Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/NobYJ4d_NstOs2IhETvVadUkk5Y.roa
File:                     NobYJ4d_NstOs2IhETvVadUkk5Y.roa (raw, json)
Hash identifier:          eYjXAuqpGQTsoa+ekmFSgIVX7NhmdX4g74QpsVMafUI=
Subject key identifier:   36:86:D8:27:87:7F:36:CB:4E:B3:62:21:11:3B:D5:69:D5:24:93:96
Certificate issuer:       /CN=c060d46d1d8046b4d74e4d815818c8e3659edbe9
Certificate serial:       019F236872D38B160D1AC6EB830486FDF6C3
Authority key identifier: C0:60:D4:6D:1D:80:46:B4:D7:4E:4D:81:58:18:C8:E3:65:9E:DB:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wGDUbR2ARrTXTk2BWBjI42We2-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/NobYJ4d_NstOs2IhETvVadUkk5Y.roa
Signing time:             Thu 02 Jul 2026 15:17:55 +0000
ROA not before:           Thu 02 Jul 2026 15:17:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5511
IP address blocks:        45.155.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/wGDUbR2ARrTXTk2BWBjI42We2-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/wGDUbR2ARrTXTk2BWBjI42We2-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wGDUbR2ARrTXTk2BWBjI42We2-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 Jul 2026 15:19:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:72:d3:8b:16:0d:1a:c6:eb:83:04:86:fd:f6:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c060d46d1d8046b4d74e4d815818c8e3659edbe9
        Validity
            Not Before: Jul  2 15:17:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3686d827877f36cb4eb36221113bd569d5249396
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:c7:7e:bf:ac:a7:44:37:83:4b:98:70:a6:18:
                    94:b7:e9:88:e5:98:82:89:aa:3a:82:02:62:f6:82:
                    02:4d:b2:c3:41:8d:b7:a1:3c:fc:c8:c4:c0:8a:63:
                    38:5c:a2:6b:cd:1d:d7:df:68:2a:e8:9c:92:4c:91:
                    ed:bf:30:4a:f7:cf:7a:a9:7c:0e:9e:24:d2:4a:39:
                    78:1b:34:13:5f:e7:61:50:db:37:35:82:ff:dc:39:
                    ee:f3:60:ce:e4:d1:69:fb:70:de:cb:e6:69:74:03:
                    78:fe:a4:0a:54:55:cc:b3:bf:4c:b9:be:5f:f1:41:
                    66:f4:1e:0a:34:1e:8b:29:e2:ba:ba:59:db:41:ba:
                    4b:ae:ec:5d:b3:62:c8:41:34:d8:c7:02:df:5a:82:
                    bf:b2:93:e6:7a:9d:a3:6b:72:13:2c:90:a6:77:ac:
                    4e:61:e6:c9:86:36:ad:68:54:be:78:14:af:a6:7f:
                    e7:13:6b:85:19:43:fd:ed:e3:1c:c5:be:ec:db:bb:
                    e6:72:ab:a1:1d:2d:09:1d:17:75:0e:17:b4:e2:9d:
                    21:26:3e:8a:86:0a:6a:ca:f5:f9:4e:c4:05:0d:f4:
                    9a:e6:21:1e:6c:6a:3a:53:80:e8:f8:13:2b:67:5a:
                    f3:da:38:8d:47:50:79:ce:e0:ce:e0:92:94:a7:44:
                    64:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:86:D8:27:87:7F:36:CB:4E:B3:62:21:11:3B:D5:69:D5:24:93:96
            X509v3 Authority Key Identifier:
