Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/j5b05RZ-Pc84VbhjXWfOQdXvstg.roa
File:                     j5b05RZ-Pc84VbhjXWfOQdXvstg.roa (raw, json)
Hash identifier:          fBPy1BOnpgVVJsYa962/feL6Jx4Rr6v5dNxNajdLYgw=
Subject key identifier:   8F:96:F4:E5:16:7E:3D:CF:38:55:B8:63:5D:67:CE:41:D5:EF:B2:D8
Certificate issuer:       /CN=0b247e73391ec9d6a2a46f2cb0b02fc994288f13
Certificate serial:       019DD9271059E2C8F2425E58B8C7A87CC6C1
Authority key identifier: 0B:24:7E:73:39:1E:C9:D6:A2:A4:6F:2C:B0:B0:2F:C9:94:28:8F:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CyR-czkeydaipG8ssLAvyZQojxM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/j5b05RZ-Pc84VbhjXWfOQdXvstg.roa
Signing time:             Wed 29 Apr 2026 12:11:49 +0000
ROA not before:           Wed 29 Apr 2026 12:11:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7979
IP address blocks:        45.146.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/CyR-czkeydaipG8ssLAvyZQojxM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/CyR-czkeydaipG8ssLAvyZQojxM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CyR-czkeydaipG8ssLAvyZQojxM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 May 2026 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d9:27:10:59:e2:c8:f2:42:5e:58:b8:c7:a8:7c:c6:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b247e73391ec9d6a2a46f2cb0b02fc994288f13
        Validity
            Not Before: Apr 29 12:11:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8f96f4e5167e3dcf3855b8635d67ce41d5efb2d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:18:7d:2a:c6:61:34:19:eb:6a:3c:36:f3:ca:
                    ca:28:fc:86:10:15:a7:7d:11:51:64:33:61:31:a0:
                    d2:cf:71:a5:10:f9:28:5a:ff:e5:46:83:eb:64:59:
                    95:54:0e:c3:ce:0b:bd:b3:1a:cd:e9:4e:23:cf:8f:
                    43:c4:1d:cd:2e:31:1b:63:2c:64:b4:82:90:a2:5e:
                    6a:48:e0:f4:65:3f:81:55:00:30:ae:81:cc:6f:ee:
                    10:af:a9:bd:4d:69:3e:2c:09:1e:9d:d1:87:f2:cd:
                    8d:e5:16:cf:2e:93:4f:87:de:94:80:2e:cc:87:a0:
                    77:bb:03:33:10:c2:38:b6:6d:da:e3:16:aa:7d:f2:
                    8a:b6:3e:5b:84:bc:5b:a0:02:76:a9:bf:70:be:87:
                    38:93:97:d4:83:14:e8:96:1a:b2:98:42:7b:19:fd:
                    15:c1:f5:6f:c3:db:d7:a5:f6:d8:80:de:d1:53:c2:
                    9b:00:06:ad:9b:53:5f:65:1f:73:27:ff:fa:51:b2:
                    4a:6e:3e:2c:5c:12:2b:bc:f3:3d:90:f4:8c:e7:38:
                    b2:76:ea:7c:24:45:62:e4:f4:b0:8b:ca:54:4d:81:
                    27:80:25:3a:1b:65:2a:33:55:b1:10:d7:3f:a3:5d:
                    40:31:fc:e4:6b:16:d6:4d:35:6c:ab:59:e9:34:4d:
                    de:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:96:F4:E5:16:7E:3D:CF:38:55:B8:63:5D:67:CE:41:D5:EF:B2:D8
            X509v3 Authority Key Identifier:
                keyid:0B:24:7E:73:39:1E:C9:D6:A2:A4:6F:2C:B0:B0:2F:C9:94:28:8F:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CyR-czkeydaipG8ssLAvyZQojxM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/j5b05RZ-Pc84VbhjXWfOQdXvstg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/CyR-czkeydaipG8ssLAvyZQojxM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:dd:ba:94:7a:9d:4f:bf:a1:fd:eb:db:7f:84:58:48:a8:b0:
         56:11:32:8e:48:8d:f1:92:75:02:2f:6e:db:c5:55:f3:10:20:
         60:81:4b:04:36:41:42:88:fc:25:e4:d7:a4:e0:d2:1d:1a:a1:
         4e:3a:3b:f6:47:99:d5:71:f0:88:70:e7:33:fb:0a:dc:f8:f6:
         af:1b:3f:aa:f7:12:e2:f6:bf:a3:70:ae:6f:a8:a4:19:0e:7d:
         88:5f:c8:3e:df:17:01:e2:8e:32:a1:37:33:23:80:2b:91:63:
         97:61:c1:de:c3:b6:f0:8b:d1:70:04:79:9e:cf:7a:70:3f:0e:
         dd:6f:51:eb:83:fd:0e:21:1a:10:2c:20:c8:a7:14:4e:4a:7d:
         66:1d:69:79:16:0b:e1:73:9d:b3:d4:f2:6e:eb:17:46:e4:27:
         8a:31:68:e4:b6:f8:73:36:e0:56:08:ad:94:e8:7f:6b:0a:93:
         2a:48:09:34:3c:73:dc:b9:70:5b:ca:f9:9b:30:e6:db:9c:92:
         52:1b:fa:da:71:fa:1e:35:5a:0c:89:10:6c:f1:34:eb:01:e6:
         0b:bd:92:b8:02:0f:bd:98:76:d6:88:2c:39:49:10:d6:69:3e:
         86:72:62:86:21:c0:f9:ee:79:48:de:3c:94:cc:bc:49:af:f1:
         04:97:ee:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3ZJxBZ4sjyQl5YuMeofMbBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMjQ3ZTczMzkxZWM5ZDZhMmE0NmYyY2IwYjAyZmM5OTQy
ODhmMTMwHhcNMjYwNDI5MTIxMTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Zjk2ZjRlNTE2N2UzZGNmMzg1NWI4NjM1ZDY3Y2U0MWQ1ZWZiMmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRh9KsZhNBnrajw288rKKPyGEBWn
fRFRZDNhMaDSz3GlEPkoWv/lRoPrZFmVVA7Dzgu9sxrN6U4jz49DxB3NLjEbYyxk
tIKQol5qSOD0ZT+BVQAwroHMb+4Qr6m9TWk+LAkendGH8s2N5RbPLpNPh96UgC7M
h6B3uwMzEMI4tm3a4xaqffKKtj5bhLxboAJ2qb9wvoc4k5fUgxTolhqymEJ7Gf0V
wfVvw9vXpfbYgN7RU8KbAAatm1NfZR9zJ//6UbJKbj4sXBIrvPM9kPSM5ziydup8
JEVi5PSwi8pUTYEngCU6G2UqM1WxENc/o11AMfzkaxbWTTVsq1npNE3euwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI+W9OUWfj3POFW4Y11nzkHV77LYMB8GA1UdIwQY
MBaAFAskfnM5HsnWoqRvLLCwL8mUKI8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3lSLWN6a2V5ZGFpcEc4c3NMQXZ5WlFvanhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iM2ZkNDAtYjEyNS00MjgyLWI4ODMt
NzM2Nzg5ZWU2ZmQwLzEvajViMDVSWi1QYzg0VmJoalhXZk9RZFh2c3RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iM2ZkNDAtYjEyNS00MjgyLWI4ODMtNzM2Nzg5ZWU2ZmQw
LzEvQ3lSLWN6a2V5ZGFpcEc4c3NMQXZ5WlFvanhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZJ4MA0G
CSqGSIb3DQEBCwUAA4IBAQCo3bqUep1Pv6H969t/hFhIqLBWETKOSI3xknUCL27b
xVXzECBggUsENkFCiPwl5Nek4NIdGqFOOjv2R5nVcfCIcOcz+wrc+PavGz+q9xLi
9r+jcK5vqKQZDn2IX8g+3xcB4o4yoTczI4ArkWOXYcHew7bwi9FwBHmez3pwPw7d
b1Hrg/0OIRoQLCDIpxROSn1mHWl5Fgvhc52z1PJu6xdG5CeKMWjktvhzNuBWCK2U
6H9rCpMqSAk0PHPcuXBbyvmbMObbnJJSG/racfoeNVoMiRBs8TTrAeYLvZK4Ag+9
mHbWiCw5SRDWaT6GcmKGIcD57nlI3jyUzLxJr/EEl+7x
-----END CERTIFICATE-----