Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/1-lSK4g6vio4Q2ItVI-Eg5TYRBmw.roa
File:                     1-lSK4g6vio4Q2ItVI-Eg5TYRBmw.roa (raw, json)
Hash identifier:          esM2lFxwgBwPC4gGXM/vlSi23u2YThz7r4cR0F65ak0=
Subject key identifier:   FA:54:8A:E2:0E:AF:8A:8E:10:D8:8B:55:23:E1:20:E5:36:11:06:6C
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       019DD0CECB3D40532B01F5FA0D770D3F6057
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/1-lSK4g6vio4Q2ItVI-Eg5TYRBmw.roa
Signing time:             Mon 27 Apr 2026 21:18:26 +0000
ROA not before:           Mon 27 Apr 2026 21:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203545
IP address blocks:        45.145.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d0:ce:cb:3d:40:53:2b:01:f5:fa:0d:77:0d:3f:60:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: Apr 27 21:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fa548ae20eaf8a8e10d88b5523e120e53611066c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:77:e1:cb:1b:28:ff:e1:15:af:d3:18:02:42:
                    db:25:d7:d7:1d:a0:28:91:65:cf:f3:8c:2a:35:4e:
                    f9:58:f3:bc:d3:bf:bd:28:8d:d7:24:8f:86:28:5f:
                    ad:bc:1d:cd:6c:e0:fe:30:c8:e8:9b:55:68:67:36:
                    6a:13:62:34:dc:88:99:28:ed:06:4a:0b:a3:e1:38:
                    25:61:4c:5c:79:fa:3c:c5:cc:69:99:ee:6b:1e:6a:
                    d9:d1:8f:a9:67:d9:58:d7:20:77:1b:96:65:92:e4:
                    ba:6d:9d:9a:2b:06:50:d7:67:ca:e7:67:ae:eb:96:
                    e0:62:b1:24:c8:89:52:38:d3:4a:85:89:1d:d5:2e:
                    08:98:ef:80:77:c2:24:37:90:4c:71:c5:cd:f4:07:
                    67:3f:1c:52:ca:ce:d4:e5:e7:e8:ea:e3:8b:41:8a:
                    4f:9e:b1:e9:dc:f0:64:47:f3:a8:08:a6:66:53:28:
                    08:ed:ce:7d:46:ac:28:da:65:8d:30:0f:52:3b:3b:
                    04:11:bc:87:0d:9d:16:85:73:1c:bb:4d:ab:20:66:
                    a6:ab:1a:a7:80:23:03:d4:23:5e:39:65:88:37:8e:
                    16:12:f5:44:16:c8:9e:11:2f:21:70:4c:6a:91:fb:
                    d3:ac:26:2e:91:d9:b9:73:ea:50:97:1e:ac:f9:82:
                    8a:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:54:8A:E2:0E:AF:8A:8E:10:D8:8B:55:23:E1:20:E5:36:11:06:6C
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/1-lSK4g6vio4Q2ItVI-Eg5TYRBmw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:9b:31:7b:eb:be:8f:df:fa:e4:26:e3:44:8a:6f:f5:8f:94:
         d9:8f:22:25:f1:74:63:ff:af:0b:19:19:b7:98:a4:7a:7c:41:
         ab:9d:aa:47:44:1d:61:ad:4e:cc:88:6b:33:b6:04:62:d9:2c:
         89:38:f3:25:7a:a7:6f:67:39:61:e9:c1:dd:59:b6:c5:de:af:
         0f:c7:95:ab:4e:a5:75:75:1e:75:68:e6:24:36:27:1f:cd:41:
         b0:c3:0e:c6:d6:1c:5c:1c:61:a0:1f:b5:7f:2d:71:06:3e:4e:
         e8:78:77:3b:d9:72:44:46:db:84:ff:b6:12:89:ad:a1:bb:d6:
         1f:8f:e6:65:b2:32:28:11:3e:ba:33:5b:9b:57:9c:15:77:86:
         36:f2:a1:ba:fc:8d:9f:8d:f5:67:ea:6f:55:6c:50:4b:8a:3c:
         a6:0a:93:49:c7:71:44:e0:34:6d:f2:f7:0b:7b:06:cc:e9:df:
         98:a7:2b:2b:0b:8f:46:bf:d0:16:2c:82:ba:8d:3d:a9:90:09:
         37:3a:11:ad:2f:e4:f5:be:20:bf:74:66:30:58:47:74:38:57:
         37:ec:1a:d0:d6:cf:2a:34:de:c6:26:d1:c3:ae:f6:de:b8:06:
         66:5d:f6:23:d6:43:61:96:18:e4:21:00:de:52:3e:24:45:b4:
         a1:07:6c:01
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ3Qzss9QFMrAfX6DXcNP2BXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjYwNDI3MjExODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTU0OGFlMjBlYWY4YThlMTBkODhiNTUyM2UxMjBlNTM2MTEwNjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3fhyxso/+EVr9MYAkLbJdfXHaAo
kWXP84wqNU75WPO807+9KI3XJI+GKF+tvB3NbOD+MMjom1VoZzZqE2I03IiZKO0G
Sguj4TglYUxcefo8xcxpme5rHmrZ0Y+pZ9lY1yB3G5ZlkuS6bZ2aKwZQ12fK52eu
65bgYrEkyIlSONNKhYkd1S4ImO+Ad8IkN5BMccXN9AdnPxxSys7U5efo6uOLQYpP
nrHp3PBkR/OoCKZmUygI7c59Rqwo2mWNMA9SOzsEEbyHDZ0WhXMcu02rIGamqxqn
gCMD1CNeOWWIN44WEvVEFsieES8hcExqkfvTrCYukdm5c+pQlx6s+YKKQwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPpUiuIOr4qOENiLVSPhIOU2EQZsMB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvMS1sU0s0ZzZ2aW80UTJJdFZJLUVnNVRZUkJtdy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOGIvM2Q1NjljLTE5MDctNGQyYy1hY2VkLTMzMjQ3YzhlMWMx
Zi8xL3pzV3Y1Mm01UTBiaHpUWXV1Ri1IV3lPeGNuYy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2RmDAN
BgkqhkiG9w0BAQsFAAOCAQEAZZsxe+u+j9/65CbjRIpv9Y+U2Y8iJfF0Y/+vCxkZ
t5ikenxBq52qR0QdYa1OzIhrM7YEYtksiTjzJXqnb2c5YenB3Vm2xd6vD8eVq06l
dXUedWjmJDYnH81BsMMOxtYcXBxhoB+1fy1xBj5O6Hh3O9lyREbbhP+2EomtobvW
H4/mZbIyKBE+ujNbm1ecFXeGNvKhuvyNn431Z+pvVWxQS4o8pgqTScdxROA0bfL3
C3sGzOnfmKcrKwuPRr/QFiyCuo09qZAJNzoRrS/k9b4gv3RmMFhHdDhXN+wa0NbP
KjTexibRw6723rgGZl32I9ZDYZYY5CEA3lI+JEW0oQdsAQ==
-----END CERTIFICATE-----