Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/3ade31-4ac1-435e-b4e5-3ad13c603ea2/1/szLd58h9ss7j2xagBuMXF5WP0yk.roa
File:                     szLd58h9ss7j2xagBuMXF5WP0yk.roa (raw, json)
Hash identifier:          8ob8pb7Gxq2C51p/RiIuL1KyizGRkOlyyDDvo7AtTm0=
Subject key identifier:   B3:32:DD:E7:C8:7D:B2:CE:E3:DB:16:A0:06:E3:17:17:95:8F:D3:29
Certificate issuer:       /CN=d3555db9f6cdcbddb052a45348ef0d6a6d5bc1c1
Certificate serial:       019D78BA2C7E5010874194E4084DD847F7B3
Authority key identifier: D3:55:5D:B9:F6:CD:CB:DD:B0:52:A4:53:48:EF:0D:6A:6D:5B:C1:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/01VdufbNy92wUqRTSO8Nam1bwcE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/3ade31-4ac1-435e-b4e5-3ad13c603ea2/1/szLd58h9ss7j2xagBuMXF5WP0yk.roa
Signing time:             Fri 10 Apr 2026 18:49:20 +0000
ROA not before:           Fri 10 Apr 2026 18:49:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12886
IP address blocks:        45.13.64.0/23 maxlen: 23
                          2a13:8dc0::/47 maxlen: 47
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/3ade31-4ac1-435e-b4e5-3ad13c603ea2/1/01VdufbNy92wUqRTSO8Nam1bwcE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/3ade31-4ac1-435e-b4e5-3ad13c603ea2/1/01VdufbNy92wUqRTSO8Nam1bwcE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/01VdufbNy92wUqRTSO8Nam1bwcE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 03:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:78:ba:2c:7e:50:10:87:41:94:e4:08:4d:d8:47:f7:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3555db9f6cdcbddb052a45348ef0d6a6d5bc1c1
        Validity
            Not Before: Apr 10 18:49:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b332dde7c87db2cee3db16a006e31717958fd329
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:2e:a3:fe:21:04:25:00:7d:ab:49:2f:0a:75:
                    cd:80:97:d1:64:a5:79:cb:c8:fd:e3:8a:4a:f3:5c:
                    06:5c:69:79:21:21:bf:c9:b3:eb:56:ba:3c:8b:11:
                    d5:bf:5c:18:72:aa:a1:43:01:ce:61:ea:17:19:5d:
                    f8:0f:52:8c:8a:97:bf:43:02:30:78:b2:98:60:ce:
                    19:e9:7a:9a:d2:6a:e6:2b:a8:ac:6f:aa:cc:1b:f5:
                    c0:00:6c:03:42:bb:88:74:b3:2c:d8:5d:28:26:aa:
                    c0:ea:aa:b7:7a:9f:1e:6a:64:2b:be:fe:8b:2f:79:
                    ee:5c:75:5a:2f:82:4b:db:ac:6f:5b:d4:6b:ff:50:
                    91:53:b4:a7:7d:7d:72:8a:18:58:03:da:fa:f4:d3:
                    78:3a:92:c4:2d:d1:f4:ce:df:da:2b:32:15:d2:fa:
                    97:58:ae:f9:1c:da:8d:0c:42:88:46:b1:3c:29:eb:
                    8e:13:a0:92:74:58:f4:f8:5d:fa:9b:1d:3b:d1:0a:
                    76:81:ce:2b:c1:9f:52:7c:7e:ab:88:72:75:22:f3:
                    6b:ba:e3:92:67:90:0e:c1:e5:d9:82:99:c5:ae:88:
                    5c:d6:69:f4:56:03:04:9b:ad:a4:83:04:13:77:7a:
                    7e:df:40:b0:f3:91:5d:f4:95:52:ce:a5:13:1d:9c:
                    39:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:32:DD:E7:C8:7D:B2:CE:E3:DB:16:A0:06:E3:17:17:95:8F:D3:29
            X509v3 Authority Key Identifier:
