Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/8CxQcTO3gzXmwcuG0fFVXjw_yfA.roa
File:                     8CxQcTO3gzXmwcuG0fFVXjw_yfA.roa (raw, json)
Hash identifier:          nNtkgz35KV+aXckr0faszMZ/wBI6TdmhZfb4uKa2DV8=
Subject key identifier:   F0:2C:50:71:33:B7:83:35:E6:C1:CB:86:D1:F1:55:5E:3C:3F:C9:F0
Certificate issuer:       /CN=6832c32d2259013991260d530d9120031aaefcd0
Certificate serial:       019CB3F0780255B691DF6897FD2706F0E4B6
Authority key identifier: 68:32:C3:2D:22:59:01:39:91:26:0D:53:0D:91:20:03:1A:AE:FC:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aDLDLSJZATmRJg1TDZEgAxqu_NA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/8CxQcTO3gzXmwcuG0fFVXjw_yfA.roa
Signing time:             Tue 03 Mar 2026 13:43:26 +0000
ROA not before:           Tue 03 Mar 2026 13:43:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     33915
IP address blocks:        145.46.128.0/18 maxlen: 18
                          145.46.191.0/24 maxlen: 24
                          145.46.192.0/18 maxlen: 18
                          145.46.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/aDLDLSJZATmRJg1TDZEgAxqu_NA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/aDLDLSJZATmRJg1TDZEgAxqu_NA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aDLDLSJZATmRJg1TDZEgAxqu_NA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Mar 2026 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b3:f0:78:02:55:b6:91:df:68:97:fd:27:06:f0:e4:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6832c32d2259013991260d530d9120031aaefcd0
        Validity
            Not Before: Mar  3 13:43:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f02c507133b78335e6c1cb86d1f1555e3c3fc9f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:6c:ee:1b:40:5d:fb:62:a3:a2:24:94:01:b0:
                    d1:ed:05:31:6e:49:c8:f6:d3:c6:35:8c:97:32:5e:
                    fb:14:05:ce:1b:9c:49:e5:e2:7d:04:73:e2:74:96:
                    97:6f:30:19:bf:84:21:74:d6:de:bc:10:99:b9:dd:
                    35:e2:bf:30:df:f2:db:a2:5e:45:df:24:ab:6a:23:
                    f7:6f:7a:4c:bc:f4:f5:fb:ba:19:e2:38:17:0d:b1:
                    20:7d:f2:ae:9f:7b:a4:a0:ea:0b:46:92:11:69:98:
                    e2:e0:5a:c6:d6:9d:c2:a2:09:dc:04:6a:0e:90:a2:
                    50:db:f0:01:9e:49:6d:00:75:a1:07:50:48:11:09:
                    2f:9f:e1:69:8e:a8:09:7a:1d:c4:01:ec:ff:9c:d1:
                    f9:0d:85:76:83:e3:87:42:8a:3c:86:1a:34:6e:db:
                    e2:5a:c3:11:6e:33:ff:b7:8d:1b:8e:a6:23:7a:70:
                    1e:ce:43:28:e1:b6:69:d7:84:16:30:c3:78:55:de:
                    35:49:8a:a6:5c:c6:a0:2d:4b:99:cb:a3:84:56:ae:
                    94:61:75:94:57:25:d6:a6:a0:b2:75:dc:82:72:cd:
                    0e:1f:22:76:33:1c:ed:c2:bc:fb:0f:56:04:04:23:
                    39:b2:64:2e:03:1e:37:34:65:a6:82:dc:45:60:f5:
                    12:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:2C:50:71:33:B7:83:35:E6:C1:CB:86:D1:F1:55:5E:3C:3F:C9:F0
            X509v3 Authority Key Identifier:
