Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/lJE-9MHI0m9odS0-ez-OUf7XXOo.roa
File:                     lJE-9MHI0m9odS0-ez-OUf7XXOo.roa (raw, json)
Hash identifier:          NzsXcZUGn5wcX+3FrmFWw7UtvY0O9+75hmCPmsbk3Bg=
Subject key identifier:   94:91:3E:F4:C1:C8:D2:6F:68:75:2D:3E:7B:3F:8E:51:FE:D7:5C:EA
Certificate issuer:       /CN=b45999899f76d2e2e4ccdfc817f9879cfac06bbe
Certificate serial:       019D90D6A8F8C852BFBC7CDBD5E1C18E39AA
Authority key identifier: B4:59:99:89:9F:76:D2:E2:E4:CC:DF:C8:17:F9:87:9C:FA:C0:6B:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/lJE-9MHI0m9odS0-ez-OUf7XXOo.roa
Signing time:             Wed 15 Apr 2026 11:11:20 +0000
ROA not before:           Wed 15 Apr 2026 11:11:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5650
IP address blocks:        80.174.196.0/22 maxlen: 22
                          80.174.212.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:90:d6:a8:f8:c8:52:bf:bc:7c:db:d5:e1:c1:8e:39:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b45999899f76d2e2e4ccdfc817f9879cfac06bbe
        Validity
            Not Before: Apr 15 11:11:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=94913ef4c1c8d26f68752d3e7b3f8e51fed75cea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:79:70:68:33:bc:3e:74:cb:8b:35:b2:35:48:
                    b9:50:4e:22:8c:ed:f9:aa:c8:b7:f0:eb:a6:98:ed:
                    e0:60:7e:d4:73:84:61:71:ac:77:b8:99:86:bd:e4:
                    c7:70:24:ff:f0:ed:79:98:eb:39:97:f1:75:4d:b6:
                    1b:fe:44:2c:05:f2:a9:bc:ea:8f:b2:f0:43:5b:b2:
                    ec:96:cd:93:52:76:a0:0d:31:71:cd:d4:45:3b:b7:
                    bc:7a:cc:38:46:ff:bc:40:85:7c:5c:d3:a3:fa:1a:
                    1d:17:df:8e:d5:89:75:d5:18:e4:29:50:c0:86:5b:
                    35:36:dd:f3:65:a7:14:b7:86:72:a9:a0:a3:b7:7e:
                    62:d6:2a:50:ae:97:a9:22:c8:05:62:b1:6c:40:8d:
                    92:73:7d:56:d1:75:29:ca:42:96:35:a4:4c:09:31:
                    aa:8b:d6:ca:12:dc:a4:b5:7c:1b:ea:b0:a3:db:67:
                    57:de:e2:c3:65:d8:17:c6:bf:38:ef:b6:ce:4a:6f:
                    86:7d:65:db:84:87:51:fe:94:83:29:18:05:03:ff:
                    5e:2b:a3:a0:a1:b4:f1:cc:cd:ad:8f:0d:ca:4d:96:
                    e0:2f:f9:f0:c2:5f:97:ea:1a:32:a9:c5:76:4c:2f:
                    b1:59:84:39:41:6d:4e:d2:e5:cd:4e:17:c7:4b:b2:
                    ef:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:91:3E:F4:C1:C8:D2:6F:68:75:2D:3E:7B:3F:8E:51:FE:D7:5C:EA
            X509v3 Authority Key Identifier:
                keyid:B4:59:99:89:9F:76:D2:E2:E4:CC:DF:C8:17:F9:87:9C:FA:C0:6B:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/lJE-9MHI0m9odS0-ez-OUf7XXOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.174.196.0/22
