Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/CDjWTyoS71DXASo2Nj7eHKZDgBU.roa
File:                     CDjWTyoS71DXASo2Nj7eHKZDgBU.roa (raw, json)
Hash identifier:          0MjLF8Ccc2qdY2KgDxvd+hMdzbz7ozx3zfAkryxvvg0=
Subject key identifier:   08:38:D6:4F:2A:12:EF:50:D7:01:2A:36:36:3E:DE:1C:A6:43:80:15
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       019E0922815ACD0F15C5161671EC6E3AC35D
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/CDjWTyoS71DXASo2Nj7eHKZDgBU.roa
Signing time:             Fri 08 May 2026 19:48:36 +0000
ROA not before:           Fri 08 May 2026 19:48:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60632
IP address blocks:        45.94.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:09:22:81:5a:cd:0f:15:c5:16:16:71:ec:6e:3a:c3:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: May  8 19:48:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0838d64f2a12ef50d7012a36363ede1ca6438015
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:aa:0b:ce:43:69:4f:70:8c:92:1e:2a:b7:26:
                    de:b1:ae:0b:e3:ae:db:7e:51:80:7a:b9:a6:6c:4d:
                    6d:13:61:0e:e0:85:ad:ca:ff:72:a3:ab:ab:a1:e8:
                    83:8a:d9:b8:32:0e:58:c3:67:f4:2a:94:84:61:80:
                    9a:fa:53:c1:1c:8b:1a:1b:07:c2:b2:00:f9:0c:bc:
                    6a:f9:91:82:f7:0f:8b:63:0d:f8:d0:9c:68:6a:ac:
                    c4:96:12:a5:c7:b9:56:13:b9:0c:60:a6:62:35:c0:
                    c9:6f:8b:ef:f3:47:3f:e9:1c:78:64:f1:c9:34:16:
                    fe:4a:d0:b0:3d:a9:75:1b:27:cc:65:07:ac:fe:d4:
                    95:3a:59:4f:3f:e7:05:76:57:38:51:f8:d4:68:d9:
                    e6:71:f8:b9:6e:ab:f5:3d:85:34:de:7a:16:1b:95:
                    52:b9:e3:60:4f:bf:43:b4:d6:e5:84:6d:fa:d8:ed:
                    d6:6b:24:6d:29:79:71:b4:d2:65:5c:ca:35:90:76:
                    db:59:f3:9a:b4:a3:e2:19:11:9a:ca:cb:cf:e4:83:
                    36:f1:f5:46:77:c7:ee:83:a6:5a:04:3f:2d:2b:ea:
                    8a:1a:4c:41:dd:80:7f:4b:e4:2e:a0:fc:32:b9:95:
                    35:c0:6a:69:58:41:e5:ec:cb:fc:f4:67:87:8d:6b:
                    36:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:38:D6:4F:2A:12:EF:50:D7:01:2A:36:36:3E:DE:1C:A6:43:80:15
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/CDjWTyoS71DXASo2Nj7eHKZDgBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:1f:ea:05:05:92:0a:ee:8a:a9:7d:6d:db:60:d0:8a:78:d3:
         09:b7:9b:40:5d:82:3a:9e:b1:05:f2:45:56:ce:7a:a4:7b:74:
         68:15:52:59:ab:4d:16:d6:5e:11:bd:24:73:52:7a:97:61:52:
         69:7e:6a:fa:26:67:f2:80:cb:3c:19:3e:31:eb:24:4e:f4:29:
         da:00:d0:92:a9:57:fc:85:78:ee:5e:a5:df:4e:32:39:22:63:
         44:95:17:ca:1b:f8:68:35:24:4d:99:c1:5e:c8:8f:3b:a0:cd:
         7e:43:31:8b:22:2b:80:cf:0a:e2:3b:67:1f:ff:71:a1:9b:a2:
         ec:b3:e8:64:63:69:62:7a:bb:9c:b8:9d:25:30:60:bf:9a:29:
         fb:de:a6:66:6f:7e:d9:5c:95:29:cc:d9:9e:75:60:b2:df:b2:
         11:14:bb:7e:63:2c:38:87:58:8c:7a:42:17:a9:7c:c0:3c:74:
         c3:b4:3e:9b:b0:6e:1b:d8:63:76:25:58:e0:4a:b2:03:7c:7f:
         c3:94:79:10:13:70:5b:ca:ee:c3:a8:99:c0:61:c0:91:2c:a3:
         d6:b3:8d:20:1e:03:fc:59:51:e1:b0:41:30:53:5f:a8:e8:33:
         09:c5:bd:6a:8b:58:dd:6c:fc:76:b1:ab:73:ba:ce:6e:a7:7c:
         92:8a:ed:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4JIoFazQ8VxRYWcexuOsNdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjYwNTA4MTk0ODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODM4ZDY0ZjJhMTJlZjUwZDcwMTJhMzYzNjNlZGUxY2E2NDM4MDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0qoLzkNpT3CMkh4qtybesa4L467b
flGAermmbE1tE2EO4IWtyv9yo6uroeiDitm4Mg5Yw2f0KpSEYYCa+lPBHIsaGwfC
sgD5DLxq+ZGC9w+LYw340JxoaqzElhKlx7lWE7kMYKZiNcDJb4vv80c/6Rx4ZPHJ
NBb+StCwPal1GyfMZQes/tSVOllPP+cFdlc4UfjUaNnmcfi5bqv1PYU03noWG5VS
ueNgT79DtNblhG362O3WayRtKXlxtNJlXMo1kHbbWfOatKPiGRGaysvP5IM28fVG
d8fug6ZaBD8tK+qKGkxB3YB/S+QuoPwyuZU1wGppWEHl7Mv89GeHjWs21wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAg41k8qEu9Q1wEqNjY+3hymQ4AVMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvQ0RqV1R5b1M3MURYQVNvMk5qN2VIS1pEZ0JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV7VMA0G
CSqGSIb3DQEBCwUAA4IBAQChH+oFBZIK7oqpfW3bYNCKeNMJt5tAXYI6nrEF8kVW
znqke3RoFVJZq00W1l4RvSRzUnqXYVJpfmr6JmfygMs8GT4x6yRO9CnaANCSqVf8
hXjuXqXfTjI5ImNElRfKG/hoNSRNmcFeyI87oM1+QzGLIiuAzwriO2cf/3Ghm6Ls
s+hkY2lierucuJ0lMGC/min73qZmb37ZXJUpzNmedWCy37IRFLt+Yyw4h1iMekIX
qXzAPHTDtD6bsG4b2GN2JVjgSrIDfH/DlHkQE3Bbyu7DqJnAYcCRLKPWs40gHgP8
WVHhsEEwU1+o6DMJxb1qi1jdbPx2satzus5up3ySiu3q
-----END CERTIFICATE-----