Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/c67522-71c5-4061-a18b-6933a90c53fa/1/dXM6fVvG98pEOtZgdKH4ko1DNoE.roa
File:                     dXM6fVvG98pEOtZgdKH4ko1DNoE.roa (raw, json)
Hash identifier:          Juz8s3csuQdQaJVkSot0gXLBmWSHq7VP8RYl4ErQ9cQ=
Subject key identifier:   75:73:3A:7D:5B:C6:F7:CA:44:3A:D6:60:74:A1:F8:92:8D:43:36:81
Certificate issuer:       /CN=72769d6e4a0fc2c98013b722eb2beb9e6e871fc6
Certificate serial:       019C9559F6EC2AC4E1D5C55FF20925D4D504
Authority key identifier: 72:76:9D:6E:4A:0F:C2:C9:80:13:B7:22:EB:2B:EB:9E:6E:87:1F:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cnadbkoPwsmAE7ci6yvrnm6HH8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/c67522-71c5-4061-a18b-6933a90c53fa/1/dXM6fVvG98pEOtZgdKH4ko1DNoE.roa
Signing time:             Wed 25 Feb 2026 15:10:26 +0000
ROA not before:           Wed 25 Feb 2026 15:10:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1299
IP address blocks:        45.85.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/c67522-71c5-4061-a18b-6933a90c53fa/1/cnadbkoPwsmAE7ci6yvrnm6HH8Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/c67522-71c5-4061-a18b-6933a90c53fa/1/cnadbkoPwsmAE7ci6yvrnm6HH8Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cnadbkoPwsmAE7ci6yvrnm6HH8Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 03:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:95:59:f6:ec:2a:c4:e1:d5:c5:5f:f2:09:25:d4:d5:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72769d6e4a0fc2c98013b722eb2beb9e6e871fc6
        Validity
            Not Before: Feb 25 15:10:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=75733a7d5bc6f7ca443ad66074a1f8928d433681
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ff:69:af:73:52:3e:b5:79:04:9d:54:22:b1:
                    59:0f:1c:24:c9:99:cc:85:49:9b:ec:b8:0e:ba:06:
                    b2:9c:50:47:46:21:57:dd:32:3b:ec:87:91:14:37:
                    bd:67:2d:ae:c4:16:f5:92:09:30:28:f7:5a:f8:f9:
                    0a:a0:ee:c8:3f:de:cc:2c:97:d3:dc:6d:c0:17:ee:
                    9f:1d:37:25:4c:a2:f2:06:53:7c:37:db:9d:39:df:
                    68:ad:0e:e2:b3:f0:e4:ba:dc:d0:3d:a7:b3:bd:07:
                    cd:a0:6b:56:b2:fa:a5:d6:35:d5:77:de:fb:e5:97:
                    fb:a6:a6:19:ee:26:29:85:2a:e5:8d:cd:8a:2b:78:
                    16:07:f8:8b:0a:82:76:0a:5f:be:9b:c0:52:94:1e:
                    b3:fd:1d:ec:9e:30:74:06:a7:fe:b4:ae:2e:a5:57:
                    b6:05:e7:b2:50:9a:5a:43:0d:19:69:9d:4c:82:87:
                    56:48:50:02:12:46:00:01:5b:f0:db:08:5a:a1:fb:
                    d2:23:ae:ac:b0:a2:55:3e:84:15:9f:c8:ed:c4:8f:
                    cf:cf:65:63:d1:74:4e:d7:b8:b2:a4:bb:99:2c:45:
                    1d:fd:6e:c9:58:be:44:36:84:06:51:95:aa:db:d9:
                    b7:20:a4:43:70:2a:e4:20:db:a1:96:fb:61:65:ee:
                    03:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:73:3A:7D:5B:C6:F7:CA:44:3A:D6:60:74:A1:F8:92:8D:43:36:81
            X509v3 Authority Key Identifier:
