Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/1-aRoA0WhlYlJc8wz6ycex6Zo2ac.roa
File:                     1-aRoA0WhlYlJc8wz6ycex6Zo2ac.roa (raw, json)
Hash identifier:          sdFqzlSJZoMBZXBYF/7sSNH10IFmTEtJ+BqqB3vKvsU=
Subject key identifier:   F9:A4:68:03:45:A1:95:89:49:73:CC:33:EB:27:1E:C7:A6:68:D9:A7
Certificate issuer:       /CN=4f8aea2f025f495beacee7ce5a8820519dda1370
Certificate serial:       019DA23736E60E78142FD3B3C9B955A51DFB
Authority key identifier: 4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/1-aRoA0WhlYlJc8wz6ycex6Zo2ac.roa
Signing time:             Sat 18 Apr 2026 20:10:20 +0000
ROA not before:           Sat 18 Apr 2026 20:10:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214716
IP address blocks:        45.86.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a2:37:36:e6:0e:78:14:2f:d3:b3:c9:b9:55:a5:1d:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f8aea2f025f495beacee7ce5a8820519dda1370
        Validity
            Not Before: Apr 18 20:10:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f9a4680345a195894973cc33eb271ec7a668d9a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:8f:16:19:35:80:2b:7f:5a:a7:6e:14:af:02:
                    7e:30:d3:a4:60:b2:df:aa:a9:98:9a:06:bc:1b:aa:
                    64:22:f7:73:88:02:50:dc:9a:38:3d:41:4b:55:84:
                    06:dd:1a:aa:03:78:bb:4a:82:6c:24:64:6a:68:2d:
                    a5:f3:c5:c3:ad:ae:e1:8f:d0:82:e4:ce:cd:eb:53:
                    5c:d9:3e:ab:1e:ca:8e:78:ff:1b:88:fc:81:81:f5:
                    79:70:cb:ec:8a:49:38:f8:01:5d:74:35:93:76:4d:
                    72:96:84:78:8c:12:7e:d5:14:4a:60:73:d8:2f:9a:
                    c2:d8:fd:85:c0:73:7b:2c:76:3a:d8:eb:30:9b:2b:
                    2e:02:d2:05:72:88:86:08:ce:73:e0:3f:83:a2:82:
                    bf:cf:c3:3e:1c:ca:93:08:a9:ad:42:c9:34:f3:44:
                    a0:40:0f:46:bb:93:1b:2b:a4:ae:3c:8b:74:3d:cf:
                    fb:96:83:b8:b4:79:98:bc:a0:78:3d:00:27:e6:af:
                    a6:03:9a:f1:5e:6f:04:42:31:dd:b4:29:ea:e6:5b:
                    49:80:81:ed:ce:ad:af:d5:5e:8b:bd:b9:44:f5:02:
                    1b:67:50:42:0c:34:34:d8:fc:97:14:87:04:c4:55:
                    f5:f8:d7:ac:b4:18:c7:87:70:c7:72:eb:8d:dc:c6:
                    d8:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:A4:68:03:45:A1:95:89:49:73:CC:33:EB:27:1E:C7:A6:68:D9:A7
            X509v3 Authority Key Identifier:
                keyid:4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/1-aRoA0WhlYlJc8wz6ycex6Zo2ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:c2:d6:4b:41:0b:9f:b0:d6:af:39:06:90:9b:61:13:de:f4:
         53:90:a9:47:cf:e9:e6:1e:fb:d8:2f:7d:10:cd:e5:87:a1:41:
         7d:c0:01:3b:4e:be:1d:d5:9a:50:fd:21:d6:6c:e4:e0:65:34:
         d6:03:04:0c:41:dc:30:3f:14:c8:9e:2d:45:83:11:dc:63:c4:
         36:ae:d4:7e:03:cf:cb:15:f4:7e:8b:5d:bf:56:e2:50:94:1c:
         84:df:d1:e8:e9:c7:a9:b8:e8:c5:87:5a:9c:66:fb:0c:b0:55:
         77:6f:74:ca:e0:ee:6d:e6:35:f4:ae:54:de:11:66:4d:16:80:
         b9:46:08:69:21:33:02:86:1e:58:1b:bd:56:50:a4:fb:67:da:
         cf:38:05:38:6c:69:6b:11:ec:04:ba:ea:3b:b1:ae:31:6f:75:
         00:ac:ef:08:20:f6:f7:f1:a5:d7:76:59:f3:73:9d:69:b3:64:
         5c:4d:3a:32:c2:8c:a0:c3:27:5a:13:26:7c:5e:dd:5e:30:60:
         5d:1a:1c:d1:77:a3:5a:b1:f2:e8:7a:42:8d:da:8e:a7:5f:40:
         4f:f7:12:72:40:bf:1c:3b:1b:4b:1a:9b:26:38:2c:34:a9:33:
         75:36:93:34:c3:7d:9b:71:44:d4:56:6c:61:83:d4:56:e4:af:
         8b:ac:98:f4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ2iNzbmDngUL9OzyblVpR37MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOGFlYTJmMDI1ZjQ5NWJlYWNlZTdjZTVhODgyMDUxOWRk
YTEzNzAwHhcNMjYwNDE4MjAxMDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWE0NjgwMzQ1YTE5NTg5NDk3M2NjMzNlYjI3MWVjN2E2NjhkOWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvY8WGTWAK39ap24UrwJ+MNOkYLLf
qqmYmga8G6pkIvdziAJQ3Jo4PUFLVYQG3RqqA3i7SoJsJGRqaC2l88XDra7hj9CC
5M7N61Nc2T6rHsqOeP8biPyBgfV5cMvsikk4+AFddDWTdk1yloR4jBJ+1RRKYHPY
L5rC2P2FwHN7LHY62OswmysuAtIFcoiGCM5z4D+DooK/z8M+HMqTCKmtQsk080Sg
QA9Gu5MbK6SuPIt0Pc/7loO4tHmYvKB4PQAn5q+mA5rxXm8EQjHdtCnq5ltJgIHt
zq2v1V6LvblE9QIbZ1BCDDQ02PyXFIcExFX1+NestBjHh3DHcuuN3MbYIwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPmkaANFoZWJSXPMM+snHsemaNmnMB8GA1UdIwQY
MBaAFE+K6i8CX0lb6s7nzlqIIFGd2hNwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUt
NjA4MDk1MmYwZTA0LzEvMS1hUm9BMFdobFlsSmM4d3o2eWNleDZabzJhYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTUvZWI3MGEzLTE3ZTEtNGQ4Ni04YjllLTYwODA5NTJmMGUw
NC8xL1Q0cnFMd0pmU1Z2cXp1Zk9Xb2dnVVozYUUzQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1WnzAN
BgkqhkiG9w0BAQsFAAOCAQEAIcLWS0ELn7DWrzkGkJthE970U5CpR8/p5h772C99
EM3lh6FBfcABO06+HdWaUP0h1mzk4GU01gMEDEHcMD8UyJ4tRYMR3GPENq7UfgPP
yxX0fotdv1biUJQchN/R6OnHqbjoxYdanGb7DLBVd290yuDubeY19K5U3hFmTRaA
uUYIaSEzAoYeWBu9VlCk+2fazzgFOGxpaxHsBLrqO7GuMW91AKzvCCD29/Gl13ZZ
83OdabNkXE06MsKMoMMnWhMmfF7dXjBgXRoc0XejWrHy6HpCjdqOp19AT/cSckC/
HDsbSxqbJjgsNKkzdTaTNMN9m3FE1FZsYYPUVuSvi6yY9A==
-----END CERTIFICATE-----