Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/lKtHioRcmgOPtV6_JnyW7Sk_VHg.roa
File:                     lKtHioRcmgOPtV6_JnyW7Sk_VHg.roa (raw, json)
Hash identifier:          Q9PFK/URGHBu5TclTGpRjbTsOIfNEoKC6okAipngSx0=
Subject key identifier:   94:AB:47:8A:84:5C:9A:03:8F:B5:5E:BF:26:7C:96:ED:29:3F:54:78
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       019DBB1256BAD8E34CD9650FA746399B9079
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/lKtHioRcmgOPtV6_JnyW7Sk_VHg.roa
Signing time:             Thu 23 Apr 2026 16:00:34 +0000
ROA not before:           Thu 23 Apr 2026 16:00:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44477
IP address blocks:        45.140.166.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:bb:12:56:ba:d8:e3:4c:d9:65:0f:a7:46:39:9b:90:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: Apr 23 16:00:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=94ab478a845c9a038fb55ebf267c96ed293f5478
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:3d:4d:45:f1:3a:04:26:34:cc:d8:fe:ef:26:
                    38:26:db:f9:d3:04:05:19:bd:7c:0c:b1:d0:e6:07:
                    df:89:c5:27:4e:62:aa:af:b9:39:d3:06:95:bf:e1:
                    d3:c8:ab:a2:66:55:1e:84:ae:22:8c:da:39:f0:f0:
                    3d:35:a8:65:d1:e4:03:7d:fe:4e:d1:1f:f4:0a:a2:
                    9d:db:60:94:7b:e1:f6:0d:27:12:e5:1b:b4:c8:ab:
                    b6:42:d0:cd:13:b4:e2:50:c4:d2:13:4f:95:2d:5b:
                    f5:88:d2:ea:72:86:c6:86:69:c5:a2:cf:33:a2:d1:
                    c0:5b:6e:96:2c:b2:fd:cf:c3:b8:07:68:25:e5:69:
                    18:4b:e0:44:11:b9:9c:31:88:70:c4:69:6f:be:8b:
                    a9:33:e6:88:75:fb:b7:80:a5:fd:27:b4:10:40:d8:
                    d6:cf:e0:0c:89:15:02:ee:1e:28:b2:4a:46:87:28:
                    87:ce:6c:ea:53:d7:82:18:cf:73:57:b3:73:c3:53:
                    df:ff:07:52:3d:ed:34:4d:4e:eb:bd:78:10:e0:d6:
                    4b:50:8e:83:86:30:6a:9c:79:82:bb:fc:e4:9f:4c:
                    09:e0:cd:0f:80:bb:f0:1c:8c:69:82:65:56:22:3f:
                    fd:63:6e:25:ad:14:26:58:2a:7c:88:83:43:4e:56:
                    21:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:AB:47:8A:84:5C:9A:03:8F:B5:5E:BF:26:7C:96:ED:29:3F:54:78
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/lKtHioRcmgOPtV6_JnyW7Sk_VHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:c7:b5:7b:d7:89:a0:10:e2:5b:1a:3f:74:0a:a4:40:2a:4f:
         e5:81:ca:84:33:61:5d:3a:f5:3f:9f:00:59:a4:0c:0a:31:ff:
         ef:b1:96:b4:55:e0:fd:83:9a:a7:d6:4d:25:08:33:a5:93:9a:
         c5:1b:49:be:44:16:82:89:48:9d:cc:2b:eb:46:88:26:7a:b9:
         41:32:6b:ba:a2:93:51:7f:57:9e:a7:12:1d:1d:55:7a:68:55:
         51:34:e5:68:ef:2c:f3:fd:f5:10:c2:99:e8:2d:97:20:fe:29:
         fc:75:39:a3:b0:18:ad:47:96:a1:00:d7:35:b0:9f:27:26:e7:
         6d:96:ec:c8:39:eb:f0:73:10:f8:1b:6d:38:f1:3c:85:3c:5a:
         74:f3:6c:39:1b:fe:71:27:f9:95:f4:12:7f:02:0a:3e:f3:ee:
         c1:6f:fd:14:6d:20:91:c0:08:1a:bf:1f:f6:ca:fa:58:e2:24:
         02:b0:2b:90:c7:43:4e:6b:b3:20:7d:cb:08:8e:ed:11:04:db:
         df:49:3b:b9:86:56:87:31:ae:fb:e4:45:96:41:05:e6:f1:85:
         b2:f5:83:c6:ef:25:04:2e:f2:8e:44:31:71:a8:21:43:18:97:
         81:05:b1:d1:25:e1:fd:9e:21:4d:e8:49:f1:a6:21:f7:d6:38:
         77:04:47:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ27Ela62ONM2WUPp0Y5m5B5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjYwNDIzMTYwMDM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGFiNDc4YTg0NWM5YTAzOGZiNTVlYmYyNjdjOTZlZDI5M2Y1NDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzz1NRfE6BCY0zNj+7yY4Jtv50wQF
Gb18DLHQ5gfficUnTmKqr7k50waVv+HTyKuiZlUehK4ijNo58PA9Nahl0eQDff5O
0R/0CqKd22CUe+H2DScS5Ru0yKu2QtDNE7TiUMTSE0+VLVv1iNLqcobGhmnFos8z
otHAW26WLLL9z8O4B2gl5WkYS+BEEbmcMYhwxGlvvoupM+aIdfu3gKX9J7QQQNjW
z+AMiRUC7h4oskpGhyiHzmzqU9eCGM9zV7Nzw1Pf/wdSPe00TU7rvXgQ4NZLUI6D
hjBqnHmCu/zkn0wJ4M0PgLvwHIxpgmVWIj/9Y24lrRQmWCp8iINDTlYhMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJSrR4qEXJoDj7VevyZ8lu0pP1R4MB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEvbEt0SGlvUmNtZ09QdFY2X0pueVc3U2tfVkhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEtNGJkNjNhZGM3MzU0
LzEvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYymMA0G
CSqGSIb3DQEBCwUAA4IBAQBqx7V714mgEOJbGj90CqRAKk/lgcqEM2FdOvU/nwBZ
pAwKMf/vsZa0VeD9g5qn1k0lCDOlk5rFG0m+RBaCiUidzCvrRogmerlBMmu6opNR
f1eepxIdHVV6aFVRNOVo7yzz/fUQwpnoLZcg/in8dTmjsBitR5ahANc1sJ8nJudt
luzIOevwcxD4G2048TyFPFp082w5G/5xJ/mV9BJ/Ago+8+7Bb/0UbSCRwAgavx/2
yvpY4iQCsCuQx0NOa7MgfcsIju0RBNvfSTu5hlaHMa775EWWQQXm8YWy9YPG7yUE
LvKORDFxqCFDGJeBBbHRJeH9niFN6EnxpiH31jh3BEe4
-----END CERTIFICATE-----