Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/Upw0V-SDT9Y_-WbmQx-I6zkEvMY.roa
File:                     Upw0V-SDT9Y_-WbmQx-I6zkEvMY.roa (raw, json)
Hash identifier:          52SxqdmLKtGpI63r4YyY3Mjoft2YtbOnX1aUlWH5kpE=
Subject key identifier:   52:9C:34:57:E4:83:4F:D6:3F:F9:66:E6:43:1F:88:EB:39:04:BC:C6
Certificate issuer:       /CN=0551605b675ece4e0fce7175ae31a93fa8272ba6
Certificate serial:       019E446B350F579B9749DFDC8015BAC9485C
Authority key identifier: 05:51:60:5B:67:5E:CE:4E:0F:CE:71:75:AE:31:A9:3F:A8:27:2B:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/Upw0V-SDT9Y_-WbmQx-I6zkEvMY.roa
Signing time:             Wed 20 May 2026 08:05:36 +0000
ROA not before:           Wed 20 May 2026 08:05:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     23532
IP address blocks:        45.84.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:44:6b:35:0f:57:9b:97:49:df:dc:80:15:ba:c9:48:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0551605b675ece4e0fce7175ae31a93fa8272ba6
        Validity
            Not Before: May 20 08:05:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=529c3457e4834fd63ff966e6431f88eb3904bcc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:2c:4c:91:dd:65:0c:71:13:65:b1:e5:f7:af:
                    bb:1d:c3:82:59:50:d8:c3:9b:4a:73:96:5c:d7:d2:
                    51:71:57:13:08:2a:c4:5d:6f:23:58:a4:d7:7d:f8:
                    27:9c:58:b5:6b:c6:2f:11:08:8b:96:2c:dc:04:b9:
                    3f:88:d9:04:2b:ba:4d:93:80:58:ef:15:45:75:57:
                    40:3e:a8:0f:0a:e9:06:d8:7a:8d:db:88:d0:32:41:
                    1c:25:36:b6:a7:16:26:01:1e:1c:37:46:47:9a:c4:
                    80:6c:0b:76:43:7b:a1:17:2e:73:19:e5:d8:b6:75:
                    2b:63:c2:dc:85:ff:e5:f2:6e:8b:5d:37:b3:56:39:
                    8d:69:de:62:3d:47:79:aa:bd:23:eb:dd:bd:38:b4:
                    d4:7a:ea:5f:8b:d7:0e:9e:58:2c:bd:c2:cb:8a:50:
                    2b:88:77:7c:fa:bf:08:d2:78:ea:58:b6:ac:2e:39:
                    bb:27:a7:27:03:58:7b:b0:e2:8b:02:c3:1f:f8:55:
                    92:73:bf:94:4e:a2:28:4c:94:aa:5f:b3:d7:95:6f:
                    b0:97:ed:fe:d4:77:1f:2f:37:f0:44:14:d5:48:6f:
                    e6:96:b3:b5:d6:13:91:f7:0d:b3:8d:c6:6c:86:12:
                    d4:39:b1:dd:fe:17:27:25:46:01:1c:3d:ae:b7:c0:
                    37:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:9C:34:57:E4:83:4F:D6:3F:F9:66:E6:43:1F:88:EB:39:04:BC:C6
            X509v3 Authority Key Identifier:
                keyid:05:51:60:5B:67:5E:CE:4E:0F:CE:71:75:AE:31:A9:3F:A8:27:2B:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/Upw0V-SDT9Y_-WbmQx-I6zkEvMY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:b5:97:5b:76:e0:2d:be:bd:54:0d:72:79:71:56:60:ac:80:
