Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/PO2cWc_TCiJeTM5toFcBGV5JX2M.roa
File:                     PO2cWc_TCiJeTM5toFcBGV5JX2M.roa (raw, json)
Hash identifier:          RUMRFha4iXppJEYT7HL5DJHPHjPX7RNc4EXzviBQUqM=
Subject key identifier:   3C:ED:9C:59:CF:D3:0A:22:5E:4C:CE:6D:A0:57:01:19:5E:49:5F:63
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019CAE82B3AC4531E71E54B0119A0B274C67
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/PO2cWc_TCiJeTM5toFcBGV5JX2M.roa
Signing time:             Mon 02 Mar 2026 12:25:27 +0000
ROA not before:           Mon 02 Mar 2026 12:25:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205775
IP address blocks:        45.150.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Mar 2026 15:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ae:82:b3:ac:45:31:e7:1e:54:b0:11:9a:0b:27:4c:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Mar  2 12:25:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3ced9c59cfd30a225e4cce6da05701195e495f63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:4a:a9:4e:36:53:ee:06:3c:d7:cc:60:6a:9c:
                    f3:32:31:95:d5:fd:0e:7b:00:28:29:bb:f7:f9:39:
                    cb:d7:a9:f1:6b:ab:da:6b:f7:dd:5b:05:11:34:6e:
                    56:7f:d0:60:6b:aa:2a:af:fa:2b:a0:27:ba:41:96:
                    7b:d4:18:e4:45:aa:63:7a:fc:74:34:00:8e:ed:f4:
                    77:93:3c:41:c6:80:db:49:eb:31:70:cf:70:a5:ef:
                    e2:92:10:93:5c:ae:57:6a:bf:9b:50:e9:25:a0:9a:
                    74:a3:5a:cb:ce:94:59:86:25:93:a7:7c:4a:75:bd:
                    da:58:61:13:a4:ca:47:1b:0f:41:6d:18:c4:62:c0:
                    9e:0a:92:79:68:81:05:94:7a:a6:fa:a4:7c:ef:de:
                    02:36:4a:b7:0c:84:e7:b8:ed:a7:45:9a:18:c6:7f:
                    50:75:2c:11:92:23:a2:04:60:64:96:8f:ce:47:60:
                    64:32:49:88:0b:00:d5:9f:bd:64:05:d7:64:bb:29:
                    2b:01:64:25:03:02:a5:a0:a8:40:b6:52:08:4d:7d:
                    f9:47:48:ce:8b:93:fd:dc:38:99:85:17:54:5b:88:
                    4e:c0:8a:bb:b4:0f:62:0c:ae:0f:ba:49:c2:42:a0:
                    fb:4b:91:1e:4e:6a:22:3a:76:e1:92:37:45:ef:63:
                    3a:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:ED:9C:59:CF:D3:0A:22:5E:4C:CE:6D:A0:57:01:19:5E:49:5F:63
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/PO2cWc_TCiJeTM5toFcBGV5JX2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:9f:04:25:dd:e7:50:b9:78:a5:32:82:b8:07:03:91:5b:e5:
         29:52:ee:10:e5:8e:ee:40:7b:eb:ba:3a:70:16:37:84:99:ea:
         03:34:c5:2e:26:93:ab:85:a2:2c:41:53:ed:27:7d:ed:31:72:
         a1:5b:dc:44:b7:b0:2d:81:92:34:e6:f8:0d:01:f5:63:3e:55:
         52:c7:bd:11:94:17:4b:d3:74:cd:6b:67:50:c1:a5:8b:60:db:
         cc:5b:46:66:ac:44:42:44:90:f5:df:bd:04:08:40:4a:94:5a:
         03:ae:46:3f:39:f9:32:56:69:73:6e:2a:81:20:a6:09:be:fb:
         18:6c:ce:df:ec:21:4e:68:7e:01:95:19:59:e5:f8:88:63:8a:
         f7:0d:87:97:84:3a:7d:82:76:de:5a:60:bc:67:19:07:d3:e4:
         49:f9:a1:81:5e:b1:54:a4:2a:d2:d9:8a:a6:2b:d1:81:56:05:
         4a:5f:78:dc:18:e9:41:fd:69:75:8f:87:a2:25:b5:37:04:55:
         e5:1f:68:6d:01:69:d8:97:70:a6:45:18:ac:51:d7:56:d0:62:
         c3:e0:c9:1f:00:2b:87:0b:49:a7:64:79:f1:02:17:3d:a5:50:
         b8:20:78:b6:09:17:86:28:f5:b3:ed:64:9b:c3:81:ac:0d:ae:
         54:89:09:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyugrOsRTHnHlSwEZoLJ0xnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjYwMzAyMTIyNTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2VkOWM1OWNmZDMwYTIyNWU0Y2NlNmRhMDU3MDExOTVlNDk1ZjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+EqpTjZT7gY818xgapzzMjGV1f0O
ewAoKbv3+TnL16nxa6vaa/fdWwURNG5Wf9Bga6oqr/oroCe6QZZ71BjkRapjevx0
NACO7fR3kzxBxoDbSesxcM9wpe/ikhCTXK5Xar+bUOkloJp0o1rLzpRZhiWTp3xK
db3aWGETpMpHGw9BbRjEYsCeCpJ5aIEFlHqm+qR8794CNkq3DITnuO2nRZoYxn9Q
dSwRkiOiBGBklo/OR2BkMkmICwDVn71kBddkuykrAWQlAwKloKhAtlIITX35R0jO
i5P93DiZhRdUW4hOwIq7tA9iDK4PuknCQqD7S5EeTmoiOnbhkjdF72M64QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDztnFnP0woiXkzObaBXARleSV9jMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvUE8yY1djX1RDaUplVE01dG9GY0JHVjVKWDJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZYiMA0G
CSqGSIb3DQEBCwUAA4IBAQBvnwQl3edQuXilMoK4BwORW+UpUu4Q5Y7uQHvrujpw
FjeEmeoDNMUuJpOrhaIsQVPtJ33tMXKhW9xEt7AtgZI05vgNAfVjPlVSx70RlBdL
03TNa2dQwaWLYNvMW0ZmrERCRJD1370ECEBKlFoDrkY/OfkyVmlzbiqBIKYJvvsY
bM7f7CFOaH4BlRlZ5fiIY4r3DYeXhDp9gnbeWmC8ZxkH0+RJ+aGBXrFUpCrS2Yqm
K9GBVgVKX3jcGOlB/Wl1j4eiJbU3BFXlH2htAWnYl3CmRRisUddW0GLD4MkfACuH
C0mnZHnxAhc9pVC4IHi2CReGKPWz7WSbw4GsDa5UiQmA
-----END CERTIFICATE-----