                keyid:C0:60:D4:6D:1D:80:46:B4:D7:4E:4D:81:58:18:C8:E3:65:9E:DB:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wGDUbR2ARrTXTk2BWBjI42We2-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/NobYJ4d_NstOs2IhETvVadUkk5Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/wGDUbR2ARrTXTk2BWBjI42We2-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:c6:cc:65:af:8a:d7:ba:dd:0e:28:28:97:8e:e3:11:86:be:
         9d:e2:da:3e:d1:56:b1:ef:85:9b:24:ac:b3:8c:c6:28:c6:89:
         9b:f1:96:bc:1f:99:29:4f:07:d5:bd:8e:42:f3:d6:56:3d:c1:
         da:4b:f8:57:15:f0:bc:0b:72:19:6f:df:04:ee:ef:d7:9c:fb:
         a9:0b:1f:b4:0e:2a:c2:7c:10:a5:8f:ea:f7:5c:87:40:21:1f:
         a6:61:ca:af:ad:71:30:95:0a:78:6e:c4:63:cb:f2:3a:e7:09:
         f9:04:f1:00:42:80:19:9b:60:e8:bf:12:ec:00:a0:23:00:5e:
         ea:87:1a:a5:9a:18:a8:b7:88:0b:40:2d:d0:73:dd:18:d2:ac:
         a2:8c:ad:8b:f3:aa:dc:43:ee:10:72:7a:f1:77:d9:85:f1:a7:
         79:5f:b0:60:0c:e5:06:91:87:9a:b7:e8:17:92:a3:54:4c:6d:
         f9:5a:54:b1:61:a8:c2:d6:23:b0:95:4d:5d:d3:eb:fd:7d:ab:
         64:17:47:d1:fa:ca:f5:53:fa:e4:09:02:ea:0e:cc:72:76:80:
         af:57:93:c9:2e:ea:bf:96:85:a6:6f:6a:7f:30:90:e8:c5:84:
         79:34:13:e8:6c:95:31:55:64:e4:88:52:b9:49:40:bf:10:74:
         a0:97:45:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaHLTixYNGsbrgwSG/fbDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNjBkNDZkMWQ4MDQ2YjRkNzRlNGQ4MTU4MThjOGUzNjU5
ZWRiZTkwHhcNMjYwNzAyMTUxNzU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjg2ZDgyNzg3N2YzNmNiNGViMzYyMjExMTNiZDU2OWQ1MjQ5Mzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8d+v6ynRDeDS5hwphiUt+mI5ZiC
iao6ggJi9oICTbLDQY23oTz8yMTAimM4XKJrzR3X32gq6JySTJHtvzBK9896qXwO
niTSSjl4GzQTX+dhUNs3NYL/3Dnu82DO5NFp+3Dey+ZpdAN4/qQKVFXMs79Mub5f
8UFm9B4KNB6LKeK6ulnbQbpLruxds2LIQTTYxwLfWoK/spPmep2ja3ITLJCmd6xO
YebJhjataFS+eBSvpn/nE2uFGUP97eMcxb7s27vmcquhHS0JHRd1Dhe04p0hJj6K
hgpqyvX5TsQFDfSa5iEebGo6U4Do+BMrZ1rz2jiNR1B5zuDO4JKUp0RkBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDaG2CeHfzbLTrNiIRE71WnVJJOWMB8GA1UdIwQY
MBaAFMBg1G0dgEa0105NgVgYyONlntvpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0dEVWJSMkFSclRYVGsyQldCakk0MldlMi1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvTm9iWUo0ZF9Oc3RPczJJaEVUdlZhZFVrazVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvd0dEVWJSMkFSclRYVGsyQldCakk0MldlMi1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZvyMA0G
CSqGSIb3DQEBCwUAA4IBAQBsxsxlr4rXut0OKCiXjuMRhr6d4to+0Vax74WbJKyz
jMYoxomb8Za8H5kpTwfVvY5C89ZWPcHaS/hXFfC8C3IZb98E7u/XnPupCx+0DirC
fBClj+r3XIdAIR+mYcqvrXEwlQp4bsRjy/I65wn5BPEAQoAZm2DovxLsAKAjAF7q
hxqlmhiot4gLQC3Qc90Y0qyijK2L86rcQ+4Qcnrxd9mF8ad5X7BgDOUGkYeat+gX
kqNUTG35WlSxYajC1iOwlU1d0+v9fatkF0fR+sr1U/rkCQLqDsxydoCvV5PJLuq/
loWmb2p/MJDoxYR5NBPobJUxVWTkiFK5SUC/EHSgl0XK
-----END CERTIFICATE-----
Generated at Thu Jul 2 23:46:20 2026 by rpki-client