Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/7ZTyX9adnTNDDr2DkH9w3SeIE7Q.roa
File:                     7ZTyX9adnTNDDr2DkH9w3SeIE7Q.roa (raw, json)
Hash identifier:          TDggRWtskV5FNrfGL200t0vlFEUm+QOeNFcEHwtHFss=
Subject key identifier:   ED:94:F2:5F:D6:9D:9D:33:43:0E:BD:83:90:7F:70:DD:27:88:13:B4
Certificate issuer:       /CN=4f8aea2f025f495beacee7ce5a8820519dda1370
Certificate serial:       019E87557D33590C0306A25D9D8924305021
Authority key identifier: 4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/7ZTyX9adnTNDDr2DkH9w3SeIE7Q.roa
Signing time:             Tue 02 Jun 2026 07:56:27 +0000
ROA not before:           Tue 02 Jun 2026 07:56:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58212
IP address blocks:        45.86.156.0/24 maxlen: 24
                          45.86.157.0/24 maxlen: 24
                          2a09:7900::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:87:55:7d:33:59:0c:03:06:a2:5d:9d:89:24:30:50:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f8aea2f025f495beacee7ce5a8820519dda1370
        Validity
            Not Before: Jun  2 07:56:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ed94f25fd69d9d33430ebd83907f70dd278813b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:4a:b4:67:d1:72:5f:5b:72:ea:ce:24:f7:25:
                    49:75:91:c2:96:10:97:d6:cc:aa:4f:4d:9f:ad:df:
                    93:63:17:9e:ac:a2:19:da:11:d9:00:10:0e:cc:98:
                    60:d7:58:fc:57:32:6b:f9:75:98:ce:cb:c3:98:3d:
                    31:95:79:0a:0e:a0:c2:bf:65:af:52:d5:c0:2f:13:
                    46:fa:a6:b8:45:10:10:43:7f:dc:45:0a:67:21:8e:
                    69:f8:4a:b8:25:d1:ba:57:89:ae:ca:05:9f:aa:26:
                    c4:58:02:b3:5f:86:e6:97:31:eb:02:44:a0:a8:f4:
                    c5:01:58:7f:49:58:8b:79:ca:0b:f5:3d:db:e4:88:
                    73:e2:21:94:03:22:7b:b9:a9:62:3a:2c:34:df:36:
                    27:b9:71:0c:d8:81:e6:cc:d9:ca:b6:7b:72:fd:c3:
                    63:1b:75:3b:80:bc:ee:5d:97:1c:5b:46:52:ea:0b:
                    43:d4:29:b0:b3:ae:c8:a9:b0:13:e9:12:3d:bd:67:
                    82:63:55:82:38:36:17:1a:17:08:23:4c:68:ce:30:
                    0c:db:54:11:3d:09:26:f8:95:0e:9a:9c:f7:b9:ca:
                    e0:7b:07:f2:73:8c:3d:7b:80:fa:9a:ef:d1:ae:c3:
                    26:f9:a2:c4:ce:0d:26:d0:6f:86:67:62:94:8c:8d:
                    2e:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:94:F2:5F:D6:9D:9D:33:43:0E:BD:83:90:7F:70:DD:27:88:13:B4
            X509v3 Authority Key Identifier:
