Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/nPnmVJq7YSOofBTjMXMW1s1sIkI.roa
File:                     nPnmVJq7YSOofBTjMXMW1s1sIkI.roa (raw, json)
Hash identifier:          YHGS/4JRhBxlF4BWRhYlHp0ni1JeRiuacHal4axDVqI=
Subject key identifier:   9C:F9:E6:54:9A:BB:61:23:A8:7C:14:E3:31:73:16:D6:CD:6C:22:42
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       019D780A6426EF47A041EDA2FC37716A683C
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/nPnmVJq7YSOofBTjMXMW1s1sIkI.roa
Signing time:             Fri 10 Apr 2026 15:37:20 +0000
ROA not before:           Fri 10 Apr 2026 15:37:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44477
IP address blocks:        45.140.166.0/24 maxlen: 32
                          45.155.52.0/22 maxlen: 32
                          45.155.52.0/24 maxlen: 24
                          45.155.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:78:0a:64:26:ef:47:a0:41:ed:a2:fc:37:71:6a:68:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: Apr 10 15:37:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9cf9e6549abb6123a87c14e3317316d6cd6c2242
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:47:dd:2a:db:ca:38:c4:93:90:9b:94:83:fe:
                    43:f5:c8:b0:50:0f:d6:71:fb:7d:27:fb:a5:99:ed:
                    6b:57:c0:68:02:91:87:ec:6f:8d:3f:e7:dd:92:b5:
                    42:6c:59:92:5f:c2:cf:de:48:74:32:40:36:40:5f:
                    74:c2:22:50:ac:f5:6c:3c:23:e4:bf:ea:bd:7d:4c:
                    a0:9c:f6:28:a2:e3:55:cc:8c:50:a4:32:c7:85:9d:
                    0d:cd:9e:74:8c:92:22:13:3f:44:98:55:70:f6:cc:
                    08:63:4b:3c:4d:2b:bf:4c:2b:1c:e4:28:2e:f1:b2:
                    89:f2:81:b0:a4:d3:b4:79:24:70:08:47:3e:4c:33:
                    f6:c9:42:83:5e:74:00:96:2a:e4:0c:27:2d:46:1c:
                    69:be:8a:b7:ee:bb:de:ba:00:ef:1a:bd:35:19:36:
                    47:19:2c:80:ca:4b:f0:37:54:69:97:27:d2:21:3b:
                    f7:a9:72:b8:1d:5e:23:1f:7f:0a:35:48:af:31:41:
                    ad:86:a0:c6:a0:2a:ae:9b:59:26:df:aa:6b:d1:1b:
                    cf:04:07:b9:61:e5:68:21:60:83:79:fb:f4:3f:2e:
                    5f:61:86:29:db:14:b2:04:2a:a3:df:9f:62:70:8f:
                    4b:be:f5:44:68:dc:d8:21:e9:a1:b8:5f:04:10:e4:
                    1e:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:F9:E6:54:9A:BB:61:23:A8:7C:14:E3:31:73:16:D6:CD:6C:22:42
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/nPnmVJq7YSOofBTjMXMW1s1sIkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.166.0/24
                  45.155.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a8:9e:33:a9:a6:69:9e:8e:08:86:ed:4c:28:f1:e2:4f:5e:23:
         5e:d3:93:07:13:1b:ae:67:60:64:fc:04:0b:4a:69:f5:50:ac:
         bf:86:34:a8:cf:7d:0f:ce:ef:83:c4:f5:29:20:39:f0:4d:7e:
         1d:20:b7:4f:32:9e:dd:e8:e4:d0:1a:98:64:da:33:06:2a:a4:
         39:39:3f:71:97:2c:ab:2c:3a:7f:85:12:c9:94:6f:e0:a5:90:
         7c:66:ff:16:e4:e0:0d:33:75:e4:e0:7a:bd:91:7d:4e:77:96:
         b6:f2:cb:af:c3:3f:07:a3:5c:30:be:3d:61:e5:d5:e3:d5:a4:
         75:ca:23:83:89:60:a2:58:06:43:0a:3d:0d:c1:de:61:27:2b:
         f7:87:07:be:65:69:f1:76:50:a4:df:c6:ee:e2:df:9e:fb:c9:
         c2:3b:94:4f:41:e0:9c:fb:96:9a:c4:98:ea:08:e1:b6:65:cc:
         5e:68:78:91:36:8d:81:e5:95:17:28:fe:06:0a:2f:21:e2:07:
         7f:94:a7:d1:2e:c5:48:37:9b:c4:8a:bc:64:19:74:8a:00:5d:
         97:b0:5e:46:70:f0:3c:b0:4f:4f:bb:38:8d:b1:68:a6:34:16:
         5f:6d:a5:b3:04:a2:d4:ea:07:81:7b:ec:a3:66:2a:cf:ba:8f:
         8b:4d:5a:63
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ14CmQm70egQe2i/Ddxamg8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjYwNDEwMTUzNzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2Y5ZTY1NDlhYmI2MTIzYTg3YzE0ZTMzMTczMTZkNmNkNmMyMjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0fdKtvKOMSTkJuUg/5D9ciwUA/W
cft9J/ulme1rV8BoApGH7G+NP+fdkrVCbFmSX8LP3kh0MkA2QF90wiJQrPVsPCPk
v+q9fUygnPYoouNVzIxQpDLHhZ0NzZ50jJIiEz9EmFVw9swIY0s8TSu/TCsc5Cgu
8bKJ8oGwpNO0eSRwCEc+TDP2yUKDXnQAlirkDCctRhxpvoq37rveugDvGr01GTZH
GSyAykvwN1RplyfSITv3qXK4HV4jH38KNUivMUGthqDGoCqum1km36pr0RvPBAe5
YeVoIWCDefv0Py5fYYYp2xSyBCqj359icI9LvvVEaNzYIemhuF8EEOQedQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJz55lSau2EjqHwU4zFzFtbNbCJCMB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEvblBubVZKcTdZU09vZkJUak1YTVcxczFzSWtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEtNGJkNjNhZGM3MzU0
LzEvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYymAwQC
LZs0MA0GCSqGSIb3DQEBCwUAA4IBAQConjOppmmejgiG7Uwo8eJPXiNe05MHExuu
Z2Bk/AQLSmn1UKy/hjSoz30Pzu+DxPUpIDnwTX4dILdPMp7d6OTQGphk2jMGKqQ5
OT9xlyyrLDp/hRLJlG/gpZB8Zv8W5OANM3Xk4Hq9kX1Od5a28suvwz8Ho1wwvj1h
5dXj1aR1yiODiWCiWAZDCj0Nwd5hJyv3hwe+ZWnxdlCk38bu4t+e+8nCO5RPQeCc
+5aaxJjqCOG2ZcxeaHiRNo2B5ZUXKP4GCi8h4gd/lKfRLsVIN5vEirxkGXSKAF2X
sF5GcPA8sE9PuziNsWimNBZfbaWzBKLU6geBe+yjZirPuo+LTVpj
-----END CERTIFICATE-----