Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/7ae10b-c5e1-4304-928b-36fd606d8d09/1/rxqd0Gry-OP0vQizZ8B0iUOlhQk.roa
File:                     rxqd0Gry-OP0vQizZ8B0iUOlhQk.roa (raw, json)
Hash identifier:          YqR2/1gTcjcRib7Q7eC6pgNPFlvqofC4cwX5ccdPO5s=
Subject key identifier:   AF:1A:9D:D0:6A:F2:F8:E3:F4:BD:08:B3:67:C0:74:89:43:A5:85:09
Certificate issuer:       /CN=2ecc5715c1676112eed6314594a59333c3d7e1e0
Certificate serial:       019CB3680E703D179F4BF8E80A1EFB0D6B54
Authority key identifier: 2E:CC:57:15:C1:67:61:12:EE:D6:31:45:94:A5:93:33:C3:D7:E1:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LsxXFcFnYRLu1jFFlKWTM8PX4eA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/7ae10b-c5e1-4304-928b-36fd606d8d09/1/rxqd0Gry-OP0vQizZ8B0iUOlhQk.roa
Signing time:             Tue 03 Mar 2026 11:14:26 +0000
ROA not before:           Tue 03 Mar 2026 11:14:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12703
IP address blocks:        84.45.15.0/24 maxlen: 24
                          84.45.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/7ae10b-c5e1-4304-928b-36fd606d8d09/1/LsxXFcFnYRLu1jFFlKWTM8PX4eA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/7ae10b-c5e1-4304-928b-36fd606d8d09/1/LsxXFcFnYRLu1jFFlKWTM8PX4eA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LsxXFcFnYRLu1jFFlKWTM8PX4eA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Mar 2026 13:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b3:68:0e:70:3d:17:9f:4b:f8:e8:0a:1e:fb:0d:6b:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ecc5715c1676112eed6314594a59333c3d7e1e0
        Validity
            Not Before: Mar  3 11:14:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=af1a9dd06af2f8e3f4bd08b367c0748943a58509
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:1a:58:ca:d1:7b:08:5d:68:b1:51:68:c6:4a:
                    3c:04:a2:9d:be:c7:3e:7d:66:08:c9:11:3d:50:76:
                    d2:70:84:b0:e4:48:66:38:4c:c4:fd:b2:83:61:b0:
                    f9:3f:a4:24:c7:ea:a3:de:41:58:6f:6e:2d:e0:fb:
                    5b:b8:6d:66:c8:59:eb:19:c4:ff:d6:31:24:45:e3:
                    d7:6f:3a:42:63:65:43:5e:e4:9f:ec:55:b6:8b:be:
                    62:97:09:2c:f6:b7:a5:7a:ed:5e:63:a4:d1:7e:ec:
                    66:f9:84:7c:a3:38:c7:25:82:55:70:32:b1:f1:83:
                    3c:8a:0b:a6:88:bb:eb:ee:61:15:0e:51:26:91:0a:
                    09:94:cd:fb:29:68:da:a9:54:b7:22:0d:4f:0e:75:
                    1f:12:54:25:f7:08:f0:9a:27:dd:6b:af:90:7c:b0:
                    03:e3:09:ef:d7:3e:df:f9:08:f8:3a:96:35:e0:22:
                    7f:63:4a:53:98:4a:4a:b3:f3:51:bd:e1:e4:cb:e3:
                    2b:a5:96:43:30:82:ac:4e:de:c6:b3:f9:0b:ca:71:
                    1c:c0:a8:81:af:56:d4:6c:ca:5d:2f:2e:b0:3d:0c:
                    4b:20:8e:c5:83:89:20:54:7c:92:20:d5:a2:63:a7:
                    66:2d:21:93:56:0d:1a:9a:5a:b7:92:a8:e9:0e:6a:
                    84:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:1A:9D:D0:6A:F2:F8:E3:F4:BD:08:B3:67:C0:74:89:43:A5:85:09
            X509v3 Authority Key Identifier:
                keyid:2E:CC:57:15:C1:67:61:12:EE:D6:31:45:94:A5:93:33:C3:D7:E1:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LsxXFcFnYRLu1jFFlKWTM8PX4eA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/7ae10b-c5e1-4304-928b-36fd606d8d09/1/rxqd0Gry-OP0vQizZ8B0iUOlhQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/7ae10b-c5e1-4304-928b-36fd606d8d09/1/LsxXFcFnYRLu1jFFlKWTM8PX4eA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.45.15.0/24
                  84.45.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:8d:ca:a4:d5:4f:f3:d9:b0:b6:a2:1f:7e:fe:af:bc:25:7e:
         f7:d3:fd:34:c3:81:ec:8f:b5:1f:8f:d3:45:e6:96:19:b4:20:
         03:25:45:df:f5:23:b1:eb:15:05:62:17:bd:b3:b9:ac:d6:d7:
         f6:95:c0:8a:b0:24:6a:c7:91:dc:c5:41:b0:f0:af:13:8b:4c:
         d6:85:d6:8b:23:2c:ff:17:d0:41:49:bd:f9:ad:4a:0a:e5:80:
         f8:cb:2f:fd:7f:25:d7:0d:aa:48:6c:79:e3:38:24:3c:6d:8c:
         66:35:2c:a3:82:ab:e0:70:be:41:03:88:3f:66:f6:d1:3c:1a:
         81:64:16:3b:28:b3:49:34:1b:2e:96:8d:96:4d:eb:e3:ba:0e:
         30:4d:10:c2:af:82:5c:a1:df:04:b9:af:c4:68:c3:cd:28:9c:
         0e:e9:d8:18:dc:bc:e8:03:7a:1b:ac:f2:5d:12:54:78:75:b6:
         ab:f8:f1:c8:66:40:0b:71:ed:21:cc:2c:32:20:b8:f5:0a:c5:
         da:70:0d:4c:75:db:69:ad:18:e6:06:e2:49:68:60:1f:26:ed:
         0c:c1:a4:b0:f1:0d:e8:46:d3:ee:a1:04:67:d5:c4:74:f1:65:
         1d:b4:4d:0d:a8:1e:51:5e:b2:55:66:68:9e:d9:de:d0:38:09:
         36:2d:24:47
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyzaA5wPRefS/joCh77DWtUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlY2M1NzE1YzE2NzYxMTJlZWQ2MzE0NTk0YTU5MzMzYzNk
N2UxZTAwHhcNMjYwMzAzMTExNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjFhOWRkMDZhZjJmOGUzZjRiZDA4YjM2N2MwNzQ4OTQzYTU4NTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArBpYytF7CF1osVFoxko8BKKdvsc+
fWYIyRE9UHbScISw5EhmOEzE/bKDYbD5P6Qkx+qj3kFYb24t4PtbuG1myFnrGcT/
1jEkRePXbzpCY2VDXuSf7FW2i75ilwks9releu1eY6TRfuxm+YR8ozjHJYJVcDKx
8YM8igumiLvr7mEVDlEmkQoJlM37KWjaqVS3Ig1PDnUfElQl9wjwmifda6+QfLAD
4wnv1z7f+Qj4OpY14CJ/Y0pTmEpKs/NRveHky+MrpZZDMIKsTt7Gs/kLynEcwKiB
r1bUbMpdLy6wPQxLII7Fg4kgVHySINWiY6dmLSGTVg0amlq3kqjpDmqEJQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK8andBq8vjj9L0Is2fAdIlDpYUJMB8GA1UdIwQY
MBaAFC7MVxXBZ2ES7tYxRZSlkzPD1+HgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHN4WEZjRm5ZUkx1MWpGRmxLV1RNOFBYNGVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC83YWUxMGItYzVlMS00MzA0LTkyOGIt
MzZmZDYwNmQ4ZDA5LzEvcnhxZDBHcnktT1AwdlFpelo4QjBpVU9saFFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC83YWUxMGItYzVlMS00MzA0LTkyOGItMzZmZDYwNmQ4ZDA5
LzEvTHN4WEZjRm5ZUkx1MWpGRmxLV1RNOFBYNGVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVC0PAwQA
VC0sMA0GCSqGSIb3DQEBCwUAA4IBAQAbjcqk1U/z2bC2oh9+/q+8JX730/00w4Hs
j7Ufj9NF5pYZtCADJUXf9SOx6xUFYhe9s7ms1tf2lcCKsCRqx5HcxUGw8K8Ti0zW
hdaLIyz/F9BBSb35rUoK5YD4yy/9fyXXDapIbHnjOCQ8bYxmNSyjgqvgcL5BA4g/
ZvbRPBqBZBY7KLNJNBsulo2WTevjug4wTRDCr4Jcod8Eua/EaMPNKJwO6dgY3Lzo
A3obrPJdElR4dbar+PHIZkALce0hzCwyILj1CsXacA1MddtprRjmBuJJaGAfJu0M
waSw8Q3oRtPuoQRn1cR08WUdtE0NqB5RXrJVZmie2d7QOAk2LSRH
-----END CERTIFICATE-----