Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/b72de4-6366-47fa-b6f6-d42bd682638d/1/f7oJ5S7QhjbF7Hv3vAYtSNv0X-8.roa
File:                     f7oJ5S7QhjbF7Hv3vAYtSNv0X-8.roa (raw, json)
Hash identifier:          f3H5djjlFovDR3gNvScOu/4dBbS3OgO3hekLoTa++Qg=
Subject key identifier:   7F:BA:09:E5:2E:D0:86:36:C5:EC:7B:F7:BC:06:2D:48:DB:F4:5F:EF
Certificate issuer:       /CN=6f9f23a63ad625a7ed30da6da2cdc9e8b5bb803e
Certificate serial:       019C9AFCD5B855132891194102B015DA8F00
Authority key identifier: 6F:9F:23:A6:3A:D6:25:A7:ED:30:DA:6D:A2:CD:C9:E8:B5:BB:80:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b58jpjrWJaftMNptos3J6LW7gD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/b72de4-6366-47fa-b6f6-d42bd682638d/1/f7oJ5S7QhjbF7Hv3vAYtSNv0X-8.roa
Signing time:             Thu 26 Feb 2026 17:26:26 +0000
ROA not before:           Thu 26 Feb 2026 17:26:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48896
IP address blocks:        45.159.81.0/24 maxlen: 24
                          45.159.82.0/24 maxlen: 24
                          45.159.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/b72de4-6366-47fa-b6f6-d42bd682638d/1/b58jpjrWJaftMNptos3J6LW7gD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/b72de4-6366-47fa-b6f6-d42bd682638d/1/b58jpjrWJaftMNptos3J6LW7gD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b58jpjrWJaftMNptos3J6LW7gD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 17:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9a:fc:d5:b8:55:13:28:91:19:41:02:b0:15:da:8f:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f9f23a63ad625a7ed30da6da2cdc9e8b5bb803e
        Validity
            Not Before: Feb 26 17:26:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7fba09e52ed08636c5ec7bf7bc062d48dbf45fef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:d5:fc:48:2f:cb:bf:94:21:02:6e:5a:22:ef:
                    32:1c:e4:85:df:75:f9:d2:b2:fb:52:1f:d8:3a:28:
                    fe:46:20:2b:d6:b9:7f:40:05:e5:2d:b8:12:58:db:
                    53:f1:42:a8:bf:02:8f:ca:5e:b1:bc:09:08:15:a3:
                    10:ed:97:58:c6:0c:de:c5:7e:d6:9f:59:ed:be:58:
                    65:ae:26:81:a2:cd:09:a1:46:95:0e:6e:af:b0:6f:
                    a7:67:cb:b7:11:38:d1:e6:a5:a5:fc:9e:95:54:8c:
                    ab:e7:e6:76:68:d1:0b:7e:d5:98:bc:0b:19:86:96:
                    84:a4:75:3c:4e:e2:f0:d3:3f:3a:ec:46:33:9b:7a:
                    d5:6d:7d:f8:7e:90:c4:9d:f2:67:de:5b:bd:22:00:
                    be:06:f6:8e:1c:17:d1:4c:7d:24:3f:85:4e:b2:a1:
                    a6:4e:58:d0:b7:49:c6:da:86:3d:54:0a:d6:ed:03:
                    3e:d7:d1:1b:23:ca:7a:02:1f:d7:28:58:b9:a2:bc:
                    c4:da:ee:03:3d:8b:77:bd:20:f2:da:a6:c0:61:06:
                    95:ea:ba:39:bf:97:8a:b2:9b:7e:85:21:d5:e0:0f:
                    87:22:ff:a0:ac:e6:60:17:37:2c:92:98:d1:db:c4:
                    1f:1f:91:23:b9:14:55:99:22:43:68:94:73:e7:16:
                    b9:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:BA:09:E5:2E:D0:86:36:C5:EC:7B:F7:BC:06:2D:48:DB:F4:5F:EF
            X509v3 Authority Key Identifier:
