Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/H1emVUICE2XmoUB3lCjzmQnd6Ak.roa
File:                     H1emVUICE2XmoUB3lCjzmQnd6Ak.roa (raw, json)
Hash identifier:          OQbtHQhbOceKidpOYtukQNjTxgTngWpdYul9lp5ld+E=
Subject key identifier:   1F:57:A6:55:42:02:13:65:E6:A1:40:77:94:28:F3:99:09:DD:E8:09
Certificate issuer:       /CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
Certificate serial:       019DC378CB0B03420D46B6E5CF7ABCF23743
Authority key identifier: BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/H1emVUICE2XmoUB3lCjzmQnd6Ak.roa
Signing time:             Sat 25 Apr 2026 07:09:26 +0000
ROA not before:           Sat 25 Apr 2026 07:09:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6079
IP address blocks:        45.149.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c3:78:cb:0b:03:42:0d:46:b6:e5:cf:7a:bc:f2:37:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
        Validity
            Not Before: Apr 25 07:09:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1f57a65542021365e6a140779428f39909dde809
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:9b:f4:10:e3:18:2f:b3:ca:52:b4:b0:0e:d1:
                    14:7c:3c:ab:0d:2c:35:0c:38:6c:01:21:7c:80:fb:
                    6c:f1:ae:8d:d5:04:2d:ed:7f:df:94:07:c2:7d:81:
                    c6:0d:84:f0:2a:ff:6c:3f:db:49:c1:3e:88:28:bb:
                    ed:0c:be:b3:a0:c4:84:06:c1:91:f3:fa:27:9c:3a:
                    93:89:89:78:d4:c4:7a:68:a8:c6:4c:33:f8:0a:49:
                    12:70:33:69:cd:5f:1f:f0:48:6e:85:75:1b:40:eb:
                    d7:7a:c0:6f:0a:b3:3e:7e:db:a0:56:c5:e1:db:52:
                    6a:a4:4f:6a:f1:41:70:37:17:02:7c:92:5a:76:8e:
                    37:93:00:13:78:de:71:49:fc:b2:94:41:c4:ca:7f:
                    39:61:7c:92:4d:bb:23:e6:d0:02:f8:63:88:c1:03:
                    35:cb:d4:86:4d:ef:37:c4:43:dc:5d:c9:9c:b2:29:
                    f3:74:66:52:30:97:64:fc:cb:78:a2:01:20:77:e6:
                    40:b4:25:d2:76:b3:89:b0:1a:c9:18:4e:3c:f2:c8:
                    6e:f7:4c:65:a0:90:80:3f:28:20:db:65:37:fd:c5:
                    ee:23:ea:82:0d:98:95:d2:6d:ce:7a:3e:f1:89:81:
                    c1:f5:17:8a:af:93:18:00:90:81:a8:c3:8f:cc:3a:
                    f2:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:57:A6:55:42:02:13:65:E6:A1:40:77:94:28:F3:99:09:DD:E8:09
            X509v3 Authority Key Identifier:
                keyid:BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/H1emVUICE2XmoUB3lCjzmQnd6Ak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:c7:b7:d5:82:6f:31:81:c3:a7:1e:e5:0b:31:ef:77:f7:30:
         eb:35:56:64:09:97:4c:12:05:ba:4e:f8:fa:f7:87:58:9e:7e:
         ed:81:81:16:2e:e5:c8:14:6e:88:a3:ed:88:fb:53:bb:b5:62:
         47:2e:0e:d9:14:84:7e:46:4d:b7:c2:6e:ac:ea:4c:57:1f:ff:
         27:42:89:f5:97:ba:5d:b5:3b:f3:9a:ce:18:8d:9c:fa:9d:35:
         37:98:87:b4:0d:f4:ff:17:aa:96:77:88:7a:fd:89:08:27:79:
         69:77:0e:fb:52:1b:c7:b2:8a:9e:bb:a7:42:df:4e:4f:68:e0:
         ad:be:31:54:2c:75:d2:f1:cd:77:b0:55:c5:be:35:43:eb:99:
         54:5a:4b:c8:58:67:84:02:51:52:b1:bb:a5:44:d4:7e:14:b2:
         3f:b0:6d:d9:3d:f4:7d:51:07:d7:5f:aa:19:a2:d3:03:6d:66:
         3f:14:9d:03:58:32:ea:35:3d:b0:c2:a7:18:c8:42:2f:08:fd:
         b5:36:33:99:dd:16:e7:06:29:0c:ca:cc:0b:e6:ed:18:bc:68:
         fd:46:fe:32:88:9b:46:81:e5:c1:18:f2:fb:06:c6:e3:23:fd:
         28:52:07:49:1f:a4:ef:ec:e4:73:d6:87:77:5a:0a:f1:ab:fb:
         cb:cf:75:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3DeMsLA0INRrblz3q88jdDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMzY2ODYyOGYwZGY3OWQwNDdlY2EwZDlhZGNmYzBiNjY5
M2UzMDkwHhcNMjYwNDI1MDcwOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjU3YTY1NTQyMDIxMzY1ZTZhMTQwNzc5NDI4ZjM5OTA5ZGRlODA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJv0EOMYL7PKUrSwDtEUfDyrDSw1
DDhsASF8gPts8a6N1QQt7X/flAfCfYHGDYTwKv9sP9tJwT6IKLvtDL6zoMSEBsGR
8/onnDqTiYl41MR6aKjGTDP4CkkScDNpzV8f8EhuhXUbQOvXesBvCrM+ftugVsXh
21JqpE9q8UFwNxcCfJJado43kwATeN5xSfyylEHEyn85YXySTbsj5tAC+GOIwQM1
y9SGTe83xEPcXcmcsinzdGZSMJdk/Mt4ogEgd+ZAtCXSdrOJsBrJGE488shu90xl
oJCAPygg22U3/cXuI+qCDZiV0m3Oej7xiYHB9ReKr5MYAJCBqMOPzDryGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB9XplVCAhNl5qFAd5Qo85kJ3egJMB8GA1UdIwQY
MBaAFL02aGKPDfedBH7KDZrc/Atmk+MJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMt
ZTZiZjMxNmM5NGExLzEvSDFlbVZVSUNFMlhtb1VCM2xDanptUW5kNkFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMtZTZiZjMxNmM5NGEx
LzEvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZUHMA0G
CSqGSIb3DQEBCwUAA4IBAQAgx7fVgm8xgcOnHuULMe939zDrNVZkCZdMEgW6Tvj6
94dYnn7tgYEWLuXIFG6Io+2I+1O7tWJHLg7ZFIR+Rk23wm6s6kxXH/8nQon1l7pd
tTvzms4YjZz6nTU3mIe0DfT/F6qWd4h6/YkIJ3lpdw77UhvHsoqeu6dC305PaOCt
vjFULHXS8c13sFXFvjVD65lUWkvIWGeEAlFSsbulRNR+FLI/sG3ZPfR9UQfXX6oZ
otMDbWY/FJ0DWDLqNT2wwqcYyEIvCP21NjOZ3RbnBikMyswL5u0YvGj9Rv4yiJtG
geXBGPL7BsbjI/0oUgdJH6Tv7ORz1od3Wgrxq/vLz3XO
-----END CERTIFICATE-----