Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/12ZoiRm-BtH-n4cTx6M_HSgAIlg.roa
File:                     12ZoiRm-BtH-n4cTx6M_HSgAIlg.roa (raw, json)
Hash identifier:          JJ5yxbDKaNAPlpuhRqGZvKHMAb3KJ9YlxZsJX8E1QhM=
Subject key identifier:   D7:66:68:89:19:BE:06:D1:FE:9F:87:13:C7:A3:3F:1D:28:00:22:58
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019E40C81D0A69E3BAC042421A88D6D952D4
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/12ZoiRm-BtH-n4cTx6M_HSgAIlg.roa
Signing time:             Tue 19 May 2026 15:08:36 +0000
ROA not before:           Tue 19 May 2026 15:08:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209946
IP address blocks:        147.45.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:40:c8:1d:0a:69:e3:ba:c0:42:42:1a:88:d6:d9:52:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: May 19 15:08:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d766688919be06d1fe9f8713c7a33f1d28002258
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:9d:41:3d:f6:e1:08:b7:ca:cd:74:b5:87:0f:
                    85:a4:4e:33:77:7b:84:85:0c:47:75:6d:9c:b8:ba:
                    50:66:49:16:27:bf:28:57:ea:cd:d8:20:4d:6d:b1:
                    ff:52:ba:4f:20:46:1d:fe:4d:7b:2f:52:45:4e:83:
                    3d:c4:5b:e4:b5:a7:d5:0c:d4:36:eb:dc:04:18:2d:
                    5b:b0:92:74:5e:27:51:ed:40:14:e7:32:77:7c:d6:
                    cd:05:9f:65:df:8a:bd:0e:02:30:39:94:3a:f2:4a:
                    19:19:8f:d3:66:55:70:e6:a7:eb:66:05:3e:0c:3f:
                    6f:28:8d:d0:6d:ad:ad:41:13:dc:f0:c2:a5:62:fe:
                    fc:35:5f:73:30:b4:5c:89:cb:8e:b7:96:d5:f4:f6:
                    88:27:d6:85:d1:a7:ba:05:a6:b0:ae:31:08:2e:fa:
                    5d:c0:e5:8a:ca:b6:8b:eb:23:77:8f:da:aa:46:06:
                    f6:20:4d:c0:70:bb:a8:c7:8b:9d:fd:08:cc:7f:28:
                    02:d2:66:15:3a:2e:87:c8:b0:c0:b0:03:d9:1d:93:
                    8e:0e:ab:5f:86:b7:d7:59:85:5d:53:ee:7d:93:d5:
                    cb:56:95:7a:a7:77:20:ed:99:c8:66:2c:22:32:94:
                    98:19:0d:91:f6:0f:10:a5:f1:2c:ec:70:00:c2:61:
                    cd:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:66:68:89:19:BE:06:D1:FE:9F:87:13:C7:A3:3F:1D:28:00:22:58
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/12ZoiRm-BtH-n4cTx6M_HSgAIlg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:8a:86:99:95:48:56:d9:96:0f:14:58:32:ad:ce:86:5f:b5:
         2b:4f:68:a6:6f:2d:99:f3:f7:73:5f:06:84:b0:76:1e:a1:ff:
         cf:77:4a:95:10:c8:22:b0:f8:85:90:0d:a9:43:18:12:7e:24:
         4e:70:49:d2:16:a2:5c:e1:12:b1:4d:94:23:cc:40:99:25:b1:
         45:03:7b:01:c4:79:ef:89:94:76:1b:b8:7f:75:0e:93:33:95:
         b8:6b:a1:a5:73:2e:fa:5a:80:6e:67:94:da:32:09:ca:c5:dc:
         6f:f5:bb:9b:9e:54:23:97:90:39:3b:1a:f8:0e:4e:09:b4:80:
         88:ac:9c:2b:47:21:b2:b4:70:df:c0:39:41:69:6b:ff:c9:dd:
         58:0c:79:11:e9:cf:43:61:b4:ba:0b:50:2f:97:72:e9:e0:82:
         7a:a2:d0:05:4c:14:ec:d8:80:dd:8f:e3:27:23:22:86:d6:2a:
         ae:6f:09:ae:49:62:7a:8b:95:b7:20:4e:9d:7f:71:6e:18:31:
         0f:a8:f0:9f:bc:92:a5:c7:cf:28:b5:66:15:bc:3b:d9:09:66:
         9c:0f:13:34:88:34:cd:e7:dc:36:62:bc:9b:ca:a3:f8:11:87:
         9c:9a:95:9b:76:95:02:bd:22:f4:77:6d:e2:dc:8f:7f:9c:d3:
         f7:11:0b:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5AyB0KaeO6wEJCGojW2VLUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjYwNTE5MTUwODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzY2Njg4OTE5YmUwNmQxZmU5Zjg3MTNjN2EzM2YxZDI4MDAyMjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZ1BPfbhCLfKzXS1hw+FpE4zd3uE
hQxHdW2cuLpQZkkWJ78oV+rN2CBNbbH/UrpPIEYd/k17L1JFToM9xFvktafVDNQ2
69wEGC1bsJJ0XidR7UAU5zJ3fNbNBZ9l34q9DgIwOZQ68koZGY/TZlVw5qfrZgU+
DD9vKI3Qba2tQRPc8MKlYv78NV9zMLRcicuOt5bV9PaIJ9aF0ae6BaawrjEILvpd
wOWKyraL6yN3j9qqRgb2IE3AcLuox4ud/QjMfygC0mYVOi6HyLDAsAPZHZOODqtf
hrfXWYVdU+59k9XLVpV6p3cg7ZnIZiwiMpSYGQ2R9g8QpfEs7HAAwmHNfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNdmaIkZvgbR/p+HE8ejPx0oACJYMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvMTJab2lSbS1CdEgtbjRjVHg2TV9IU2dBSWxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAky0tMA0G
CSqGSIb3DQEBCwUAA4IBAQAzioaZlUhW2ZYPFFgyrc6GX7UrT2imby2Z8/dzXwaE
sHYeof/Pd0qVEMgisPiFkA2pQxgSfiROcEnSFqJc4RKxTZQjzECZJbFFA3sBxHnv
iZR2G7h/dQ6TM5W4a6Glcy76WoBuZ5TaMgnKxdxv9bubnlQjl5A5Oxr4Dk4JtICI
rJwrRyGytHDfwDlBaWv/yd1YDHkR6c9DYbS6C1Avl3Lp4IJ6otAFTBTs2IDdj+Mn
IyKG1iqubwmuSWJ6i5W3IE6df3FuGDEPqPCfvJKlx88otWYVvDvZCWacDxM0iDTN
59w2YrybyqP4EYecmpWbdpUCvSL0d23i3I9/nNP3EQt2
-----END CERTIFICATE-----