Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/225ec3-0387-4b5d-88c1-c61751c6b195/1/0bqo0bUAXv_4CI9l73mqbhE8a2g.roa
File:                     0bqo0bUAXv_4CI9l73mqbhE8a2g.roa (raw, json)
Hash identifier:          iEe2NrJePiOEkt4y1MNa7WFWziQ9517Q5QJMPLgLqF0=
Subject key identifier:   D1:BA:A8:D1:B5:00:5E:FF:F8:08:8F:65:EF:79:AA:6E:11:3C:6B:68
Certificate issuer:       /CN=80ad8c520bb9677461ddc4ec09b76d733b7d8370
Certificate serial:       019EC02BB9B43E1F93C3969C1ACFD5E77339
Authority key identifier: 80:AD:8C:52:0B:B9:67:74:61:DD:C4:EC:09:B7:6D:73:3B:7D:83:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gK2MUgu5Z3Rh3cTsCbdtczt9g3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/225ec3-0387-4b5d-88c1-c61751c6b195/1/0bqo0bUAXv_4CI9l73mqbhE8a2g.roa
Signing time:             Sat 13 Jun 2026 08:49:11 +0000
ROA not before:           Sat 13 Jun 2026 08:49:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44090
IP address blocks:        45.142.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/225ec3-0387-4b5d-88c1-c61751c6b195/1/gK2MUgu5Z3Rh3cTsCbdtczt9g3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/225ec3-0387-4b5d-88c1-c61751c6b195/1/gK2MUgu5Z3Rh3cTsCbdtczt9g3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gK2MUgu5Z3Rh3cTsCbdtczt9g3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:c0:2b:b9:b4:3e:1f:93:c3:96:9c:1a:cf:d5:e7:73:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80ad8c520bb9677461ddc4ec09b76d733b7d8370
        Validity
            Not Before: Jun 13 08:49:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d1baa8d1b5005efff8088f65ef79aa6e113c6b68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:e4:a0:a3:6d:70:29:81:56:40:61:00:2e:ea:
                    cc:35:79:d1:75:28:1b:a8:e9:fe:1e:bc:4a:7b:63:
                    6c:d0:97:9a:fb:06:0c:05:c6:bf:c1:90:99:dd:55:
                    d6:d4:4d:74:b3:f8:49:0c:d5:c1:1b:1c:3d:92:2f:
                    75:f6:d1:56:64:15:3f:57:ef:94:d4:48:ce:d4:73:
                    37:86:32:9c:c5:8b:77:74:d6:43:9f:6f:a4:e3:fc:
                    9c:17:3b:52:3c:3c:71:74:1b:3d:2a:e2:0b:c5:ec:
                    b9:eb:76:00:01:70:0d:b5:11:5d:18:c8:c2:e0:33:
                    b0:d9:83:33:ef:d0:7a:2d:a2:40:70:03:49:8a:c2:
                    dc:c1:b1:21:51:c7:0e:88:c1:0b:b1:92:04:2d:75:
                    a4:f8:62:01:26:05:7c:04:1f:8a:bc:5a:d3:d0:23:
                    57:e2:3c:8c:fb:ae:1c:9c:66:dd:10:99:28:08:a7:
                    ff:a4:d7:27:39:62:71:0e:47:58:87:19:ee:3f:be:
                    35:0d:02:21:48:f1:75:82:43:9c:9d:11:9d:76:e3:
                    92:e3:d6:b0:09:df:fb:0b:64:e3:1c:97:bd:27:27:
                    81:7b:3a:a4:9f:63:4b:db:e4:d8:4a:e3:3d:d5:16:
                    9b:0b:f5:1c:f5:b8:60:af:ce:fe:e9:98:50:6c:00:
                    7e:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:BA:A8:D1:B5:00:5E:FF:F8:08:8F:65:EF:79:AA:6E:11:3C:6B:68
            X509v3 Authority Key Identifier:
