Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/1HGd81rM05cdXqSAGKqxmfHRzs0.roa
File:                     1HGd81rM05cdXqSAGKqxmfHRzs0.roa (raw, json)
Hash identifier:          ObRpa9I6FKgv4C+//JhM3gdYog269OH0BiX+tno9T08=
Subject key identifier:   D4:71:9D:F3:5A:CC:D3:97:1D:5E:A4:80:18:AA:B1:99:F1:D1:CE:CD
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019DB9CA770F55C39B3AF2F57F2216EB3198
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/1HGd81rM05cdXqSAGKqxmfHRzs0.roa
Signing time:             Thu 23 Apr 2026 10:02:26 +0000
ROA not before:           Thu 23 Apr 2026 10:02:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        45.88.137.0/24 maxlen: 24
                          45.151.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 Apr 2026 19:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b9:ca:77:0f:55:c3:9b:3a:f2:f5:7f:22:16:eb:31:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Apr 23 10:02:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d4719df35accd3971d5ea48018aab199f1d1cecd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:85:f1:3e:70:8c:1e:31:30:2c:c9:f8:90:b9:
                    9f:05:97:91:25:1f:1d:b5:97:d1:32:59:7a:9a:9c:
                    52:ce:cc:5b:08:2f:08:59:71:3d:29:66:f8:41:b8:
                    06:3d:ca:68:92:3a:52:7c:9b:7a:a4:0e:23:98:a9:
                    07:5d:bf:ea:bd:58:0d:c3:5c:6f:fb:ae:2d:25:86:
                    08:aa:14:3c:bd:f7:8d:b1:43:46:17:51:54:28:54:
                    45:92:46:e9:63:a1:92:1b:e7:d7:5b:fc:9b:91:0f:
                    47:02:0d:97:92:a9:15:ec:82:f3:4b:39:f7:0b:0f:
                    73:f9:fd:6f:79:bb:3c:dd:95:11:68:c7:27:7e:5c:
                    2d:17:c5:54:79:9b:6c:45:5f:e7:99:08:5f:c6:99:
                    df:4c:54:12:1e:e2:a3:64:be:d9:46:26:76:a8:61:
                    2b:fd:f9:d6:2b:eb:14:b0:d5:77:94:9d:49:70:1a:
                    bc:91:f2:51:94:78:1b:1a:24:b9:ae:c8:1f:ef:8a:
                    08:99:e4:6c:2b:35:29:08:7b:35:f7:00:a3:a7:fa:
                    de:0f:19:5b:8d:d3:2f:fb:58:94:ed:0c:43:7b:af:
                    00:c5:3f:ae:94:f9:4c:57:90:44:6e:8c:5f:b5:ff:
                    c1:05:27:13:6b:42:7b:f6:f7:c2:af:78:e3:2c:5c:
                    c9:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:71:9D:F3:5A:CC:D3:97:1D:5E:A4:80:18:AA:B1:99:F1:D1:CE:CD
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/1HGd81rM05cdXqSAGKqxmfHRzs0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.137.0/24
                  45.151.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:4c:51:2c:cb:e4:97:59:ca:a0:36:53:c0:46:68:9b:ab:b8:
         7c:7a:69:2e:39:2d:9e:d9:94:4d:e3:d2:7f:08:70:66:67:57:
         ac:55:bb:d9:47:89:ad:90:3f:d2:5f:18:b0:bd:a8:10:84:c8:
         b7:5c:48:49:da:d3:f4:49:db:56:4e:36:cf:fb:07:87:3c:0a:
         d3:14:fa:43:92:58:ce:bd:00:72:96:05:66:e1:6f:34:0d:0f:
         c2:51:10:6a:8c:da:65:c4:66:96:1e:4d:dd:5b:74:c0:55:76:
         b2:f7:33:cc:24:a3:20:ac:2a:e2:66:e9:ed:b4:97:c5:e3:a3:
         a0:3b:06:d0:dc:4b:c0:15:e3:e1:67:77:3c:9a:eb:34:4d:6e:
         47:17:c6:f8:9f:ee:36:7d:b4:3f:d3:63:53:e7:82:a3:70:8f:
         4c:a6:5a:c6:e7:34:bc:5a:c6:d9:2b:90:d7:f6:6e:2a:a9:e9:
         a0:a5:95:0f:42:bc:4e:06:e9:5c:c0:2b:57:69:1d:68:82:b0:
         63:30:25:18:36:bf:6b:4e:c4:c2:9b:55:43:6a:96:71:47:28:
         e8:0b:72:09:67:5b:c4:a9:d8:f8:43:2d:6a:8b:81:94:a8:b0:
         d8:ea:41:a7:bb:f0:56:b6:7f:f1:ba:4f:b9:8d:fd:60:2d:7b:
         b3:f4:cd:ed
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ25yncPVcObOvL1fyIW6zGYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjYwNDIzMTAwMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDcxOWRmMzVhY2NkMzk3MWQ1ZWE0ODAxOGFhYjE5OWYxZDFjZWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4IXxPnCMHjEwLMn4kLmfBZeRJR8d
tZfRMll6mpxSzsxbCC8IWXE9KWb4QbgGPcpokjpSfJt6pA4jmKkHXb/qvVgNw1xv
+64tJYYIqhQ8vfeNsUNGF1FUKFRFkkbpY6GSG+fXW/ybkQ9HAg2XkqkV7ILzSzn3
Cw9z+f1vebs83ZURaMcnflwtF8VUeZtsRV/nmQhfxpnfTFQSHuKjZL7ZRiZ2qGEr
/fnWK+sUsNV3lJ1JcBq8kfJRlHgbGiS5rsgf74oImeRsKzUpCHs19wCjp/reDxlb
jdMv+1iU7QxDe68AxT+ulPlMV5BEboxftf/BBScTa0J79vfCr3jjLFzJwQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNRxnfNazNOXHV6kgBiqsZnx0c7NMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvMUhHZDgxck0wNWNkWHFTQUdLcXhtZkhSenMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALViJAwQA
LZcDMA0GCSqGSIb3DQEBCwUAA4IBAQBlTFEsy+SXWcqgNlPARmibq7h8emkuOS2e
2ZRN49J/CHBmZ1esVbvZR4mtkD/SXxiwvagQhMi3XEhJ2tP0SdtWTjbP+weHPArT
FPpDkljOvQBylgVm4W80DQ/CURBqjNplxGaWHk3dW3TAVXay9zPMJKMgrCriZunt
tJfF46OgOwbQ3EvAFePhZ3c8mus0TW5HF8b4n+42fbQ/02NT54KjcI9MplrG5zS8
WsbZK5DX9m4qqemgpZUPQrxOBulcwCtXaR1ogrBjMCUYNr9rTsTCm1VDapZxRyjo
C3IJZ1vEqdj4Qy1qi4GUqLDY6kGnu/BWtn/xuk+5jf1gLXuz9M3t
-----END CERTIFICATE-----