Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/Oko1YP5tpeDrzsuiNd9bZ5in6Bs.roa
File:                     Oko1YP5tpeDrzsuiNd9bZ5in6Bs.roa (raw, json)
Hash identifier:          LJirmuvF99O8P/5zMgSqW3l3fmH04iW0l/pxAf/sz1w=
Subject key identifier:   3A:4A:35:60:FE:6D:A5:E0:EB:CE:CB:A2:35:DF:5B:67:98:A7:E8:1B
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       019E96FA7E28F3DBDA31A5F0C36D0D258574
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/Oko1YP5tpeDrzsuiNd9bZ5in6Bs.roa
Signing time:             Fri 05 Jun 2026 08:50:59 +0000
ROA not before:           Fri 05 Jun 2026 08:50:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199467
IP address blocks:        45.11.184.0/24 maxlen: 24
                          45.159.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:96:fa:7e:28:f3:db:da:31:a5:f0:c3:6d:0d:25:85:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Jun  5 08:50:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3a4a3560fe6da5e0ebcecba235df5b6798a7e81b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:d9:58:c8:b1:b6:61:6f:bd:60:c6:6b:c1:87:
                    3d:bb:25:1e:53:67:d9:32:07:af:b6:0e:92:32:e8:
                    ed:1b:58:80:d8:64:88:66:da:e7:4d:ba:8b:bf:19:
                    52:8a:cd:30:bf:09:a3:9d:f7:09:ea:b3:ed:d2:03:
                    fb:29:f6:79:ac:5b:71:98:94:e8:9d:6b:fa:19:77:
                    9f:b0:c6:6b:e9:81:77:30:b3:bb:3c:92:4f:b8:bf:
                    8e:6a:8e:c7:5f:78:98:4c:51:53:1b:87:a4:02:ce:
                    f6:10:5b:72:fd:71:51:21:4a:17:d9:2e:d4:8d:33:
                    b3:56:0b:6b:a7:e6:46:8e:a2:76:92:b7:25:28:08:
                    98:4c:39:c0:c8:63:2a:d9:d6:e2:a9:2c:d3:40:78:
                    42:2e:08:f6:41:69:8b:3c:c3:35:0f:4e:aa:62:1c:
                    d3:2f:e3:21:a7:85:c4:77:dd:d5:4f:4d:d9:51:48:
                    08:52:10:77:b3:1c:02:ab:ed:75:d7:2a:9d:1b:6a:
                    16:95:ae:ff:e5:d9:9c:ca:83:26:b1:62:21:3b:4f:
                    14:46:fd:7f:56:63:2d:7b:50:03:69:47:a3:91:98:
                    17:5d:a6:e5:fd:13:5a:9a:1d:57:b8:b0:34:c0:44:
                    bb:0f:ff:6f:1a:76:c7:49:ca:9c:dd:39:20:ed:49:
                    57:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:4A:35:60:FE:6D:A5:E0:EB:CE:CB:A2:35:DF:5B:67:98:A7:E8:1B
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/Oko1YP5tpeDrzsuiNd9bZ5in6Bs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.184.0/24
                  45.159.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:77:0c:89:99:2f:79:e4:ed:c2:e1:0f:93:eb:ed:81:ec:e0:
         85:22:2c:02:0f:58:8c:3c:e2:da:a4:d3:77:b1:f0:4c:87:29:
         08:7d:17:cc:37:c5:b5:3f:53:3b:b8:82:6e:13:a5:de:2f:4c:
         a7:7c:89:bb:dc:fa:ce:22:18:02:48:3f:8c:0a:a1:e3:3d:35:
         b2:04:cb:10:4d:df:88:08:c3:27:97:5e:9b:5c:f5:5a:34:36:
         9b:ee:de:ed:a9:55:21:40:71:6d:bb:ac:15:0c:cc:a3:cf:31:
         a0:28:f7:60:4f:60:48:c7:8e:2d:fb:12:57:d4:09:65:1b:90:
         42:66:8d:fd:92:bb:08:78:87:38:5f:0d:9a:ad:a7:b6:4a:5e:
         46:7e:f3:bb:c5:54:b2:23:05:ec:46:db:0a:eb:ac:82:36:d5:
         c7:fe:75:18:f4:7f:3a:e6:35:61:66:ca:fa:07:42:78:53:67:
         ac:57:d4:40:92:42:ec:6b:65:17:ae:01:f6:f9:71:6d:1e:fd:
         59:a4:d1:04:01:b6:fc:56:47:e4:12:ae:f1:ef:6b:1a:25:61:
         7b:cd:4a:3a:3b:1b:6a:69:12:a6:65:55:bd:49:b0:2d:b1:6b:
         27:f0:de:e9:f1:94:32:3d:0b:c2:25:36:3a:84:b8:f7:87:e0:
         48:89:57:4e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6W+n4o89vaMaXww20NJYV0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjYwNjA1MDg1MDU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTRhMzU2MGZlNmRhNWUwZWJjZWNiYTIzNWRmNWI2Nzk4YTdlODFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4dlYyLG2YW+9YMZrwYc9uyUeU2fZ
Mgevtg6SMujtG1iA2GSIZtrnTbqLvxlSis0wvwmjnfcJ6rPt0gP7KfZ5rFtxmJTo
nWv6GXefsMZr6YF3MLO7PJJPuL+Oao7HX3iYTFFTG4ekAs72EFty/XFRIUoX2S7U
jTOzVgtrp+ZGjqJ2krclKAiYTDnAyGMq2dbiqSzTQHhCLgj2QWmLPMM1D06qYhzT
L+Mhp4XEd93VT03ZUUgIUhB3sxwCq+111yqdG2oWla7/5dmcyoMmsWIhO08URv1/
VmMte1ADaUejkZgXXabl/RNamh1XuLA0wES7D/9vGnbHScqc3Tkg7UlXKQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDpKNWD+baXg687LojXfW2eYp+gbMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvT2tvMVlQNXRwZURyenN1aU5kOWJaNWluNkJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQu4AwQA
LZ+UMA0GCSqGSIb3DQEBCwUAA4IBAQBodwyJmS955O3C4Q+T6+2B7OCFIiwCD1iM
POLapNN3sfBMhykIfRfMN8W1P1M7uIJuE6XeL0ynfIm73PrOIhgCSD+MCqHjPTWy
BMsQTd+ICMMnl16bXPVaNDab7t7tqVUhQHFtu6wVDMyjzzGgKPdgT2BIx44t+xJX
1AllG5BCZo39krsIeIc4Xw2arae2Sl5GfvO7xVSyIwXsRtsK66yCNtXH/nUY9H86
5jVhZsr6B0J4U2esV9RAkkLsa2UXrgH2+XFtHv1ZpNEEAbb8VkfkEq7x72saJWF7
zUo6OxtqaRKmZVW9SbAtsWsn8N7p8ZQyPQvCJTY6hLj3h+BIiVdO
-----END CERTIFICATE-----