Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/ZPQxZyBJh2Vw2t_b2vNEAiLh99k.roa
File:                     ZPQxZyBJh2Vw2t_b2vNEAiLh99k.roa (raw, json)
Hash identifier:          NDs1Vf1mQ8nJ5oBooS0cBClzynoCDC8zG6mfNnpUvhE=
Subject key identifier:   64:F4:31:67:20:49:87:65:70:DA:DF:DB:DA:F3:44:02:22:E1:F7:D9
Certificate issuer:       /CN=ff44dbaca56dac319401f68a50d917f5424611ad
Certificate serial:       019E1C9F36C47C129B3CC914453AEA895FC1
Authority key identifier: FF:44:DB:AC:A5:6D:AC:31:94:01:F6:8A:50:D9:17:F5:42:46:11:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/ZPQxZyBJh2Vw2t_b2vNEAiLh99k.roa
Signing time:             Tue 12 May 2026 14:37:36 +0000
ROA not before:           Tue 12 May 2026 14:37:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210538
IP address blocks:        45.143.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1c:9f:36:c4:7c:12:9b:3c:c9:14:45:3a:ea:89:5f:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff44dbaca56dac319401f68a50d917f5424611ad
        Validity
            Not Before: May 12 14:37:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=64f431672049876570dadfdbdaf3440222e1f7d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:60:b1:8b:df:9f:d4:a0:6c:f2:84:d4:77:d5:
                    75:c8:82:bf:7c:7e:3a:94:73:87:6c:3e:6d:20:ea:
                    08:33:93:f9:71:20:82:85:33:07:42:bd:93:2e:d7:
                    1c:72:22:53:b1:27:50:0d:8a:a4:16:9f:88:22:75:
                    29:15:82:38:35:06:08:ce:b7:e0:67:21:83:22:95:
                    82:3b:22:5b:ee:13:68:f2:8c:57:16:fe:58:a0:04:
                    ca:fd:e4:6c:64:b2:81:8d:c6:1c:23:8f:bc:3f:3f:
                    75:78:cb:3e:ab:69:50:89:25:26:12:c1:49:23:97:
                    28:84:8c:13:e6:b1:30:3f:33:17:01:c6:1b:fa:95:
                    9f:2a:5f:7f:a3:d6:b1:d6:0b:f0:72:02:60:cf:13:
                    65:a3:cc:04:8d:a1:6b:63:38:18:68:d4:60:e6:fa:
                    8e:5a:e7:1d:2d:5e:dc:11:65:7c:67:82:4f:ae:0d:
                    a5:29:6b:54:35:d2:69:aa:08:cb:05:30:57:30:36:
                    91:88:46:45:2a:15:43:58:a5:64:b6:84:10:86:d5:
                    bf:30:31:e8:e0:39:a6:29:7f:70:fc:1b:4b:1a:0f:
                    cc:6e:8b:f2:29:f3:40:4c:d0:02:ad:fe:af:29:fa:
                    a0:04:df:67:9e:dd:b0:cd:60:dd:7a:24:bd:44:9a:
                    13:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:F4:31:67:20:49:87:65:70:DA:DF:DB:DA:F3:44:02:22:E1:F7:D9
            X509v3 Authority Key Identifier:
                keyid:FF:44:DB:AC:A5:6D:AC:31:94:01:F6:8A:50:D9:17:F5:42:46:11:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/ZPQxZyBJh2Vw2t_b2vNEAiLh99k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:0b:02:99:88:5f:07:90:a3:1a:5f:c2:cd:98:7a:a1:29:40:
