Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/znZ9-PpEUCF0s_0ZbvQNPq1vxXU.roa
File:                     znZ9-PpEUCF0s_0ZbvQNPq1vxXU.roa (raw, json)
Hash identifier:          iiZjOv+cR17NVqfjRFVC6YAKx+dYOIyRDtOVPnnsLmo=
Subject key identifier:   CE:76:7D:F8:FA:44:50:21:74:B3:FD:19:6E:F4:0D:3E:AD:6F:C5:75
Certificate issuer:       /CN=0551605b675ece4e0fce7175ae31a93fa8272ba6
Certificate serial:       019E446B35E8F141477FFE700769C94295FE
Authority key identifier: 05:51:60:5B:67:5E:CE:4E:0F:CE:71:75:AE:31:A9:3F:A8:27:2B:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/znZ9-PpEUCF0s_0ZbvQNPq1vxXU.roa
Signing time:             Wed 20 May 2026 08:05:37 +0000
ROA not before:           Wed 20 May 2026 08:05:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216138
IP address blocks:        45.84.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 23:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:44:6b:35:e8:f1:41:47:7f:fe:70:07:69:c9:42:95:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0551605b675ece4e0fce7175ae31a93fa8272ba6
        Validity
            Not Before: May 20 08:05:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ce767df8fa44502174b3fd196ef40d3ead6fc575
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:00:b9:21:3f:2b:7e:3c:db:68:3f:18:19:d2:
                    27:d1:fb:a6:23:56:05:80:bd:fd:40:77:3c:4e:b6:
                    bd:9c:ee:6b:41:66:f6:60:c0:a1:25:cc:f0:72:0e:
                    da:81:6b:e4:e9:45:40:fe:06:62:f7:71:36:92:47:
                    18:0c:b8:73:e0:33:96:5f:40:93:1d:9a:34:f8:6e:
                    22:0f:c6:d4:b1:2c:d7:73:2f:b5:57:8e:0b:4b:7e:
                    64:21:30:7c:cd:1f:bb:14:f5:03:fc:cf:06:b6:dd:
                    32:11:ac:f5:0e:f6:13:d6:de:6b:5b:be:aa:10:fa:
                    56:d8:b5:12:1d:c1:de:19:8c:aa:90:68:8e:2c:b1:
                    cf:ac:6f:92:fe:a5:9d:e9:cb:29:a9:10:61:05:db:
                    57:33:ff:22:a9:44:0b:65:33:4b:62:11:5e:e8:a4:
                    9e:4f:fe:fe:84:38:6c:11:b8:9d:22:37:96:c0:83:
                    7f:1a:86:7d:b2:0c:85:7a:d0:74:34:01:a0:63:f9:
                    38:d7:f0:b2:a9:e5:fb:05:ab:86:c2:c9:e7:84:85:
                    8d:4a:d2:34:8b:18:e8:bc:98:d9:fb:df:11:30:05:
                    2f:98:1a:7e:b9:34:e1:3a:40:5f:6d:50:52:69:83:
                    0c:f0:2c:3c:82:ac:b0:65:10:73:8d:55:21:b2:13:
                    c3:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:76:7D:F8:FA:44:50:21:74:B3:FD:19:6E:F4:0D:3E:AD:6F:C5:75
            X509v3 Authority Key Identifier:
                keyid:05:51:60:5B:67:5E:CE:4E:0F:CE:71:75:AE:31:A9:3F:A8:27:2B:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/znZ9-PpEUCF0s_0ZbvQNPq1vxXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:19:0e:aa:94:42:4e:ec:35:97:60:00:4e:db:9a:1f:8b:6c:
         f6:22:78:a5:69:61:23:5d:36:aa:20:16:d1:8c:ec:4f:41:ae:
         b8:32:80:97:7f:6e:a3:88:77:24:5a:31:fe:ab:68:cd:dc:4e:
         81:30:d4:7b:f6:d6:dc:50:5a:aa:82:b8:33:18:6e:1c:5f:6a:
         30:47:f8:54:f3:16:41:ca:01:5b:3a:48:76:70:4a:90:42:a9:
         d0:5f:74:5e:86:0b:a1:5d:68:5c:2c:09:9f:40:fe:09:3c:de:
         52:53:ac:e1:15:52:5a:78:b5:4a:a2:81:92:fc:80:85:24:3d:
         0e:c4:4f:aa:7c:2a:5f:a2:7f:e6:c8:0c:31:de:11:9f:1b:a9:
         f2:b6:9e:40:0a:fd:82:ba:b8:2a:00:78:08:cd:b9:ea:a7:50:
         81:39:4c:05:01:bf:c7:05:80:77:37:ab:4d:25:78:67:37:55:
         9c:45:2a:5c:f9:9a:5e:2b:c7:4f:9a:6c:f4:f5:82:21:71:dc:
         04:96:79:ea:9f:a1:73:8e:0c:d7:86:9d:51:3d:9e:94:d7:e9:
         62:22:5f:fc:9c:7b:3b:62:fa:c5:a3:9d:19:c1:28:66:b0:2f:
         74:99:da:14:40:48:14:b0:28:51:7c:f3:96:98:94:0b:f4:22:
         74:c5:ae:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5EazXo8UFHf/5wB2nJQpX+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NTE2MDViNjc1ZWNlNGUwZmNlNzE3NWFlMzFhOTNmYTgy
NzJiYTYwHhcNMjYwNTIwMDgwNTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTc2N2RmOGZhNDQ1MDIxNzRiM2ZkMTk2ZWY0MGQzZWFkNmZjNTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgC5IT8rfjzbaD8YGdIn0fumI1YF
gL39QHc8Tra9nO5rQWb2YMChJczwcg7agWvk6UVA/gZi93E2kkcYDLhz4DOWX0CT
HZo0+G4iD8bUsSzXcy+1V44LS35kITB8zR+7FPUD/M8Gtt0yEaz1DvYT1t5rW76q
EPpW2LUSHcHeGYyqkGiOLLHPrG+S/qWd6cspqRBhBdtXM/8iqUQLZTNLYhFe6KSe
T/7+hDhsEbidIjeWwIN/GoZ9sgyFetB0NAGgY/k41/CyqeX7BauGwsnnhIWNStI0
ixjovJjZ+98RMAUvmBp+uTThOkBfbVBSaYMM8Cw8gqywZRBzjVUhshPD8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM52ffj6RFAhdLP9GW70DT6tb8V1MB8GA1UdIwQY
MBaAFAVRYFtnXs5OD85xda4xqT+oJyumMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlZGZ1cyZGV6azRQem5GMXJqR3BQNmduSzZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yOGVhNDUtN2QzMC00NmRmLThmMmEt
MDc3OWY0OGVjZWEwLzEvem5aOS1QcEVVQ0Ywc18wWmJ2UU5QcTF2eFhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yOGVhNDUtN2QzMC00NmRmLThmMmEtMDc3OWY0OGVjZWEw
LzEvQlZGZ1cyZGV6azRQem5GMXJqR3BQNmduSzZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVTwMA0G
CSqGSIb3DQEBCwUAA4IBAQBNGQ6qlEJO7DWXYABO25ofi2z2InilaWEjXTaqIBbR
jOxPQa64MoCXf26jiHckWjH+q2jN3E6BMNR79tbcUFqqgrgzGG4cX2owR/hU8xZB
ygFbOkh2cEqQQqnQX3RehguhXWhcLAmfQP4JPN5SU6zhFVJaeLVKooGS/ICFJD0O
xE+qfCpfon/myAwx3hGfG6nytp5ACv2CurgqAHgIzbnqp1CBOUwFAb/HBYB3N6tN
JXhnN1WcRSpc+ZpeK8dPmmz09YIhcdwElnnqn6FzjgzXhp1RPZ6U1+liIl/8nHs7
YvrFo50ZwShmsC90mdoUQEgUsChRfPOWmJQL9CJ0xa4A
-----END CERTIFICATE-----