Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/85e104-5e52-4048-b1b1-c50968cda86f/1/MlEQyi_yZNAza-bcGtf2VB3mhRg.roa
File:                     MlEQyi_yZNAza-bcGtf2VB3mhRg.roa (raw, json)
Hash identifier:          dZzyG8cQWX5m4tOkdaQgc1WeGegOVYoaopmc4TyCRRU=
Subject key identifier:   32:51:10:CA:2F:F2:64:D0:33:6B:E6:DC:1A:D7:F6:54:1D:E6:85:18
Certificate issuer:       /CN=6ea1a10f7d944dacc1dec041aaa559d522bfbaeb
Certificate serial:       019D6742D21DA595DB5C88E752C7E7B86753
Authority key identifier: 6E:A1:A1:0F:7D:94:4D:AC:C1:DE:C0:41:AA:A5:59:D5:22:BF:BA:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bqGhD32UTazB3sBBqqVZ1SK_uus.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/85e104-5e52-4048-b1b1-c50968cda86f/1/MlEQyi_yZNAza-bcGtf2VB3mhRg.roa
Signing time:             Tue 07 Apr 2026 09:25:25 +0000
ROA not before:           Tue 07 Apr 2026 09:25:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208834
IP address blocks:        45.83.72.0/22 maxlen: 22
                          2a0e:7c80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/85e104-5e52-4048-b1b1-c50968cda86f/1/bqGhD32UTazB3sBBqqVZ1SK_uus.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/85e104-5e52-4048-b1b1-c50968cda86f/1/bqGhD32UTazB3sBBqqVZ1SK_uus.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bqGhD32UTazB3sBBqqVZ1SK_uus.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:67:42:d2:1d:a5:95:db:5c:88:e7:52:c7:e7:b8:67:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ea1a10f7d944dacc1dec041aaa559d522bfbaeb
        Validity
            Not Before: Apr  7 09:25:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=325110ca2ff264d0336be6dc1ad7f6541de68518
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:b1:01:ca:94:65:b3:e1:fd:44:e6:16:3c:f5:
                    12:1d:fe:50:f4:7d:86:5b:59:2f:06:cd:0b:a8:d4:
                    15:3b:3d:9b:60:1b:ee:48:66:fd:cc:4b:71:bb:ce:
                    74:1c:0e:2f:de:a7:22:be:17:4e:0b:28:8f:92:96:
                    40:aa:bd:f2:b6:9e:e9:f8:ac:af:05:7b:42:20:66:
                    5a:af:67:db:2a:a0:e8:61:bb:59:18:d7:3e:6c:8e:
                    b5:57:d1:7b:69:16:85:24:56:7f:51:24:65:77:00:
                    62:58:0a:ba:80:99:67:77:28:fe:2d:0d:de:c2:bb:
                    e5:3f:56:31:cb:87:47:4c:33:6d:b8:46:f6:ee:ca:
                    92:44:7f:c3:4b:68:8b:f5:f4:1c:33:06:64:02:04:
                    77:d8:cc:21:c7:a0:73:da:23:49:65:82:50:11:3c:
                    54:e1:2a:43:bb:bc:1c:de:94:aa:6c:7e:f5:44:e2:
                    97:ec:dc:2c:90:7a:c2:e5:04:dd:a8:a0:10:78:24:
                    d4:97:99:6f:b3:c9:87:f4:eb:dd:72:99:c1:6d:25:
                    f8:51:e3:8d:ba:02:82:22:68:d5:64:85:c2:be:d8:
                    31:0a:9a:da:a5:0e:dc:e5:d7:87:cd:92:b8:bb:d8:
                    ce:e1:72:5a:e5:db:b9:06:59:0a:39:d3:b1:3a:be:
                    c5:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:51:10:CA:2F:F2:64:D0:33:6B:E6:DC:1A:D7:F6:54:1D:E6:85:18
            X509v3 Authority Key Identifier:
                keyid:6E:A1:A1:0F:7D:94:4D:AC:C1:DE:C0:41:AA:A5:59:D5:22:BF:BA:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bqGhD32UTazB3sBBqqVZ1SK_uus.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/85e104-5e52-4048-b1b1-c50968cda86f/1/MlEQyi_yZNAza-bcGtf2VB3mhRg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/85e104-5e52-4048-b1b1-c50968cda86f/1/bqGhD32UTazB3sBBqqVZ1SK_uus.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.72.0/22
                IPv6:
                  2a0e:7c80::/29

    Signature Algorithm: sha256WithRSAEncryption
         03:3e:7c:a3:b3:ff:b0:85:3f:7c:dc:47:00:93:65:2b:87:7c:
         3c:2b:fb:ba:f4:12:a7:20:7e:c6:da:34:3b:51:87:49:20:56:
         94:c2:d7:23:7e:b2:f1:b4:e5:47:e5:f2:6e:4b:bf:0b:20:b8:
         fe:a4:1b:43:92:e0:3c:9c:e9:0a:db:8e:ae:59:16:6b:cb:3e:
         35:47:95:66:bf:c0:94:a3:e5:3d:88:26:dd:6a:49:b0:27:fc:
         32:b4:09:76:55:58:92:b9:41:29:ea:e1:52:48:c3:07:6d:a7:
         cc:d3:b6:19:3c:f9:fd:7d:fa:4e:ef:5b:28:3f:90:28:d7:1b:
         58:32:50:24:90:80:68:85:7a:3a:43:10:04:ba:a4:4d:ef:85:
         68:4b:36:37:60:2b:fc:21:66:d1:4d:48:d5:43:21:46:4c:c5:
         2b:4f:38:c5:6b:f6:b0:a4:db:63:7f:c8:c7:32:c5:60:dc:e2:
         d3:59:b9:38:48:20:55:b1:12:a3:bc:83:c0:9d:c7:4e:eb:92:
         86:d1:a3:b8:ae:10:92:6f:83:8d:1e:b6:11:8a:54:cb:b0:4f:
         40:cb:e4:bc:8c:e3:96:df:98:ef:ef:8f:00:15:53:d7:4f:1e:
         0e:2b:76:ee:43:a3:76:64:7a:d2:d4:8e:4a:10:15:63:81:b3:
         e0:18:61:e2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ1nQtIdpZXbXIjnUsfnuGdTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlYTFhMTBmN2Q5NDRkYWNjMWRlYzA0MWFhYTU1OWQ1MjJi
ZmJhZWIwHhcNMjYwNDA3MDkyNTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjUxMTBjYTJmZjI2NGQwMzM2YmU2ZGMxYWQ3ZjY1NDFkZTY4NTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4rEBypRls+H9ROYWPPUSHf5Q9H2G
W1kvBs0LqNQVOz2bYBvuSGb9zEtxu850HA4v3qcivhdOCyiPkpZAqr3ytp7p+Kyv
BXtCIGZar2fbKqDoYbtZGNc+bI61V9F7aRaFJFZ/USRldwBiWAq6gJlndyj+LQ3e
wrvlP1Yxy4dHTDNtuEb27sqSRH/DS2iL9fQcMwZkAgR32Mwhx6Bz2iNJZYJQETxU
4SpDu7wc3pSqbH71ROKX7NwskHrC5QTdqKAQeCTUl5lvs8mH9OvdcpnBbSX4UeON
ugKCImjVZIXCvtgxCprapQ7c5deHzZK4u9jO4XJa5du5BlkKOdOxOr7F8QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDJREMov8mTQM2vm3BrX9lQd5oUYMB8GA1UdIwQY
MBaAFG6hoQ99lE2swd7AQaqlWdUiv7rrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnFHaEQzMlVUYXpCM3NCQnFxVloxU0tfdXVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC84NWUxMDQtNWU1Mi00MDQ4LWIxYjEt
YzUwOTY4Y2RhODZmLzEvTWxFUXlpX3laTkF6YS1iY0d0ZjJWQjNtaFJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC84NWUxMDQtNWU1Mi00MDQ4LWIxYjEtYzUwOTY4Y2RhODZm
LzEvYnFHaEQzMlVUYXpCM3NCQnFxVloxU0tfdXVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVNIMA0E
AgACMAcDBQMqDnyAMA0GCSqGSIb3DQEBCwUAA4IBAQADPnyjs/+whT983EcAk2Ur
h3w8K/u69BKnIH7G2jQ7UYdJIFaUwtcjfrLxtOVH5fJuS78LILj+pBtDkuA8nOkK
246uWRZryz41R5Vmv8CUo+U9iCbdakmwJ/wytAl2VViSuUEp6uFSSMMHbafM07YZ
PPn9ffpO71soP5Ao1xtYMlAkkIBohXo6QxAEuqRN74VoSzY3YCv8IWbRTUjVQyFG
TMUrTzjFa/awpNtjf8jHMsVg3OLTWbk4SCBVsRKjvIPAncdO65KG0aO4rhCSb4ON
HrYRilTLsE9Ay+S8jOOW35jv748AFVPXTx4OK3buQ6N2ZHrS1I5KEBVjgbPgGGHi
-----END CERTIFICATE-----