Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/557414-d993-4cbf-8181-48671fb7d380/1/CK71SVGMQvNYFiW5KGhDGS1PQHc.roa
File:                     CK71SVGMQvNYFiW5KGhDGS1PQHc.roa (raw, json)
Hash identifier:          r61M2ZZlqNsyDc86Qjl5RPp7XeiHVLEfwsLRfTZBiUc=
Subject key identifier:   08:AE:F5:49:51:8C:42:F3:58:16:25:B9:28:68:43:19:2D:4F:40:77
Certificate issuer:       /CN=1ddc53d1de7a2ef7eb2b90c80915544140042488
Certificate serial:       019DF94352712A45904237B5A44AECBE8921
Authority key identifier: 1D:DC:53:D1:DE:7A:2E:F7:EB:2B:90:C8:09:15:54:41:40:04:24:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HdxT0d56LvfrK5DICRVUQUAEJIg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/557414-d993-4cbf-8181-48671fb7d380/1/CK71SVGMQvNYFiW5KGhDGS1PQHc.roa
Signing time:             Tue 05 May 2026 17:50:31 +0000
ROA not before:           Tue 05 May 2026 17:50:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12389
IP address blocks:        45.93.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/557414-d993-4cbf-8181-48671fb7d380/1/HdxT0d56LvfrK5DICRVUQUAEJIg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/557414-d993-4cbf-8181-48671fb7d380/1/HdxT0d56LvfrK5DICRVUQUAEJIg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HdxT0d56LvfrK5DICRVUQUAEJIg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f9:43:52:71:2a:45:90:42:37:b5:a4:4a:ec:be:89:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ddc53d1de7a2ef7eb2b90c80915544140042488
        Validity
            Not Before: May  5 17:50:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=08aef549518c42f3581625b9286843192d4f4077
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:52:e2:c7:43:1d:da:3f:f7:4f:08:9c:44:83:
                    66:d3:76:66:99:c8:68:b2:a5:78:70:5d:44:94:1d:
                    38:92:da:b0:ba:33:0c:bc:25:af:9d:72:b1:86:43:
                    21:0c:26:ef:92:5d:2b:3c:c2:fd:9c:fd:ab:99:ba:
                    b4:4a:a3:a3:b1:51:ca:29:20:4b:7b:1a:a6:51:63:
                    80:69:0c:4e:86:0b:4b:3c:d2:6b:f3:a9:e7:46:22:
                    55:bc:79:43:d5:e2:00:f3:f4:de:15:43:ec:d8:96:
                    77:a0:01:1c:35:8d:bf:9b:29:45:30:01:c0:7a:5d:
                    f1:cd:21:eb:85:46:04:9f:73:34:af:0b:1c:90:f9:
                    b5:90:b3:77:f7:e1:5b:d0:c8:08:46:67:bd:9d:96:
                    33:23:2f:ee:ae:ce:11:8a:14:70:6e:b9:ce:11:f6:
                    05:70:e8:dc:d3:54:81:81:18:72:6c:a5:a4:6a:32:
                    c5:3f:60:49:49:98:d5:b9:68:1e:f2:d5:f0:85:3e:
                    fb:8d:4c:4d:50:e0:55:55:eb:ef:df:e0:9e:9a:ab:
                    55:89:a3:b4:b4:de:54:a0:0b:d7:38:d8:7c:68:77:
                    59:17:ce:18:f9:79:4d:97:28:3a:b2:52:3e:40:41:
                    7e:4c:9f:57:44:ed:aa:a2:82:7a:55:45:c0:98:60:
                    77:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:AE:F5:49:51:8C:42:F3:58:16:25:B9:28:68:43:19:2D:4F:40:77
            X509v3 Authority Key Identifier:
