Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/v1E1OFNGhD4xkaZrQO9de-hOfcQ.roa
File:                     v1E1OFNGhD4xkaZrQO9de-hOfcQ.roa (raw, json)
Hash identifier:          NpV2+vzC9DkK5ii8eQVAjrlKyPyyKVkhNBP0RAZC32U=
Subject key identifier:   BF:51:35:38:53:46:84:3E:31:91:A6:6B:40:EF:5D:7B:E8:4E:7D:C4
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019D87DF6FC5A2C54DE9F5B5CCFA9E3EF991
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/v1E1OFNGhD4xkaZrQO9de-hOfcQ.roa
Signing time:             Mon 13 Apr 2026 17:24:20 +0000
ROA not before:           Mon 13 Apr 2026 17:24:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        45.142.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 13:29:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:87:df:6f:c5:a2:c5:4d:e9:f5:b5:cc:fa:9e:3e:f9:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Apr 13 17:24:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bf5135385346843e3191a66b40ef5d7be84e7dc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:f1:90:b1:b6:d6:5c:5f:7f:49:42:76:3d:79:
                    7c:c6:e2:c2:a1:8a:6a:b4:4e:ac:74:ae:43:80:97:
                    bb:2c:2e:82:50:62:02:e9:0d:fb:3c:1e:4b:99:e9:
                    a0:b3:34:c8:e8:f1:80:fb:1c:bb:4b:ae:47:8a:df:
                    37:62:9e:5e:52:5f:8b:27:9c:f8:0c:3c:85:53:73:
                    47:cf:20:a3:10:7c:6c:3e:bd:64:d2:9b:a9:65:74:
                    8d:da:84:d3:0d:8e:b3:aa:e2:c5:6f:52:73:3e:fd:
                    8f:d5:fd:23:7a:23:02:f6:5f:b1:2f:66:3c:dc:f4:
                    31:14:49:df:94:46:4a:b4:c5:c6:d7:61:e3:f1:44:
                    04:18:0a:56:b2:5b:9e:63:e2:c3:7f:5a:52:a4:31:
                    da:48:c0:4b:ff:fb:7e:37:52:13:a8:de:be:98:2d:
                    6a:40:d2:32:9a:98:bb:9c:0e:74:e6:2d:f5:3b:9f:
                    01:fc:5b:e5:ea:23:58:9a:d3:00:0d:5c:71:ca:5e:
                    7f:01:81:0c:f1:5e:f6:c6:ec:2d:c4:0c:45:be:d8:
                    f6:e8:7b:7d:88:02:69:22:96:69:18:61:65:ba:82:
                    f4:72:d6:c1:6f:19:17:ea:4f:f0:82:1e:38:e8:34:
                    68:c5:4d:2b:b0:c8:8c:f2:ae:5a:d2:3c:86:1f:49:
                    e5:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:51:35:38:53:46:84:3E:31:91:A6:6B:40:EF:5D:7B:E8:4E:7D:C4
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/v1E1OFNGhD4xkaZrQO9de-hOfcQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:47:5e:53:75:07:36:e9:84:0d:3f:82:f7:6c:33:0c:26:e2:
         4d:c4:c4:7a:50:31:c6:25:6e:11:33:05:e2:36:87:49:34:92:
         74:7f:27:0c:73:77:8e:ef:6c:18:a2:aa:86:b1:73:c0:e4:50:
         44:8a:5d:6e:37:b5:66:9a:7a:75:c1:07:e5:33:3e:74:08:8c:
         a2:4f:6c:5b:bb:d4:c1:1f:b7:a7:b8:dc:5a:f1:3c:d6:d2:56:
         41:60:f0:c2:b6:44:52:b5:0b:a3:80:e1:db:5c:19:63:1a:7f:
         5d:16:1e:96:71:66:31:89:bc:97:57:50:04:98:9e:f7:fc:93:
         cc:24:da:fa:93:04:5b:97:ba:58:fa:ef:b8:de:52:46:0c:f9:
         c6:2a:27:8c:0e:0b:f8:30:3f:70:56:f6:58:36:25:f6:7a:aa:
         18:c0:b4:94:75:ee:b2:6d:55:a0:94:25:c9:c3:7e:f5:d3:cf:
         56:75:7b:52:1f:17:7f:e3:75:0c:a2:d1:a5:64:47:33:a7:7f:
         85:fe:0b:08:b1:2b:68:87:ab:3f:34:8e:72:3b:c2:18:34:1f:
         83:a6:27:39:86:87:5f:98:dd:4e:f5:72:d7:0b:2d:a9:2f:77:
         29:22:ef:2f:dc:f0:57:a8:35:4a:5a:af:51:67:e1:df:6b:1c:
         b9:f7:ca:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2H32/FosVN6fW1zPqePvmRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwNDEzMTcyNDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjUxMzUzODUzNDY4NDNlMzE5MWE2NmI0MGVmNWQ3YmU4NGU3ZGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/GQsbbWXF9/SUJ2PXl8xuLCoYpq
tE6sdK5DgJe7LC6CUGIC6Q37PB5LmemgszTI6PGA+xy7S65Hit83Yp5eUl+LJ5z4
DDyFU3NHzyCjEHxsPr1k0pupZXSN2oTTDY6zquLFb1JzPv2P1f0jeiMC9l+xL2Y8
3PQxFEnflEZKtMXG12Hj8UQEGApWslueY+LDf1pSpDHaSMBL//t+N1ITqN6+mC1q
QNIympi7nA505i31O58B/Fvl6iNYmtMADVxxyl5/AYEM8V72xuwtxAxFvtj26Ht9
iAJpIpZpGGFluoL0ctbBbxkX6k/wgh446DRoxU0rsMiM8q5a0jyGH0nlbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL9RNThTRoQ+MZGma0DvXXvoTn3EMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvdjFFMU9GTkdoRDR4a2FaclFPOWRlLWhPZmNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY4eMA0G
CSqGSIb3DQEBCwUAA4IBAQCxR15TdQc26YQNP4L3bDMMJuJNxMR6UDHGJW4RMwXi
NodJNJJ0fycMc3eO72wYoqqGsXPA5FBEil1uN7Vmmnp1wQflMz50CIyiT2xbu9TB
H7enuNxa8TzW0lZBYPDCtkRStQujgOHbXBljGn9dFh6WcWYxibyXV1AEmJ73/JPM
JNr6kwRbl7pY+u+43lJGDPnGKieMDgv4MD9wVvZYNiX2eqoYwLSUde6ybVWglCXJ
w371089WdXtSHxd/43UMotGlZEczp3+F/gsIsStoh6s/NI5yO8IYNB+Dpic5hodf
mN1O9XLXCy2pL3cpIu8v3PBXqDVKWq9RZ+Hfaxy598qh
-----END CERTIFICATE-----