Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/l3_cCcJGHklnQVuAlT1h6sDq0zs.roa
File:                     l3_cCcJGHklnQVuAlT1h6sDq0zs.roa (raw, json)
Hash identifier:          pxEXZ1hE/w7E1lZNn+OgbmMEwPUj0/2FuaBEspbzOXE=
Subject key identifier:   97:7F:DC:09:C2:46:1E:49:67:41:5B:80:95:3D:61:EA:C0:EA:D3:3B
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019DCF92F3B6B62959D08A5CE5948D88BBDF
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/l3_cCcJGHklnQVuAlT1h6sDq0zs.roa
Signing time:             Mon 27 Apr 2026 15:33:27 +0000
ROA not before:           Mon 27 Apr 2026 15:33:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     399955
IP address blocks:        45.147.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 15:33:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:cf:92:f3:b6:b6:29:59:d0:8a:5c:e5:94:8d:88:bb:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Apr 27 15:33:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=977fdc09c2461e4967415b80953d61eac0ead33b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:fd:fb:06:b5:b3:de:8a:32:78:18:42:3e:f1:
                    32:33:cd:ac:bd:db:28:06:ef:9a:0e:00:fc:33:2b:
                    38:83:2b:51:86:91:f4:dd:45:39:55:ee:9c:b7:b6:
                    52:00:49:87:87:1d:37:ea:5a:ca:bd:c4:da:97:fb:
                    c4:62:45:e7:1d:0d:10:e7:db:3f:6c:e9:9e:2f:e6:
                    d5:be:0c:47:de:2b:98:5d:5c:e8:e0:da:4b:af:a2:
                    b2:e2:7f:32:af:36:dd:fc:25:c0:45:89:f4:85:42:
                    91:2a:30:30:17:fa:5a:52:fd:9b:96:6b:89:f2:af:
                    d6:a2:30:5a:f4:6f:78:ff:2b:3b:01:be:66:4a:86:
                    88:be:bd:85:af:2c:47:ac:58:f2:d4:33:60:af:6b:
                    67:03:b8:7b:65:ba:f8:d3:1d:0e:21:36:93:d1:70:
                    46:58:4d:14:f4:89:e6:2d:b7:68:1b:01:47:ea:98:
                    02:7a:ef:61:96:48:60:47:49:dc:65:8c:7a:16:e1:
                    b7:3b:d0:cc:47:56:01:29:2e:92:10:60:a7:cc:b5:
                    5a:6e:65:22:b1:79:d9:a7:3e:2f:73:e8:17:a5:e1:
                    94:7c:3f:ec:af:4f:49:d5:d9:57:29:d8:df:9a:e3:
                    8f:1c:63:b3:a5:5e:4a:e7:8c:58:75:11:6a:ea:11:
                    3c:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:7F:DC:09:C2:46:1E:49:67:41:5B:80:95:3D:61:EA:C0:EA:D3:3B
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/l3_cCcJGHklnQVuAlT1h6sDq0zs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:e1:e0:e1:b6:0f:1a:6c:26:43:c6:4c:87:dc:aa:80:ad:c6:
         cd:4d:0d:67:08:84:98:47:42:6b:f3:6f:09:2a:86:ea:32:0f:
         e3:70:9d:1a:26:47:e9:8b:72:7b:b5:59:b9:95:d9:c9:22:36:
         8c:36:f3:55:69:5c:6e:de:47:a1:ed:54:67:d3:32:72:a5:be:
         25:17:2d:66:d3:b7:73:e5:b3:bf:c7:7b:7b:95:a7:b4:3c:f6:
         f4:dd:16:56:5d:2c:a9:a6:fb:1d:63:f7:40:d2:3f:a5:b7:35:
         68:1d:8c:7e:4d:e2:d9:4d:5d:d9:d9:1e:a1:7b:7c:e6:cf:f0:
         33:27:3e:e2:ec:61:a5:8a:8d:d6:67:f0:8e:90:28:8e:28:ee:
         ab:01:39:7a:53:43:90:11:1a:84:47:ae:cd:e0:10:79:d4:c4:
         a7:94:98:37:5d:14:d5:00:96:35:d1:10:01:85:fc:c6:ae:03:
         f3:ca:1a:7f:5f:24:a4:7a:20:37:ff:00:59:b6:78:a2:fe:8c:
         e1:e3:e3:00:de:ce:27:92:9e:6e:f9:d5:fa:4b:6d:e9:ae:0e:
         28:92:ca:2a:48:81:c2:c4:e2:54:0d:eb:23:b3:d5:95:f6:af:
         d7:30:f5:cc:22:dc:b2:15:58:38:5d:0a:1f:cd:43:07:08:a2:
         f5:82:b8:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3PkvO2tilZ0Ipc5ZSNiLvfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwNDI3MTUzMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzdmZGMwOWMyNDYxZTQ5Njc0MTViODA5NTNkNjFlYWMwZWFkMzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/37BrWz3ooyeBhCPvEyM82svdso
Bu+aDgD8Mys4gytRhpH03UU5Ve6ct7ZSAEmHhx036lrKvcTal/vEYkXnHQ0Q59s/
bOmeL+bVvgxH3iuYXVzo4NpLr6Ky4n8yrzbd/CXARYn0hUKRKjAwF/paUv2blmuJ
8q/WojBa9G94/ys7Ab5mSoaIvr2FryxHrFjy1DNgr2tnA7h7Zbr40x0OITaT0XBG
WE0U9InmLbdoGwFH6pgCeu9hlkhgR0ncZYx6FuG3O9DMR1YBKS6SEGCnzLVabmUi
sXnZpz4vc+gXpeGUfD/sr09J1dlXKdjfmuOPHGOzpV5K54xYdRFq6hE8uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJd/3AnCRh5JZ0FbgJU9YerA6tM7MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvbDNfY0NjSkdIa2xuUVZ1QWxUMWg2c0RxMHpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZPjMA0G
CSqGSIb3DQEBCwUAA4IBAQBC4eDhtg8abCZDxkyH3KqArcbNTQ1nCISYR0Jr828J
KobqMg/jcJ0aJkfpi3J7tVm5ldnJIjaMNvNVaVxu3keh7VRn0zJypb4lFy1m07dz
5bO/x3t7lae0PPb03RZWXSyppvsdY/dA0j+ltzVoHYx+TeLZTV3Z2R6he3zmz/Az
Jz7i7GGlio3WZ/COkCiOKO6rATl6U0OQERqER67N4BB51MSnlJg3XRTVAJY10RAB
hfzGrgPzyhp/XySkeiA3/wBZtnii/ozh4+MA3s4nkp5u+dX6S23prg4oksoqSIHC
xOJUDesjs9WV9q/XMPXMItyyFVg4XQofzUMHCKL1grjP
-----END CERTIFICATE-----