Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/f536cd-943f-4554-9f17-344cc502f1bd/1/lD0ER9sndJVzynhBtAsN1nu4J0g.roa
File:                     lD0ER9sndJVzynhBtAsN1nu4J0g.roa (raw, json)
Hash identifier:          PzMpNtcO//f8fgScQjfd/rvw0npPMGdjT1plcxSP4o8=
Subject key identifier:   94:3D:04:47:DB:27:74:95:73:CA:78:41:B4:0B:0D:D6:7B:B8:27:48
Certificate issuer:       /CN=304e59a223f4bcb823492fb1096c3a82310c03da
Certificate serial:       019D1234E90FDB6A46F30CFEBA881AE1A203
Authority key identifier: 30:4E:59:A2:23:F4:BC:B8:23:49:2F:B1:09:6C:3A:82:31:0C:03:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ME5ZoiP0vLgjSS-xCWw6gjEMA9o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/f536cd-943f-4554-9f17-344cc502f1bd/1/lD0ER9sndJVzynhBtAsN1nu4J0g.roa
Signing time:             Sat 21 Mar 2026 21:02:30 +0000
ROA not before:           Sat 21 Mar 2026 21:02:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59808
IP address blocks:        45.151.212.0/24 maxlen: 24
                          2a06:8a06::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/f536cd-943f-4554-9f17-344cc502f1bd/1/ME5ZoiP0vLgjSS-xCWw6gjEMA9o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/f536cd-943f-4554-9f17-344cc502f1bd/1/ME5ZoiP0vLgjSS-xCWw6gjEMA9o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ME5ZoiP0vLgjSS-xCWw6gjEMA9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:12:34:e9:0f:db:6a:46:f3:0c:fe:ba:88:1a:e1:a2:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=304e59a223f4bcb823492fb1096c3a82310c03da
        Validity
            Not Before: Mar 21 21:02:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=943d0447db27749573ca7841b40b0dd67bb82748
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:77:f1:44:aa:9e:ad:3a:94:5c:f8:64:96:a5:
                    74:3e:84:f1:84:f9:0d:13:24:d9:38:e2:b9:e0:6d:
                    ea:80:9f:dd:f2:64:29:33:06:5f:e1:d8:e7:f0:6e:
                    22:81:70:c6:3e:85:03:1b:cf:de:1e:f7:1e:29:66:
                    f5:41:41:cb:f4:19:91:c4:04:0e:77:a8:94:06:d8:
                    2d:56:43:3b:b1:35:08:6e:a0:c4:24:8c:d2:0b:b8:
                    88:44:ef:6d:40:39:f5:76:ed:4d:da:81:eb:d3:79:
                    31:39:df:ba:52:3f:ce:04:80:d4:50:bb:30:be:66:
                    97:47:07:e0:65:99:90:8b:55:57:8f:2f:25:52:3e:
                    21:65:37:54:f6:7f:26:82:10:c5:dc:20:c5:c2:63:
                    96:1b:cc:16:47:3e:58:cf:9e:23:5b:f3:5c:45:8f:
                    47:0d:44:c8:ab:8a:ab:c2:69:46:b7:d2:ef:a4:f0:
                    a3:08:e1:34:49:14:0e:b5:d1:8f:a1:25:e5:56:d6:
                    21:03:b6:0a:8f:d3:16:46:5e:a5:b2:c2:9b:e1:e1:
                    ab:1a:1b:e1:2d:3f:24:94:8a:c1:48:9c:02:15:72:
                    30:cc:f1:e4:47:e9:39:0c:44:f7:9f:27:99:96:1d:
                    1b:56:d8:5d:d5:7b:2c:7e:7f:55:42:fc:1f:c6:9a:
                    6f:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:3D:04:47:DB:27:74:95:73:CA:78:41:B4:0B:0D:D6:7B:B8:27:48
            X509v3 Authority Key Identifier:
                keyid:30:4E:59:A2:23:F4:BC:B8:23:49:2F:B1:09:6C:3A:82:31:0C:03:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ME5ZoiP0vLgjSS-xCWw6gjEMA9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/f536cd-943f-4554-9f17-344cc502f1bd/1/lD0ER9sndJVzynhBtAsN1nu4J0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/f536cd-943f-4554-9f17-344cc502f1bd/1/ME5ZoiP0vLgjSS-xCWw6gjEMA9o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.212.0/24
                IPv6:
                  2a06:8a06::/32

    Signature Algorithm: sha256WithRSAEncryption
         62:72:12:ee:23:c4:89:4a:e3:a9:7a:ad:40:6b:be:9a:e7:d6:
         12:1d:1f:a4:c7:de:68:27:80:8f:57:b3:1e:db:97:01:92:79:
         83:2e:08:4e:82:d8:ce:8d:87:4f:ef:47:63:35:df:c8:c9:98:
         9a:f5:66:73:95:c8:65:1c:cd:d6:fb:46:82:81:ef:69:dd:8a:
         4f:4f:8d:08:0c:92:9c:58:6b:0d:2f:e0:9c:2a:58:ad:66:0a:
         b1:9b:da:31:6f:4a:9d:b6:74:38:38:e2:79:4e:48:f2:58:f1:
         1a:83:5a:be:6e:c8:38:d4:71:59:a8:38:1c:c0:eb:66:15:15:
         5a:c8:29:79:a1:0b:72:73:b3:61:b1:f7:94:83:c5:e1:cd:33:
         3c:45:57:4f:19:79:c2:b8:5c:35:0c:63:08:5e:61:d3:8b:34:
         b7:f6:27:28:b2:fa:7a:9b:3a:9c:71:e0:b9:e5:54:f0:2c:c1:
         70:63:ad:d2:b8:d6:39:cb:01:8a:56:93:89:0c:8b:76:e9:d5:
         c6:f2:75:61:bc:de:6f:a6:40:f5:d3:5e:77:3e:09:f7:2c:27:
         aa:56:3c:1d:c9:c6:b2:44:03:b5:6a:4c:aa:5f:6e:a5:50:40:
         9b:ee:e1:3b:ef:9b:ff:e9:be:11:fb:96:c6:d7:0f:00:d9:58:
         1c:49:b6:d8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ0SNOkP22pG8wz+uoga4aIDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwNGU1OWEyMjNmNGJjYjgyMzQ5MmZiMTA5NmMzYTgyMzEw
YzAzZGEwHhcNMjYwMzIxMjEwMjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDNkMDQ0N2RiMjc3NDk1NzNjYTc4NDFiNDBiMGRkNjdiYjgyNzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHfxRKqerTqUXPhklqV0PoTxhPkN
EyTZOOK54G3qgJ/d8mQpMwZf4djn8G4igXDGPoUDG8/eHvceKWb1QUHL9BmRxAQO
d6iUBtgtVkM7sTUIbqDEJIzSC7iIRO9tQDn1du1N2oHr03kxOd+6Uj/OBIDUULsw
vmaXRwfgZZmQi1VXjy8lUj4hZTdU9n8mghDF3CDFwmOWG8wWRz5Yz54jW/NcRY9H
DUTIq4qrwmlGt9LvpPCjCOE0SRQOtdGPoSXlVtYhA7YKj9MWRl6lssKb4eGrGhvh
LT8klIrBSJwCFXIwzPHkR+k5DET3nyeZlh0bVthd1Xssfn9VQvwfxppvPwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJQ9BEfbJ3SVc8p4QbQLDdZ7uCdIMB8GA1UdIwQY
MBaAFDBOWaIj9Ly4I0kvsQlsOoIxDAPaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUU1Wm9pUDB2TGdqU1MteENXdzZnakVNQTlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9mNTM2Y2QtOTQzZi00NTU0LTlmMTct
MzQ0Y2M1MDJmMWJkLzEvbEQwRVI5c25kSlZ6eW5oQnRBc04xbnU0SjBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9mNTM2Y2QtOTQzZi00NTU0LTlmMTctMzQ0Y2M1MDJmMWJk
LzEvTUU1Wm9pUDB2TGdqU1MteENXdzZnakVNQTlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALZfUMA0E
AgACMAcDBQAqBooGMA0GCSqGSIb3DQEBCwUAA4IBAQBichLuI8SJSuOpeq1Aa76a
59YSHR+kx95oJ4CPV7Me25cBknmDLghOgtjOjYdP70djNd/IyZia9WZzlchlHM3W
+0aCge9p3YpPT40IDJKcWGsNL+CcKlitZgqxm9oxb0qdtnQ4OOJ5TkjyWPEag1q+
bsg41HFZqDgcwOtmFRVayCl5oQtyc7NhsfeUg8XhzTM8RVdPGXnCuFw1DGMIXmHT
izS39icosvp6mzqcceC55VTwLMFwY63SuNY5ywGKVpOJDIt26dXG8nVhvN5vpkD1
0153Pgn3LCeqVjwdycayRAO1akyqX26lUECb7uE775v/6b4R+5bG1w8A2VgcSbbY
-----END CERTIFICATE-----