Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/S7h5Fby9bbpxdXYmDtza_SDSYtg.roa
File:                     S7h5Fby9bbpxdXYmDtza_SDSYtg.roa (raw, json)
Hash identifier:          IOxFJnKliiuzpHTvfCVgOBtXgnXsZ5cTLcWr06Mhmmg=
Subject key identifier:   4B:B8:79:15:BC:BD:6D:BA:71:75:76:26:0E:DC:DA:FD:20:D2:62:D8
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       019C0E40240F4B4DD33148CE70C46749E5A6
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/S7h5Fby9bbpxdXYmDtza_SDSYtg.roa
Signing time:             Fri 30 Jan 2026 09:33:30 +0000
ROA not before:           Fri 30 Jan 2026 09:33:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5065
IP address blocks:        130.49.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 12:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:0e:40:24:0f:4b:4d:d3:31:48:ce:70:c4:67:49:e5:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Jan 30 09:33:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4bb87915bcbd6dba717576260edcdafd20d262d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:37:ac:4c:2b:b3:7f:2c:9a:31:78:e6:d5:f2:
                    91:96:10:b9:5e:41:77:28:10:71:49:aa:bb:19:0d:
                    af:94:54:03:e2:2b:d6:75:35:ac:88:18:07:c0:80:
                    44:5f:bb:52:d4:ac:b8:ca:22:99:05:ba:57:f7:af:
                    93:f8:0d:26:f2:01:b1:77:2e:05:e2:ed:93:fa:66:
                    9f:f7:53:da:1a:1a:fc:1e:df:e1:02:49:62:85:12:
                    e8:4e:1a:23:4c:6b:cd:0d:43:5e:ea:98:2e:14:81:
                    6e:65:6d:aa:17:d9:99:b6:4a:fb:99:3d:4d:ad:04:
                    18:a6:da:32:08:63:44:eb:6d:bf:c1:42:02:60:e5:
                    88:41:62:cc:f4:85:70:b1:f7:4e:ba:51:22:24:63:
                    ee:aa:b4:d4:a1:8e:78:93:ff:2f:73:a8:f2:e6:4c:
                    83:b0:2b:e0:fd:ac:dc:34:bb:da:38:37:81:e2:36:
                    ce:3e:dd:5c:fb:ef:85:0e:34:76:d1:77:44:3a:f2:
                    17:48:86:5a:5a:5b:56:c0:62:85:11:00:ba:67:3a:
                    7d:bc:2e:97:09:89:c6:cf:5d:14:ef:9b:86:38:de:
                    50:be:24:bd:7b:ba:bb:99:6c:96:8d:73:ff:9c:d0:
                    8f:29:5e:62:4e:d9:c0:ba:8b:90:88:d2:f4:ee:9c:
                    cf:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:B8:79:15:BC:BD:6D:BA:71:75:76:26:0E:DC:DA:FD:20:D2:62:D8
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/S7h5Fby9bbpxdXYmDtza_SDSYtg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.49.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:98:77:73:0a:4f:16:e0:a3:5d:e1:57:20:27:0a:3f:22:b9:
         46:84:07:53:79:fb:13:ca:14:f1:5d:2d:74:7b:de:13:cd:e8:
         75:aa:17:c5:2a:5f:9d:df:ef:c9:19:61:85:82:17:27:af:8f:
         cd:e5:7e:d3:80:89:d5:d0:34:79:4d:05:80:ac:8c:3a:30:53:
         2e:07:b5:25:2d:4f:63:ba:e3:fe:85:27:02:f4:57:16:2e:02:
         3a:c3:b6:1a:27:22:66:cf:50:30:31:5c:01:36:d8:f4:77:3d:
         6b:b3:d8:78:4f:c7:b3:e4:e8:27:8a:8c:2b:d9:43:3e:98:31:
         1b:4e:4c:2b:5e:dd:f0:d9:55:5e:76:72:c9:8c:30:6f:53:ea:
         af:a7:d5:8b:66:cd:03:0c:65:48:e9:84:17:f5:c9:e6:80:38:
         bb:aa:d0:54:c2:9e:27:99:53:58:d6:cd:1c:7d:18:2e:d7:77:
         40:e6:cc:4f:97:58:1e:d0:47:0b:68:77:99:a9:8f:e8:7b:bc:
         43:90:e5:0b:67:b2:dd:f0:17:e0:b8:78:ad:1b:df:54:d4:6f:
         5c:85:7c:d2:05:d2:67:78:63:34:c3:83:3a:22:4e:d8:62:59:
         e6:b2:d5:d4:49:2b:c9:ed:6a:d2:ff:74:62:a8:15:eb:fc:c3:
         13:f7:d7:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwOQCQPS03TMUjOcMRnSeWmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjYwMTMwMDkzMzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmI4NzkxNWJjYmQ2ZGJhNzE3NTc2MjYwZWRjZGFmZDIwZDI2MmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmDesTCuzfyyaMXjm1fKRlhC5XkF3
KBBxSaq7GQ2vlFQD4ivWdTWsiBgHwIBEX7tS1Ky4yiKZBbpX96+T+A0m8gGxdy4F
4u2T+maf91PaGhr8Ht/hAklihRLoThojTGvNDUNe6pguFIFuZW2qF9mZtkr7mT1N
rQQYptoyCGNE622/wUICYOWIQWLM9IVwsfdOulEiJGPuqrTUoY54k/8vc6jy5kyD
sCvg/azcNLvaODeB4jbOPt1c+++FDjR20XdEOvIXSIZaWltWwGKFEQC6Zzp9vC6X
CYnGz10U75uGON5QviS9e7q7mWyWjXP/nNCPKV5iTtnAuouQiNL07pzPGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEu4eRW8vW26cXV2Jg7c2v0g0mLYMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvUzdoNUZieTliYnB4ZFhZbUR0emFfU0RTWXRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgjG0MA0G
CSqGSIb3DQEBCwUAA4IBAQAWmHdzCk8W4KNd4VcgJwo/IrlGhAdTefsTyhTxXS10
e94Tzeh1qhfFKl+d3+/JGWGFghcnr4/N5X7TgInV0DR5TQWArIw6MFMuB7UlLU9j
uuP+hScC9FcWLgI6w7YaJyJmz1AwMVwBNtj0dz1rs9h4T8ez5Ogniowr2UM+mDEb
TkwrXt3w2VVednLJjDBvU+qvp9WLZs0DDGVI6YQX9cnmgDi7qtBUwp4nmVNY1s0c
fRgu13dA5sxPl1ge0EcLaHeZqY/oe7xDkOULZ7Ld8BfguHitG99U1G9chXzSBdJn
eGM0w4M6Ik7YYlnmstXUSSvJ7WrS/3RiqBXr/MMT99ev
-----END CERTIFICATE-----