                keyid:1D:DC:53:D1:DE:7A:2E:F7:EB:2B:90:C8:09:15:54:41:40:04:24:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HdxT0d56LvfrK5DICRVUQUAEJIg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/557414-d993-4cbf-8181-48671fb7d380/1/CK71SVGMQvNYFiW5KGhDGS1PQHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/557414-d993-4cbf-8181-48671fb7d380/1/HdxT0d56LvfrK5DICRVUQUAEJIg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:50:95:8b:fb:fb:b6:ee:9b:cc:fd:0b:61:49:16:63:8d:34:
         a0:2d:02:91:ab:fb:c8:d7:6b:64:90:bb:bd:1b:20:8c:60:54:
         f2:64:a1:3f:ef:90:a7:fa:8f:39:8e:5b:cd:a3:e3:39:5e:d0:
         32:4b:04:7f:76:18:f7:a2:30:65:b8:6d:31:e4:8d:69:fd:e4:
         3b:f5:ff:06:76:bd:b3:f0:d5:29:19:ad:dd:71:2c:ce:d6:3b:
         92:70:f4:2d:6e:a2:6d:b0:13:61:25:61:ed:0e:8a:f6:3f:6f:
         5b:50:16:af:52:84:ab:a1:39:69:83:71:5a:71:87:f7:cb:ad:
         3b:fa:00:6c:ac:e0:32:a1:bb:e0:77:30:77:fd:9c:4b:06:c6:
         fa:66:db:00:af:0b:af:aa:83:3d:e7:68:16:cd:3c:74:81:43:
         7f:84:47:d8:b2:b3:7f:1a:76:af:d2:c9:60:9a:4e:85:8f:3c:
         b1:75:58:85:71:d2:91:8b:e3:ab:d9:21:ed:b0:8e:7e:bd:29:
         a1:28:56:34:16:4c:74:64:e5:0d:39:da:12:c7:5f:b5:fd:d1:
         eb:f8:e2:fa:29:71:7e:4b:ab:ae:a9:56:c2:6b:25:09:ae:10:
         fe:2f:ed:58:16:02:f4:39:05:f4:43:fb:72:69:22:a1:67:80:
         b5:0f:54:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ35Q1JxKkWQQje1pErsvokhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkZGM1M2QxZGU3YTJlZjdlYjJiOTBjODA5MTU1NDQxNDAw
NDI0ODgwHhcNMjYwNTA1MTc1MDMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGFlZjU0OTUxOGM0MmYzNTgxNjI1YjkyODY4NDMxOTJkNGY0MDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolLix0Md2j/3TwicRINm03Zmmcho
sqV4cF1ElB04ktqwujMMvCWvnXKxhkMhDCbvkl0rPML9nP2rmbq0SqOjsVHKKSBL
exqmUWOAaQxOhgtLPNJr86nnRiJVvHlD1eIA8/TeFUPs2JZ3oAEcNY2/mylFMAHA
el3xzSHrhUYEn3M0rwsckPm1kLN39+Fb0MgIRme9nZYzIy/urs4RihRwbrnOEfYF
cOjc01SBgRhybKWkajLFP2BJSZjVuWge8tXwhT77jUxNUOBVVevv3+CemqtViaO0
tN5UoAvXONh8aHdZF84Y+XlNlyg6slI+QEF+TJ9XRO2qooJ6VUXAmGB3mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAiu9UlRjELzWBYluShoQxktT0B3MB8GA1UdIwQY
MBaAFB3cU9Heei736yuQyAkVVEFABCSIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGR4VDBkNTZMdmZySzVESUNSVlVRVUFFSklnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy81NTc0MTQtZDk5My00Y2JmLTgxODEt
NDg2NzFmYjdkMzgwLzEvQ0s3MVNWR01Rdk5ZRmlXNUtHaERHUzFQUUhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy81NTc0MTQtZDk5My00Y2JmLTgxODEtNDg2NzFmYjdkMzgw
LzEvSGR4VDBkNTZMdmZySzVESUNSVlVRVUFFSklnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV1RMA0G
CSqGSIb3DQEBCwUAA4IBAQBoUJWL+/u27pvM/QthSRZjjTSgLQKRq/vI12tkkLu9
GyCMYFTyZKE/75Cn+o85jlvNo+M5XtAySwR/dhj3ojBluG0x5I1p/eQ79f8Gdr2z
8NUpGa3dcSzO1juScPQtbqJtsBNhJWHtDor2P29bUBavUoSroTlpg3FacYf3y607
+gBsrOAyobvgdzB3/ZxLBsb6ZtsArwuvqoM952gWzTx0gUN/hEfYsrN/Gnav0slg
mk6FjzyxdViFcdKRi+Or2SHtsI5+vSmhKFY0Fkx0ZOUNOdoSx1+1/dHr+OL6KXF+
S6uuqVbCayUJrhD+L+1YFgL0OQX0Q/tyaSKhZ4C1D1Qd
-----END CERTIFICATE-----