Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/JFd9BHy0Nxa89upjrAgFVTR3EO4.roa
File:                     JFd9BHy0Nxa89upjrAgFVTR3EO4.roa (raw, json)
Hash identifier:          Jkab6LW8tUPmu7eFr3Cbffo3EOm9TOdlDCvxF4uia6E=
Subject key identifier:   24:57:7D:04:7C:B4:37:16:BC:F6:EA:63:AC:08:05:55:34:77:10:EE
Certificate issuer:       /CN=b27261d715348bfd73ce9dbb72488656993ba2f1
Certificate serial:       019DD43C84825CC112DF3295CF443F738DAE
Authority key identifier: B2:72:61:D7:15:34:8B:FD:73:CE:9D:BB:72:48:86:56:99:3B:A2:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/JFd9BHy0Nxa89upjrAgFVTR3EO4.roa
Signing time:             Tue 28 Apr 2026 13:17:09 +0000
ROA not before:           Tue 28 Apr 2026 13:17:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210546
IP address blocks:        45.132.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d4:3c:84:82:5c:c1:12:df:32:95:cf:44:3f:73:8d:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b27261d715348bfd73ce9dbb72488656993ba2f1
        Validity
            Not Before: Apr 28 13:17:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=24577d047cb43716bcf6ea63ac080555347710ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:31:65:80:15:d7:63:b8:e6:23:2d:45:56:82:
                    1f:69:1b:31:e3:47:80:85:11:df:67:15:a2:c5:08:
                    93:d1:f8:42:ea:ee:90:d7:49:d4:a2:79:e3:7e:dd:
                    3f:80:25:83:8a:3c:f0:34:18:9d:64:a6:af:8f:7c:
                    bd:06:b9:23:a1:c5:68:0c:c1:46:99:86:b6:4f:c0:
                    9f:15:f0:12:4c:50:a2:2d:51:c1:65:44:e7:89:21:
                    45:9d:46:4d:f3:9e:df:22:1f:13:4e:19:11:6c:a0:
                    fc:55:be:83:d5:9f:fb:27:2b:0a:64:b9:a4:b5:6b:
                    31:77:46:9b:f6:ef:cd:b2:5b:7a:34:ab:e0:69:7d:
                    49:4b:e6:52:ca:a9:04:6e:36:6e:03:ce:ce:ab:b8:
                    db:bf:bd:5c:36:7a:71:16:78:20:95:70:4e:73:1c:
                    bc:58:03:93:35:87:23:a7:2d:6f:6a:4d:b6:84:eb:
                    92:47:03:56:26:a9:db:2d:09:29:d2:8f:12:54:31:
                    d6:ac:c4:8f:23:33:87:e2:0e:25:5f:41:ed:c2:64:
                    32:26:58:8e:cf:fc:bb:01:35:f7:74:84:6a:f7:75:
                    37:73:5a:58:7a:ba:bf:59:30:87:b9:01:00:dc:59:
                    73:08:e4:42:11:73:bb:f2:82:59:69:5a:bb:9e:71:
                    c6:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:57:7D:04:7C:B4:37:16:BC:F6:EA:63:AC:08:05:55:34:77:10:EE
            X509v3 Authority Key Identifier:
                keyid:B2:72:61:D7:15:34:8B:FD:73:CE:9D:BB:72:48:86:56:99:3B:A2:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/JFd9BHy0Nxa89upjrAgFVTR3EO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:6a:7e:02:a8:7b:b4:2f:95:8f:9b:fc:9a:a0:b4:49:8f:1a:
