Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/N9bepzs_K296AU3ap4s25Z2_J7g.roa
File:                     N9bepzs_K296AU3ap4s25Z2_J7g.roa (raw, json)
Hash identifier:          KJPXW6MmZtIYjjt25qbJCFZzBbNboV8lS5MdURNSqGQ=
Subject key identifier:   37:D6:DE:A7:3B:3F:2B:6F:7A:01:4D:DA:A7:8B:36:E5:9D:BF:27:B8
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019E2BAE90346F2CDC19BE2ECBCFE5B1344D
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/N9bepzs_K296AU3ap4s25Z2_J7g.roa
Signing time:             Fri 15 May 2026 12:48:40 +0000
ROA not before:           Fri 15 May 2026 12:48:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     22773
IP address blocks:        45.129.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2b:ae:90:34:6f:2c:dc:19:be:2e:cb:cf:e5:b1:34:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: May 15 12:48:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=37d6dea73b3f2b6f7a014ddaa78b36e59dbf27b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:66:72:41:e0:b8:10:49:09:59:6e:60:bd:c4:
                    c8:d5:1b:99:54:36:e4:3e:bd:c6:5e:a5:57:d0:02:
                    b9:5b:0e:fc:03:09:1c:79:6c:36:ab:22:14:06:57:
                    96:92:ce:ed:ee:7e:5e:7d:98:97:8a:66:60:85:23:
                    98:fe:9e:1e:47:31:fb:d7:47:bb:b3:63:47:99:ea:
                    36:15:e6:0f:c5:dd:1d:af:94:ed:e0:1a:69:f1:55:
                    c9:62:45:3f:b1:77:f8:45:97:be:b4:3d:a8:85:93:
                    f4:3c:25:cf:cc:91:bf:a5:50:a1:a4:cb:8d:05:8f:
                    0f:7c:f7:c0:54:62:d8:cd:70:42:ce:14:b6:ba:ae:
                    3a:24:f6:fc:23:e0:b0:18:3a:74:1d:94:95:32:ae:
                    7b:f0:c0:d2:f3:63:07:99:a0:9b:94:a8:80:22:11:
                    e4:40:99:d9:cd:1b:d8:fc:e6:d5:00:1e:b1:bb:45:
                    ac:73:9d:10:4b:a0:04:53:12:b0:05:f2:2c:bc:2f:
                    e0:92:44:a8:16:20:d3:f6:93:49:40:b6:7d:3c:46:
                    d7:d8:83:82:53:c6:10:46:1b:99:c8:a4:d6:15:6e:
                    d9:12:86:68:47:6b:8b:74:8d:9d:0d:10:f9:06:35:
                    99:12:f4:1f:0a:a1:38:2d:e2:f4:b3:e4:88:6e:8a:
                    94:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:D6:DE:A7:3B:3F:2B:6F:7A:01:4D:DA:A7:8B:36:E5:9D:BF:27:B8
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/N9bepzs_K296AU3ap4s25Z2_J7g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:13:fc:07:59:74:f4:2f:4c:d0:d3:18:39:0d:43:73:e2:bf:
         c4:f3:af:11:5a:ae:6e:88:9f:af:32:49:41:8d:21:57:7e:0f:
         f0:9c:69:37:7c:32:bf:ef:36:9f:bf:20:1a:f6:53:1e:9a:e0:
         2d:f5:c8:d3:32:35:7a:f2:98:93:ba:82:9a:a1:dd:d5:44:ae:
         05:96:f5:7c:2b:bc:b4:03:bf:f8:b5:7d:33:b5:61:00:0f:75:
         92:cb:5a:e7:5a:65:18:96:2c:a4:61:5a:ec:91:6d:d2:40:18:
         e9:24:50:9c:1e:f0:03:3f:13:83:39:33:38:c1:fa:34:4a:08:
         1f:d8:9e:aa:f3:8c:47:b2:51:3f:ab:93:a6:a7:4c:2b:9e:3b:
         79:a9:59:2e:24:f8:83:b1:c5:39:bd:bb:70:8d:91:c5:11:fd:
         38:6e:c0:76:01:89:2d:2d:01:0e:fb:3e:df:4e:33:9f:f6:f1:
         fd:58:86:c6:d3:e5:10:12:f1:c6:8e:6d:29:b6:61:b0:7e:6b:
         1d:97:fa:3c:48:9a:07:4b:52:fa:80:c2:74:e3:29:36:48:92:
         7c:66:2c:28:ca:f8:8a:61:2a:f3:89:77:a8:7a:c5:9d:bc:c3:
         41:aa:17:80:86:0a:6c:b4:b4:14:44:0a:4f:61:a4:c5:43:f0:
         59:47:e7:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4rrpA0byzcGb4uy8/lsTRNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwNTE1MTI0ODQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2Q2ZGVhNzNiM2YyYjZmN2EwMTRkZGFhNzhiMzZlNTlkYmYyN2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2ZyQeC4EEkJWW5gvcTI1RuZVDbk
Pr3GXqVX0AK5Ww78AwkceWw2qyIUBleWks7t7n5efZiXimZghSOY/p4eRzH710e7
s2NHmeo2FeYPxd0dr5Tt4Bpp8VXJYkU/sXf4RZe+tD2ohZP0PCXPzJG/pVChpMuN
BY8PfPfAVGLYzXBCzhS2uq46JPb8I+CwGDp0HZSVMq578MDS82MHmaCblKiAIhHk
QJnZzRvY/ObVAB6xu0Wsc50QS6AEUxKwBfIsvC/gkkSoFiDT9pNJQLZ9PEbX2IOC
U8YQRhuZyKTWFW7ZEoZoR2uLdI2dDRD5BjWZEvQfCqE4LeL0s+SIboqUcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDfW3qc7PytvegFN2qeLNuWdvye4MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvTjliZXB6c19LMjk2QVUzYXA0czI1WjJfSjdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYF/MA0G
CSqGSIb3DQEBCwUAA4IBAQAFE/wHWXT0L0zQ0xg5DUNz4r/E868RWq5uiJ+vMklB
jSFXfg/wnGk3fDK/7zafvyAa9lMemuAt9cjTMjV68piTuoKaod3VRK4FlvV8K7y0
A7/4tX0ztWEAD3WSy1rnWmUYliykYVrskW3SQBjpJFCcHvADPxODOTM4wfo0Sggf
2J6q84xHslE/q5Omp0wrnjt5qVkuJPiDscU5vbtwjZHFEf04bsB2AYktLQEO+z7f
TjOf9vH9WIbG0+UQEvHGjm0ptmGwfmsdl/o8SJoHS1L6gMJ04yk2SJJ8ZiwoyviK
YSrziXeoesWdvMNBqheAhgpstLQURApPYaTFQ/BZR+d5
-----END CERTIFICATE-----