Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/cd57e2-57c7-4cc5-8714-3496c9d794bc/1/V7uoSOO7xuQ-5mC33-G196G_a8s.roa
File:                     V7uoSOO7xuQ-5mC33-G196G_a8s.roa (raw, json)
Hash identifier:          tVW62BhhbXSwkMQ25NQGkX/bauxI9OvjWozYd+KEyP4=
Subject key identifier:   57:BB:A8:48:E3:BB:C6:E4:3E:E6:60:B7:DF:E1:B5:F7:A1:BF:6B:CB
Certificate issuer:       /CN=e5802e10d4af9cb7a592c61bbb4b092eac3886d6
Certificate serial:       019B76EAD34944C595A5E672CF4C852F38C4
Authority key identifier: E5:80:2E:10:D4:AF:9C:B7:A5:92:C6:1B:BB:4B:09:2E:AC:38:86:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5YAuENSvnLelksYbu0sJLqw4htY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/cd57e2-57c7-4cc5-8714-3496c9d794bc/1/V7uoSOO7xuQ-5mC33-G196G_a8s.roa
Signing time:             Thu 01 Jan 2026 00:17:39 +0000
ROA not before:           Thu 01 Jan 2026 00:17:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208177
IP address blocks:        45.155.92.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/cd57e2-57c7-4cc5-8714-3496c9d794bc/1/5YAuENSvnLelksYbu0sJLqw4htY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/cd57e2-57c7-4cc5-8714-3496c9d794bc/1/5YAuENSvnLelksYbu0sJLqw4htY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5YAuENSvnLelksYbu0sJLqw4htY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:d3:49:44:c5:95:a5:e6:72:cf:4c:85:2f:38:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5802e10d4af9cb7a592c61bbb4b092eac3886d6
        Validity
            Not Before: Jan  1 00:17:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=57bba848e3bbc6e43ee660b7dfe1b5f7a1bf6bcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:d8:0e:5a:5e:ab:d3:df:67:9b:ee:4c:57:28:
                    bf:72:5b:c0:ec:f0:f4:4c:9a:80:d7:d3:6e:4f:c0:
                    78:75:71:e8:eb:9d:22:23:6a:e6:a6:75:a2:50:a5:
                    d9:5c:79:18:97:74:2d:41:65:0e:6d:f6:20:59:0b:
                    fd:cc:a4:28:b8:63:fd:bc:7c:b8:87:29:da:cb:06:
                    7b:32:2b:fd:2f:fa:ed:8c:3f:24:7f:fd:3b:f7:1d:
                    7a:3d:a9:c6:d4:a2:a6:1e:42:82:94:59:3d:31:63:
                    91:05:f7:7a:75:63:fd:a6:26:a1:13:4d:aa:e4:a3:
                    fb:cc:38:08:7c:81:e7:4c:78:0f:68:02:29:c0:4c:
                    42:92:69:82:3b:1f:95:74:f2:75:2a:6d:98:08:9c:
                    a2:e2:41:2f:ff:17:d8:7a:01:74:c8:82:42:f9:e3:
                    f3:b6:f8:64:cd:aa:d8:49:d4:59:37:ce:f7:41:7f:
                    35:47:77:77:38:a8:71:fd:e9:6a:47:05:3f:f2:f8:
                    67:00:c6:5f:52:c6:99:78:ef:06:f9:e4:c1:9a:c5:
                    42:64:83:1b:39:00:b0:50:ea:b0:ea:cd:2c:b4:e7:
                    39:6d:72:6a:a8:ba:b4:e1:0f:38:ab:3e:7d:e2:cf:
                    e0:65:5f:04:e3:27:f8:c1:df:6b:30:5d:c1:c6:98:
                    14:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:BB:A8:48:E3:BB:C6:E4:3E:E6:60:B7:DF:E1:B5:F7:A1:BF:6B:CB
            X509v3 Authority Key Identifier:
                keyid:E5:80:2E:10:D4:AF:9C:B7:A5:92:C6:1B:BB:4B:09:2E:AC:38:86:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5YAuENSvnLelksYbu0sJLqw4htY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/cd57e2-57c7-4cc5-8714-3496c9d794bc/1/V7uoSOO7xuQ-5mC33-G196G_a8s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/cd57e2-57c7-4cc5-8714-3496c9d794bc/1/5YAuENSvnLelksYbu0sJLqw4htY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:c4:8d:90:31:57:2b:8b:6b:2e:d7:93:58:45:2e:c3:e1:c4:
         80:d6:06:e6:00:3a:eb:96:c1:50:21:f5:a2:47:86:44:09:b9:
         06:90:6b:44:3d:f5:1e:77:61:74:3d:06:9d:f3:89:b1:b0:e2:
         cb:ea:68:64:60:6b:fa:87:42:2f:9d:40:f3:7e:10:e8:9e:03:
         f6:e3:8c:c7:d7:b4:99:c5:ed:22:0d:46:41:7f:2d:a3:6a:6b:
         10:e8:87:6c:16:67:de:d2:7c:df:aa:6b:ee:97:7d:3d:d9:6e:
         f4:84:40:96:12:23:11:f5:e4:ee:bf:22:6a:88:38:6c:0b:80:
         da:ed:39:58:c6:79:12:23:b5:6e:87:50:9c:dd:14:20:d8:2a:
         84:4c:96:1d:b4:40:b0:67:67:5b:81:4a:61:4b:5d:5e:dc:5f:
         82:e8:93:39:1b:71:93:d2:04:1b:ee:62:48:ae:2c:b6:89:6f:
         51:55:37:89:bc:e9:a4:fc:79:0c:06:29:e8:21:4d:f6:67:26:
         85:d5:53:e2:79:33:21:b6:08:0e:8c:23:c5:60:41:ef:c7:57:
         ef:ee:d1:f5:fe:26:d9:97:81:dc:58:7f:47:a7:aa:92:78:7b:
         d2:11:7f:2d:72:e4:4a:1b:ae:f1:2e:97:6a:82:58:8a:8a:5e:
         b8:38:0b:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26tNJRMWVpeZyz0yFLzjEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ODAyZTEwZDRhZjljYjdhNTkyYzYxYmJiNGIwOTJlYWMz
ODg2ZDYwHhcNMjYwMTAxMDAxNzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2JiYTg0OGUzYmJjNmU0M2VlNjYwYjdkZmUxYjVmN2ExYmY2YmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzdgOWl6r099nm+5MVyi/clvA7PD0
TJqA19NuT8B4dXHo650iI2rmpnWiUKXZXHkYl3QtQWUObfYgWQv9zKQouGP9vHy4
hynaywZ7Miv9L/rtjD8kf/079x16PanG1KKmHkKClFk9MWORBfd6dWP9piahE02q
5KP7zDgIfIHnTHgPaAIpwExCkmmCOx+VdPJ1Km2YCJyi4kEv/xfYegF0yIJC+ePz
tvhkzarYSdRZN873QX81R3d3OKhx/elqRwU/8vhnAMZfUsaZeO8G+eTBmsVCZIMb
OQCwUOqw6s0stOc5bXJqqLq04Q84qz594s/gZV8E4yf4wd9rMF3BxpgUcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFe7qEjju8bkPuZgt9/htfehv2vLMB8GA1UdIwQY
MBaAFOWALhDUr5y3pZLGG7tLCS6sOIbWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVlBdUVOU3ZuTGVsa3NZYnUwc0pMcXc0aHRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9jZDU3ZTItNTdjNy00Y2M1LTg3MTQt
MzQ5NmM5ZDc5NGJjLzEvVjd1b1NPTzd4dVEtNW1DMzMtRzE5NkdfYThzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9jZDU3ZTItNTdjNy00Y2M1LTg3MTQtMzQ5NmM5ZDc5NGJj
LzEvNVlBdUVOU3ZuTGVsa3NZYnUwc0pMcXc0aHRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZtcMA0G
CSqGSIb3DQEBCwUAA4IBAQCWxI2QMVcri2su15NYRS7D4cSA1gbmADrrlsFQIfWi
R4ZECbkGkGtEPfUed2F0PQad84mxsOLL6mhkYGv6h0IvnUDzfhDongP244zH17SZ
xe0iDUZBfy2jamsQ6IdsFmfe0nzfqmvul3092W70hECWEiMR9eTuvyJqiDhsC4Da
7TlYxnkSI7Vuh1Cc3RQg2CqETJYdtECwZ2dbgUphS11e3F+C6JM5G3GT0gQb7mJI
riy2iW9RVTeJvOmk/HkMBinoIU32ZyaF1VPieTMhtggOjCPFYEHvx1fv7tH1/ibZ
l4HcWH9Hp6qSeHvSEX8tcuRKG67xLpdqgliKil64OAti
-----END CERTIFICATE-----