Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/KWr1d9bN0TxO3Vyyxh5NZILCR88.roa
File:                     KWr1d9bN0TxO3Vyyxh5NZILCR88.roa (raw, json)
Hash identifier:          f1P78u1Ma27QCc9BoOC2qZIiHB032llb4ntaFCXhm3A=
Subject key identifier:   29:6A:F5:77:D6:CD:D1:3C:4E:DD:5C:B2:C6:1E:4D:64:82:C2:47:CF
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       019DF70B5E6F6D7CFD8F40D6B7F9D3B9B7CC
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/KWr1d9bN0TxO3Vyyxh5NZILCR88.roa
Signing time:             Tue 05 May 2026 07:30:10 +0000
ROA not before:           Tue 05 May 2026 07:30:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        45.146.200.0/23 maxlen: 23
                          45.146.200.0/24 maxlen: 24
                          45.146.202.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 13:57:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f7:0b:5e:6f:6d:7c:fd:8f:40:d6:b7:f9:d3:b9:b7:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: May  5 07:30:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=296af577d6cdd13c4edd5cb2c61e4d6482c247cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:55:c6:79:2b:34:56:c6:2e:8b:da:6b:54:2b:
                    1c:8d:79:db:d9:e2:f2:aa:20:6d:bd:fd:95:1d:46:
                    d0:74:65:34:c4:f3:d6:a4:02:bd:41:b9:3b:8a:6c:
                    d3:76:1c:70:c0:37:57:8e:cc:a1:0c:64:a2:a5:92:
                    0b:54:45:e4:95:1e:a6:12:b1:71:21:b4:45:a4:cd:
                    97:d1:74:8e:f5:23:a0:45:ed:95:38:f2:9f:6f:74:
                    f0:7c:81:6c:0d:74:d9:64:25:34:2e:28:94:15:0e:
                    44:92:00:76:90:56:a7:3a:7a:a7:33:16:76:4d:30:
                    a1:3f:fc:3e:21:4c:43:83:7a:ca:2a:dc:76:06:b2:
                    3a:06:b0:78:4e:a8:5d:a3:78:50:5a:63:d2:7d:73:
                    fa:66:51:b3:96:40:c9:31:de:66:4a:5e:bb:d6:90:
                    f8:64:f4:fa:02:44:c8:2c:0a:ba:73:a8:02:b0:cb:
                    17:56:1a:68:92:f4:e9:67:8b:a4:27:b2:72:b4:29:
                    74:76:8d:31:4e:76:91:76:75:98:f5:59:a9:1d:c7:
                    a8:0b:95:2d:78:f7:12:0f:6b:9a:50:01:76:61:bc:
                    35:4c:75:63:26:79:97:7e:a0:58:7c:a2:0d:a0:aa:
                    43:ae:35:fd:70:8e:2f:09:3f:0c:b9:87:bb:28:1c:
                    52:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:6A:F5:77:D6:CD:D1:3C:4E:DD:5C:B2:C6:1E:4D:64:82:C2:47:CF
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/KWr1d9bN0TxO3Vyyxh5NZILCR88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:01:ea:9d:ea:00:18:46:87:1a:ad:80:27:23:1d:44:60:4c:
         15:e6:63:2d:1f:f9:66:b7:7f:f7:6f:cc:13:fb:85:d1:fb:56:
         8b:98:bf:35:45:30:0d:ab:18:5d:8d:75:88:6b:69:33:09:2d:
         e5:ee:92:03:67:6a:c4:f4:b3:6a:d9:a8:14:10:ae:99:00:47:
         04:5c:ad:55:52:3d:33:8a:bd:56:67:92:9b:cb:cd:ec:1b:c9:
         14:b1:35:25:73:a4:00:dd:a6:c4:8d:57:a5:aa:b8:ee:ae:0c:
         ef:94:e2:d0:5b:e3:f2:94:f1:f2:fa:3c:51:e6:b0:b3:9d:6b:
         c8:cb:46:ed:ce:03:6d:59:94:06:7a:ae:7f:d9:06:81:20:c6:
         ab:3e:27:d5:d6:d8:bb:88:76:e8:7c:ca:cf:63:ba:62:d8:bc:
         22:f5:c9:07:ec:74:ec:5a:eb:ac:41:10:6d:38:73:ef:97:c1:
         05:05:e2:15:44:e9:d5:93:94:75:68:82:1e:21:a4:53:5f:4a:
         cc:d5:ed:f7:a7:c2:84:1d:25:a8:05:b5:bb:fe:b8:bf:00:30:
         44:78:a5:1f:63:6f:cf:c3:4a:9f:3f:8d:86:bb:35:2d:5d:f4:
         e3:f9:c7:f9:ba:83:d5:01:38:77:c5:4f:ea:cc:b0:11:44:79:
         6f:86:ea:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ33C15vbXz9j0DWt/nTubfMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjYwNTA1MDczMDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTZhZjU3N2Q2Y2RkMTNjNGVkZDVjYjJjNjFlNGQ2NDgyYzI0N2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6FXGeSs0VsYui9prVCscjXnb2eLy
qiBtvf2VHUbQdGU0xPPWpAK9Qbk7imzTdhxwwDdXjsyhDGSipZILVEXklR6mErFx
IbRFpM2X0XSO9SOgRe2VOPKfb3TwfIFsDXTZZCU0LiiUFQ5EkgB2kFanOnqnMxZ2
TTChP/w+IUxDg3rKKtx2BrI6BrB4Tqhdo3hQWmPSfXP6ZlGzlkDJMd5mSl671pD4
ZPT6AkTILAq6c6gCsMsXVhpokvTpZ4ukJ7JytCl0do0xTnaRdnWY9VmpHceoC5Ut
ePcSD2uaUAF2Ybw1THVjJnmXfqBYfKINoKpDrjX9cI4vCT8MuYe7KBxSuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFClq9XfWzdE8Tt1cssYeTWSCwkfPMB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEvS1dyMWQ5Yk4wVHhPM1Z5eXhoNU5aSUxDUjg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZLIMA0G
CSqGSIb3DQEBCwUAA4IBAQCFAeqd6gAYRocarYAnIx1EYEwV5mMtH/lmt3/3b8wT
+4XR+1aLmL81RTANqxhdjXWIa2kzCS3l7pIDZ2rE9LNq2agUEK6ZAEcEXK1VUj0z
ir1WZ5Kby83sG8kUsTUlc6QA3abEjVelqrjurgzvlOLQW+PylPHy+jxR5rCznWvI
y0btzgNtWZQGeq5/2QaBIMarPifV1ti7iHbofMrPY7pi2Lwi9ckH7HTsWuusQRBt
OHPvl8EFBeIVROnVk5R1aIIeIaRTX0rM1e33p8KEHSWoBbW7/ri/ADBEeKUfY2/P
w0qfP42GuzUtXfTj+cf5uoPVATh3xU/qzLARRHlvhuq5
-----END CERTIFICATE-----