Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Cl1P07iTKGe2BmbPMSl3AYrYDZI.roa
File:                     Cl1P07iTKGe2BmbPMSl3AYrYDZI.roa (raw, json)
Hash identifier:          q7oFX8AMLOa42sXL7A/6v3pdxe1g1DAN6gq7kIkIShU=
Subject key identifier:   0A:5D:4F:D3:B8:93:28:67:B6:06:66:CF:31:29:77:01:8A:D8:0D:92
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019D3E0E0078C1F98DFECA2CD488220A02D3
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Cl1P07iTKGe2BmbPMSl3AYrYDZI.roa
Signing time:             Mon 30 Mar 2026 09:23:18 +0000
ROA not before:           Mon 30 Mar 2026 09:23:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211798
IP address blocks:        45.144.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 Apr 2026 23:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3e:0e:00:78:c1:f9:8d:fe:ca:2c:d4:88:22:0a:02:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Mar 30 09:23:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0a5d4fd3b8932867b60666cf312977018ad80d92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:c7:d6:46:99:42:88:7e:5e:2a:66:1e:df:83:
                    e5:ca:9f:b8:ac:ac:9d:e8:d6:aa:67:3c:98:76:15:
                    5c:e6:b3:10:ac:93:aa:4a:ff:fd:61:df:c7:07:12:
                    1a:57:b3:c2:b0:41:f4:96:12:11:8d:32:65:27:cc:
                    9b:c6:1c:36:09:a5:17:6e:9e:3b:e3:d1:01:9f:d1:
                    d3:92:cf:e4:b7:85:31:86:48:c0:de:24:71:22:fc:
                    e2:47:31:de:af:44:cb:9f:c8:8e:42:85:9f:68:e5:
                    d2:28:cf:34:6d:37:55:5d:53:94:19:6e:99:c5:77:
                    17:91:96:6c:5a:53:78:8d:a6:6a:95:30:0c:fe:f2:
                    01:c7:d6:69:0c:49:ff:b9:3e:61:fd:76:be:da:10:
                    04:73:f1:31:7c:3f:e9:b4:5c:5b:95:df:38:27:65:
                    25:ac:b7:c2:de:b1:cb:c5:22:e1:88:9e:d3:29:cd:
                    cd:b6:0c:ce:03:16:87:29:3b:50:b8:99:c3:ae:0d:
                    52:e1:bd:2f:8d:6c:73:93:84:bd:2a:f9:97:0f:ff:
                    70:a6:62:c3:f6:ce:c3:bb:69:53:9a:d9:f4:db:68:
                    7f:87:20:6d:13:48:0c:3c:e7:73:ce:d5:5d:de:16:
                    f7:db:a9:70:49:1b:d7:37:58:6e:28:0a:f8:7f:b2:
                    a4:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:5D:4F:D3:B8:93:28:67:B6:06:66:CF:31:29:77:01:8A:D8:0D:92
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Cl1P07iTKGe2BmbPMSl3AYrYDZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:f0:6c:e9:32:01:9a:84:c6:82:4f:7d:73:62:06:fd:51:f6:
         34:73:fa:52:cf:eb:b5:37:a6:a0:98:14:5b:e8:a3:0d:6e:03:
         c7:8d:87:22:c9:ab:a8:dd:fe:7b:9a:1b:00:1e:78:c4:96:6a:
         93:18:f3:5c:55:4f:63:90:88:8b:3d:6f:c8:6b:f6:ba:fb:16:
         62:a9:76:f6:6c:9e:05:f8:a4:87:80:1f:d4:c2:d8:ee:1d:74:
         a6:a7:ec:32:88:c7:2b:69:19:f2:c8:af:9d:d8:40:4c:a9:53:
         0e:48:17:b0:2a:52:4f:2e:ec:19:39:08:63:23:ad:0d:50:5f:
         03:19:87:c5:69:6b:90:29:bc:ad:27:20:8b:ca:12:cd:b4:60:
         48:ea:fe:4c:90:c8:69:82:e0:50:3e:b6:90:51:78:fe:70:37:
         d2:30:88:2a:e7:ec:21:b7:8f:89:7e:b3:54:57:90:2d:cf:37:
         23:f3:ee:8b:35:01:10:c8:ab:1b:fd:4b:4c:d5:4a:56:13:b9:
         6f:68:56:1a:d6:ac:84:35:0d:f1:cf:3b:9d:f5:68:80:5b:68:
         fc:79:9c:54:ba:31:9b:fd:45:b2:41:2c:8d:56:5c:1b:d1:e0:
         bf:26:dd:da:a8:e2:ae:e3:8c:66:c6:ec:de:a8:90:a9:f6:29:
         20:6c:8d:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0+DgB4wfmN/sos1IgiCgLTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwMzMwMDkyMzE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTVkNGZkM2I4OTMyODY3YjYwNjY2Y2YzMTI5NzcwMThhZDgwZDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMfWRplCiH5eKmYe34Plyp+4rKyd
6NaqZzyYdhVc5rMQrJOqSv/9Yd/HBxIaV7PCsEH0lhIRjTJlJ8ybxhw2CaUXbp47
49EBn9HTks/kt4UxhkjA3iRxIvziRzHer0TLn8iOQoWfaOXSKM80bTdVXVOUGW6Z
xXcXkZZsWlN4jaZqlTAM/vIBx9ZpDEn/uT5h/Xa+2hAEc/ExfD/ptFxbld84J2Ul
rLfC3rHLxSLhiJ7TKc3NtgzOAxaHKTtQuJnDrg1S4b0vjWxzk4S9KvmXD/9wpmLD
9s7Du2lTmtn022h/hyBtE0gMPOdzztVd3hb326lwSRvXN1huKAr4f7Kk9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFApdT9O4kyhntgZmzzEpdwGK2A2SMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvQ2wxUDA3aVRLR2UyQm1iUE1TbDNBWXJZRFpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZDmMA0G
CSqGSIb3DQEBCwUAA4IBAQAB8GzpMgGahMaCT31zYgb9UfY0c/pSz+u1N6agmBRb
6KMNbgPHjYciyauo3f57mhsAHnjElmqTGPNcVU9jkIiLPW/Ia/a6+xZiqXb2bJ4F
+KSHgB/UwtjuHXSmp+wyiMcraRnyyK+d2EBMqVMOSBewKlJPLuwZOQhjI60NUF8D
GYfFaWuQKbytJyCLyhLNtGBI6v5MkMhpguBQPraQUXj+cDfSMIgq5+wht4+JfrNU
V5Atzzcj8+6LNQEQyKsb/UtM1UpWE7lvaFYa1qyENQ3xzzud9WiAW2j8eZxUujGb
/UWyQSyNVlwb0eC/Jt3aqOKu44xmxuzeqJCp9ikgbI0P
-----END CERTIFICATE-----