Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/NKZWmWPpk5yKbqpT1nj1zXo8aUA.roa
File:                     NKZWmWPpk5yKbqpT1nj1zXo8aUA.roa (raw, json)
Hash identifier:          92H0FPOsOlhCNp13IvA89xG+9QApKfALpR7ZWVgvLv8=
Subject key identifier:   34:A6:56:99:63:E9:93:9C:8A:6E:AA:53:D6:78:F5:CD:7A:3C:69:40
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019DDEDFF39FC34E957A3E99B5BA286F5864
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/NKZWmWPpk5yKbqpT1nj1zXo8aUA.roa
Signing time:             Thu 30 Apr 2026 14:51:52 +0000
ROA not before:           Thu 30 Apr 2026 14:51:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199595
IP address blocks:        45.137.40.0/24 maxlen: 24
                          45.158.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 04:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:de:df:f3:9f:c3:4e:95:7a:3e:99:b5:ba:28:6f:58:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Apr 30 14:51:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=34a6569963e9939c8a6eaa53d678f5cd7a3c6940
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:f0:6d:68:c1:1a:92:83:9e:61:fd:bf:6e:3b:
                    55:6a:5c:a4:6e:2c:c5:2d:21:5d:df:e7:a5:8d:bf:
                    87:af:96:94:90:42:b8:06:4d:b2:e0:05:34:c0:45:
                    e1:d3:52:f3:fa:72:0b:a9:d7:01:39:24:1a:39:af:
                    d3:91:f2:36:2a:da:a0:cd:6b:31:a4:66:4c:a9:cf:
                    51:53:5a:8f:48:96:0f:ec:d6:eb:c0:52:ca:d5:75:
                    12:6f:cf:75:f2:20:d4:f9:43:f4:a7:8d:3c:91:20:
                    dc:f0:e4:d6:2b:b4:4f:b5:2b:60:a1:f2:64:b5:d2:
                    e8:a2:13:61:23:e7:a2:40:85:f1:29:9a:95:e8:50:
                    fc:4c:36:a1:e4:69:04:ee:9f:7d:3c:84:ca:db:f0:
                    77:b1:db:27:e9:b9:4a:51:79:78:f4:7c:90:c3:39:
                    e7:91:a8:0e:c4:55:19:1c:86:ac:21:58:ac:de:3b:
                    cf:a0:37:91:5d:5c:d5:94:a8:2c:82:34:da:59:65:
                    0f:5f:50:0b:45:39:6e:77:83:2b:64:95:36:04:01:
                    f6:86:ed:60:92:ba:4d:a4:49:58:ba:bd:5d:69:b6:
                    4e:01:8b:f6:d4:53:6b:6f:fd:18:65:35:68:b3:b3:
                    e2:5e:c6:e8:67:f3:62:31:4a:3b:3f:72:cb:e4:dc:
                    f2:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:A6:56:99:63:E9:93:9C:8A:6E:AA:53:D6:78:F5:CD:7A:3C:69:40
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/NKZWmWPpk5yKbqpT1nj1zXo8aUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.40.0/24
                  45.158.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:5b:3a:5f:95:1d:33:97:e4:ac:31:cb:c9:a3:64:13:06:8f:
         56:d5:ed:30:5e:19:1e:c4:92:b4:aa:39:e8:ce:8b:98:a1:c2:
         85:e7:e6:4f:ae:d9:cb:3a:d5:5a:93:27:6b:ad:75:4e:d9:39:
         fb:2f:15:63:36:27:8a:be:08:3e:09:4a:9e:02:05:0f:73:28:
         51:9e:9f:5e:3b:a1:13:de:ab:c3:f4:2c:ad:54:4b:5b:9e:2d:
         fd:9d:a7:0f:38:e7:d8:64:d5:10:d2:d3:b1:bf:da:2c:dd:67:
         46:6c:a6:88:be:a9:6a:f5:20:b0:b8:c3:c4:28:ea:89:54:e1:
         ba:f6:e9:e2:82:39:9b:aa:16:61:0a:ee:6a:1b:30:bf:41:ca:
         17:5f:09:d2:de:2a:90:68:12:60:8e:ae:06:7b:0f:25:50:22:
         67:54:b0:b4:bc:6a:21:df:58:e1:1c:52:ad:99:87:c8:6a:86:
         cb:23:1c:66:5b:5d:61:6c:82:dd:69:3b:4b:4b:cb:22:5b:e1:
         c4:da:7d:be:8a:8e:ba:d1:86:34:1f:45:d3:23:32:8a:12:1a:
         ad:a0:0b:b2:51:51:07:cd:d5:d7:7e:5a:de:03:71:66:c3:50:
         5d:be:27:ea:31:6e:d1:1f:dc:06:5c:a2:88:04:d4:97:bc:39:
         a3:f0:65:4c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3e3/Ofw06Vej6Ztboob1hkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwNDMwMTQ1MTUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGE2NTY5OTYzZTk5MzljOGE2ZWFhNTNkNjc4ZjVjZDdhM2M2OTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2fBtaMEakoOeYf2/bjtValykbizF
LSFd3+eljb+Hr5aUkEK4Bk2y4AU0wEXh01Lz+nILqdcBOSQaOa/TkfI2KtqgzWsx
pGZMqc9RU1qPSJYP7NbrwFLK1XUSb8918iDU+UP0p408kSDc8OTWK7RPtStgofJk
tdLoohNhI+eiQIXxKZqV6FD8TDah5GkE7p99PITK2/B3sdsn6blKUXl49HyQwznn
kagOxFUZHIasIVis3jvPoDeRXVzVlKgsgjTaWWUPX1ALRTlud4MrZJU2BAH2hu1g
krpNpElYur1dabZOAYv21FNrb/0YZTVos7PiXsboZ/NiMUo7P3LL5NzyQQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDSmVplj6ZOcim6qU9Z49c16PGlAMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvTktaV21XUHBrNXlLYnFwVDFuajF6WG84YVVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYkoAwQA
LZ67MA0GCSqGSIb3DQEBCwUAA4IBAQBIWzpflR0zl+SsMcvJo2QTBo9W1e0wXhke
xJK0qjnozouYocKF5+ZPrtnLOtVakydrrXVO2Tn7LxVjNieKvgg+CUqeAgUPcyhR
np9eO6ET3qvD9CytVEtbni39nacPOOfYZNUQ0tOxv9os3WdGbKaIvqlq9SCwuMPE
KOqJVOG69unigjmbqhZhCu5qGzC/QcoXXwnS3iqQaBJgjq4Gew8lUCJnVLC0vGoh
31jhHFKtmYfIaobLIxxmW11hbILdaTtLS8siW+HE2n2+io660YY0H0XTIzKKEhqt
oAuyUVEHzdXXflreA3Fmw1BdvifqMW7RH9wGXKKIBNSXvDmj8GVM
-----END CERTIFICATE-----