Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/dS0fvHXBhFw8I4isU2XioLXpRxM.roa
File:                     dS0fvHXBhFw8I4isU2XioLXpRxM.roa (raw, json)
Hash identifier:          5TqIfIhP/SO9ksAoUP3Ktq7aWt1McVI3y+SBhdLlUlQ=
Subject key identifier:   75:2D:1F:BC:75:C1:84:5C:3C:23:88:AC:53:65:E2:A0:B5:E9:47:13
Certificate issuer:       /CN=b27261d715348bfd73ce9dbb72488656993ba2f1
Certificate serial:       019DD45898243173438B04B96ECB175C0334
Authority key identifier: B2:72:61:D7:15:34:8B:FD:73:CE:9D:BB:72:48:86:56:99:3B:A2:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/dS0fvHXBhFw8I4isU2XioLXpRxM.roa
Signing time:             Tue 28 Apr 2026 13:47:49 +0000
ROA not before:           Tue 28 Apr 2026 13:47:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199785
IP address blocks:        45.132.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d4:58:98:24:31:73:43:8b:04:b9:6e:cb:17:5c:03:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b27261d715348bfd73ce9dbb72488656993ba2f1
        Validity
            Not Before: Apr 28 13:47:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=752d1fbc75c1845c3c2388ac5365e2a0b5e94713
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:90:6a:fd:11:90:5c:af:e8:74:de:68:85:e1:
                    f7:20:64:e2:7b:4c:28:6a:91:fd:d0:31:65:21:71:
                    ed:26:4c:c5:cc:38:7d:56:d1:df:bd:a8:61:61:86:
                    54:b2:7f:30:b9:73:1d:26:f7:37:21:aa:ba:3a:bf:
                    a2:ba:10:d3:ac:a6:fe:1d:d6:c0:79:f6:70:c0:83:
                    10:43:93:55:61:f3:2a:47:c4:b2:91:6f:fb:b8:13:
                    88:11:9c:6d:cd:4e:8d:62:71:28:1f:ac:0e:6f:90:
                    df:2c:56:44:52:55:c7:46:0a:4d:32:27:d5:f8:b7:
                    e0:08:c2:0b:0e:bb:e0:77:c7:9e:84:35:1b:e5:e4:
                    21:98:e2:a3:be:be:1f:a6:01:9b:ea:37:51:7b:05:
                    7e:67:91:c6:1a:d6:8b:ca:46:9f:22:1c:c3:2c:a5:
                    66:33:12:e9:69:a1:d9:93:d4:57:40:4f:18:24:09:
                    1f:88:38:9d:84:73:d9:fa:d5:cc:be:cf:fc:a5:f2:
                    af:c2:7b:fc:20:f5:69:75:5f:c6:b2:24:78:ac:19:
                    63:8a:a8:23:9c:3c:9e:d2:55:e2:33:b1:f4:59:88:
                    fb:8f:05:f9:ad:27:c3:04:74:4b:e3:94:a1:d9:3a:
                    70:a4:a4:9f:5a:a4:ff:7c:ea:aa:8a:a6:85:7d:ae:
                    25:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:2D:1F:BC:75:C1:84:5C:3C:23:88:AC:53:65:E2:A0:B5:E9:47:13
            X509v3 Authority Key Identifier:
                keyid:B2:72:61:D7:15:34:8B:FD:73:CE:9D:BB:72:48:86:56:99:3B:A2:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/dS0fvHXBhFw8I4isU2XioLXpRxM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:5c:ee:bb:a4:cf:b6:3e:b7:97:55:30:2a:2d:74:c2:55:73:
         ee:89:5a:11:cf:b7:f4:1e:4e:6c:bc:21:37:7b:12:16:2b:cf:
         3e:1e:21:5b:93:03:88:75:e0:ab:4c:44:a7:63:84:aa:4d:d3:
         ef:86:58:6c:a5:8b:8c:6c:bd:91:6f:57:fe:d1:56:bb:11:d9:
         e6:e9:8c:13:38:c8:bd:0a:4b:f6:4c:8a:e2:50:33:86:d6:49:
         6a:7a:fb:42:75:c3:be:93:79:f3:fb:c5:75:69:39:56:d1:0d:
         a8:3d:7c:9d:27:cd:dd:bf:bd:8b:ed:f5:91:56:ab:18:3c:c7:
         44:80:23:0d:bb:bd:83:cf:ec:1e:af:05:25:1c:3d:99:ae:82:
         f7:33:ef:6d:99:1d:da:4d:c7:57:cc:6c:8c:3a:78:92:db:3c:
         3d:4c:24:0c:80:c6:26:9e:f4:93:36:08:fb:2a:be:0b:c8:c5:
         2d:27:04:bf:8d:58:55:e4:8a:af:fc:86:cf:2e:80:c1:54:6f:
         6c:63:9e:87:62:8c:d6:ac:c7:e1:20:10:d9:3b:59:d6:46:56:
         b1:e9:f8:eb:46:dc:3a:04:dd:4d:2c:b0:c2:17:f0:3a:44:77:
         59:6d:9c:c1:f7:1c:8e:16:aa:f3:f8:e8:c1:69:8d:f7:b6:6b:
         14:3f:e7:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3UWJgkMXNDiwS5bssXXAM0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNzI2MWQ3MTUzNDhiZmQ3M2NlOWRiYjcyNDg4NjU2OTkz
YmEyZjEwHhcNMjYwNDI4MTM0NzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTJkMWZiYzc1YzE4NDVjM2MyMzg4YWM1MzY1ZTJhMGI1ZTk0NzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5Bq/RGQXK/odN5oheH3IGTie0wo
apH90DFlIXHtJkzFzDh9VtHfvahhYYZUsn8wuXMdJvc3Iaq6Or+iuhDTrKb+HdbA
efZwwIMQQ5NVYfMqR8SykW/7uBOIEZxtzU6NYnEoH6wOb5DfLFZEUlXHRgpNMifV
+LfgCMILDrvgd8eehDUb5eQhmOKjvr4fpgGb6jdRewV+Z5HGGtaLykafIhzDLKVm
MxLpaaHZk9RXQE8YJAkfiDidhHPZ+tXMvs/8pfKvwnv8IPVpdV/GsiR4rBljiqgj
nDye0lXiM7H0WYj7jwX5rSfDBHRL45Sh2TpwpKSfWqT/fOqqiqaFfa4lgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHUtH7x1wYRcPCOIrFNl4qC16UcTMB8GA1UdIwQY
MBaAFLJyYdcVNIv9c86du3JIhlaZO6LxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc25KaDF4VTBpXzF6enAyN2NraUdWcGs3b3ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9hYmE1MDItZDE5MS00ZmQ3LWE3Y2Yt
NTA0ZjI3NjY3NjBmLzEvZFMwZnZIWEJoRnc4STRpc1UyWGlvTFhwUnhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9hYmE1MDItZDE5MS00ZmQ3LWE3Y2YtNTA0ZjI3NjY3NjBm
LzEvc25KaDF4VTBpXzF6enAyN2NraUdWcGs3b3ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYQBMA0G
CSqGSIb3DQEBCwUAA4IBAQCLXO67pM+2PreXVTAqLXTCVXPuiVoRz7f0Hk5svCE3
exIWK88+HiFbkwOIdeCrTESnY4SqTdPvhlhspYuMbL2Rb1f+0Va7Ednm6YwTOMi9
Ckv2TIriUDOG1klqevtCdcO+k3nz+8V1aTlW0Q2oPXydJ83dv72L7fWRVqsYPMdE
gCMNu72Dz+werwUlHD2ZroL3M+9tmR3aTcdXzGyMOniS2zw9TCQMgMYmnvSTNgj7
Kr4LyMUtJwS/jVhV5Iqv/IbPLoDBVG9sY56HYozWrMfhIBDZO1nWRlax6fjrRtw6
BN1NLLDCF/A6RHdZbZzB9xyOFqrz+OjBaY33tmsUP+dy
-----END CERTIFICATE-----