         de:9a:8e:3a:8f:59:ca:b6:55:96:fc:04:fa:0a:84:9d:90:12:
         c8:50:f5:39:85:e2:3a:dc:2c:92:50:ec:42:39:c4:8b:11:62:
         b4:7b:ba:aa:78:60:e1:b8:7b:2a:f9:04:1c:4c:77:cf:a1:ea:
         45:8e:98:8b:ab:ea:55:2a:fb:ed:0f:67:e4:c2:3d:e8:61:20:
         ea:96:b4:92:c7:ec:b7:b9:8a:fd:d8:4f:86:62:5c:b0:63:31:
         58:05:18:8f:dc:ce:1d:43:ce:52:ef:b1:e5:69:4f:59:13:a9:
         ed:dd:6c:c5:21:e5:b0:dc:75:a5:a1:9c:a2:51:50:82:b0:71:
         63:fb:04:4c:46:87:d6:1a:09:d4:b3:f4:c0:01:fd:9a:ed:78:
         9a:ad:71:41:bc:26:2c:80:1e:1b:4d:d2:3f:dd:98:9c:da:f9:
         3f:8a:34:1d:83:f3:cc:8d:f3:6e:e1:22:e7:b2:4e:37:97:da:
         12:36:30:6c:73:68:27:5c:d7:b3:26:c8:16:f0:bb:24:ae:31:
         82:91:98:ab:fa:5e:2e:d2:f4:a3:1a:50:f7:b9:00:b6:5c:00:
         75:08:42:9e:7e:16:0d:38:73:64:c9:93:9b:96:02:09:a6:88:
         1d:5f:d5:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3UPISCXMES3zKVz0Q/c42uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNzI2MWQ3MTUzNDhiZmQ3M2NlOWRiYjcyNDg4NjU2OTkz
YmEyZjEwHhcNMjYwNDI4MTMxNzA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDU3N2QwNDdjYjQzNzE2YmNmNmVhNjNhYzA4MDU1NTM0NzcxMGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzFlgBXXY7jmIy1FVoIfaRsx40eA
hRHfZxWixQiT0fhC6u6Q10nUonnjft0/gCWDijzwNBidZKavj3y9BrkjocVoDMFG
mYa2T8CfFfASTFCiLVHBZUTniSFFnUZN857fIh8TThkRbKD8Vb6D1Z/7JysKZLmk
tWsxd0ab9u/Nslt6NKvgaX1JS+ZSyqkEbjZuA87Oq7jbv71cNnpxFngglXBOcxy8
WAOTNYcjpy1vak22hOuSRwNWJqnbLQkp0o8SVDHWrMSPIzOH4g4lX0HtwmQyJliO
z/y7ATX3dIRq93U3c1pYerq/WTCHuQEA3FlzCORCEXO78oJZaVq7nnHGdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCRXfQR8tDcWvPbqY6wIBVU0dxDuMB8GA1UdIwQY
MBaAFLJyYdcVNIv9c86du3JIhlaZO6LxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc25KaDF4VTBpXzF6enAyN2NraUdWcGs3b3ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9hYmE1MDItZDE5MS00ZmQ3LWE3Y2Yt
NTA0ZjI3NjY3NjBmLzEvSkZkOUJIeTBOeGE4OXVwanJBZ0ZWVFIzRU80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9hYmE1MDItZDE5MS00ZmQ3LWE3Y2YtNTA0ZjI3NjY3NjBm
LzEvc25KaDF4VTBpXzF6enAyN2NraUdWcGs3b3ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYQBMA0G
CSqGSIb3DQEBCwUAA4IBAQA3an4CqHu0L5WPm/yaoLRJjxremo46j1nKtlWW/AT6
CoSdkBLIUPU5heI63CySUOxCOcSLEWK0e7qqeGDhuHsq+QQcTHfPoepFjpiLq+pV
KvvtD2fkwj3oYSDqlrSSx+y3uYr92E+GYlywYzFYBRiP3M4dQ85S77HlaU9ZE6nt
3WzFIeWw3HWloZyiUVCCsHFj+wRMRofWGgnUs/TAAf2a7XiarXFBvCYsgB4bTdI/
3Zic2vk/ijQdg/PMjfNu4SLnsk43l9oSNjBsc2gnXNezJsgW8LskrjGCkZir+l4u
0vSjGlD3uQC2XAB1CEKefhYNOHNkyZOblgIJpogdX9UM
-----END CERTIFICATE-----