Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/0doGUzvjhTKh9AABu42q44Ci3Zg.roa
File:                     0doGUzvjhTKh9AABu42q44Ci3Zg.roa (raw, json)
Hash identifier:          9fmHJbS1+P4NMUmFUkCmc1jF7Mk3+N0b1yMT9SZ5gN0=
Subject key identifier:   D1:DA:06:53:3B:E3:85:32:A1:F4:00:01:BB:8D:AA:E3:80:A2:DD:98
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       019E0366EB2018BA3A645042DB9B57823D3D
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/0doGUzvjhTKh9AABu42q44Ci3Zg.roa
Signing time:             Thu 07 May 2026 17:05:36 +0000
ROA not before:           Thu 07 May 2026 17:05:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215174
IP address blocks:        45.135.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:03:66:eb:20:18:ba:3a:64:50:42:db:9b:57:82:3d:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: May  7 17:05:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d1da06533be38532a1f40001bb8daae380a2dd98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:0e:40:fe:6e:67:12:a0:b0:39:73:de:2a:3b:
                    85:89:22:df:26:b2:8c:b3:17:22:f5:db:94:10:39:
                    da:b6:00:79:dc:97:6b:12:e5:06:67:ff:a3:2d:0b:
                    fd:d7:26:33:3c:c3:a2:ee:f1:d1:0c:1d:f3:29:15:
                    c8:88:46:c2:e7:f8:d6:c0:ec:fe:c8:f0:29:5f:87:
                    0d:98:e4:d1:ac:b3:d6:e3:f4:67:fa:56:03:72:20:
                    06:e9:e5:f7:9b:8f:73:ee:25:b4:1c:2f:19:da:df:
                    34:0d:01:eb:92:ab:3e:97:01:bb:13:1e:0d:2b:9b:
                    13:d2:19:45:b8:8b:31:28:b6:de:7a:e0:b4:21:38:
                    9c:66:6f:06:60:8f:8b:db:f1:a9:d7:26:c8:3c:ad:
                    1c:09:d0:46:ba:d7:d5:75:16:38:2e:6c:bd:8c:c2:
                    7e:f8:1a:ed:bb:dd:66:98:99:3b:01:9d:ba:ce:52:
                    f2:fd:a4:2d:dc:2c:52:b0:36:60:69:cf:07:ad:5a:
                    ef:ab:2c:c1:32:0c:22:0b:ba:c3:7f:8b:10:f6:9b:
                    75:fa:85:b5:cf:9b:50:ae:04:a1:0e:40:48:b2:e1:
                    50:51:96:cf:ac:82:7c:a7:db:ad:55:f7:2e:e3:42:
                    a5:41:ab:db:27:8f:05:28:b8:01:9e:0d:65:b2:6a:
                    9c:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:DA:06:53:3B:E3:85:32:A1:F4:00:01:BB:8D:AA:E3:80:A2:DD:98
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/0doGUzvjhTKh9AABu42q44Ci3Zg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:a3:cc:90:43:b3:2d:e1:51:7f:bd:5e:d4:34:98:74:01:62:
         1d:9a:20:ad:41:22:06:51:c0:81:18:b3:1b:d5:47:50:d4:d8:
         35:fa:20:a3:d5:ec:9e:0f:a6:59:23:ca:37:64:3f:a0:c7:25:
         d4:4b:9b:a2:41:45:71:b9:ff:4b:6b:f6:7d:27:13:e9:ee:d0:
         4d:72:89:2c:8a:1c:12:8d:b4:6f:27:66:06:94:9c:42:d3:f6:
         ad:77:d4:74:d6:18:89:9e:35:c8:bb:0c:f2:ad:9a:9a:f9:53:
         7e:1f:e3:3a:14:9a:0f:20:8a:7c:09:3d:0d:14:3c:cd:1c:c1:
         80:15:41:4e:d9:09:a0:95:fc:90:ac:66:39:9a:e5:0e:24:f5:
         41:09:7c:f0:84:19:dc:8a:00:1a:87:bf:62:76:99:be:8c:de:
         8e:40:8a:21:a1:e6:11:29:e9:29:0f:8a:9b:d1:b7:32:0e:e1:
         1a:20:92:2a:33:c3:58:50:c3:00:b4:8a:43:d1:30:f8:1a:e2:
         5d:03:84:32:51:19:4e:c6:b2:32:6a:a8:57:da:b8:0d:b8:8d:
         f7:0a:ba:4c:f3:39:8a:32:61:72:9e:6c:e8:35:5c:61:89:c4:
         4e:23:a8:1d:37:b6:4c:c9:30:08:44:5a:e9:c2:76:60:3f:94:
         f2:57:2c:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4DZusgGLo6ZFBC25tXgj09MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjYwNTA3MTcwNTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWRhMDY1MzNiZTM4NTMyYTFmNDAwMDFiYjhkYWFlMzgwYTJkZDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2A5A/m5nEqCwOXPeKjuFiSLfJrKM
sxci9duUEDnatgB53JdrEuUGZ/+jLQv91yYzPMOi7vHRDB3zKRXIiEbC5/jWwOz+
yPApX4cNmOTRrLPW4/Rn+lYDciAG6eX3m49z7iW0HC8Z2t80DQHrkqs+lwG7Ex4N
K5sT0hlFuIsxKLbeeuC0ITicZm8GYI+L2/Gp1ybIPK0cCdBGutfVdRY4Lmy9jMJ+
+Brtu91mmJk7AZ26zlLy/aQt3CxSsDZgac8HrVrvqyzBMgwiC7rDf4sQ9pt1+oW1
z5tQrgShDkBIsuFQUZbPrIJ8p9utVfcu40KlQavbJ48FKLgBng1lsmqc1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNHaBlM744UyofQAAbuNquOAot2YMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvMGRvR1V6dmpoVEtoOUFBQnU0MnE0NENpM1pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYfoMA0G
CSqGSIb3DQEBCwUAA4IBAQAUo8yQQ7Mt4VF/vV7UNJh0AWIdmiCtQSIGUcCBGLMb
1UdQ1Ng1+iCj1eyeD6ZZI8o3ZD+gxyXUS5uiQUVxuf9La/Z9JxPp7tBNcoksihwS
jbRvJ2YGlJxC0/atd9R01hiJnjXIuwzyrZqa+VN+H+M6FJoPIIp8CT0NFDzNHMGA
FUFO2QmglfyQrGY5muUOJPVBCXzwhBncigAah79idpm+jN6OQIohoeYRKekpD4qb
0bcyDuEaIJIqM8NYUMMAtIpD0TD4GuJdA4QyURlOxrIyaqhX2rgNuI33CrpM8zmK
MmFynmzoNVxhicROI6gdN7ZMyTAIRFrpwnZgP5TyVyw0
-----END CERTIFICATE-----