Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/7myq67obB-xLbVawZyWpSacsTd0.roa
File:                     7myq67obB-xLbVawZyWpSacsTd0.roa (raw, json)
Hash identifier:          zCy6J6hDriiDzbWpneJSOgFE52Q9hibrHm1B+7J02tU=
Subject key identifier:   EE:6C:AA:EB:BA:1B:07:EC:4B:6D:56:B0:67:25:A9:49:A7:2C:4D:DD
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       019DBA7A3ECF5DF7022E68BFD53A845EBC27
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/7myq67obB-xLbVawZyWpSacsTd0.roa
Signing time:             Thu 23 Apr 2026 13:14:26 +0000
ROA not before:           Thu 23 Apr 2026 13:14:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44559
IP address blocks:        45.140.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ba:7a:3e:cf:5d:f7:02:2e:68:bf:d5:3a:84:5e:bc:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: Apr 23 13:14:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ee6caaebba1b07ec4b6d56b06725a949a72c4ddd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:c2:d3:ad:3e:41:e2:41:11:e2:31:d2:27:bd:
                    1c:5e:76:58:8f:91:81:e6:70:96:a3:3e:7a:0e:d3:
                    8f:59:39:70:28:9d:00:8d:c7:a1:bb:66:50:30:56:
                    73:67:09:dd:47:24:d3:38:66:2a:6a:46:89:22:b7:
                    92:3d:67:7e:e2:a4:fa:c3:6b:6d:a1:32:b4:b7:9b:
                    66:7e:8f:b1:89:48:b6:1d:03:f3:9f:fe:7c:10:87:
                    10:5d:5a:bc:95:a0:e2:3e:cc:e4:fe:17:a5:5c:e2:
                    e3:ea:3d:4b:1f:92:79:b6:1f:e0:18:ad:26:1a:d3:
                    e4:84:db:43:08:70:0d:7d:43:66:ca:5c:95:77:06:
                    4e:75:4e:55:91:45:2a:9b:f4:d2:6f:e6:db:c6:19:
                    d4:4d:4a:8e:ad:84:5d:9b:73:7c:3f:de:da:07:13:
                    11:4e:6b:d9:bc:cc:48:34:69:4a:03:25:79:bc:28:
                    33:26:46:0e:8e:92:0f:38:f9:49:b2:97:54:fe:f2:
                    8a:6a:fa:46:59:4b:d0:79:aa:2a:d9:7f:04:01:16:
                    6b:0e:22:13:b2:95:8a:f0:99:6f:df:4f:8e:67:16:
                    09:32:b3:2b:26:94:73:ef:0f:d5:80:51:9b:5f:2c:
                    06:7f:bf:bb:4e:c5:0e:94:53:e8:05:50:d7:97:23:
                    d3:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:6C:AA:EB:BA:1B:07:EC:4B:6D:56:B0:67:25:A9:49:A7:2C:4D:DD
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/7myq67obB-xLbVawZyWpSacsTd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:bd:94:98:86:83:14:12:68:bd:b7:59:ea:5b:ab:56:17:7c:
         2c:82:ae:06:a4:77:9b:66:8d:42:94:a4:6a:8c:fb:01:0e:6f:
         78:f1:7c:36:bd:94:a4:7d:31:ee:08:92:09:9b:22:47:be:a6:
         76:9c:f1:d4:37:fa:6c:88:75:29:7b:c8:b3:6f:bc:f5:e4:c9:
         9c:6b:ff:88:1e:57:08:8b:40:c4:cd:d3:fd:a0:38:68:30:f5:
         2a:2c:4e:c4:4f:19:0f:e1:e9:b7:e7:27:22:37:b6:dd:10:ec:
         5f:d3:b0:a8:6c:3b:a0:7b:83:fd:0c:4d:15:b2:7c:f3:16:a9:
         c5:6b:ec:c1:29:04:21:f5:08:93:70:49:5d:2b:31:dd:64:df:
         b4:92:67:c2:b0:5a:e2:27:f7:16:26:6b:65:18:70:62:96:3f:
         81:d5:3c:ab:28:24:45:f9:95:b9:09:bd:31:66:46:ce:4c:0b:
         51:99:4b:16:3a:8b:f9:f8:6d:f1:e1:e0:15:1d:2e:ca:13:8d:
         74:fb:af:e8:16:39:3e:a4:18:fc:50:8b:df:92:94:82:3e:ca:
         6c:9d:72:d6:15:ba:62:e8:8e:b6:cf:99:0f:76:6a:2f:43:64:
         ee:36:97:37:db:78:3a:7d:3b:49:8d:1f:e6:79:d7:6e:0f:f1:
         2c:f6:e6:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ26ej7PXfcCLmi/1TqEXrwnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjYwNDIzMTMxNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTZjYWFlYmJhMWIwN2VjNGI2ZDU2YjA2NzI1YTk0OWE3MmM0ZGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8LTrT5B4kER4jHSJ70cXnZYj5GB
5nCWoz56DtOPWTlwKJ0Ajcehu2ZQMFZzZwndRyTTOGYqakaJIreSPWd+4qT6w2tt
oTK0t5tmfo+xiUi2HQPzn/58EIcQXVq8laDiPszk/helXOLj6j1LH5J5th/gGK0m
GtPkhNtDCHANfUNmylyVdwZOdU5VkUUqm/TSb+bbxhnUTUqOrYRdm3N8P97aBxMR
TmvZvMxINGlKAyV5vCgzJkYOjpIPOPlJspdU/vKKavpGWUvQeaoq2X8EARZrDiIT
spWK8Jlv30+OZxYJMrMrJpRz7w/VgFGbXywGf7+7TsUOlFPoBVDXlyPTuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO5squu6GwfsS21WsGclqUmnLE3dMB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEvN215cTY3b2JCLXhMYlZhd1p5V3BTYWNzVGQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEtNGJkNjNhZGM3MzU0
LzEvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYymMA0G
CSqGSIb3DQEBCwUAA4IBAQCLvZSYhoMUEmi9t1nqW6tWF3wsgq4GpHebZo1ClKRq
jPsBDm948Xw2vZSkfTHuCJIJmyJHvqZ2nPHUN/psiHUpe8izb7z15Mmca/+IHlcI
i0DEzdP9oDhoMPUqLE7ETxkP4em35yciN7bdEOxf07CobDuge4P9DE0VsnzzFqnF
a+zBKQQh9QiTcEldKzHdZN+0kmfCsFriJ/cWJmtlGHBilj+B1TyrKCRF+ZW5Cb0x
ZkbOTAtRmUsWOov5+G3x4eAVHS7KE410+6/oFjk+pBj8UIvfkpSCPspsnXLWFbpi
6I62z5kPdmovQ2TuNpc323g6fTtJjR/medduD/Es9uaU
-----END CERTIFICATE-----