         90:b0:75:44:ee:9c:01:c5:03:de:38:66:0e:bb:44:18:c6:ee:
         9c:1c:85:6d:18:59:46:db:69:35:5f:38:00:d7:cc:19:36:86:
         79:a5:75:cf:14:c1:47:e4:e3:e4:b1:2b:4f:78:96:1f:00:59:
         46:96:52:55:ef:0c:c0:1f:25:55:4c:71:58:dc:7b:f3:8e:19:
         54:9e:90:31:20:d5:26:34:eb:ca:dd:97:a6:f9:a7:90:e5:e5:
         5a:fe:62:fb:d8:b2:f6:59:d7:26:b3:d5:61:f6:74:87:c8:ce:
         f2:38:8f:ae:66:fb:4d:7d:ae:89:dc:dd:0c:35:68:83:ec:eb:
         ad:81:e8:fd:27:55:18:66:85:00:d1:ea:d8:d8:30:b2:2c:3a:
         3c:27:62:de:55:20:c5:a1:be:5c:9d:94:e2:b4:71:8b:71:1b:
         b8:4f:ad:62:db:18:10:8d:ba:3a:84:c8:34:27:f5:e1:27:0a:
         8e:1b:05:fe:7b:4c:5c:13:e5:8f:5c:36:b1:f0:36:75:ff:bf:
         21:85:cf:d2:ff:c9:be:5b:02:e7:d5:30:78:79:e1:42:44:8b:
         ca:2d:19:9a:2e:46:61:72:de:4b:81:62:78:b0:8b:50:9e:26:
         a4:a0:65:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5EazUPV5uXSd/cgBW6yUhcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NTE2MDViNjc1ZWNlNGUwZmNlNzE3NWFlMzFhOTNmYTgy
NzJiYTYwHhcNMjYwNTIwMDgwNTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjljMzQ1N2U0ODM0ZmQ2M2ZmOTY2ZTY0MzFmODhlYjM5MDRiY2M2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzixMkd1lDHETZbHl96+7HcOCWVDY
w5tKc5Zc19JRcVcTCCrEXW8jWKTXffgnnFi1a8YvEQiLlizcBLk/iNkEK7pNk4BY
7xVFdVdAPqgPCukG2HqN24jQMkEcJTa2pxYmAR4cN0ZHmsSAbAt2Q3uhFy5zGeXY
tnUrY8Lchf/l8m6LXTezVjmNad5iPUd5qr0j6929OLTUeupfi9cOnlgsvcLLilAr
iHd8+r8I0njqWLasLjm7J6cnA1h7sOKLAsMf+FWSc7+UTqIoTJSqX7PXlW+wl+3+
1HcfLzfwRBTVSG/mlrO11hOR9w2zjcZshhLUObHd/hcnJUYBHD2ut8A33wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFKcNFfkg0/WP/lm5kMfiOs5BLzGMB8GA1UdIwQY
MBaAFAVRYFtnXs5OD85xda4xqT+oJyumMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlZGZ1cyZGV6azRQem5GMXJqR3BQNmduSzZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yOGVhNDUtN2QzMC00NmRmLThmMmEt
MDc3OWY0OGVjZWEwLzEvVXB3MFYtU0RUOVlfLVdibVF4LUk2emtFdk1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yOGVhNDUtN2QzMC00NmRmLThmMmEtMDc3OWY0OGVjZWEw
LzEvQlZGZ1cyZGV6azRQem5GMXJqR3BQNmduSzZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVTwMA0G
CSqGSIb3DQEBCwUAA4IBAQBHtZdbduAtvr1UDXJ5cVZgrICQsHVE7pwBxQPeOGYO
u0QYxu6cHIVtGFlG22k1XzgA18wZNoZ5pXXPFMFH5OPksStPeJYfAFlGllJV7wzA
HyVVTHFY3HvzjhlUnpAxINUmNOvK3Zem+aeQ5eVa/mL72LL2Wdcms9Vh9nSHyM7y
OI+uZvtNfa6J3N0MNWiD7Outgej9J1UYZoUA0erY2DCyLDo8J2LeVSDFob5cnZTi
tHGLcRu4T61i2xgQjbo6hMg0J/XhJwqOGwX+e0xcE+WPXDax8DZ1/78hhc/S/8m+
WwLn1TB4eeFCRIvKLRmaLkZhct5LgWJ4sItQniakoGUt
-----END CERTIFICATE-----