Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/xY9BroR3iRbJqm7RCTof9jEemr8.roa
File:                     xY9BroR3iRbJqm7RCTof9jEemr8.roa (raw, json)
Hash identifier:          9dLUnNHnNhC683i+pgDf8sFP0wo8PH6axmUl56au+bY=
Subject key identifier:   C5:8F:41:AE:84:77:89:16:C9:AA:6E:D1:09:3A:1F:F6:31:1E:9A:BF
Certificate issuer:       /CN=51ecf9babc9ca6bae9085ce292fb1c2cc18d344f
Certificate serial:       019EB1C5D0010306B24F0694915B8E7DBAF8
Authority key identifier: 51:EC:F9:BA:BC:9C:A6:BA:E9:08:5C:E2:92:FB:1C:2C:C1:8D:34:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uez5urycprrpCFzikvscLMGNNE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/xY9BroR3iRbJqm7RCTof9jEemr8.roa
Signing time:             Wed 10 Jun 2026 13:43:11 +0000
ROA not before:           Wed 10 Jun 2026 13:43:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51847
IP address blocks:        45.158.60.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/Uez5urycprrpCFzikvscLMGNNE8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/Uez5urycprrpCFzikvscLMGNNE8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uez5urycprrpCFzikvscLMGNNE8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 04:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b1:c5:d0:01:03:06:b2:4f:06:94:91:5b:8e:7d:ba:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51ecf9babc9ca6bae9085ce292fb1c2cc18d344f
        Validity
            Not Before: Jun 10 13:43:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c58f41ae84778916c9aa6ed1093a1ff6311e9abf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:91:80:74:56:13:0c:b9:e1:3f:1f:8f:12:2b:
                    43:53:25:8d:17:16:ec:2f:e3:f9:13:91:75:95:21:
                    c8:ba:61:f0:7a:23:0c:08:dd:9a:c8:11:37:5f:77:
                    e9:b1:5c:14:18:41:d3:30:b2:ae:40:42:cb:06:14:
                    69:a6:13:77:84:a5:2d:c5:8c:e2:0f:4d:65:e9:44:
                    b5:cb:11:32:9d:a8:74:e7:f7:6b:ce:70:ad:63:e0:
                    d1:e3:91:87:c0:54:16:a7:e8:56:6a:07:44:ea:d5:
                    8a:ae:bc:11:d3:d6:d3:b1:b1:6d:80:3c:4c:99:f1:
                    0c:e1:69:69:9b:a5:2e:ba:26:f6:aa:12:83:53:f2:
                    a8:90:d6:ba:8b:bf:90:31:64:51:d6:cc:b1:3b:7d:
                    24:22:50:8e:8b:c7:d1:71:b8:58:a7:30:8a:bc:e5:
                    5b:b2:7e:45:30:06:f2:e7:61:c1:59:ed:46:32:27:
                    1d:bf:9e:6a:fe:91:21:27:be:ba:18:d5:07:e1:7b:
                    95:ac:65:3b:eb:3e:30:91:b0:a4:ae:1c:8a:de:07:
                    78:35:62:3d:18:dd:03:64:ee:51:e2:ea:e6:85:b9:
                    27:91:13:08:14:e3:b6:f5:50:23:0c:da:e7:22:b9:
                    76:89:b4:cb:d1:24:0b:cd:13:6b:9e:a2:44:d4:e3:
                    82:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:8F:41:AE:84:77:89:16:C9:AA:6E:D1:09:3A:1F:F6:31:1E:9A:BF
            X509v3 Authority Key Identifier:
                keyid:51:EC:F9:BA:BC:9C:A6:BA:E9:08:5C:E2:92:FB:1C:2C:C1:8D:34:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uez5urycprrpCFzikvscLMGNNE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/xY9BroR3iRbJqm7RCTof9jEemr8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/Uez5urycprrpCFzikvscLMGNNE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8d:8b:f8:60:25:7d:b0:d9:cb:4c:e2:e8:bf:3b:ea:9c:0a:5f:
         26:1b:74:d4:df:03:78:57:27:23:25:96:5f:a5:4b:b4:93:91:
         51:0e:bb:9b:84:23:0b:e7:45:d0:3e:50:f6:3c:80:b4:5d:44:
         ad:8c:8d:74:13:fb:32:db:7a:3c:f2:2e:18:6d:3f:f1:92:8e:
         ff:3f:d1:50:80:da:ad:78:70:79:52:4f:bb:0e:75:6e:b3:71:
         f9:9d:aa:02:cd:b8:3a:f4:ff:6e:ab:42:38:6b:44:93:a7:a7:
         6c:33:0d:67:42:49:d6:10:0f:b2:96:43:70:af:63:8e:e0:c7:
         7f:12:82:5e:1b:61:b2:17:f2:50:53:c1:43:ad:5f:91:4e:71:
         cc:2a:e6:64:83:da:10:a5:bc:72:52:da:9e:8e:51:ac:f0:d0:
         3e:d7:5d:79:34:72:7a:8f:88:06:24:57:be:43:b3:52:54:38:
         84:7d:4c:81:31:1c:e7:62:31:52:fd:78:6e:b3:c7:5c:c5:1a:
         db:86:5f:77:c3:47:90:82:37:d3:b8:e5:75:fe:2d:f0:d2:9e:
         07:24:02:6a:fc:7f:2b:5a:42:63:64:4f:ff:d5:77:b0:8a:25:
         72:68:c8:7b:7c:f7:c4:f9:9a:ef:57:de:cd:de:e7:d1:ba:2b:
         a3:9f:7c:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6xxdABAwayTwaUkVuOfbr4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxZWNmOWJhYmM5Y2E2YmFlOTA4NWNlMjkyZmIxYzJjYzE4
ZDM0NGYwHhcNMjYwNjEwMTM0MzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNThmNDFhZTg0Nzc4OTE2YzlhYTZlZDEwOTNhMWZmNjMxMWU5YWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2JGAdFYTDLnhPx+PEitDUyWNFxbs
L+P5E5F1lSHIumHweiMMCN2ayBE3X3fpsVwUGEHTMLKuQELLBhRpphN3hKUtxYzi
D01l6US1yxEynah05/drznCtY+DR45GHwFQWp+hWagdE6tWKrrwR09bTsbFtgDxM
mfEM4Wlpm6Uuuib2qhKDU/KokNa6i7+QMWRR1syxO30kIlCOi8fRcbhYpzCKvOVb
sn5FMAby52HBWe1GMicdv55q/pEhJ766GNUH4XuVrGU76z4wkbCkrhyK3gd4NWI9
GN0DZO5R4urmhbknkRMIFOO29VAjDNrnIrl2ibTL0SQLzRNrnqJE1OOCfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMWPQa6Ed4kWyapu0Qk6H/YxHpq/MB8GA1UdIwQY
MBaAFFHs+bq8nKa66Qhc4pL7HCzBjTRPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWV6NXVyeWNwcnJwQ0Z6aWt2c2NMTUdOTkU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9mYjA0YzgtNzA1Ny00NWI3LWEzNGMt
ZGNmYzZhOWUwZGM3LzEveFk5QnJvUjNpUmJKcW03UkNUb2Y5akVlbXI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9mYjA0YzgtNzA1Ny00NWI3LWEzNGMtZGNmYzZhOWUwZGM3
LzEvVWV6NXVyeWNwcnJwQ0Z6aWt2c2NMTUdOTkU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZ48MA0G
CSqGSIb3DQEBCwUAA4IBAQCNi/hgJX2w2ctM4ui/O+qcCl8mG3TU3wN4VycjJZZf
pUu0k5FRDrubhCML50XQPlD2PIC0XUStjI10E/sy23o88i4YbT/xko7/P9FQgNqt
eHB5Uk+7DnVus3H5naoCzbg69P9uq0I4a0STp6dsMw1nQknWEA+ylkNwr2OO4Md/
EoJeG2GyF/JQU8FDrV+RTnHMKuZkg9oQpbxyUtqejlGs8NA+1115NHJ6j4gGJFe+
Q7NSVDiEfUyBMRznYjFS/Xhus8dcxRrbhl93w0eQgjfTuOV1/i3w0p4HJAJq/H8r
WkJjZE//1XewiiVyaMh7fPfE+ZrvV97N3ufRuiujn3yV
-----END CERTIFICATE-----