Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/wa8P_s-riz1na9eGferqmctY1qI.roa
File:                     wa8P_s-riz1na9eGferqmctY1qI.roa (raw, json)
Hash identifier:          QKP4EaklAbfZpQZYefD8a9Ic7nq8AvtyjHE0G8KcIs0=
Subject key identifier:   C1:AF:0F:FE:CF:AB:8B:3D:67:6B:D7:86:7D:EA:EA:99:CB:58:D6:A2
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       019D76E48253DC9E5D5477C8BFD6062ECF1D
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/wa8P_s-riz1na9eGferqmctY1qI.roa
Signing time:             Fri 10 Apr 2026 10:16:20 +0000
ROA not before:           Fri 10 Apr 2026 10:16:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212609
IP address blocks:        45.88.224.0/24 maxlen: 24
                          45.88.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 17:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:76:e4:82:53:dc:9e:5d:54:77:c8:bf:d6:06:2e:cf:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Apr 10 10:16:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c1af0ffecfab8b3d676bd7867deaea99cb58d6a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:48:e9:41:9e:5a:31:57:b0:ee:a1:ba:d4:ff:
                    d6:e0:25:9d:ba:ec:ad:60:ba:0e:d7:1e:77:bc:26:
                    62:4b:fc:01:7d:a6:27:bd:5b:a9:b3:76:74:92:85:
                    c7:96:50:5c:82:b0:64:8e:2c:b3:63:c8:a8:b9:aa:
                    3c:9d:17:c6:04:19:c3:d7:e8:18:08:cc:d7:35:45:
                    ad:74:c5:2c:6d:4f:39:2e:ca:e2:81:ba:46:b2:47:
                    a8:56:2d:26:9b:b5:88:d4:27:12:1d:6b:6b:85:e0:
                    57:a4:02:94:b4:40:3a:1b:b4:21:44:a7:93:67:93:
                    01:c7:27:eb:63:ca:8b:13:20:e3:ff:7e:c6:2b:5a:
                    39:7a:c0:2e:eb:04:be:13:60:05:cc:1d:82:ed:5a:
                    d6:f5:91:78:e9:19:41:b5:91:51:bd:eb:3b:e1:bb:
                    8b:f5:2c:a0:ea:d0:02:e7:bd:b2:6e:8d:6a:fa:74:
                    53:d7:a9:f3:64:24:b8:fb:1d:ac:ec:a1:82:c2:4b:
                    a3:c1:1f:50:e6:0c:a8:0d:b4:bd:a4:13:9a:86:8f:
                    66:52:01:60:57:b8:c1:8d:95:5c:3b:77:33:dd:f2:
                    0c:af:54:cf:19:31:c1:fe:b4:49:a8:10:b3:65:14:
                    1f:7c:15:84:da:01:ee:f4:25:87:0c:d3:83:46:99:
                    c1:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:AF:0F:FE:CF:AB:8B:3D:67:6B:D7:86:7D:EA:EA:99:CB:58:D6:A2
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/wa8P_s-riz1na9eGferqmctY1qI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         92:c6:41:6b:e4:76:6e:6a:30:01:8f:c3:76:ef:b5:66:d9:52:
         53:44:77:e5:5a:9c:fc:4a:f9:f2:1d:df:36:6c:cb:f1:51:09:
         2b:73:d8:ce:40:57:18:8b:e3:b1:6c:de:95:02:6b:88:97:6f:
         10:94:2b:85:30:c5:40:75:6e:d6:f0:5b:3c:6c:f7:7e:6e:4f:
         20:39:73:2c:17:d6:f6:bf:66:46:78:22:e1:39:69:d0:2c:09:
         94:cb:e2:6e:91:8e:f5:ce:8c:54:87:18:68:a7:50:92:52:e0:
         6e:fb:07:2b:ef:86:20:da:b2:57:df:97:0a:3b:b4:d3:c8:21:
         60:89:90:9a:28:93:e8:fc:4c:43:05:43:18:9f:c0:ab:83:6c:
         6f:4e:34:bd:f6:64:aa:ac:f0:2e:eb:e6:85:5f:68:d4:e0:8b:
         06:70:3d:f4:5b:f4:27:e3:06:d5:ed:8f:b0:6b:2a:87:de:7a:
         5d:fd:7b:9b:7f:26:54:e7:19:0b:a0:c8:2e:0b:dd:01:2d:54:
         ae:b2:59:e3:30:3d:3b:b6:c5:3d:da:d9:b6:05:fe:8e:8c:d6:
         e0:8b:21:3a:91:2c:55:95:49:c6:8e:48:24:98:50:ea:1e:6e:
         21:1b:ab:9b:ec:ad:d4:60:57:11:ba:ed:72:ed:40:ae:d5:5a:
         d9:9c:b3:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ125IJT3J5dVHfIv9YGLs8dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjYwNDEwMTAxNjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWFmMGZmZWNmYWI4YjNkNjc2YmQ3ODY3ZGVhZWE5OWNiNThkNmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyUjpQZ5aMVew7qG61P/W4CWduuyt
YLoO1x53vCZiS/wBfaYnvVups3Z0koXHllBcgrBkjiyzY8iouao8nRfGBBnD1+gY
CMzXNUWtdMUsbU85LsrigbpGskeoVi0mm7WI1CcSHWtrheBXpAKUtEA6G7QhRKeT
Z5MBxyfrY8qLEyDj/37GK1o5esAu6wS+E2AFzB2C7VrW9ZF46RlBtZFRves74buL
9Syg6tAC572ybo1q+nRT16nzZCS4+x2s7KGCwkujwR9Q5gyoDbS9pBOaho9mUgFg
V7jBjZVcO3cz3fIMr1TPGTHB/rRJqBCzZRQffBWE2gHu9CWHDNODRpnBOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMGvD/7Pq4s9Z2vXhn3q6pnLWNaiMB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvd2E4UF9zLXJpejFuYTllR2ZlcnFtY3RZMXFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVjgMA0G
CSqGSIb3DQEBCwUAA4IBAQCSxkFr5HZuajABj8N277Vm2VJTRHflWpz8SvnyHd82
bMvxUQkrc9jOQFcYi+OxbN6VAmuIl28QlCuFMMVAdW7W8Fs8bPd+bk8gOXMsF9b2
v2ZGeCLhOWnQLAmUy+JukY71zoxUhxhop1CSUuBu+wcr74Yg2rJX35cKO7TTyCFg
iZCaKJPo/ExDBUMYn8Crg2xvTjS99mSqrPAu6+aFX2jU4IsGcD30W/Qn4wbV7Y+w
ayqH3npd/XubfyZU5xkLoMguC90BLVSuslnjMD07tsU92tm2Bf6OjNbgiyE6kSxV
lUnGjkgkmFDqHm4hG6ub7K3UYFcRuu1y7UCu1VrZnLPN
-----END CERTIFICATE-----