Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/O5zwSwZaq-PnYfyFgUGaYTtXVCc.roa
File:                     O5zwSwZaq-PnYfyFgUGaYTtXVCc.roa (raw, json)
Hash identifier:          EcphMyhwWu+HB1619MCd3HbMcseN3a1eZUs2rmX7LwY=
Subject key identifier:   3B:9C:F0:4B:06:5A:AB:E3:E7:61:FC:85:81:41:9A:61:3B:57:54:27
Certificate issuer:       /CN=411a2a9405bda1671c10776f4426273c904e4ad0
Certificate serial:       019CE1AEBC45F09EC440BC421D75DB31B8F2
Authority key identifier: 41:1A:2A:94:05:BD:A1:67:1C:10:77:6F:44:26:27:3C:90:4E:4A:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QRoqlAW9oWccEHdvRCYnPJBOStA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/O5zwSwZaq-PnYfyFgUGaYTtXVCc.roa
Signing time:             Thu 12 Mar 2026 10:54:10 +0000
ROA not before:           Thu 12 Mar 2026 10:54:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        45.11.252.0/24 maxlen: 24
                          45.11.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/QRoqlAW9oWccEHdvRCYnPJBOStA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/QRoqlAW9oWccEHdvRCYnPJBOStA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QRoqlAW9oWccEHdvRCYnPJBOStA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Mar 2026 08:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e1:ae:bc:45:f0:9e:c4:40:bc:42:1d:75:db:31:b8:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=411a2a9405bda1671c10776f4426273c904e4ad0
        Validity
            Not Before: Mar 12 10:54:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3b9cf04b065aabe3e761fc8581419a613b575427
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:f0:bc:71:20:8b:c9:90:b8:22:9d:1d:a4:32:
                    5a:4e:c7:4a:40:4c:63:d7:0c:38:d6:d7:65:6b:ac:
                    0c:f6:05:7d:f3:07:d4:3b:77:a4:52:60:95:75:04:
                    f1:55:b3:bc:a1:c7:d5:35:c6:79:b2:8e:56:32:4b:
                    7c:7b:5a:e3:a0:9e:7b:7f:66:8a:e4:92:36:77:6a:
                    50:28:ed:95:fe:2b:2c:83:57:4d:a0:be:8a:cf:66:
                    f7:9c:aa:b1:f5:04:dc:23:62:69:bb:13:57:19:1c:
                    ef:b0:3e:60:6d:fd:94:53:46:19:3c:b2:0b:94:8c:
                    cb:93:28:6f:8a:99:70:7c:10:b3:d9:0c:ba:d6:c9:
                    b9:26:74:a3:28:8f:b3:cd:01:3b:ee:1c:4e:bb:15:
                    7e:8f:58:66:3e:6d:cd:e2:a3:78:0e:3c:4a:d3:0c:
                    2a:79:6f:ff:2e:c2:35:26:27:22:7f:7c:43:b9:8b:
                    52:1e:3f:4a:dc:80:79:32:d4:1f:b2:26:a7:fa:2f:
                    ce:5a:da:ae:75:4d:b6:6a:36:f1:33:4b:bb:3d:9c:
                    df:28:97:5d:fa:e7:52:f3:a3:ee:c7:1c:56:6d:40:
                    3b:f3:e9:4b:02:41:b0:b0:60:f3:7e:69:ee:e9:94:
                    bc:1b:83:11:02:fc:7a:22:64:14:e4:63:52:60:76:
                    e8:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:9C:F0:4B:06:5A:AB:E3:E7:61:FC:85:81:41:9A:61:3B:57:54:27
            X509v3 Authority Key Identifier:
                keyid:41:1A:2A:94:05:BD:A1:67:1C:10:77:6F:44:26:27:3C:90:4E:4A:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QRoqlAW9oWccEHdvRCYnPJBOStA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/O5zwSwZaq-PnYfyFgUGaYTtXVCc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/QRoqlAW9oWccEHdvRCYnPJBOStA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1c:47:9a:fa:92:4a:7e:b2:ef:50:b6:97:1b:04:82:fe:23:9c:
         d6:2e:6c:bc:83:e8:53:ba:0a:c1:ae:0b:6c:56:43:15:1a:45:
         c9:9f:4a:ee:5f:82:85:49:08:17:cf:04:43:36:4c:a6:b5:fc:
         5e:d1:16:83:30:a4:79:ae:1b:69:9f:5a:cf:b1:db:3d:f5:b3:
         86:e0:92:18:85:e2:2d:52:b5:d2:b8:a4:b3:ce:74:c8:a3:87:
         58:9b:a2:ab:2b:92:6e:cf:df:cc:e4:5b:5b:c9:79:40:e0:a0:
         d5:d7:f6:22:f8:38:ca:ca:81:1d:bb:9d:45:1a:d3:9b:de:22:
         31:28:f8:f6:57:bd:6f:08:c9:04:88:23:a1:c0:e4:de:0f:3d:
         2f:06:a0:6b:a5:d5:74:74:33:af:d6:29:34:aa:bc:a3:5e:3e:
         f6:c8:dd:9b:32:00:e6:86:aa:6b:f9:39:f8:38:39:bf:cb:b2:
         37:c4:da:1c:d2:31:18:21:2e:8a:5b:04:17:02:3a:f8:40:90:
         c9:45:05:3e:d9:77:ff:8e:a0:dc:5c:c7:95:ee:88:b7:56:d4:
         dc:e0:3e:13:0e:71:02:b4:f0:1c:fd:5b:81:06:9b:0b:b3:95:
         a6:ea:41:5e:e5:24:ad:df:d5:09:4a:2c:90:a3:c7:08:ac:c2:
         6d:cd:65:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzhrrxF8J7EQLxCHXXbMbjyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMWEyYTk0MDViZGExNjcxYzEwNzc2ZjQ0MjYyNzNjOTA0
ZTRhZDAwHhcNMjYwMzEyMTA1NDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjljZjA0YjA2NWFhYmUzZTc2MWZjODU4MTQxOWE2MTNiNTc1NDI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApPC8cSCLyZC4Ip0dpDJaTsdKQExj
1ww41tdla6wM9gV98wfUO3ekUmCVdQTxVbO8ocfVNcZ5so5WMkt8e1rjoJ57f2aK
5JI2d2pQKO2V/issg1dNoL6Kz2b3nKqx9QTcI2JpuxNXGRzvsD5gbf2UU0YZPLIL
lIzLkyhviplwfBCz2Qy61sm5JnSjKI+zzQE77hxOuxV+j1hmPm3N4qN4DjxK0wwq
eW//LsI1Jicif3xDuYtSHj9K3IB5MtQfsian+i/OWtqudU22ajbxM0u7PZzfKJdd
+udS86PuxxxWbUA78+lLAkGwsGDzfmnu6ZS8G4MRAvx6ImQU5GNSYHbo2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDuc8EsGWqvj52H8hYFBmmE7V1QnMB8GA1UdIwQY
MBaAFEEaKpQFvaFnHBB3b0QmJzyQTkrQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVJvcWxBVzlvV2NjRUhkdlJDWW5QSkJPU3RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9mZTY4NzAtMDk5MC00YzIxLTllNGQt
OGM1MmU2NjZhOGEyLzEvTzV6d1N3WmFxLVBuWWZ5RmdVR2FZVHRYVkNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9mZTY4NzAtMDk5MC00YzIxLTllNGQtOGM1MmU2NjZhOGEy
LzEvUVJvcWxBVzlvV2NjRUhkdlJDWW5QSkJPU3RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLQv8MA0G
CSqGSIb3DQEBCwUAA4IBAQAcR5r6kkp+su9QtpcbBIL+I5zWLmy8g+hTugrBrgts
VkMVGkXJn0ruX4KFSQgXzwRDNkymtfxe0RaDMKR5rhtpn1rPsds99bOG4JIYheIt
UrXSuKSzznTIo4dYm6KrK5Juz9/M5FtbyXlA4KDV1/Yi+DjKyoEdu51FGtOb3iIx
KPj2V71vCMkEiCOhwOTeDz0vBqBrpdV0dDOv1ik0qryjXj72yN2bMgDmhqpr+Tn4
ODm/y7I3xNoc0jEYIS6KWwQXAjr4QJDJRQU+2Xf/jqDcXMeV7oi3VtTc4D4TDnEC
tPAc/VuBBpsLs5Wm6kFe5SSt39UJSiyQo8cIrMJtzWVq
-----END CERTIFICATE-----