Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/3606f5-17e1-4319-9703-ae401a37c044/1/DfeDYFEhcGiOVGd2HiXYX5Rn1XA.roa
File:                     DfeDYFEhcGiOVGd2HiXYX5Rn1XA.roa (raw, json)
Hash identifier:          QNfPUzw4gyDIHgNy4UB5ZpKhS1ImNQM4IAovYnRUp5o=
Subject key identifier:   0D:F7:83:60:51:21:70:68:8E:54:67:76:1E:25:D8:5F:94:67:D5:70
Certificate issuer:       /CN=cf9833261697652c35547e98fc05a7e2294edbc7
Certificate serial:       019DC0080E1C2E0231EBADB10F45D6056888
Authority key identifier: CF:98:33:26:16:97:65:2C:35:54:7E:98:FC:05:A7:E2:29:4E:DB:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z5gzJhaXZSw1VH6Y_AWn4ilO28c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/3606f5-17e1-4319-9703-ae401a37c044/1/DfeDYFEhcGiOVGd2HiXYX5Rn1XA.roa
Signing time:             Fri 24 Apr 2026 15:07:26 +0000
ROA not before:           Fri 24 Apr 2026 15:07:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6079
IP address blocks:        45.149.168.0/23 maxlen: 24
                          45.149.170.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/3606f5-17e1-4319-9703-ae401a37c044/1/z5gzJhaXZSw1VH6Y_AWn4ilO28c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/3606f5-17e1-4319-9703-ae401a37c044/1/z5gzJhaXZSw1VH6Y_AWn4ilO28c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z5gzJhaXZSw1VH6Y_AWn4ilO28c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c0:08:0e:1c:2e:02:31:eb:ad:b1:0f:45:d6:05:68:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf9833261697652c35547e98fc05a7e2294edbc7
        Validity
            Not Before: Apr 24 15:07:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0df78360512170688e5467761e25d85f9467d570
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:59:7f:9e:8f:19:c3:ad:c2:31:65:cc:8d:78:
                    80:60:87:55:b3:f6:3d:e6:d6:7f:1d:78:58:9e:d6:
                    50:c1:1f:fe:44:77:9c:ad:d0:77:05:e7:63:df:46:
                    9a:2f:1e:00:7c:a0:2b:0e:f4:e8:02:02:7e:fd:f8:
                    e9:bd:c2:fd:b1:51:26:ca:0b:45:c4:42:6b:0a:7e:
                    e3:3b:44:90:43:a8:01:29:91:0c:3b:e6:4a:e2:c1:
                    1f:af:8e:13:76:d3:b0:59:7d:e4:c2:ad:5a:f5:c9:
                    bf:0c:88:30:2b:83:ca:5d:7d:f0:87:04:01:8e:ad:
                    24:d1:bf:9e:75:25:d6:76:83:9c:84:fe:12:0d:61:
                    c6:33:11:19:ea:b9:b3:a2:f6:e8:5b:b4:a5:aa:cf:
                    e2:ca:e2:f2:3f:2b:bd:d3:32:a7:df:91:6a:4a:d4:
                    61:34:a0:e5:87:8f:ac:a0:54:3d:69:27:c9:ee:55:
                    61:fc:a5:2d:fa:d9:75:9d:83:46:69:71:ec:f2:79:
                    4d:d7:ff:6b:86:f5:58:1e:6f:c3:c2:0f:52:36:67:
                    6c:2b:c0:a8:cc:b8:04:17:90:9e:28:90:47:5e:6f:
                    64:f7:db:89:b4:ff:fb:e0:56:e4:a7:06:9e:fb:5c:
                    55:17:5c:9d:28:5a:8b:cc:3e:65:81:51:6b:5e:86:
                    64:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:F7:83:60:51:21:70:68:8E:54:67:76:1E:25:D8:5F:94:67:D5:70
            X509v3 Authority Key Identifier:
                keyid:CF:98:33:26:16:97:65:2C:35:54:7E:98:FC:05:A7:E2:29:4E:DB:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z5gzJhaXZSw1VH6Y_AWn4ilO28c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/3606f5-17e1-4319-9703-ae401a37c044/1/DfeDYFEhcGiOVGd2HiXYX5Rn1XA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/3606f5-17e1-4319-9703-ae401a37c044/1/z5gzJhaXZSw1VH6Y_AWn4ilO28c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:1a:a9:12:70:2a:f8:d4:d7:1f:50:75:66:27:ad:e5:13:f2:
         37:28:2c:bb:d9:44:f9:95:83:74:05:55:5d:dd:ab:3a:01:c5:
         49:30:21:ca:f3:40:0d:eb:be:5f:6b:0e:3d:63:20:00:e6:6b:
         b5:31:c5:88:d1:ff:a8:49:ba:a5:79:0b:ea:bb:c9:21:8b:6a:
         f2:66:f4:43:a1:b2:3d:da:81:a1:c6:77:20:5e:f6:fa:71:32:
         ac:a0:2f:98:2b:66:df:ed:0c:91:00:57:28:34:21:97:ed:34:
         b8:d2:09:52:d3:85:15:5d:6e:33:86:d1:d3:4f:0d:09:57:08:
         f5:86:2c:05:21:ac:19:a1:e7:d2:39:b7:41:9b:7d:5a:e8:ff:
         22:25:38:b1:61:00:44:4a:dc:2e:54:31:30:ad:e1:e8:24:1e:
         c7:cd:de:6a:9c:07:9b:94:ca:77:2b:f4:cc:f7:57:74:07:f4:
         fe:93:87:ba:69:3d:d2:b0:94:47:5a:5e:94:b0:c0:fe:96:44:
         78:8a:a5:12:26:11:77:0f:16:55:0b:87:3a:ab:e9:04:70:b2:
         4e:50:e4:79:89:10:af:5e:fa:d2:d5:db:2d:dc:83:b7:f7:6e:
         52:7e:b0:08:fb:35:b5:7a:35:3b:99:77:fc:40:1b:c7:c7:1f:
         b9:a1:0a:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3ACA4cLgIx662xD0XWBWiIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmOTgzMzI2MTY5NzY1MmMzNTU0N2U5OGZjMDVhN2UyMjk0
ZWRiYzcwHhcNMjYwNDI0MTUwNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGY3ODM2MDUxMjE3MDY4OGU1NDY3NzYxZTI1ZDg1Zjk0NjdkNTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1l/no8Zw63CMWXMjXiAYIdVs/Y9
5tZ/HXhYntZQwR/+RHecrdB3Bedj30aaLx4AfKArDvToAgJ+/fjpvcL9sVEmygtF
xEJrCn7jO0SQQ6gBKZEMO+ZK4sEfr44TdtOwWX3kwq1a9cm/DIgwK4PKXX3whwQB
jq0k0b+edSXWdoOchP4SDWHGMxEZ6rmzovboW7Slqs/iyuLyPyu90zKn35FqStRh
NKDlh4+soFQ9aSfJ7lVh/KUt+tl1nYNGaXHs8nlN1/9rhvVYHm/Dwg9SNmdsK8Co
zLgEF5CeKJBHXm9k99uJtP/74Fbkpwae+1xVF1ydKFqLzD5lgVFrXoZkMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA33g2BRIXBojlRndh4l2F+UZ9VwMB8GA1UdIwQY
MBaAFM+YMyYWl2UsNVR+mPwFp+IpTtvHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejVnekpoYVhaU3cxVkg2WV9BV240aWxPMjhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8zNjA2ZjUtMTdlMS00MzE5LTk3MDMt
YWU0MDFhMzdjMDQ0LzEvRGZlRFlGRWhjR2lPVkdkMkhpWFlYNVJuMVhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8zNjA2ZjUtMTdlMS00MzE5LTk3MDMtYWU0MDFhMzdjMDQ0
LzEvejVnekpoYVhaU3cxVkg2WV9BV240aWxPMjhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZWoMA0G
CSqGSIb3DQEBCwUAA4IBAQAAGqkScCr41NcfUHVmJ63lE/I3KCy72UT5lYN0BVVd
3as6AcVJMCHK80AN675faw49YyAA5mu1McWI0f+oSbqleQvqu8khi2ryZvRDobI9
2oGhxncgXvb6cTKsoC+YK2bf7QyRAFcoNCGX7TS40glS04UVXW4zhtHTTw0JVwj1
hiwFIawZoefSObdBm31a6P8iJTixYQBEStwuVDEwreHoJB7Hzd5qnAeblMp3K/TM
91d0B/T+k4e6aT3SsJRHWl6UsMD+lkR4iqUSJhF3DxZVC4c6q+kEcLJOUOR5iRCv
XvrS1dst3IO3925SfrAI+zW1ejU7mXf8QBvHxx+5oQor
-----END CERTIFICATE-----