Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/j04gV90eLPiCvzkhrNfRpaCeMDM.roa
File:                     j04gV90eLPiCvzkhrNfRpaCeMDM.roa (raw, json)
Hash identifier:          C9xDSxtbmN6gIFup7Y1LD4bPdGleo2vX8xpIJbznYcY=
Subject key identifier:   8F:4E:20:57:DD:1E:2C:F8:82:BF:39:21:AC:D7:D1:A5:A0:9E:30:33
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019D3FF4256F2D3A3880E16B27C1734DBD14
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/j04gV90eLPiCvzkhrNfRpaCeMDM.roa
Signing time:             Mon 30 Mar 2026 18:14:18 +0000
ROA not before:           Mon 30 Mar 2026 18:14:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199595
IP address blocks:        45.137.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 02:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3f:f4:25:6f:2d:3a:38:80:e1:6b:27:c1:73:4d:bd:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Mar 30 18:14:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8f4e2057dd1e2cf882bf3921acd7d1a5a09e3033
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:66:8d:f8:15:70:20:8f:3c:0e:8a:2a:e6:0a:
                    40:b3:e5:b0:c8:33:bf:25:16:b9:f9:94:b2:da:b2:
                    4a:19:11:23:8c:44:65:7e:29:3a:ee:dd:9c:2a:7f:
                    c2:e4:0b:d7:3a:58:37:4f:f2:0f:98:cc:cb:f0:8d:
                    95:46:81:72:5e:ed:48:b8:0a:b4:e1:e9:23:df:be:
                    a0:f2:94:69:f1:cf:ea:c0:78:92:fe:53:f8:96:e0:
                    98:87:33:1a:e5:be:a0:c4:13:27:f8:9e:a6:7a:b0:
                    e6:d0:d9:22:fe:ff:28:aa:f3:89:b6:38:f7:97:08:
                    d8:78:96:7e:a6:62:d2:a2:41:2a:a5:3a:a1:26:23:
                    0b:97:ad:cb:5a:8e:8a:e3:5a:c8:18:da:0a:7b:2c:
                    40:b3:da:48:03:e0:0e:cb:f3:2d:fc:a9:90:1a:6e:
                    4d:50:fd:fc:94:7a:e2:86:60:33:7d:2a:a1:4b:8c:
                    6d:57:22:8e:c3:4c:aa:4a:55:6a:67:7c:13:f2:99:
                    2a:8d:69:0c:17:a7:f5:95:c4:b2:f3:18:35:52:2f:
                    cc:b6:ce:5b:7e:03:8d:af:f8:32:ed:ed:a7:04:22:
                    1d:90:68:0e:ea:09:b3:4d:14:8e:8f:20:f8:9e:3d:
                    ad:3c:6f:3f:6e:d1:8d:e4:73:52:ff:59:c4:1a:4e:
                    01:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:4E:20:57:DD:1E:2C:F8:82:BF:39:21:AC:D7:D1:A5:A0:9E:30:33
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/j04gV90eLPiCvzkhrNfRpaCeMDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:a6:38:22:27:8f:9a:c4:42:fb:aa:50:2c:50:40:cb:40:cb:
         95:61:70:af:6e:6d:9c:e3:cd:c6:28:38:a5:6d:55:f8:03:4b:
         f9:74:b0:bc:d0:b9:98:f1:5a:97:29:5d:34:0d:78:9d:d9:22:
         a7:1e:7c:a8:79:47:3f:b9:d6:91:bb:28:28:3b:88:79:1f:9f:
         83:91:ed:5e:91:ab:cd:a3:ee:cd:eb:c5:d8:9c:b4:5b:e5:7a:
         f3:d3:97:8e:b4:f2:5c:27:ca:47:36:5e:5a:f3:76:f9:cb:f1:
         2f:0e:8b:e2:61:32:93:e5:a9:13:4b:50:7b:9d:d9:d6:20:6f:
         69:a4:06:e4:a6:75:52:ca:22:76:50:56:42:b1:72:00:6d:6d:
         fc:38:28:9d:49:54:0a:61:e6:6e:6a:5f:49:0f:92:36:a2:41:
         a0:fb:db:a4:a1:c0:a1:1b:9f:cf:85:61:64:0d:13:0c:a7:93:
         e6:ee:d4:90:b8:8e:f5:c4:4b:76:f5:df:84:d0:73:fe:e1:1c:
         b7:94:3a:9b:12:f7:80:31:cb:8a:40:b9:e7:e9:5c:0d:49:a3:
         66:c4:4a:34:b5:e7:35:f3:3d:c9:cb:e8:80:b9:bb:a8:3f:fa:
         d1:51:57:fa:2a:55:2e:da:40:40:a5:c8:6a:5e:83:2b:bb:fe:
         cd:0d:50:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0/9CVvLTo4gOFrJ8FzTb0UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwMzMwMTgxNDE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjRlMjA1N2RkMWUyY2Y4ODJiZjM5MjFhY2Q3ZDFhNWEwOWUzMDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGaN+BVwII88Dooq5gpAs+WwyDO/
JRa5+ZSy2rJKGREjjERlfik67t2cKn/C5AvXOlg3T/IPmMzL8I2VRoFyXu1IuAq0
4ekj376g8pRp8c/qwHiS/lP4luCYhzMa5b6gxBMn+J6merDm0Nki/v8oqvOJtjj3
lwjYeJZ+pmLSokEqpTqhJiMLl63LWo6K41rIGNoKeyxAs9pIA+AOy/Mt/KmQGm5N
UP38lHrihmAzfSqhS4xtVyKOw0yqSlVqZ3wT8pkqjWkMF6f1lcSy8xg1Ui/Mts5b
fgONr/gy7e2nBCIdkGgO6gmzTRSOjyD4nj2tPG8/btGN5HNS/1nEGk4BawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI9OIFfdHiz4gr85IazX0aWgnjAzMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvajA0Z1Y5MGVMUGlDdnpraHJOZlJwYUNlTURNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYkoMA0G
CSqGSIb3DQEBCwUAA4IBAQA2pjgiJ4+axEL7qlAsUEDLQMuVYXCvbm2c483GKDil
bVX4A0v5dLC80LmY8VqXKV00DXid2SKnHnyoeUc/udaRuygoO4h5H5+Dke1ekavN
o+7N68XYnLRb5Xrz05eOtPJcJ8pHNl5a83b5y/EvDoviYTKT5akTS1B7ndnWIG9p
pAbkpnVSyiJ2UFZCsXIAbW38OCidSVQKYeZual9JD5I2okGg+9ukocChG5/PhWFk
DRMMp5Pm7tSQuI71xEt29d+E0HP+4Ry3lDqbEveAMcuKQLnn6VwNSaNmxEo0tec1
8z3Jy+iAubuoP/rRUVf6KlUu2kBApchqXoMru/7NDVAe
-----END CERTIFICATE-----