                  80.174.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a1:02:c8:6b:ec:9e:20:a0:a0:c2:3e:97:aa:5e:be:8b:cf:89:
         ba:60:d2:15:04:71:c1:8f:a1:cb:ca:f9:d2:40:67:c4:df:68:
         a9:7d:15:ab:64:ec:0e:ca:99:4d:4f:c4:47:59:85:de:e3:44:
         a6:8a:d9:0c:07:1f:69:bf:d9:46:fe:59:8c:59:b7:75:04:34:
         ba:4d:93:8e:ab:d5:c2:a9:66:31:d6:b9:71:82:95:38:a9:9f:
         5d:dd:af:17:ff:1c:84:69:6e:50:28:16:25:24:fb:c2:68:fb:
         f5:8d:ca:97:5e:51:04:06:4a:05:4e:84:7e:03:91:ce:94:75:
         e0:37:b1:0e:cb:4a:25:a8:ad:c2:a3:1c:a6:db:65:36:ff:9e:
         13:60:83:3a:33:44:99:40:1c:eb:e0:ff:0a:e6:9d:e2:68:a0:
         ae:77:ec:cc:7f:fe:7a:65:a2:fd:f4:62:97:2e:db:25:5a:30:
         43:80:9e:02:7a:33:39:e3:21:b7:b9:a6:15:ea:5f:9b:5b:94:
         a9:9c:35:71:24:52:bc:ef:ff:6c:40:b6:3e:01:26:2b:01:2f:
         81:34:86:1e:e5:d8:0b:d6:09:4f:b5:05:a0:e2:76:dc:3f:30:
         ed:23:54:5f:f7:91:da:35:ab:f3:55:69:07:4e:f0:31:39:6e:
         39:45:7a:e4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2Q1qj4yFK/vHzb1eHBjjmqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NTk5OTg5OWY3NmQyZTJlNGNjZGZjODE3Zjk4NzljZmFj
MDZiYmUwHhcNMjYwNDE1MTExMTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDkxM2VmNGMxYzhkMjZmNjg3NTJkM2U3YjNmOGU1MWZlZDc1Y2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkHlwaDO8PnTLizWyNUi5UE4ijO35
qsi38OummO3gYH7Uc4Rhcax3uJmGveTHcCT/8O15mOs5l/F1TbYb/kQsBfKpvOqP
svBDW7Lsls2TUnagDTFxzdRFO7e8esw4Rv+8QIV8XNOj+hodF9+O1Yl11RjkKVDA
hls1Nt3zZacUt4ZyqaCjt35i1ipQrpepIsgFYrFsQI2Sc31W0XUpykKWNaRMCTGq
i9bKEtyktXwb6rCj22dX3uLDZdgXxr8477bOSm+GfWXbhIdR/pSDKRgFA/9eK6Og
obTxzM2tjw3KTZbgL/nwwl+X6hoyqcV2TC+xWYQ5QW1O0uXNThfHS7LvfwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJSRPvTByNJvaHUtPns/jlH+11zqMB8GA1UdIwQY
MBaAFLRZmYmfdtLi5MzfyBf5h5z6wGu+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEZtWmlaOTIwdUxrek5fSUZfbUhuUHJBYTc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9jYjdiMjEtMzM1Yy00MmNhLTg1OWUt
NzM0MjhmOWM3YmZmLzEvbEpFLTlNSEkwbTlvZFMwLWV6LU9VZjdYWE9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9jYjdiMjEtMzM1Yy00MmNhLTg1OWUtNzM0MjhmOWM3YmZm
LzEvdEZtWmlaOTIwdUxrek5fSUZfbUhuUHJBYTc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCUK7EAwQC
UK7UMA0GCSqGSIb3DQEBCwUAA4IBAQChAshr7J4goKDCPpeqXr6Lz4m6YNIVBHHB
j6HLyvnSQGfE32ipfRWrZOwOyplNT8RHWYXe40SmitkMBx9pv9lG/lmMWbd1BDS6
TZOOq9XCqWYx1rlxgpU4qZ9d3a8X/xyEaW5QKBYlJPvCaPv1jcqXXlEEBkoFToR+
A5HOlHXgN7EOy0olqK3Coxym22U2/54TYIM6M0SZQBzr4P8K5p3iaKCud+zMf/56
ZaL99GKXLtslWjBDgJ4CejM54yG3uaYV6l+bW5SpnDVxJFK87/9sQLY+ASYrAS+B
NIYe5dgL1glPtQWg4nbcPzDtI1Rf95HaNavzVWkHTvAxOW45RXrk
-----END CERTIFICATE-----