Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/KwJPZQwA7h0g1xgNgGgOapIB9MQ.roa
File:                     KwJPZQwA7h0g1xgNgGgOapIB9MQ.roa (raw, json)
Hash identifier:          U+mfnTnbsM1iYi2bb9iuXYCVGh4oH0AJY2KvNTzkiqQ=
Subject key identifier:   2B:02:4F:65:0C:00:EE:1D:20:D7:18:0D:80:68:0E:6A:92:01:F4:C4
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019DAEF0C25649069EBAE82019A4328B7B6E
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/KwJPZQwA7h0g1xgNgGgOapIB9MQ.roa
Signing time:             Tue 21 Apr 2026 07:28:27 +0000
ROA not before:           Tue 21 Apr 2026 07:28:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203121
IP address blocks:        45.137.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:35:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ae:f0:c2:56:49:06:9e:ba:e8:20:19:a4:32:8b:7b:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Apr 21 07:28:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2b024f650c00ee1d20d7180d80680e6a9201f4c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:d7:dd:cd:00:b1:c4:85:df:7c:92:64:30:5b:
                    82:3a:e3:6a:3f:13:6f:50:b4:34:17:77:8b:f1:80:
                    74:96:e7:3d:48:14:4a:2c:55:2a:ed:50:69:5b:c8:
                    dd:c6:0a:4b:4b:27:5d:b8:53:53:17:76:73:ef:5d:
                    47:27:73:d2:ab:87:23:55:5d:bf:49:2c:e3:c7:79:
                    cf:39:36:cd:5a:83:7d:b7:15:e9:84:44:aa:3b:12:
                    dd:13:09:d9:4a:2d:76:48:49:46:fc:b9:82:9b:1d:
                    5c:02:8e:0b:06:d3:42:23:07:54:7d:64:0e:71:d5:
                    e7:db:08:f3:71:9e:68:9e:1a:26:56:12:ef:07:7e:
                    0e:7f:4d:d3:52:ca:9c:bf:3b:d9:3c:97:26:d2:f8:
                    40:ae:ad:cb:e5:38:94:28:62:51:a6:ec:3a:f6:e8:
                    74:19:0f:65:f8:aa:ab:4b:bc:25:cc:54:2c:dd:a2:
                    6c:cf:79:cf:3b:33:c4:fc:b4:73:a9:5a:60:12:eb:
                    73:f7:e4:fd:1d:9b:cc:29:20:15:c2:2c:4d:df:db:
                    f1:04:be:59:b4:5f:24:74:5b:0c:a3:27:72:10:3a:
                    6b:f7:c5:8f:76:91:57:2a:b4:4f:78:30:11:65:df:
                    66:1a:a6:0f:56:fa:61:76:05:50:48:a8:8f:e4:eb:
                    b3:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:02:4F:65:0C:00:EE:1D:20:D7:18:0D:80:68:0E:6A:92:01:F4:C4
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/KwJPZQwA7h0g1xgNgGgOapIB9MQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:81:3b:14:b2:ab:0a:fe:4f:33:89:f6:76:7a:ea:e9:9e:e1:
         f1:5e:62:d3:88:3d:98:b2:35:fa:b5:e4:5b:ab:de:78:a1:e8:
         c5:7c:b1:59:60:72:08:27:fb:e2:03:13:60:a1:50:c2:3c:81:
         c6:f9:03:2c:ee:e1:d2:55:b7:c7:5a:d1:1a:09:31:9b:68:51:
         40:13:c8:9e:d8:1d:e6:1f:9b:85:f7:a6:a2:0c:6b:5c:60:c0:
         bf:29:44:ce:3d:d4:11:ae:25:8b:a9:40:5c:71:be:55:33:dc:
         4e:b7:dd:74:e1:81:e3:b1:79:00:e7:db:80:bb:a0:67:18:c2:
         bd:21:44:f5:a7:2d:89:07:7a:a2:ce:d1:eb:4b:f0:15:d2:9e:
         9e:66:4f:ae:00:a7:df:70:54:14:0d:63:e8:7a:82:d4:8d:7c:
         8b:26:b5:69:c8:2e:cc:f3:f9:26:2f:3f:02:9e:f4:a4:a8:93:
         77:62:8a:e2:f7:ed:6d:3a:e0:1c:0b:6c:61:eb:48:20:12:f3:
         b4:87:7a:fa:91:79:0d:d0:52:d7:62:e9:cd:f3:9a:a1:ed:04:
         ef:54:82:2c:bf:e5:5a:bc:9e:2a:10:95:b2:aa:6f:a8:3d:d1:
         53:9c:de:89:26:a4:53:f3:11:d6:7e:62:5f:a3:44:52:e7:99:
         25:a7:60:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2u8MJWSQaeuuggGaQyi3tuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwNDIxMDcyODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjAyNGY2NTBjMDBlZTFkMjBkNzE4MGQ4MDY4MGU2YTkyMDFmNGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvdfdzQCxxIXffJJkMFuCOuNqPxNv
ULQ0F3eL8YB0luc9SBRKLFUq7VBpW8jdxgpLSydduFNTF3Zz711HJ3PSq4cjVV2/
SSzjx3nPOTbNWoN9txXphESqOxLdEwnZSi12SElG/LmCmx1cAo4LBtNCIwdUfWQO
cdXn2wjzcZ5onhomVhLvB34Of03TUsqcvzvZPJcm0vhArq3L5TiUKGJRpuw69uh0
GQ9l+KqrS7wlzFQs3aJsz3nPOzPE/LRzqVpgEutz9+T9HZvMKSAVwixN39vxBL5Z
tF8kdFsMoydyEDpr98WPdpFXKrRPeDARZd9mGqYPVvphdgVQSKiP5Ouz1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCsCT2UMAO4dINcYDYBoDmqSAfTEMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvS3dKUFpRd0E3aDBnMXhnTmdHZ09hcElCOU1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYlWMA0G
CSqGSIb3DQEBCwUAA4IBAQCggTsUsqsK/k8zifZ2eurpnuHxXmLTiD2YsjX6teRb
q954oejFfLFZYHIIJ/viAxNgoVDCPIHG+QMs7uHSVbfHWtEaCTGbaFFAE8ie2B3m
H5uF96aiDGtcYMC/KUTOPdQRriWLqUBccb5VM9xOt9104YHjsXkA59uAu6BnGMK9
IUT1py2JB3qiztHrS/AV0p6eZk+uAKffcFQUDWPoeoLUjXyLJrVpyC7M8/kmLz8C
nvSkqJN3Yori9+1tOuAcC2xh60ggEvO0h3r6kXkN0FLXYunN85qh7QTvVIIsv+Va
vJ4qEJWyqm+oPdFTnN6JJqRT8xHWfmJfo0RS55klp2C9
-----END CERTIFICATE-----