Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/464473-3659-413d-8e0a-56970adcd0af/1/nTAeOQ1yfLeE7UobuYd95qQsnDc.roa
File:                     nTAeOQ1yfLeE7UobuYd95qQsnDc.roa (raw, json)
Hash identifier:          MGx/T2ybNPO76ocB/JBxy+Dt6X73selrSnb5nBMcig0=
Subject key identifier:   9D:30:1E:39:0D:72:7C:B7:84:ED:4A:1B:B9:87:7D:E6:A4:2C:9C:37
Certificate issuer:       /CN=80b5a77226849f1b72d063be638997fb09cadb51
Certificate serial:       019E15F5BCF5AC266B64D1FAAE7110C44EAF
Authority key identifier: 80:B5:A7:72:26:84:9F:1B:72:D0:63:BE:63:89:97:FB:09:CA:DB:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gLWnciaEnxty0GO-Y4mX-wnK21E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/464473-3659-413d-8e0a-56970adcd0af/1/nTAeOQ1yfLeE7UobuYd95qQsnDc.roa
Signing time:             Mon 11 May 2026 07:34:46 +0000
ROA not before:           Mon 11 May 2026 07:34:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1136
IP address blocks:        145.68.0.0/16 maxlen: 16
                          145.119.0.0/16 maxlen: 16
                          145.119.56.0/21 maxlen: 21
                          145.119.224.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/464473-3659-413d-8e0a-56970adcd0af/1/gLWnciaEnxty0GO-Y4mX-wnK21E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/464473-3659-413d-8e0a-56970adcd0af/1/gLWnciaEnxty0GO-Y4mX-wnK21E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gLWnciaEnxty0GO-Y4mX-wnK21E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:15:f5:bc:f5:ac:26:6b:64:d1:fa:ae:71:10:c4:4e:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80b5a77226849f1b72d063be638997fb09cadb51
        Validity
            Not Before: May 11 07:34:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9d301e390d727cb784ed4a1bb9877de6a42c9c37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:4e:b2:e7:b0:f3:47:fe:63:3c:e1:10:3e:ea:
                    11:8a:51:4e:25:96:95:49:b1:e4:c7:b1:f3:c5:0f:
                    0c:93:61:54:08:ec:f0:ee:0f:b2:d1:f7:ee:a5:ea:
                    ce:12:9d:c4:b7:2d:39:17:83:5b:ef:c2:30:24:04:
                    9a:0e:fe:d0:71:c0:1c:d9:60:5d:1e:77:e1:26:6e:
                    9c:cd:40:af:92:b6:07:95:d7:e4:91:79:52:0f:4f:
                    78:1f:8d:57:f0:e1:94:34:48:f7:91:93:96:81:d4:
                    6f:fe:8b:18:6d:b8:24:e6:93:d0:cc:10:47:53:8c:
                    ae:b1:ca:b0:4c:67:b6:0b:6b:4a:8f:ed:dc:2f:e6:
                    61:df:7a:51:a4:ea:db:f9:4c:0f:f2:51:73:3f:ad:
                    61:a0:48:7e:c6:a4:be:24:e7:a5:a2:4f:b2:71:17:
                    36:a9:82:40:28:8a:23:9d:89:94:22:4a:5a:76:c4:
                    e0:5b:2b:41:4c:fa:b7:5f:af:ac:25:30:5c:68:62:
                    2e:25:22:fd:ec:9c:75:6a:da:4a:05:1c:b7:05:6b:
                    0c:1b:5a:fe:ea:ca:0a:d5:a1:f2:93:35:db:84:48:
                    f7:47:da:e0:d8:ca:4f:9a:a4:d1:46:49:57:fb:99:
                    8a:9d:4d:bc:f0:29:6f:b6:f8:6a:21:2e:12:c8:ac:
                    3b:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:30:1E:39:0D:72:7C:B7:84:ED:4A:1B:B9:87:7D:E6:A4:2C:9C:37
            X509v3 Authority Key Identifier:
                keyid:80:B5:A7:72:26:84:9F:1B:72:D0:63:BE:63:89:97:FB:09:CA:DB:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gLWnciaEnxty0GO-Y4mX-wnK21E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/464473-3659-413d-8e0a-56970adcd0af/1/nTAeOQ1yfLeE7UobuYd95qQsnDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/464473-3659-413d-8e0a-56970adcd0af/1/gLWnciaEnxty0GO-Y4mX-wnK21E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.68.0.0/16
                  145.119.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         8d:e8:68:d1:0e:bc:62:53:9f:44:d4:72:4e:a4:06:13:8a:78:
         43:69:b6:79:a0:8f:c2:24:db:9b:d8:1d:fe:2c:8d:8d:cf:b0:
         f0:ad:9e:f1:bf:5b:78:36:41:50:88:b2:5c:e5:85:47:94:5f:
         1e:b1:a2:ec:b4:79:f4:46:3e:c2:41:13:0a:5e:96:d5:92:82:
         07:81:ad:ff:7f:6f:01:a5:e0:05:72:e0:dc:a6:92:d9:74:95:
         ea:e1:6e:13:14:51:a8:2f:c4:02:01:9f:e6:f3:40:b6:a6:08:
         eb:3d:5d:5e:49:60:4d:d3:7b:48:79:09:f6:19:1f:8d:e0:9e:
         e0:30:f3:b1:a8:67:4a:fe:6c:ee:ac:0d:ea:fb:aa:9c:e8:30:
         58:e9:c8:30:05:96:34:68:c6:ea:f7:33:62:35:80:81:2b:54:
         4f:71:1c:a5:8f:be:eb:db:ec:ca:73:b7:81:57:c4:9c:bc:8c:
         56:7b:e0:79:d3:7e:62:42:1b:a7:a3:21:f9:79:b7:34:5b:93:
         07:bc:dc:e6:db:a6:f9:20:69:8f:02:25:f3:59:7c:01:16:de:
         02:e7:39:10:8d:77:e2:f8:36:84:69:b6:db:a1:b5:a5:80:a1:
         12:52:8c:08:65:42:f0:6c:ed:d5:f9:45:3e:dc:4a:54:18:99:
         78:b7:b8:06
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAZ4V9bz1rCZrZNH6rnEQxE6vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwYjVhNzcyMjY4NDlmMWI3MmQwNjNiZTYzODk5N2ZiMDlj
YWRiNTEwHhcNMjYwNTExMDczNDQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDMwMWUzOTBkNzI3Y2I3ODRlZDRhMWJiOTg3N2RlNmE0MmM5YzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtU6y57DzR/5jPOEQPuoRilFOJZaV
SbHkx7HzxQ8Mk2FUCOzw7g+y0ffuperOEp3Ety05F4Nb78IwJASaDv7QccAc2WBd
HnfhJm6czUCvkrYHldfkkXlSD094H41X8OGUNEj3kZOWgdRv/osYbbgk5pPQzBBH
U4yuscqwTGe2C2tKj+3cL+Zh33pRpOrb+UwP8lFzP61hoEh+xqS+JOelok+ycRc2
qYJAKIojnYmUIkpadsTgWytBTPq3X6+sJTBcaGIuJSL97Jx1atpKBRy3BWsMG1r+
6soK1aHykzXbhEj3R9rg2MpPmqTRRklX+5mKnU288ClvtvhqIS4SyKw7NwIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFJ0wHjkNcny3hO1KG7mHfeakLJw3MB8GA1UdIwQY
MBaAFIC1p3ImhJ8bctBjvmOJl/sJyttRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0xXbmNpYUVueHR5MEdPLVk0bVgtd25LMjFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS80NjQ0NzMtMzY1OS00MTNkLThlMGEt
NTY5NzBhZGNkMGFmLzEvblRBZU9RMXlmTGVFN1VvYnVZZDk1cVFzbkRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS80NjQ0NzMtMzY1OS00MTNkLThlMGEtNTY5NzBhZGNkMGFm
LzEvZ0xXbmNpYUVueHR5MEdPLVk0bVgtd25LMjFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCMGCCsGAQUFBwEHAQH/BBQwEjAQBAIAATAKAwMAkUQDAwCR
dzANBgkqhkiG9w0BAQsFAAOCAQEAjeho0Q68YlOfRNRyTqQGE4p4Q2m2eaCPwiTb
m9gd/iyNjc+w8K2e8b9beDZBUIiyXOWFR5RfHrGi7LR59EY+wkETCl6W1ZKCB4Gt
/39vAaXgBXLg3KaS2XSV6uFuExRRqC/EAgGf5vNAtqYI6z1dXklgTdN7SHkJ9hkf
jeCe4DDzsahnSv5s7qwN6vuqnOgwWOnIMAWWNGjG6vczYjWAgStUT3EcpY++69vs
ynO3gVfEnLyMVnvgedN+YkIbp6Mh+Xm3NFuTB7zc5tum+SBpjwIl81l8ARbeAuc5
EI134vg2hGm226G1pYChElKMCGVC8Gzt1flFPtxKVBiZeLe4Bg==
-----END CERTIFICATE-----