                keyid:80:AD:8C:52:0B:B9:67:74:61:DD:C4:EC:09:B7:6D:73:3B:7D:83:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gK2MUgu5Z3Rh3cTsCbdtczt9g3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/225ec3-0387-4b5d-88c1-c61751c6b195/1/0bqo0bUAXv_4CI9l73mqbhE8a2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/225ec3-0387-4b5d-88c1-c61751c6b195/1/gK2MUgu5Z3Rh3cTsCbdtczt9g3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:91:29:3a:eb:7f:74:16:fa:ce:87:05:81:11:c4:83:41:f6:
         2e:7b:5c:2c:d3:3d:f8:77:72:10:72:03:41:f7:ba:e8:16:21:
         34:f6:83:c9:57:af:d6:38:1e:be:d1:ad:bd:39:c7:c1:ae:dc:
         79:5e:a9:44:54:bc:1f:b9:99:3f:51:0d:fe:f9:3f:b0:43:6d:
         aa:50:43:32:a3:8e:22:5c:78:51:e2:73:3c:74:3d:46:ee:e2:
         93:c4:db:dd:0c:bf:d4:15:78:32:60:9f:a4:c0:89:a7:73:74:
         e0:3b:71:0f:d3:43:9d:e6:86:85:45:b6:30:11:af:43:34:19:
         cc:0a:9c:11:f5:9f:db:c5:0e:e7:ce:c8:c8:45:6e:90:1b:ce:
         37:5f:6a:ac:8a:80:a7:0f:84:3b:d5:7c:7a:14:ec:eb:eb:b6:
         b0:b5:55:62:6b:38:15:ab:19:4c:5d:a8:03:22:38:cd:c2:9e:
         11:20:a6:6d:3f:54:8b:d7:e6:d1:2e:c5:5a:66:ca:a2:e2:92:
         b6:59:da:10:04:85:ce:89:75:bd:de:94:74:5c:8f:3d:7f:67:
         9b:12:f3:89:c2:37:da:22:cc:f9:04:0e:09:7f:63:2c:aa:5c:
         cb:36:21:b3:74:f0:08:02:b6:d6:e8:cb:b1:f7:86:62:85:2c:
         8a:c5:4c:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7AK7m0Ph+Tw5acGs/V53M5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwYWQ4YzUyMGJiOTY3NzQ2MWRkYzRlYzA5Yjc2ZDczM2I3
ZDgzNzAwHhcNMjYwNjEzMDg0OTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWJhYThkMWI1MDA1ZWZmZjgwODhmNjVlZjc5YWE2ZTExM2M2YjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAteSgo21wKYFWQGEALurMNXnRdSgb
qOn+HrxKe2Ns0Jea+wYMBca/wZCZ3VXW1E10s/hJDNXBGxw9ki919tFWZBU/V++U
1EjO1HM3hjKcxYt3dNZDn2+k4/ycFztSPDxxdBs9KuILxey563YAAXANtRFdGMjC
4DOw2YMz79B6LaJAcANJisLcwbEhUccOiMELsZIELXWk+GIBJgV8BB+KvFrT0CNX
4jyM+64cnGbdEJkoCKf/pNcnOWJxDkdYhxnuP741DQIhSPF1gkOcnRGdduOS49aw
Cd/7C2TjHJe9JyeBezqkn2NL2+TYSuM91RabC/Uc9bhgr87+6ZhQbAB+pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNG6qNG1AF7/+AiPZe95qm4RPGtoMB8GA1UdIwQY
MBaAFICtjFILuWd0Yd3E7Am3bXM7fYNwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0syTVVndTVaM1JoM2NUc0NiZHRjenQ5ZzNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8yMjVlYzMtMDM4Ny00YjVkLTg4YzEt
YzYxNzUxYzZiMTk1LzEvMGJxbzBiVUFYdl80Q0k5bDczbXFiaEU4YTJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8yMjVlYzMtMDM4Ny00YjVkLTg4YzEtYzYxNzUxYzZiMTk1
LzEvZ0syTVVndTVaM1JoM2NUc0NiZHRjenQ5ZzNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY69MA0G
CSqGSIb3DQEBCwUAA4IBAQBLkSk66390FvrOhwWBEcSDQfYue1ws0z34d3IQcgNB
97roFiE09oPJV6/WOB6+0a29OcfBrtx5XqlEVLwfuZk/UQ3++T+wQ22qUEMyo44i
XHhR4nM8dD1G7uKTxNvdDL/UFXgyYJ+kwImnc3TgO3EP00Od5oaFRbYwEa9DNBnM
CpwR9Z/bxQ7nzsjIRW6QG843X2qsioCnD4Q71Xx6FOzr67awtVViazgVqxlMXagD
IjjNwp4RIKZtP1SL1+bRLsVaZsqi4pK2WdoQBIXOiXW93pR0XI89f2ebEvOJwjfa
Isz5BA4Jf2MsqlzLNiGzdPAIArbW6Mux94ZihSyKxUyF
-----END CERTIFICATE-----