Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/OklpCWAYtSxGFSO6LoyURgrDbcQ.roa
File:                     OklpCWAYtSxGFSO6LoyURgrDbcQ.roa (raw, json)
Hash identifier:          1mSZtPwrR8rsCOpqJ4xfUkwL5UPo6V6cd8N6AZWROk0=
Subject key identifier:   3A:49:69:09:60:18:B5:2C:46:15:23:BA:2E:8C:94:46:0A:C3:6D:C4
Certificate issuer:       /CN=10721ead6a4575643cb703062c0968755e8281eb
Certificate serial:       019D301506CC04A0BA7F89904670774D7A40
Authority key identifier: 10:72:1E:AD:6A:45:75:64:3C:B7:03:06:2C:09:68:75:5E:82:81:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EHIerWpFdWQ8twMGLAlodV6Cges.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/OklpCWAYtSxGFSO6LoyURgrDbcQ.roa
Signing time:             Fri 27 Mar 2026 16:16:17 +0000
ROA not before:           Fri 27 Mar 2026 16:16:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205940
IP address blocks:        45.112.172.0/23 maxlen: 23
                          45.112.174.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/EHIerWpFdWQ8twMGLAlodV6Cges.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/EHIerWpFdWQ8twMGLAlodV6Cges.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EHIerWpFdWQ8twMGLAlodV6Cges.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 04:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:30:15:06:cc:04:a0:ba:7f:89:90:46:70:77:4d:7a:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10721ead6a4575643cb703062c0968755e8281eb
        Validity
            Not Before: Mar 27 16:16:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3a4969096018b52c461523ba2e8c94460ac36dc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:44:36:3f:b9:fe:6b:91:5d:98:db:8f:d1:1f:
                    24:62:6b:80:7a:97:6a:bb:5b:36:4e:bb:bf:59:11:
                    19:86:08:7e:37:bb:22:00:ed:f5:ac:0f:b4:e0:fc:
                    ce:f3:1a:16:23:c8:2f:79:e4:60:26:cc:38:b4:80:
                    82:dc:6a:0d:33:d4:2a:c1:23:12:39:ac:1b:6a:22:
                    30:e3:0c:19:08:f4:55:a3:07:36:a0:74:4a:a2:47:
                    83:e8:c4:64:c5:89:ae:1f:45:90:bb:31:75:90:79:
                    dd:ef:93:a0:86:45:58:0b:e4:2f:4b:1e:e8:a1:43:
                    97:d4:fc:80:e0:37:49:7c:11:70:e0:4b:ad:ef:19:
                    c2:c3:15:06:c5:26:90:f8:62:7f:bd:20:69:8c:7e:
                    9b:ff:2a:20:50:a3:82:f1:1a:d3:63:7e:be:f2:cd:
                    0c:22:58:b3:72:b5:71:1f:64:23:f2:67:0a:e0:d6:
                    64:99:66:1f:d7:40:9c:08:91:61:df:fa:7f:1f:8b:
                    f3:57:6f:bc:08:d4:73:14:54:4d:b0:40:44:0e:d1:
                    98:fd:5f:53:51:93:51:11:f8:a9:b1:f1:64:49:51:
                    d3:23:03:92:96:ee:99:fb:79:ed:fd:6c:c1:0b:85:
                    72:cb:b3:71:04:fd:64:2c:42:b8:c7:85:2e:85:5a:
                    a4:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:49:69:09:60:18:B5:2C:46:15:23:BA:2E:8C:94:46:0A:C3:6D:C4
            X509v3 Authority Key Identifier:
                keyid:10:72:1E:AD:6A:45:75:64:3C:B7:03:06:2C:09:68:75:5E:82:81:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EHIerWpFdWQ8twMGLAlodV6Cges.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/OklpCWAYtSxGFSO6LoyURgrDbcQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/EHIerWpFdWQ8twMGLAlodV6Cges.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.112.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         90:fd:13:bb:00:61:af:6e:f2:13:9d:14:d3:d1:6b:8a:a9:08:
         52:7d:eb:07:75:36:21:f7:d8:b3:34:3a:1b:cd:ae:af:03:64:
         b1:3a:e5:c9:49:8a:af:8d:0e:27:0a:56:72:66:d8:ae:d3:10:
         02:97:33:36:d6:24:9b:4e:e3:4f:d6:65:f1:3a:84:4c:ce:43:
         bf:60:99:0c:08:ee:dc:e8:5f:c3:8d:a8:cc:38:71:5b:19:96:
         24:aa:73:9e:e6:19:08:f4:d8:40:30:e9:0c:7b:ab:cb:db:d4:
         d3:49:3a:55:53:60:67:b3:30:e1:c1:2d:ff:ca:a0:27:70:29:
         80:4a:e3:01:91:8f:ea:e4:e7:d3:e5:75:e2:42:b1:12:fd:06:
         fd:3e:cb:ef:39:37:56:cc:d9:0c:a8:67:f8:1c:1c:41:f3:da:
         20:6c:b8:22:a3:53:58:81:59:99:df:85:62:73:64:cd:5f:ae:
         32:48:e6:78:95:19:86:f8:9a:97:d4:d7:46:a0:fe:5e:4c:88:
         82:59:0a:c9:e1:6f:42:81:d5:86:d4:d5:3a:f7:f2:48:19:62:
         3f:20:f1:58:5d:7b:37:ce:36:90:85:20:28:82:c0:ee:4e:9d:
         0a:f7:1b:30:0d:02:2b:a2:c5:7c:81:ba:78:ae:77:07:2e:d1:
         c4:4d:36:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0wFQbMBKC6f4mQRnB3TXpAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNzIxZWFkNmE0NTc1NjQzY2I3MDMwNjJjMDk2ODc1NWU4
MjgxZWIwHhcNMjYwMzI3MTYxNjE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTQ5NjkwOTYwMThiNTJjNDYxNTIzYmEyZThjOTQ0NjBhYzM2ZGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUQ2P7n+a5FdmNuP0R8kYmuAepdq
u1s2Tru/WREZhgh+N7siAO31rA+04PzO8xoWI8gveeRgJsw4tICC3GoNM9QqwSMS
OawbaiIw4wwZCPRVowc2oHRKokeD6MRkxYmuH0WQuzF1kHnd75OghkVYC+QvSx7o
oUOX1PyA4DdJfBFw4Eut7xnCwxUGxSaQ+GJ/vSBpjH6b/yogUKOC8RrTY36+8s0M
IlizcrVxH2Qj8mcK4NZkmWYf10CcCJFh3/p/H4vzV2+8CNRzFFRNsEBEDtGY/V9T
UZNREfipsfFkSVHTIwOSlu6Z+3nt/WzBC4Vyy7NxBP1kLEK4x4UuhVqkrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDpJaQlgGLUsRhUjui6MlEYKw23EMB8GA1UdIwQY
MBaAFBByHq1qRXVkPLcDBiwJaHVegoHrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUhJZXJXcEZkV1E4dHdNR0xBbG9kVjZDZ2VzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9jYTkzNWItMjQ4NC00MDIwLWI4MTQt
M2Q0YWU4MGZjNDVkLzEvT2tscENXQVl0U3hHRlNPNkxveVVSZ3JEYmNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9jYTkzNWItMjQ4NC00MDIwLWI4MTQtM2Q0YWU4MGZjNDVk
LzEvRUhJZXJXcEZkV1E4dHdNR0xBbG9kVjZDZ2VzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLXCsMA0G
CSqGSIb3DQEBCwUAA4IBAQCQ/RO7AGGvbvITnRTT0WuKqQhSfesHdTYh99izNDob
za6vA2SxOuXJSYqvjQ4nClZyZtiu0xAClzM21iSbTuNP1mXxOoRMzkO/YJkMCO7c
6F/DjajMOHFbGZYkqnOe5hkI9NhAMOkMe6vL29TTSTpVU2BnszDhwS3/yqAncCmA
SuMBkY/q5OfT5XXiQrES/Qb9PsvvOTdWzNkMqGf4HBxB89ogbLgio1NYgVmZ34Vi
c2TNX64ySOZ4lRmG+JqX1NdGoP5eTIiCWQrJ4W9CgdWG1NU69/JIGWI/IPFYXXs3
zjaQhSAogsDuTp0K9xswDQIrosV8gbp4rncHLtHETTZU
-----END CERTIFICATE-----