Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/0kNz9-JWERt3abzlaJOUE4NTJO4.roa
File:                     0kNz9-JWERt3abzlaJOUE4NTJO4.roa (raw, json)
Hash identifier:          67hyPCPSnaEobnQIj1pQT7pIpy62/SUOtS+52kq/tjI=
Subject key identifier:   D2:43:73:F7:E2:56:11:1B:77:69:BC:E5:68:93:94:13:83:53:24:EE
Certificate issuer:       /CN=5eee0d7e73084a42e4c7f7118f2383fcff369ba4
Certificate serial:       019D52EA639149F07F12D6068DAABEF50A54
Authority key identifier: 5E:EE:0D:7E:73:08:4A:42:E4:C7:F7:11:8F:23:83:FC:FF:36:9B:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/0kNz9-JWERt3abzlaJOUE4NTJO4.roa
Signing time:             Fri 03 Apr 2026 10:36:25 +0000
ROA not before:           Fri 03 Apr 2026 10:36:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215267
IP address blocks:        45.89.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:52:ea:63:91:49:f0:7f:12:d6:06:8d:aa:be:f5:0a:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5eee0d7e73084a42e4c7f7118f2383fcff369ba4
        Validity
            Not Before: Apr  3 10:36:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d24373f7e256111b7769bce568939413835324ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:3a:84:40:39:89:74:4d:30:65:2a:b1:dd:35:
                    41:38:fd:96:ad:7c:50:b5:aa:f5:b8:6b:21:7f:fd:
                    2f:1e:e8:6e:93:ea:12:ca:44:b7:10:b8:7f:7a:87:
                    c9:d0:bd:5c:90:5b:6f:3a:fe:40:f6:49:98:9e:a0:
                    f6:a9:9d:ac:8d:84:0c:93:d7:f2:3e:d9:4b:79:21:
                    cd:83:7b:c7:bd:8f:be:51:93:66:fc:d0:3f:60:c9:
                    dc:d4:78:97:4d:b4:2e:78:44:55:5b:5d:01:4e:3f:
                    a7:40:17:76:e3:49:d5:57:70:65:f5:4b:74:68:10:
                    f3:f2:0e:f4:be:c5:e8:a2:34:06:2b:0e:8e:8f:82:
                    04:43:69:e3:cc:a9:a1:cb:77:57:51:7b:a4:dd:4f:
                    d5:89:49:d9:50:d5:48:68:c3:0a:71:47:9e:d1:48:
                    cc:5a:05:42:04:54:e4:d2:0f:63:84:04:43:7f:db:
                    24:82:78:f3:69:3e:d0:cd:df:3f:d8:ad:d0:4e:88:
                    07:79:f2:08:f2:52:b4:7d:7a:b2:8e:e9:0a:6b:33:
                    be:b7:36:d8:55:f2:c2:07:80:4e:aa:09:14:0e:37:
                    60:3b:a5:76:e9:4d:dd:52:6d:ef:2b:fc:0f:f3:ac:
                    bc:2a:6a:b3:d4:67:ab:4d:49:f6:b2:38:56:71:87:
                    8e:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:43:73:F7:E2:56:11:1B:77:69:BC:E5:68:93:94:13:83:53:24:EE
            X509v3 Authority Key Identifier:
                keyid:5E:EE:0D:7E:73:08:4A:42:E4:C7:F7:11:8F:23:83:FC:FF:36:9B:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/0kNz9-JWERt3abzlaJOUE4NTJO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:b1:ab:19:7d:30:d5:70:eb:30:f6:2c:ae:e0:3c:e4:55:62:
         76:bf:ed:05:46:a8:b3:96:2a:b1:79:b1:83:47:f2:2a:31:dd:
         7d:3e:a1:34:f2:89:f3:28:4a:94:61:dc:f5:07:d6:32:1f:13:
         d1:e1:6b:fe:27:96:16:80:78:0c:47:d9:bf:01:be:c4:eb:08:
         f1:74:e7:c9:2d:08:58:5c:bd:dd:66:dc:61:e0:bb:d4:2d:91:
         75:9e:87:a8:67:ff:56:69:5f:fe:46:ff:79:fe:b0:e9:f5:c3:
         66:34:5d:07:f9:8d:90:a3:29:2c:db:7e:42:59:01:2b:25:1f:
         5c:43:a2:ab:d9:42:cd:de:51:75:e3:13:14:9d:d6:e9:9c:c6:
         18:b5:14:20:cd:f0:99:57:ae:f0:b4:71:99:e6:3d:0f:6e:71:
         ff:7d:b2:63:80:af:da:fd:08:58:c8:0e:8e:ef:31:c7:28:9c:
         09:87:67:62:e6:ef:50:35:5d:ee:0f:fc:14:28:e2:9b:9d:3e:
         bd:2c:77:38:57:3f:ed:c9:e6:6e:a6:32:ac:49:f4:91:5b:09:
         76:9c:ae:e4:bf:12:d4:e3:81:dd:df:e4:9c:a0:c4:9b:21:67:
         09:dc:5f:24:02:a3:0c:bb:60:62:e1:d1:c3:9d:55:76:57:ec:
         3d:07:b2:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1S6mORSfB/EtYGjaq+9QpUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZWUwZDdlNzMwODRhNDJlNGM3ZjcxMThmMjM4M2ZjZmYz
NjliYTQwHhcNMjYwNDAzMTAzNjI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjQzNzNmN2UyNTYxMTFiNzc2OWJjZTU2ODkzOTQxMzgzNTMyNGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTqEQDmJdE0wZSqx3TVBOP2WrXxQ
tar1uGshf/0vHuhuk+oSykS3ELh/eofJ0L1ckFtvOv5A9kmYnqD2qZ2sjYQMk9fy
PtlLeSHNg3vHvY++UZNm/NA/YMnc1HiXTbQueERVW10BTj+nQBd240nVV3Bl9Ut0
aBDz8g70vsXoojQGKw6Oj4IEQ2njzKmhy3dXUXuk3U/ViUnZUNVIaMMKcUee0UjM
WgVCBFTk0g9jhARDf9skgnjzaT7Qzd8/2K3QTogHefII8lK0fXqyjukKazO+tzbY
VfLCB4BOqgkUDjdgO6V26U3dUm3vK/wP86y8Kmqz1GerTUn2sjhWcYeOEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNJDc/fiVhEbd2m85WiTlBODUyTuMB8GA1UdIwQY
MBaAFF7uDX5zCEpC5Mf3EY8jg/z/NpukMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHU0TmZuTUlTa0xreF9jUmp5T0RfUDgybTZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni83ODQzMjEtOTlkZC00NzU0LWIyMDgt
ZGRjMjY2NTY0NmNjLzEvMGtOejktSldFUnQzYWJ6bGFKT1VFNE5USk80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni83ODQzMjEtOTlkZC00NzU0LWIyMDgtZGRjMjY2NTY0NmNj
LzEvWHU0TmZuTUlTa0xreF9jUmp5T0RfUDgybTZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVkcMA0G
CSqGSIb3DQEBCwUAA4IBAQB/sasZfTDVcOsw9iyu4DzkVWJ2v+0FRqizliqxebGD
R/IqMd19PqE08onzKEqUYdz1B9YyHxPR4Wv+J5YWgHgMR9m/Ab7E6wjxdOfJLQhY
XL3dZtxh4LvULZF1noeoZ/9WaV/+Rv95/rDp9cNmNF0H+Y2Qoyks235CWQErJR9c
Q6Kr2ULN3lF14xMUndbpnMYYtRQgzfCZV67wtHGZ5j0PbnH/fbJjgK/a/QhYyA6O
7zHHKJwJh2di5u9QNV3uD/wUKOKbnT69LHc4Vz/tyeZupjKsSfSRWwl2nK7kvxLU
44Hd3+ScoMSbIWcJ3F8kAqMMu2Bi4dHDnVV2V+w9B7IY
-----END CERTIFICATE-----