Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/PI0GWokWQCIYbfxBSxMKrWG4rlA.roa
File:                     PI0GWokWQCIYbfxBSxMKrWG4rlA.roa (raw, json)
Hash identifier:          qRwJTh2gHSy2lv6qJPXbAlMzsB4kzURHt7CqQP0XkRU=
Subject key identifier:   3C:8D:06:5A:89:16:40:22:18:6D:FC:41:4B:13:0A:AD:61:B8:AE:50
Certificate issuer:       /CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
Certificate serial:       019EE5AC8137D60FB9869F4E97F53805C3D2
Authority key identifier: 8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/PI0GWokWQCIYbfxBSxMKrWG4rlA.roa
Signing time:             Sat 20 Jun 2026 15:35:48 +0000
ROA not before:           Sat 20 Jun 2026 15:35:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        45.152.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:e5:ac:81:37:d6:0f:b9:86:9f:4e:97:f5:38:05:c3:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
        Validity
            Not Before: Jun 20 15:35:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3c8d065a89164022186dfc414b130aad61b8ae50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:c3:6e:48:2f:14:20:5e:b9:d8:fd:d7:4d:9d:
                    f4:ee:8f:56:d8:ee:4d:ed:77:38:91:85:cc:fe:88:
                    80:2b:c0:99:45:03:f6:ee:de:04:6f:27:44:59:78:
                    ee:c4:68:b8:fc:a5:a5:1a:87:10:b8:10:7a:04:06:
                    8f:05:f2:58:55:a7:b7:d1:d3:62:7f:4a:c8:cb:0b:
                    12:9a:2b:b6:76:fa:d0:d6:b3:71:1b:7f:14:0a:d1:
                    e8:be:db:d1:d5:8a:16:f9:0a:f8:aa:4c:56:4e:f4:
                    79:05:00:b7:8a:a3:1a:ab:9c:d1:d9:7e:a7:69:4a:
                    b2:5a:1f:ef:ee:5e:51:e6:08:0f:cd:90:d3:c6:c6:
                    8f:20:f6:b2:e7:21:57:c1:80:9b:22:f7:40:0a:58:
                    f7:56:b8:ae:ed:ef:aa:d9:d1:07:3d:4d:56:03:18:
                    63:30:18:34:95:3b:ad:61:19:bc:20:52:a2:99:6c:
                    2b:28:c1:78:97:0c:99:1d:15:88:5d:d3:70:18:f8:
                    b9:dc:d1:91:21:de:9b:03:69:fb:f0:00:2a:6e:aa:
                    36:cb:7f:9e:62:07:9d:c9:32:2f:3d:15:72:58:f3:
                    8b:6e:15:09:11:5a:a9:d0:8e:6b:a2:3f:2e:41:5b:
                    3d:58:ca:0b:68:34:94:90:7d:89:b7:c0:cd:79:ff:
                    74:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:8D:06:5A:89:16:40:22:18:6D:FC:41:4B:13:0A:AD:61:B8:AE:50
            X509v3 Authority Key Identifier:
                keyid:8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/PI0GWokWQCIYbfxBSxMKrWG4rlA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:39:59:6a:7d:88:78:d0:12:fa:fb:f9:c6:59:b3:e1:18:c4:
         a1:fc:da:ef:92:f1:f7:b6:b6:f6:66:1c:0b:0f:2d:0f:2e:3d:
         2f:c4:52:d1:6d:0b:81:1e:ce:4f:5b:ef:aa:45:ac:1d:40:bc:
         aa:01:29:0e:09:3c:e4:75:13:1d:4d:e3:d0:9f:e1:a8:d5:4c:
         cd:23:6b:21:f8:d5:7b:2c:ca:0b:23:f6:89:c3:d2:97:d4:7e:
         fa:a5:73:75:4e:7f:f2:41:6f:f0:ee:da:44:b4:44:0b:44:58:
         19:35:d5:f8:a6:cd:e3:09:23:53:c2:56:c3:c2:dd:f4:50:85:
         46:56:79:91:ac:03:18:e9:6b:12:c1:10:3b:99:96:f0:06:38:
         38:38:ff:94:af:51:55:63:82:d7:a7:d1:dd:9a:f3:a7:ed:b6:
         80:00:eb:0b:55:d2:02:72:93:b7:9d:6f:b3:d6:f3:04:2d:e2:
         e0:22:4d:6d:ac:6c:74:c1:63:88:a6:12:27:e4:89:d8:3c:f4:
         8a:07:3c:d9:ab:b9:c6:eb:78:3d:97:4b:02:7c:ed:dc:34:0a:
         4b:7e:9a:b2:c3:62:78:13:dc:48:2b:b7:50:87:0e:bf:43:35:
         b0:f5:ac:46:9a:09:60:bb:fd:65:45:0a:93:d7:48:f9:fa:59:
         9b:3f:03:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7lrIE31g+5hp9Ol/U4BcPSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMzcxODMzNDFhMmFiNmRmM2M1OWVjODI3ZWQ3MTIwMGI1
YTYyNDQwHhcNMjYwNjIwMTUzNTQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzhkMDY1YTg5MTY0MDIyMTg2ZGZjNDE0YjEzMGFhZDYxYjhhZTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7sNuSC8UIF652P3XTZ307o9W2O5N
7Xc4kYXM/oiAK8CZRQP27t4EbydEWXjuxGi4/KWlGocQuBB6BAaPBfJYVae30dNi
f0rIywsSmiu2dvrQ1rNxG38UCtHovtvR1YoW+Qr4qkxWTvR5BQC3iqMaq5zR2X6n
aUqyWh/v7l5R5ggPzZDTxsaPIPay5yFXwYCbIvdAClj3Vriu7e+q2dEHPU1WAxhj
MBg0lTutYRm8IFKimWwrKMF4lwyZHRWIXdNwGPi53NGRId6bA2n78AAqbqo2y3+e
YgedyTIvPRVyWPOLbhUJEVqp0I5roj8uQVs9WMoLaDSUkH2Jt8DNef90zQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDyNBlqJFkAiGG38QUsTCq1huK5QMB8GA1UdIwQY
MBaAFIs3GDNBoqtt88WeyCftcSALWmJEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUt
MDg1MmNiMzUzMjkzLzEvUEkwR1dva1dRQ0lZYmZ4QlN4TUtyV0c0cmxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUtMDg1MmNiMzUzMjkz
LzEvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZixMA0G
CSqGSIb3DQEBCwUAA4IBAQAuOVlqfYh40BL6+/nGWbPhGMSh/NrvkvH3trb2ZhwL
Dy0PLj0vxFLRbQuBHs5PW++qRawdQLyqASkOCTzkdRMdTePQn+Go1UzNI2sh+NV7
LMoLI/aJw9KX1H76pXN1Tn/yQW/w7tpEtEQLRFgZNdX4ps3jCSNTwlbDwt30UIVG
VnmRrAMY6WsSwRA7mZbwBjg4OP+Ur1FVY4LXp9HdmvOn7baAAOsLVdICcpO3nW+z
1vMELeLgIk1trGx0wWOIphIn5InYPPSKBzzZq7nG63g9l0sCfO3cNApLfpqyw2J4
E9xIK7dQhw6/QzWw9axGmglgu/1lRQqT10j5+lmbPwMk
-----END CERTIFICATE-----