Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/956c37-993a-41de-abe0-65d722837121/1/cxAjEm62CMAOsVOQZcXd95P12ac.roa
File:                     cxAjEm62CMAOsVOQZcXd95P12ac.roa (raw, json)
Hash identifier:          bNDKClgOgAIHrP/LgJgPvv3PiPcCnhX0Vjjf2lgZuNw=
Subject key identifier:   73:10:23:12:6E:B6:08:C0:0E:B1:53:90:65:C5:DD:F7:93:F5:D9:A7
Certificate issuer:       /CN=159d30b70b9a83cb8ed5501f554a7feca382f959
Certificate serial:       019B77595B28558D7B9AA9E6E35EB067653E
Authority key identifier: 15:9D:30:B7:0B:9A:83:CB:8E:D5:50:1F:55:4A:7F:EC:A3:82:F9:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FZ0wtwuag8uO1VAfVUp_7KOC-Vk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/956c37-993a-41de-abe0-65d722837121/1/cxAjEm62CMAOsVOQZcXd95P12ac.roa
Signing time:             Thu 01 Jan 2026 02:18:23 +0000
ROA not before:           Thu 01 Jan 2026 02:18:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199703
IP address blocks:        45.157.144.0/22 maxlen: 22
                          2a13:f000::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/956c37-993a-41de-abe0-65d722837121/1/FZ0wtwuag8uO1VAfVUp_7KOC-Vk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/956c37-993a-41de-abe0-65d722837121/1/FZ0wtwuag8uO1VAfVUp_7KOC-Vk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FZ0wtwuag8uO1VAfVUp_7KOC-Vk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:5b:28:55:8d:7b:9a:a9:e6:e3:5e:b0:67:65:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=159d30b70b9a83cb8ed5501f554a7feca382f959
        Validity
            Not Before: Jan  1 02:18:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=731023126eb608c00eb1539065c5ddf793f5d9a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:4d:34:21:de:a7:f8:2c:05:76:53:a1:f0:da:
                    86:70:10:1d:36:c7:da:37:ad:80:be:46:74:4d:f5:
                    5b:0f:15:2c:a6:3b:e6:00:67:7c:04:1c:55:ed:c2:
                    14:c0:c5:8d:e9:48:42:f0:99:c9:db:4a:fe:d4:15:
                    4b:5b:96:2b:7c:34:2e:55:c5:66:16:9f:b5:8a:92:
                    3a:bd:19:8c:68:3a:3e:c8:47:d9:ab:f1:9e:35:65:
                    11:d2:d7:a8:41:9f:fa:73:59:f6:03:30:b3:a9:5a:
                    8e:df:db:c2:c2:12:e8:07:27:63:31:ac:0e:d4:3e:
                    14:70:5b:c7:36:23:4a:e0:69:70:14:ef:59:c3:35:
                    a7:88:6d:f5:1d:64:c8:4a:f1:85:3a:5f:dd:1c:2e:
                    6c:bf:04:92:e9:1b:34:e4:7d:55:69:de:ea:2c:ee:
                    35:af:b9:51:7e:88:9c:e8:46:3a:00:4a:6d:99:e5:
                    6d:f6:5e:0c:6c:66:dc:84:ca:66:a5:e7:1c:15:e5:
                    3c:42:37:9d:3f:46:30:dd:d2:3c:0b:11:21:7b:3c:
                    15:16:f9:b9:97:bd:2f:f1:09:48:c8:ec:6b:8d:69:
                    84:87:ee:69:4a:26:44:a0:2a:b8:1e:00:88:08:36:
                    da:31:16:ca:bf:63:4b:d8:72:a3:3b:37:be:49:57:
                    b3:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:10:23:12:6E:B6:08:C0:0E:B1:53:90:65:C5:DD:F7:93:F5:D9:A7
            X509v3 Authority Key Identifier:
