Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/zk9lXtZketb1ef8ehS4gxBM-1zs.roa
File:                     zk9lXtZketb1ef8ehS4gxBM-1zs.roa (raw, json)
Hash identifier:          ctBxse0qv6d6T0dkS0orXUeWoJ+PzzjXhLElNbJwnBA=
Subject key identifier:   CE:4F:65:5E:D6:64:7A:D6:F5:79:FF:1E:85:2E:20:C4:13:3E:D7:3B
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019C2D4B92AE89F359E1C5FA301469A7F636
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/zk9lXtZketb1ef8ehS4gxBM-1zs.roa
Signing time:             Thu 05 Feb 2026 10:14:13 +0000
ROA not before:           Thu 05 Feb 2026 10:14:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213861
IP address blocks:        45.149.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 12:23:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:2d:4b:92:ae:89:f3:59:e1:c5:fa:30:14:69:a7:f6:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Feb  5 10:14:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ce4f655ed6647ad6f579ff1e852e20c4133ed73b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:5e:27:c0:c4:9f:2f:b6:a3:4b:9b:aa:97:ef:
                    e8:fe:23:57:d4:ec:72:8b:19:61:0f:a1:2a:ad:59:
                    62:47:8d:33:e2:62:fc:1a:45:83:9d:10:e9:58:4d:
                    20:73:6e:7a:90:07:ba:39:bc:d4:7f:29:84:69:94:
                    f5:7b:7a:38:36:a1:af:af:7f:31:fe:ee:61:cd:fa:
                    54:d3:57:49:c5:7b:19:87:bd:89:1d:45:83:12:c8:
                    d3:c4:c2:3f:75:af:ae:04:9e:b2:d9:e5:d0:de:a3:
                    ac:5c:5b:39:4f:39:59:c0:15:52:2b:e2:8c:bc:f7:
                    87:1f:34:39:fa:5f:96:1a:0f:ff:1f:e5:19:9d:51:
                    46:3f:bd:eb:9b:7e:c7:7e:aa:62:58:65:df:02:dc:
                    64:c0:87:7f:38:6e:63:10:cb:c7:1c:59:c7:8a:4d:
                    15:68:2d:90:fa:28:49:c9:1a:f5:ff:d4:a5:c6:91:
                    68:6a:09:b2:82:84:ba:97:78:a6:a1:26:b8:d6:4e:
                    80:09:70:72:f1:21:49:66:c4:ec:ac:a1:fc:c4:93:
                    4d:1c:5b:c7:a4:e7:a3:3c:6f:b7:60:34:50:26:bf:
                    ca:7f:b0:7e:dd:08:39:ed:56:bd:1b:96:a7:56:0c:
                    d5:d0:12:5a:57:2a:d4:e6:af:26:47:ab:cf:c6:6a:
                    95:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:4F:65:5E:D6:64:7A:D6:F5:79:FF:1E:85:2E:20:C4:13:3E:D7:3B
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/zk9lXtZketb1ef8ehS4gxBM-1zs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:41:62:96:0f:f0:a7:70:04:06:a4:09:90:c2:57:7c:95:be:
         ce:2a:ec:d9:e5:45:61:cf:5a:e8:91:24:87:95:12:ec:d8:41:
         01:90:17:bc:7e:eb:89:fe:bb:9b:62:ba:87:82:fd:9a:db:a9:
         7c:a6:28:99:14:f2:1c:d3:0a:4d:d1:43:33:81:ac:4e:a7:9a:
         40:f8:47:f6:b0:1b:45:3a:01:e9:66:75:e1:8e:09:c4:78:fc:
         11:b6:bd:21:ad:ac:41:ab:3e:c9:bc:ef:88:fb:ae:d0:5b:0d:
         f5:72:7b:a2:56:a5:f1:c4:75:54:94:e8:7b:d5:68:30:2a:13:
         df:04:a7:35:90:bd:61:12:9d:4c:08:11:31:5e:54:f9:84:5c:
         46:2d:2d:d4:a7:ac:14:ab:0f:51:ac:20:18:f2:19:fc:34:e6:
         e8:8e:c5:73:f9:4d:8a:fc:31:38:8b:c5:29:53:7b:2e:98:a0:
         51:84:b2:c1:d4:ce:f5:9f:bc:68:f4:bd:3a:eb:d7:6e:3a:c2:
         3d:e7:cc:65:fb:98:43:3f:87:b4:e7:40:b3:8a:2c:b7:ad:a3:
         81:bb:68:07:01:6b:b0:d4:d8:dc:ba:8f:9b:e5:3d:c0:a4:87:
         a9:55:b8:86:6b:0d:a6:75:cb:73:8a:d0:24:71:9d:76:3d:fa:
         75:1b:d5:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwtS5KuifNZ4cX6MBRpp/Y2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwMjA1MTAxNDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTRmNjU1ZWQ2NjQ3YWQ2ZjU3OWZmMWU4NTJlMjBjNDEzM2VkNzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiF4nwMSfL7ajS5uql+/o/iNX1Oxy
ixlhD6EqrVliR40z4mL8GkWDnRDpWE0gc256kAe6ObzUfymEaZT1e3o4NqGvr38x
/u5hzfpU01dJxXsZh72JHUWDEsjTxMI/da+uBJ6y2eXQ3qOsXFs5TzlZwBVSK+KM
vPeHHzQ5+l+WGg//H+UZnVFGP73rm37HfqpiWGXfAtxkwId/OG5jEMvHHFnHik0V
aC2Q+ihJyRr1/9SlxpFoagmygoS6l3imoSa41k6ACXBy8SFJZsTsrKH8xJNNHFvH
pOejPG+3YDRQJr/Kf7B+3Qg57Va9G5anVgzV0BJaVyrU5q8mR6vPxmqVoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM5PZV7WZHrW9Xn/HoUuIMQTPtc7MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvems5bFh0WmtldGIxZWY4ZWhTNGd4Qk0tMXpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZWSMA0G
CSqGSIb3DQEBCwUAA4IBAQAdQWKWD/CncAQGpAmQwld8lb7OKuzZ5UVhz1rokSSH
lRLs2EEBkBe8fuuJ/rubYrqHgv2a26l8piiZFPIc0wpN0UMzgaxOp5pA+Ef2sBtF
OgHpZnXhjgnEePwRtr0hraxBqz7JvO+I+67QWw31cnuiVqXxxHVUlOh71WgwKhPf
BKc1kL1hEp1MCBExXlT5hFxGLS3Up6wUqw9RrCAY8hn8NObojsVz+U2K/DE4i8Up
U3sumKBRhLLB1M71n7xo9L0669duOsI958xl+5hDP4e050Cziiy3raOBu2gHAWuw
1Njcuo+b5T3ApIepVbiGaw2mdctzitAkcZ12Pfp1G9W0
-----END CERTIFICATE-----