Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/x0w0SJYyBODLjpKGKi2OvtCd5BY.roa
File:                     x0w0SJYyBODLjpKGKi2OvtCd5BY.roa (raw, json)
Hash identifier:          /oU3eS+zy0/9a9tpbxNFxOY3NXEHHhBLy521R4xGw7I=
Subject key identifier:   C7:4C:34:48:96:32:04:E0:CB:8E:92:86:2A:2D:8E:BE:D0:9D:E4:16
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       019E134172D06988419630230ED5FFB94529
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/x0w0SJYyBODLjpKGKi2OvtCd5BY.roa
Signing time:             Sun 10 May 2026 18:58:36 +0000
ROA not before:           Sun 10 May 2026 18:58:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204104
IP address blocks:        45.11.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:13:41:72:d0:69:88:41:96:30:23:0e:d5:ff:b9:45:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: May 10 18:58:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c74c3448963204e0cb8e92862a2d8ebed09de416
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:6e:7d:7f:ec:18:c9:93:12:dc:0c:33:5c:8e:
                    13:61:e2:fe:13:cc:26:f9:39:6d:cf:99:a3:a8:c9:
                    27:5c:5d:18:df:f8:a1:6a:13:c2:b5:e7:20:2c:9f:
                    19:97:71:6d:5e:99:c2:4a:77:02:c5:6e:f5:9b:c1:
                    3d:89:c3:96:50:a1:2e:2f:38:53:5c:2c:43:e3:11:
                    da:e8:b4:a8:49:0a:e5:51:2b:30:ae:1e:ec:0a:eb:
                    78:63:2f:f5:e7:bb:e1:3e:9a:f1:f1:a2:d3:47:c0:
                    99:73:5c:5e:96:f5:b7:0a:be:32:f1:81:86:f6:15:
                    3b:69:ba:09:31:fe:20:42:9f:a2:22:e6:0e:38:f5:
                    2a:ce:7f:99:d8:a8:e6:af:df:94:d2:fd:0f:1b:63:
                    f6:da:93:8e:cd:fb:ea:c2:be:be:87:e7:bd:1f:a2:
                    aa:7d:6a:70:2a:88:5b:21:6e:af:6c:d9:27:09:2c:
                    ab:59:a1:55:e5:c9:ea:cd:5c:e3:38:66:62:d8:38:
                    99:13:b6:aa:0a:91:68:01:a8:c2:df:e9:8f:d2:ae:
                    75:10:34:0c:f1:a6:a6:b3:f2:ce:9e:0c:29:8b:bd:
                    73:a3:b2:b1:10:eb:ae:ec:dd:4f:9a:4f:7c:0d:5a:
                    51:2e:14:2c:87:7b:13:4e:ab:d8:85:ac:97:3b:15:
                    a4:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:4C:34:48:96:32:04:E0:CB:8E:92:86:2A:2D:8E:BE:D0:9D:E4:16
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/x0w0SJYyBODLjpKGKi2OvtCd5BY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:4c:da:a1:f6:95:e8:4e:88:64:f8:cf:7e:bc:43:af:d4:e6:
         7d:26:b6:f3:13:7f:c6:26:59:11:5d:6b:0b:83:38:0e:96:b7:
         41:9e:19:86:bd:79:55:74:53:61:c6:4b:cf:c3:78:0c:fd:e8:
         10:a4:15:33:ec:57:70:81:67:a2:6b:6f:32:99:bc:2f:82:2b:
         2f:78:8c:2f:3c:45:cc:e5:6b:48:54:07:49:d0:cb:ec:f3:4c:
         1d:00:07:34:ba:e6:87:2c:d5:24:d7:5d:10:6a:01:06:b6:6b:
         dd:54:01:d6:66:21:88:f5:80:95:3d:89:68:f8:89:3e:ec:c4:
         d7:13:a2:64:bf:d3:b1:ce:de:a0:7d:20:a1:4e:b3:95:ea:f0:
         3c:a7:ae:92:6f:41:07:98:76:76:37:a5:94:c7:c4:10:8f:e5:
         4b:10:4d:3f:35:2c:46:68:bc:c3:0d:2c:5b:9c:73:be:aa:27:
         0d:b5:6a:c9:22:58:ce:85:a6:fb:d5:f2:3e:50:ac:b9:d5:96:
         b5:b1:86:e7:9b:58:d4:97:6f:9b:58:ce:4d:73:0b:77:c6:6b:
         9b:65:50:b1:96:dd:13:3f:0f:a5:2b:a4:ac:da:e8:8f:0e:a2:
         f0:f2:7c:33:20:a1:08:48:2f:be:04:30:65:50:d9:3f:60:70:
         95:4d:c4:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4TQXLQaYhBljAjDtX/uUUpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjYwNTEwMTg1ODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzRjMzQ0ODk2MzIwNGUwY2I4ZTkyODYyYTJkOGViZWQwOWRlNDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2m59f+wYyZMS3AwzXI4TYeL+E8wm
+Tltz5mjqMknXF0Y3/ihahPCtecgLJ8Zl3FtXpnCSncCxW71m8E9icOWUKEuLzhT
XCxD4xHa6LSoSQrlUSswrh7sCut4Yy/157vhPprx8aLTR8CZc1xelvW3Cr4y8YGG
9hU7aboJMf4gQp+iIuYOOPUqzn+Z2Kjmr9+U0v0PG2P22pOOzfvqwr6+h+e9H6Kq
fWpwKohbIW6vbNknCSyrWaFV5cnqzVzjOGZi2DiZE7aqCpFoAajC3+mP0q51EDQM
8aams/LOngwpi71zo7KxEOuu7N1Pmk98DVpRLhQsh3sTTqvYhayXOxWkjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMdMNEiWMgTgy46Shiotjr7QneQWMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEveDB3MFNKWXlCT0RManBLR0tpMk92dENkNUJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQu4MA0G
CSqGSIb3DQEBCwUAA4IBAQCHTNqh9pXoTohk+M9+vEOv1OZ9JrbzE3/GJlkRXWsL
gzgOlrdBnhmGvXlVdFNhxkvPw3gM/egQpBUz7FdwgWeia28ymbwvgisveIwvPEXM
5WtIVAdJ0Mvs80wdAAc0uuaHLNUk110QagEGtmvdVAHWZiGI9YCVPYlo+Ik+7MTX
E6Jkv9Oxzt6gfSChTrOV6vA8p66Sb0EHmHZ2N6WUx8QQj+VLEE0/NSxGaLzDDSxb
nHO+qicNtWrJIljOhab71fI+UKy51Za1sYbnm1jUl2+bWM5Ncwt3xmubZVCxlt0T
Pw+lK6Ss2uiPDqLw8nwzIKEISC++BDBlUNk/YHCVTcRL
-----END CERTIFICATE-----