                keyid:15:9D:30:B7:0B:9A:83:CB:8E:D5:50:1F:55:4A:7F:EC:A3:82:F9:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FZ0wtwuag8uO1VAfVUp_7KOC-Vk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/956c37-993a-41de-abe0-65d722837121/1/cxAjEm62CMAOsVOQZcXd95P12ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/956c37-993a-41de-abe0-65d722837121/1/FZ0wtwuag8uO1VAfVUp_7KOC-Vk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.144.0/22
                IPv6:
                  2a13:f000::/32

    Signature Algorithm: sha256WithRSAEncryption
         9d:11:37:aa:f5:45:b4:d2:d5:4b:0a:6d:e9:e4:c8:91:ed:39:
         b2:ac:f6:7c:12:e0:fc:62:f5:f7:1f:b2:10:a8:d1:61:26:44:
         cb:d6:84:1e:53:61:1f:4a:6c:0b:77:78:d2:2f:a1:d1:56:2e:
         f2:e9:77:c6:70:ac:e1:1b:5b:49:50:65:61:b1:c7:0e:6f:a4:
         03:a4:69:a5:39:3f:3a:0e:99:5c:57:bb:37:40:1a:5b:0a:d1:
         37:a0:d8:ce:38:ec:54:c5:5c:f9:4d:20:35:d5:4e:49:7e:1c:
         6d:2b:7f:9d:3c:25:52:11:17:09:7b:39:bb:0f:9f:04:a0:35:
         c7:b3:21:0b:cd:ff:67:ca:b0:5c:4f:23:f0:c8:5b:ab:95:6f:
         61:2c:03:15:7d:6b:c7:bf:0f:fb:e9:81:c0:e8:0b:db:b2:fa:
         c0:9b:51:cb:be:92:b2:c8:bb:d9:5c:cc:55:db:77:f7:43:cb:
         9d:96:56:ac:a3:78:45:19:93:f8:d1:62:f6:8a:b8:7b:6f:cd:
         e6:89:ce:dc:76:9c:cf:e9:ee:7a:d9:45:03:ba:ef:cc:f3:cb:
         37:ef:93:0d:f7:e2:c2:02:92:50:4c:f8:b9:65:4e:af:26:96:
         64:21:84:0d:1d:81:fb:8a:e8:33:a9:bc:a0:13:1e:e6:c9:13:
         0c:84:a4:e7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt3WVsoVY17mqnm416wZ2U+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1OWQzMGI3MGI5YTgzY2I4ZWQ1NTAxZjU1NGE3ZmVjYTM4
MmY5NTkwHhcNMjYwMTAxMDIxODIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzEwMjMxMjZlYjYwOGMwMGViMTUzOTA2NWM1ZGRmNzkzZjVkOWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqE00Id6n+CwFdlOh8NqGcBAdNsfa
N62AvkZ0TfVbDxUspjvmAGd8BBxV7cIUwMWN6UhC8JnJ20r+1BVLW5YrfDQuVcVm
Fp+1ipI6vRmMaDo+yEfZq/GeNWUR0teoQZ/6c1n2AzCzqVqO39vCwhLoBydjMawO
1D4UcFvHNiNK4GlwFO9ZwzWniG31HWTISvGFOl/dHC5svwSS6Rs05H1Vad7qLO41
r7lRfoic6EY6AEptmeVt9l4MbGbchMpmpeccFeU8QjedP0Yw3dI8CxEhezwVFvm5
l70v8QlIyOxrjWmEh+5pSiZEoCq4HgCICDbaMRbKv2NL2HKjOze+SVezIQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHMQIxJutgjADrFTkGXF3feT9dmnMB8GA1UdIwQY
MBaAFBWdMLcLmoPLjtVQH1VKf+yjgvlZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlowd3R3dWFnOHVPMVZBZlZVcF83S09DLVZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC85NTZjMzctOTkzYS00MWRlLWFiZTAt
NjVkNzIyODM3MTIxLzEvY3hBakVtNjJDTUFPc1ZPUVpjWGQ5NVAxMmFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC85NTZjMzctOTkzYS00MWRlLWFiZTAtNjVkNzIyODM3MTIx
LzEvRlowd3R3dWFnOHVPMVZBZlZVcF83S09DLVZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZ2QMA0E
AgACMAcDBQAqE/AAMA0GCSqGSIb3DQEBCwUAA4IBAQCdETeq9UW00tVLCm3p5MiR
7TmyrPZ8EuD8YvX3H7IQqNFhJkTL1oQeU2EfSmwLd3jSL6HRVi7y6XfGcKzhG1tJ
UGVhsccOb6QDpGmlOT86DplcV7s3QBpbCtE3oNjOOOxUxVz5TSA11U5JfhxtK3+d
PCVSERcJezm7D58EoDXHsyELzf9nyrBcTyPwyFurlW9hLAMVfWvHvw/76YHA6Avb
svrAm1HLvpKyyLvZXMxV23f3Q8udllaso3hFGZP40WL2irh7b83mic7cdpzP6e56
2UUDuu/M88s375MN9+LCApJQTPi5ZU6vJpZkIYQNHYH7iugzqbygEx7myRMMhKTn
-----END CERTIFICATE-----