         ab:d2:c3:da:28:86:8d:42:b4:f0:9d:df:65:17:56:5e:0f:f4:
         65:bc:74:68:c1:62:26:ed:70:b0:ab:fa:2c:ae:18:89:56:07:
         9e:52:cb:41:c0:a2:df:2b:3c:d2:c6:34:b6:a7:ee:1f:53:d1:
         24:e7:b1:fd:af:cc:d6:11:e0:51:e8:5a:00:5e:e4:7a:bb:86:
         5f:45:8e:15:57:98:d3:46:8d:01:36:0a:01:8a:cd:29:58:93:
         0d:94:76:97:e8:f6:b6:93:ec:c9:d6:1f:ac:2d:12:05:01:df:
         59:e2:86:b1:4c:a0:37:32:03:4a:0c:af:f4:5a:a9:e3:35:59:
         8f:8e:c9:32:78:ef:d5:42:90:de:60:df:02:03:a8:f2:49:ba:
         fa:88:31:d7:fa:84:cf:07:33:c6:ab:39:fd:de:9f:20:21:6d:
         1f:89:b7:ba:5a:8a:c6:0c:41:e6:70:2a:d4:e9:70:fa:f3:7b:
         f9:e3:eb:2b:70:ae:21:a1:a4:04:c5:52:e0:18:41:75:9a:69:
         7b:f2:27:15:a8:7b:f9:8c:54:20:d1:d1:f7:cd:65:2f:a1:e5:
         40:d2:6b:72:b8:fe:bd:ce:a7:9d:b5:81:21:3e:f2:b0:28:0c:
         2c:c8:1a:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4cnzbEfBKbPMkURTrqiV/BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNDRkYmFjYTU2ZGFjMzE5NDAxZjY4YTUwZDkxN2Y1NDI0
NjExYWQwHhcNMjYwNTEyMTQzNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGY0MzE2NzIwNDk4NzY1NzBkYWRmZGJkYWYzNDQwMjIyZTFmN2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGCxi9+f1KBs8oTUd9V1yIK/fH46
lHOHbD5tIOoIM5P5cSCChTMHQr2TLtccciJTsSdQDYqkFp+IInUpFYI4NQYIzrfg
ZyGDIpWCOyJb7hNo8oxXFv5YoATK/eRsZLKBjcYcI4+8Pz91eMs+q2lQiSUmEsFJ
I5cohIwT5rEwPzMXAcYb+pWfKl9/o9ax1gvwcgJgzxNlo8wEjaFrYzgYaNRg5vqO
WucdLV7cEWV8Z4JPrg2lKWtUNdJpqgjLBTBXMDaRiEZFKhVDWKVktoQQhtW/MDHo
4DmmKX9w/BtLGg/MbovyKfNATNACrf6vKfqgBN9nnt2wzWDdeiS9RJoTgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGT0MWcgSYdlcNrf29rzRAIi4ffZMB8GA1UdIwQY
MBaAFP9E26ylbawxlAH2ilDZF/VCRhGtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzBUYnJLVnRyREdVQWZhS1VOa1g5VUpHRWEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi81M2E5NDctZmQwMy00MDE0LTk4Mjct
YzVkODk1MDgxOGVjLzEvWlBReFp5QkpoMlZ3MnRfYjJ2TkVBaUxoOTlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi81M2E5NDctZmQwMy00MDE0LTk4MjctYzVkODk1MDgxOGVj
LzEvXzBUYnJLVnRyREdVQWZhS1VOa1g5VUpHRWEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY8LMA0G
CSqGSIb3DQEBCwUAA4IBAQBXCwKZiF8HkKMaX8LNmHqhKUCr0sPaKIaNQrTwnd9l
F1ZeD/RlvHRowWIm7XCwq/osrhiJVgeeUstBwKLfKzzSxjS2p+4fU9Ek57H9r8zW
EeBR6FoAXuR6u4ZfRY4VV5jTRo0BNgoBis0pWJMNlHaX6Pa2k+zJ1h+sLRIFAd9Z
4oaxTKA3MgNKDK/0WqnjNVmPjskyeO/VQpDeYN8CA6jySbr6iDHX+oTPBzPGqzn9
3p8gIW0fibe6WorGDEHmcCrU6XD683v54+srcK4hoaQExVLgGEF1mml78icVqHv5
jFQg0dH3zWUvoeVA0mtyuP69zqedtYEhPvKwKAwsyBr5
-----END CERTIFICATE-----