                keyid:72:76:9D:6E:4A:0F:C2:C9:80:13:B7:22:EB:2B:EB:9E:6E:87:1F:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cnadbkoPwsmAE7ci6yvrnm6HH8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/c67522-71c5-4061-a18b-6933a90c53fa/1/dXM6fVvG98pEOtZgdKH4ko1DNoE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/c67522-71c5-4061-a18b-6933a90c53fa/1/cnadbkoPwsmAE7ci6yvrnm6HH8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:67:9b:8f:94:fa:ef:51:ca:bb:6b:53:a8:be:ec:37:c0:3c:
         b4:80:be:1a:d4:ce:e3:80:87:5b:0e:d9:f2:b0:f5:c4:69:71:
         c9:4c:70:8d:4b:67:c9:ae:cb:6d:6e:9d:5d:25:85:ac:1f:cf:
         3e:8e:df:72:69:b7:8f:5d:db:86:00:53:01:10:3b:fd:41:a3:
         80:47:53:ac:e7:76:e5:f0:52:80:26:bc:f1:97:5d:3d:77:02:
         df:20:b6:2b:c3:52:86:08:88:88:f4:6e:11:6b:2d:eb:2b:08:
         5c:bd:e2:32:95:bc:7b:9b:2e:96:03:ad:61:7a:a1:70:38:55:
         1c:20:2a:8a:8b:af:c1:b4:94:f4:24:2b:bf:31:44:11:93:8d:
         4f:c4:c0:ba:1f:22:e2:c7:bb:72:41:5a:35:93:08:9c:f9:fa:
         12:e0:92:87:3f:3f:df:d1:e8:53:26:91:fa:3e:6e:60:1e:90:
         dc:cb:34:97:04:23:22:9c:ee:88:aa:65:65:5a:df:11:d2:af:
         34:21:aa:c4:7d:86:c2:b8:84:be:68:d1:cd:be:7f:eb:bf:ab:
         16:7b:50:37:70:fe:09:8c:d4:ed:7b:24:1c:57:88:5a:0a:b6:
         fe:7a:6f:8d:69:8f:9e:95:f3:ef:c7:e7:33:d0:60:dc:7e:bd:
         c3:92:88:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyVWfbsKsTh1cVf8gkl1NUEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNzY5ZDZlNGEwZmMyYzk4MDEzYjcyMmViMmJlYjllNmU4
NzFmYzYwHhcNMjYwMjI1MTUxMDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTczM2E3ZDViYzZmN2NhNDQzYWQ2NjA3NGExZjg5MjhkNDMzNjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/9pr3NSPrV5BJ1UIrFZDxwkyZnM
hUmb7LgOugaynFBHRiFX3TI77IeRFDe9Zy2uxBb1kgkwKPda+PkKoO7IP97MLJfT
3G3AF+6fHTclTKLyBlN8N9udOd9orQ7is/DkutzQPaezvQfNoGtWsvql1jXVd977
5Zf7pqYZ7iYphSrljc2KK3gWB/iLCoJ2Cl++m8BSlB6z/R3snjB0Bqf+tK4upVe2
BeeyUJpaQw0ZaZ1MgodWSFACEkYAAVvw2whaofvSI66ssKJVPoQVn8jtxI/Pz2Vj
0XRO17iypLuZLEUd/W7JWL5ENoQGUZWq29m3IKRDcCrkINuhlvthZe4DlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHVzOn1bxvfKRDrWYHSh+JKNQzaBMB8GA1UdIwQY
MBaAFHJ2nW5KD8LJgBO3Iusr655uhx/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY25hZGJrb1B3c21BRTdjaTZ5dnJubTZISDhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9jNjc1MjItNzFjNS00MDYxLWExOGIt
NjkzM2E5MGM1M2ZhLzEvZFhNNmZWdkc5OHBFT3RaZ2RLSDRrbzFETm9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9jNjc1MjItNzFjNS00MDYxLWExOGItNjkzM2E5MGM1M2Zh
LzEvY25hZGJrb1B3c21BRTdjaTZ5dnJubTZISDhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVVJMA0G
CSqGSIb3DQEBCwUAA4IBAQBgZ5uPlPrvUcq7a1Oovuw3wDy0gL4a1M7jgIdbDtny
sPXEaXHJTHCNS2fJrsttbp1dJYWsH88+jt9yabePXduGAFMBEDv9QaOAR1Os53bl
8FKAJrzxl109dwLfILYrw1KGCIiI9G4Ray3rKwhcveIylbx7my6WA61heqFwOFUc
ICqKi6/BtJT0JCu/MUQRk41PxMC6HyLix7tyQVo1kwic+foS4JKHPz/f0ehTJpH6
Pm5gHpDcyzSXBCMinO6IqmVlWt8R0q80IarEfYbCuIS+aNHNvn/rv6sWe1A3cP4J
jNTteyQcV4haCrb+em+NaY+elfPvx+cz0GDcfr3DkogL
-----END CERTIFICATE-----