                keyid:68:32:C3:2D:22:59:01:39:91:26:0D:53:0D:91:20:03:1A:AE:FC:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aDLDLSJZATmRJg1TDZEgAxqu_NA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/8CxQcTO3gzXmwcuG0fFVXjw_yfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/aDLDLSJZATmRJg1TDZEgAxqu_NA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.46.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         36:b9:7b:d7:2f:fc:e2:19:0b:97:20:a0:ae:cb:50:df:96:f6:
         99:e1:d0:de:64:53:0d:8a:ba:bf:b6:cd:d2:3a:b9:a5:54:a8:
         f0:d5:b5:7b:92:fa:92:e7:c4:fa:f2:8c:fc:83:a5:65:1b:15:
         fc:2f:d6:27:c7:da:a0:41:10:87:aa:9d:0d:dd:58:16:63:d3:
         5a:da:d5:34:87:fe:23:10:b1:8d:e8:f8:66:3a:e7:d4:a4:4d:
         63:f5:fe:28:c2:b5:61:23:b8:0b:aa:ef:c4:a0:23:06:c4:e9:
         88:1c:ee:a1:e9:52:15:b6:f8:3f:93:8d:3d:05:b6:0b:41:1f:
         93:62:39:38:a0:f4:73:74:82:cf:b8:24:ec:a9:39:9b:c9:1e:
         d8:2b:d8:28:48:eb:0d:69:c3:71:62:31:f1:29:d6:fc:24:64:
         bb:d6:8f:e0:22:99:49:f6:89:67:89:9e:f3:a3:8b:a7:b3:23:
         d8:ff:a3:6e:f4:0b:5f:b2:b2:3d:1f:7b:2b:4b:e4:42:65:29:
         37:23:74:e1:31:1a:f7:91:cd:69:dc:2f:33:ed:5a:c9:f9:27:
         3c:d0:0f:a5:75:b8:25:e0:4a:99:23:5f:48:4f:a3:f2:9a:bd:
         eb:d4:ef:a9:1c:63:36:48:9e:15:4a:c9:72:0b:31:0b:f1:c6:
         22:9d:0e:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyz8HgCVbaR32iX/ScG8OS2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4MzJjMzJkMjI1OTAxMzk5MTI2MGQ1MzBkOTEyMDAzMWFh
ZWZjZDAwHhcNMjYwMzAzMTM0MzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDJjNTA3MTMzYjc4MzM1ZTZjMWNiODZkMWYxNTU1ZTNjM2ZjOWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGzuG0Bd+2KjoiSUAbDR7QUxbknI
9tPGNYyXMl77FAXOG5xJ5eJ9BHPidJaXbzAZv4QhdNbevBCZud014r8w3/Lbol5F
3ySraiP3b3pMvPT1+7oZ4jgXDbEgffKun3ukoOoLRpIRaZji4FrG1p3CogncBGoO
kKJQ2/ABnkltAHWhB1BIEQkvn+FpjqgJeh3EAez/nNH5DYV2g+OHQoo8hho0btvi
WsMRbjP/t40bjqYjenAezkMo4bZp14QWMMN4Vd41SYqmXMagLUuZy6OEVq6UYXWU
VyXWpqCyddyCcs0OHyJ2Mxztwrz7D1YEBCM5smQuAx43NGWmgtxFYPUSiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPAsUHEzt4M15sHLhtHxVV48P8nwMB8GA1UdIwQY
MBaAFGgywy0iWQE5kSYNUw2RIAMarvzQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYURMRExTSlpBVG1SSmcxVERaRWdBeHF1X05BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85NGI2NmUtM2UwZC00MzMyLWFiNGYt
NzcwZjhlYWIyYWU3LzEvOEN4UWNUTzNnelhtd2N1RzBmRlZYandfeWZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85NGI2NmUtM2UwZC00MzMyLWFiNGYtNzcwZjhlYWIyYWU3
LzEvYURMRExTSlpBVG1SSmcxVERaRWdBeHF1X05BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHkS6AMA0G
CSqGSIb3DQEBCwUAA4IBAQA2uXvXL/ziGQuXIKCuy1DflvaZ4dDeZFMNirq/ts3S
OrmlVKjw1bV7kvqS58T68oz8g6VlGxX8L9Ynx9qgQRCHqp0N3VgWY9Na2tU0h/4j
ELGN6PhmOufUpE1j9f4owrVhI7gLqu/EoCMGxOmIHO6h6VIVtvg/k409BbYLQR+T
Yjk4oPRzdILPuCTsqTmbyR7YK9goSOsNacNxYjHxKdb8JGS71o/gIplJ9olniZ7z
o4unsyPY/6Nu9AtfsrI9H3srS+RCZSk3I3ThMRr3kc1p3C8z7VrJ+Sc80A+ldbgl
4EqZI19IT6Pymr3r1O+pHGM2SJ4VSslyCzEL8cYinQ68
-----END CERTIFICATE-----