Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/zxyjgGbfGVTH586tHPVG_fMBImw.roa
File:                     zxyjgGbfGVTH586tHPVG_fMBImw.roa (raw, json)
Hash identifier:          9rdRBznb6RwXhRIGb1J1bkpd2l2cpGoKM5cMmosEV8A=
Subject key identifier:   CF:1C:A3:80:66:DF:19:54:C7:E7:CE:AD:1C:F5:46:FD:F3:01:22:6C
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019E06B973A4EDAFC94F3077B271F49DEBED
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/zxyjgGbfGVTH586tHPVG_fMBImw.roa
Signing time:             Fri 08 May 2026 08:34:37 +0000
ROA not before:           Fri 08 May 2026 08:34:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203919
IP address blocks:        45.43.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:06:b9:73:a4:ed:af:c9:4f:30:77:b2:71:f4:9d:eb:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: May  8 08:34:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cf1ca38066df1954c7e7cead1cf546fdf301226c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:32:bc:34:fa:d5:2e:60:e2:95:18:db:67:b1:
                    01:3e:5b:a1:1c:33:2d:aa:85:3e:2b:16:85:01:47:
                    3d:92:2a:9f:0a:6a:2f:0e:98:15:c5:43:4f:38:58:
                    7a:9f:e2:b7:cb:a9:2f:db:41:05:ca:5c:df:f2:10:
                    12:6f:22:4a:cc:99:2e:a2:8e:42:b3:96:68:ed:23:
                    fa:f2:82:69:e1:75:25:56:cf:ef:78:57:70:e9:1e:
                    17:fc:35:0c:ed:21:61:88:50:d2:5e:9f:74:88:15:
                    34:14:67:bb:a8:58:bd:eb:98:b0:fc:98:f4:c4:53:
                    bc:37:4d:a8:fb:00:63:1e:90:50:8a:84:f2:31:14:
                    b0:e1:5a:5a:cb:ab:8b:f6:63:ba:ee:12:00:f3:28:
                    21:7f:90:61:0e:5c:44:56:f8:7e:21:31:8b:29:e2:
                    0f:cf:65:32:35:c3:bc:b7:b2:4e:e4:42:85:aa:36:
                    ef:85:92:92:56:5c:c6:66:f0:dd:4a:01:82:29:3e:
                    2f:63:f4:48:29:88:95:51:14:d8:85:2d:5b:33:6b:
                    f5:6e:e4:46:9e:c2:74:a8:ef:eb:c0:b9:60:09:be:
                    4a:bc:31:4d:df:7b:21:74:19:89:fa:d5:e1:76:1e:
                    00:01:a7:2c:6f:01:07:41:be:07:89:dc:14:e3:de:
                    15:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:1C:A3:80:66:DF:19:54:C7:E7:CE:AD:1C:F5:46:FD:F3:01:22:6C
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/zxyjgGbfGVTH586tHPVG_fMBImw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:f0:a7:ea:fe:d9:ae:bc:9a:50:d5:2e:8b:81:06:d1:76:2a:
         91:4e:83:92:65:0c:ef:15:01:9e:d6:04:e3:51:93:cd:0f:9f:
         49:57:24:b1:fb:fb:9c:0c:fb:b9:d1:03:84:fe:26:8e:e1:0c:
         40:f6:eb:3c:6d:30:45:b9:5e:84:59:4e:03:75:c2:8b:0c:b5:
         31:7a:98:35:34:82:f3:d1:0a:47:a6:1a:5e:86:fd:38:a3:47:
         dc:02:da:e7:61:4e:ea:4d:0b:21:01:67:94:89:81:92:71:a9:
         97:61:ae:ec:fe:44:58:49:30:d3:0d:ac:c9:0d:e6:44:1c:43:
         13:96:29:89:0f:d9:da:ac:fc:88:fc:85:34:e0:3c:d0:99:c2:
         c3:44:91:85:be:7d:86:83:8b:1d:81:72:c4:34:84:5a:a2:bf:
         ce:93:a5:e5:e4:d3:03:a1:ae:6a:49:e9:8d:06:20:63:ea:6f:
         01:ce:80:ce:d3:93:34:32:c3:1a:68:a0:95:3c:5b:04:69:28:
         56:95:f4:9d:89:a2:c2:63:a4:1d:6d:44:b4:25:2b:2a:43:f4:
         ed:b3:64:62:af:50:99:5b:61:98:b5:f1:c4:65:f2:32:8d:ba:
         34:96:8e:4f:b4:a2:91:46:49:f4:54:3a:a3:ba:04:0c:21:e8:
         f5:11:f0:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4GuXOk7a/JTzB3snH0nevtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjYwNTA4MDgzNDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjFjYTM4MDY2ZGYxOTU0YzdlN2NlYWQxY2Y1NDZmZGYzMDEyMjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyjK8NPrVLmDilRjbZ7EBPluhHDMt
qoU+KxaFAUc9kiqfCmovDpgVxUNPOFh6n+K3y6kv20EFylzf8hASbyJKzJkuoo5C
s5Zo7SP68oJp4XUlVs/veFdw6R4X/DUM7SFhiFDSXp90iBU0FGe7qFi965iw/Jj0
xFO8N02o+wBjHpBQioTyMRSw4Vpay6uL9mO67hIA8yghf5BhDlxEVvh+ITGLKeIP
z2UyNcO8t7JO5EKFqjbvhZKSVlzGZvDdSgGCKT4vY/RIKYiVURTYhS1bM2v1buRG
nsJ0qO/rwLlgCb5KvDFN33shdBmJ+tXhdh4AAacsbwEHQb4HidwU494VBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM8co4Bm3xlUx+fOrRz1Rv3zASJsMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvenh5amdHYmZHVlRINTg2dEhQVkdfZk1CSW13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALSumMA0G
CSqGSIb3DQEBCwUAA4IBAQAT8Kfq/tmuvJpQ1S6LgQbRdiqRToOSZQzvFQGe1gTj
UZPND59JVySx+/ucDPu50QOE/iaO4QxA9us8bTBFuV6EWU4DdcKLDLUxepg1NILz
0QpHphpehv04o0fcAtrnYU7qTQshAWeUiYGScamXYa7s/kRYSTDTDazJDeZEHEMT
limJD9narPyI/IU04DzQmcLDRJGFvn2Gg4sdgXLENIRaor/Ok6Xl5NMDoa5qSemN
BiBj6m8BzoDO05M0MsMaaKCVPFsEaShWlfSdiaLCY6QdbUS0JSsqQ/Tts2Rir1CZ
W2GYtfHEZfIyjbo0lo5PtKKRRkn0VDqjugQMIej1EfAV
-----END CERTIFICATE-----