:
                    30:a5:fd:73:1b:c7:5d:97:47:bc:79:49:33:d1:e3:
                    a6:d2:05:76:11:d2:22:2a:d7:6a:f7:92:1a:8e:85:
                    47:02:67:f5:a8:ba:38:72:8b:ce:11:07:d4:32:7e:
                    a2:d5:3d:68:51:1c:16:d6:e5:c3:46:33:08:69:f0:
                    a8:81:28:f7:b7:7b:5b:82:9b:d1:e0:58:98:66:c4:
                    ee:75:10:55:6e:fb:f6:4a:ad:50:f0:14:bb:55:25:
                    63:af:7f:d0:db:7e:2b:4c:e0:94:d8:df:78:e0:dd:
                    85:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:50:B6:53:7B:90:22:17:4D:A4:1E:F6:29:BA:46:97:38:91:73:6A
            X509v3 Authority Key Identifier:
                keyid:6C:D9:8C:2C:54:B0:CB:EA:13:4E:27:A9:81:CF:DD:E7:32:36:E0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/ZFC2U3uQIhdNpB72KbpGlziRc2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:d4:db:6e:88:86:c6:ce:b0:3e:ee:4b:ce:c4:69:bd:3d:ff:
         c3:03:79:8a:51:7a:da:9f:9d:b6:42:0a:fe:7b:e7:a2:a9:6c:
         35:eb:42:49:73:39:b0:e1:a3:f7:4e:d5:9c:97:c7:12:3b:db:
         91:01:3f:5a:cb:a9:f4:19:f5:68:ea:68:52:84:24:07:de:d0:
         58:9e:b0:c5:04:b7:57:b1:ea:92:30:57:b3:9e:36:39:1e:68:
         d4:ab:85:ea:7b:e1:00:a9:e0:67:a4:37:47:62:dc:c8:a6:2f:
         53:df:11:f3:10:cf:a1:a3:fb:11:ad:c0:5e:e5:ea:e8:d3:6c:
         c4:01:fc:68:0d:91:23:20:b0:56:6e:67:9e:52:5d:d5:c2:b1:
         26:8c:b1:63:ce:7a:d5:80:38:12:87:01:2d:27:fc:7e:92:e1:
         e0:ff:70:1a:f7:34:49:88:2c:c6:15:63:f8:17:a5:47:5a:d5:
         f7:cd:cf:0e:3a:66:60:d0:25:a6:6e:11:66:5a:da:fa:f8:d6:
         0b:a5:92:e3:3e:65:d7:af:32:38:e8:7a:28:8f:ea:50:08:cf:
         e3:11:02:98:88:49:09:67:00:b4:a0:6b:6b:b4:9e:56:78:c9:
         47:37:eb:55:ef:40:50:f3:69:9d:82:59:0e:cf:0d:63:24:49:
         47:6d:54:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4pY6Ufy3YAxjRwDgEGSPa5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZDk4YzJjNTRiMGNiZWExMzRlMjdhOTgxY2ZkZGU3MzIz
NmUwNTUwHhcNMjYwNTE1MDIwNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDUwYjY1MzdiOTAyMjE3NGRhNDFlZjYyOWJhNDY5NzM4OTE3MzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/PbJ37aAttV3jBkNFucb86g4XX5
7zuCNIUjZYpMDc0ZGpIAydIyM+29oZKQtQxKYLddNgu4m3nAxseUEEFQUlq1ws+j
DUZH5q9YXP4dCHr1l+RG6nLTJstra7inkf0atQUmynTl60kWB1bMIheFmbO1jXU1
NkFxE6hA+3aSaCbwBO0CYe3f3VMLinFW34FXIopn9bgwpf1zG8ddl0e8eUkz0eOm
0gV2EdIiKtdq95IajoVHAmf1qLo4covOEQfUMn6i1T1oURwW1uXDRjMIafCogSj3
t3tbgpvR4FiYZsTudRBVbvv2Sq1Q8BS7VSVjr3/Q234rTOCU2N944N2FfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGRQtlN7kCIXTaQe9im6Rpc4kXNqMB8GA1UdIwQY
MBaAFGzZjCxUsMvqE04nqYHP3ecyNuBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk5tTUxGU3d5LW9UVGllcGdjX2Q1ekkyNEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS8wMTYzOGMtNmNiOS00NTg5LTkwOWIt
ZDM3ZGY2MzRhOTI5LzEvWkZDMlUzdVFJaGROcEI3MkticEdsemlSYzJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS8wMTYzOGMtNmNiOS00NTg5LTkwOWItZDM3ZGY2MzRhOTI5
LzEvYk5tTUxGU3d5LW9UVGllcGdjX2Q1ekkyNEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZmmMA0G
CSqGSIb3DQEBCwUAA4IBAQAa1NtuiIbGzrA+7kvOxGm9Pf/DA3mKUXran522Qgr+
e+eiqWw160JJczmw4aP3TtWcl8cSO9uRAT9ay6n0GfVo6mhShCQH3tBYnrDFBLdX
seqSMFeznjY5HmjUq4Xqe+EAqeBnpDdHYtzIpi9T3xHzEM+ho/sRrcBe5ero02zE
AfxoDZEjILBWbmeeUl3VwrEmjLFjznrVgDgShwEtJ/x+kuHg/3Aa9zRJiCzGFWP4
F6VHWtX3zc8OOmZg0CWmbhFmWtr6+NYLpZLjPmXXrzI46Hooj+pQCM/jEQKYiEkJ
ZwC0oGtrtJ5WeMlHN+tV70BQ82mdglkOzw1jJElHbVTt
-----END CERTIFICATE-----