                keyid:4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/7ZTyX9adnTNDDr2DkH9w3SeIE7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.156.0/23
                IPv6:
                  2a09:7900::/32

    Signature Algorithm: sha256WithRSAEncryption
         31:84:ac:2d:4f:54:ec:27:9c:ed:37:89:00:a5:67:78:57:15:
         d0:fb:52:47:8b:b2:ae:2b:ef:b5:8b:ef:6b:e5:c3:e2:8c:ef:
         7c:6c:7f:f4:17:03:92:74:44:d2:a9:53:c0:ce:7d:4f:0a:27:
         28:dc:c4:2d:92:9c:57:12:33:3e:f9:4b:72:cd:5a:90:41:91:
         07:22:05:92:b1:8d:a7:74:b4:c2:52:d3:a5:0b:03:9d:29:ec:
         f8:53:1e:e1:3b:f7:0a:99:5e:6d:09:15:4c:ae:50:15:ea:93:
         b0:0e:81:9c:2d:e0:59:72:5f:fa:7e:4f:04:b5:7c:21:3b:8a:
         75:4c:c3:2a:0b:ea:da:fe:76:60:b5:91:d1:8f:f3:ef:23:63:
         7f:07:67:b3:c6:2f:e4:47:00:f9:e5:cf:c4:a6:8c:d7:88:77:
         93:40:bf:88:15:1a:35:26:5c:fe:fc:19:fd:4d:f8:a2:af:78:
         91:3e:75:e5:ea:b4:a2:58:57:ce:59:cf:23:10:69:6c:6b:e0:
         57:91:17:26:90:63:8b:4e:5f:db:5c:41:17:51:00:59:35:e6:
         a0:9e:96:79:be:3e:c2:3c:ba:53:07:67:7c:59:fc:71:75:5e:
         d8:c3:65:5d:75:a4:25:5d:02:82:6a:bc:bc:14:1c:0e:d1:17:
         10:df:9d:6a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ6HVX0zWQwDBqJdnYkkMFAhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOGFlYTJmMDI1ZjQ5NWJlYWNlZTdjZTVhODgyMDUxOWRk
YTEzNzAwHhcNMjYwNjAyMDc1NjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDk0ZjI1ZmQ2OWQ5ZDMzNDMwZWJkODM5MDdmNzBkZDI3ODgxM2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEq0Z9FyX1ty6s4k9yVJdZHClhCX
1syqT02frd+TYxeerKIZ2hHZABAOzJhg11j8VzJr+XWYzsvDmD0xlXkKDqDCv2Wv
UtXALxNG+qa4RRAQQ3/cRQpnIY5p+Eq4JdG6V4muygWfqibEWAKzX4bmlzHrAkSg
qPTFAVh/SViLecoL9T3b5Ihz4iGUAyJ7ualiOiw03zYnuXEM2IHmzNnKtnty/cNj
G3U7gLzuXZccW0ZS6gtD1Cmws67IqbAT6RI9vWeCY1WCODYXGhcII0xozjAM21QR
PQkm+JUOmpz3ucrgewfyc4w9e4D6mu/RrsMm+aLEzg0m0G+GZ2KUjI0uYwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO2U8l/WnZ0zQw69g5B/cN0niBO0MB8GA1UdIwQY
MBaAFE+K6i8CX0lb6s7nzlqIIFGd2hNwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUt
NjA4MDk1MmYwZTA0LzEvN1pUeVg5YWRuVE5ERHIyRGtIOXczU2VJRTdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUtNjA4MDk1MmYwZTA0
LzEvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBLVacMA0E
AgACMAcDBQAqCXkAMA0GCSqGSIb3DQEBCwUAA4IBAQAxhKwtT1TsJ5ztN4kApWd4
VxXQ+1JHi7KuK++1i+9r5cPijO98bH/0FwOSdETSqVPAzn1PCico3MQtkpxXEjM+
+UtyzVqQQZEHIgWSsY2ndLTCUtOlCwOdKez4Ux7hO/cKmV5tCRVMrlAV6pOwDoGc
LeBZcl/6fk8EtXwhO4p1TMMqC+ra/nZgtZHRj/PvI2N/B2ezxi/kRwD55c/EpozX
iHeTQL+IFRo1Jlz+/Bn9Tfiir3iRPnXl6rSiWFfOWc8jEGlsa+BXkRcmkGOLTl/b
XEEXUQBZNeagnpZ5vj7CPLpTB2d8WfxxdV7Yw2VddaQlXQKCary8FBwO0RcQ351q
-----END CERTIFICATE-----