                keyid:6F:9F:23:A6:3A:D6:25:A7:ED:30:DA:6D:A2:CD:C9:E8:B5:BB:80:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b58jpjrWJaftMNptos3J6LW7gD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b72de4-6366-47fa-b6f6-d42bd682638d/1/f7oJ5S7QhjbF7Hv3vAYtSNv0X-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b72de4-6366-47fa-b6f6-d42bd682638d/1/b58jpjrWJaftMNptos3J6LW7gD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.81.0-45.159.83.255

    Signature Algorithm: sha256WithRSAEncryption
         73:8c:05:ce:3c:ef:1f:9a:2c:68:d1:c9:7a:87:ef:0e:5e:a1:
         b3:92:f7:9f:6e:c9:10:d2:ef:61:68:17:ee:26:51:51:de:9c:
         04:cf:df:fc:b2:b1:02:53:9a:57:4c:b4:dc:bd:e7:30:bc:04:
         9f:5e:2a:f6:a1:fb:11:79:16:b5:97:4d:99:ca:ed:ce:4d:78:
         e8:c2:3c:7b:40:87:01:96:f1:bb:0f:5f:a6:e4:73:04:b2:a3:
         e4:6c:d1:0d:d9:55:65:ca:58:84:11:b7:25:f2:f3:82:cd:52:
         a6:45:25:c4:11:f9:da:d5:d6:3a:42:cf:df:e4:fc:df:98:3d:
         18:46:02:b1:ee:66:c5:a1:16:34:80:c3:9f:3f:a4:3d:b3:69:
         a8:9a:41:b0:fc:c7:d1:d4:02:2c:78:9a:5d:3b:e2:66:aa:5a:
         8c:51:ae:b6:b9:f6:ce:34:a7:8d:da:42:3c:d6:e8:1c:bb:aa:
         3d:87:1c:8d:a5:48:83:b1:13:c2:24:68:55:b0:fb:e9:0d:55:
         18:b4:06:9d:ef:01:45:20:fa:4b:4b:dd:4e:66:07:d2:40:3d:
         4c:17:e6:4d:a6:81:7e:21:26:41:50:13:ef:d3:90:f0:2e:4c:
         a8:83:63:91:c7:82:99:a7:25:de:6e:d1:a3:07:a8:9b:2e:e6:
         ff:ab:8e:48
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZya/NW4VRMokRlBArAV2o8AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmOWYyM2E2M2FkNjI1YTdlZDMwZGE2ZGEyY2RjOWU4YjVi
YjgwM2UwHhcNMjYwMjI2MTcyNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmJhMDllNTJlZDA4NjM2YzVlYzdiZjdiYzA2MmQ0OGRiZjQ1ZmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNX8SC/Lv5QhAm5aIu8yHOSF33X5
0rL7Uh/YOij+RiAr1rl/QAXlLbgSWNtT8UKovwKPyl6xvAkIFaMQ7ZdYxgzexX7W
n1ntvlhlriaBos0JoUaVDm6vsG+nZ8u3ETjR5qWl/J6VVIyr5+Z2aNELftWYvAsZ
hpaEpHU8TuLw0z867EYzm3rVbX34fpDEnfJn3lu9IgC+BvaOHBfRTH0kP4VOsqGm
TljQt0nG2oY9VArW7QM+19EbI8p6Ah/XKFi5orzE2u4DPYt3vSDy2qbAYQaV6ro5
v5eKspt+hSHV4A+HIv+grOZgFzcskpjR28QfH5EjuRRVmSJDaJRz5xa5NQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFH+6CeUu0IY2xex797wGLUjb9F/vMB8GA1UdIwQY
MBaAFG+fI6Y61iWn7TDabaLNyei1u4A+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjU4anBqcldKYWZ0TU5wdG9zM0o2TFc3Z0Q0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iNzJkZTQtNjM2Ni00N2ZhLWI2ZjYt
ZDQyYmQ2ODI2MzhkLzEvZjdvSjVTN1FoamJGN0h2M3ZBWXRTTnYwWC04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iNzJkZTQtNjM2Ni00N2ZhLWI2ZjYtZDQyYmQ2ODI2Mzhk
LzEvYjU4anBqcldKYWZ0TU5wdG9zM0o2TFc3Z0Q0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAtn1ED
BAItn1AwDQYJKoZIhvcNAQELBQADggEBAHOMBc487x+aLGjRyXqH7w5eobOS959u
yRDS72FoF+4mUVHenATP3/yysQJTmldMtNy95zC8BJ9eKvah+xF5FrWXTZnK7c5N
eOjCPHtAhwGW8bsPX6bkcwSyo+Rs0Q3ZVWXKWIQRtyXy84LNUqZFJcQR+drV1jpC
z9/k/N+YPRhGArHuZsWhFjSAw58/pD2zaaiaQbD8x9HUAix4ml074maqWoxRrra5
9s40p43aQjzW6By7qj2HHI2lSIOxE8IkaFWw++kNVRi0Bp3vAUUg+ktL3U5mB9JA
PUwX5k2mgX4hJkFQE+/TkPAuTKiDY5HHgpmnJd5u0aMHqJsu5v+rjkg=
-----END CERTIFICATE-----