                keyid:D3:55:5D:B9:F6:CD:CB:DD:B0:52:A4:53:48:EF:0D:6A:6D:5B:C1:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/01VdufbNy92wUqRTSO8Nam1bwcE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/3ade31-4ac1-435e-b4e5-3ad13c603ea2/1/szLd58h9ss7j2xagBuMXF5WP0yk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/3ade31-4ac1-435e-b4e5-3ad13c603ea2/1/01VdufbNy92wUqRTSO8Nam1bwcE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.64.0/23
                IPv6:
                  2a13:8dc0::/47

    Signature Algorithm: sha256WithRSAEncryption
         45:1a:7a:5b:5b:86:3a:66:31:5b:62:1c:07:d7:4f:ff:77:03:
         9a:c5:af:07:e8:9f:46:53:79:5e:95:46:36:0a:47:32:2e:88:
         a1:a2:86:49:f9:3b:29:fc:87:0f:0c:e9:b0:dd:36:21:83:53:
         80:07:87:fb:55:bd:96:05:72:01:b9:ea:64:ac:7b:16:5c:61:
         fd:7c:26:6d:80:4b:b9:9b:29:29:02:73:59:c4:f2:b3:fc:c2:
         1a:1d:8b:aa:85:db:0f:15:67:e7:7f:03:b6:bf:02:fa:40:03:
         9a:99:81:9c:71:6c:30:b1:bd:7e:d4:02:94:03:5b:36:b9:ec:
         2a:66:00:cf:dd:f0:7b:86:e5:c7:2a:1f:e2:20:21:6d:0b:b4:
         75:3d:f0:cf:23:44:bc:3b:cc:e3:be:c5:69:38:6f:50:83:7f:
         8f:73:15:da:e3:8d:6f:44:1c:a5:86:f6:38:39:3b:74:ce:90:
         c1:05:07:8e:e1:39:81:03:45:1e:64:47:6e:bb:d2:3d:6b:b0:
         a8:56:e0:ac:24:ab:5b:df:dd:49:a9:6d:11:28:e7:c9:3a:96:
         6b:f7:2d:7b:31:fb:61:f4:2d:7a:80:18:82:1c:56:86:b5:42:
         af:82:49:c4:f7:a5:fc:73:f3:40:a0:cb:d6:4c:d8:ed:fb:89:
         ac:c0:bd:da
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ14uix+UBCHQZTkCE3YR/ezMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNTU1ZGI5ZjZjZGNiZGRiMDUyYTQ1MzQ4ZWYwZDZhNmQ1
YmMxYzEwHhcNMjYwNDEwMTg0OTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzMyZGRlN2M4N2RiMmNlZTNkYjE2YTAwNmUzMTcxNzk1OGZkMzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsC6j/iEEJQB9q0kvCnXNgJfRZKV5
y8j944pK81wGXGl5ISG/ybPrVro8ixHVv1wYcqqhQwHOYeoXGV34D1KMipe/QwIw
eLKYYM4Z6Xqa0mrmK6isb6rMG/XAAGwDQruIdLMs2F0oJqrA6qq3ep8eamQrvv6L
L3nuXHVaL4JL26xvW9Rr/1CRU7SnfX1yihhYA9r69NN4OpLELdH0zt/aKzIV0vqX
WK75HNqNDEKIRrE8KeuOE6CSdFj0+F36mx070Qp2gc4rwZ9SfH6riHJ1IvNruuOS
Z5AOweXZgpnFrohc1mn0VgMEm62kgwQTd3p+30Cw85Fd9JVSzqUTHZw5hwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLMy3efIfbLO49sWoAbjFxeVj9MpMB8GA1UdIwQY
MBaAFNNVXbn2zcvdsFKkU0jvDWptW8HBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDFWZHVmYk55OTJ3VXFSVFNPOE5hbTFid2NFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC8zYWRlMzEtNGFjMS00MzVlLWI0ZTUt
M2FkMTNjNjAzZWEyLzEvc3pMZDU4aDlzczdqMnhhZ0J1TVhGNVdQMHlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC8zYWRlMzEtNGFjMS00MzVlLWI0ZTUtM2FkMTNjNjAzZWEy
LzEvMDFWZHVmYk55OTJ3VXFSVFNPOE5hbTFid2NFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBLQ1AMA8E
AgACMAkDBwEqE43AAAAwDQYJKoZIhvcNAQELBQADggEBAEUaeltbhjpmMVtiHAfX
T/93A5rFrwfon0ZTeV6VRjYKRzIuiKGihkn5Oyn8hw8M6bDdNiGDU4AHh/tVvZYF
cgG56mSsexZcYf18Jm2AS7mbKSkCc1nE8rP8whodi6qF2w8VZ+d/A7a/AvpAA5qZ
gZxxbDCxvX7UApQDWza57CpmAM/d8HuG5ccqH+IgIW0LtHU98M8jRLw7zOO+xWk4
b1CDf49zFdrjjW9EHKWG9jg5O3TOkMEFB47hOYEDRR5kR2670j1rsKhW4Kwkq1vf
3UmpbREo58k6lmv3LXsx+2H0LXqAGIIcVoa1Qq+CScT3pfxz80Cgy9ZM2O37iazA
vdo=
-----END CERTIFICATE-----