Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/41CnWU7PjEAFuw792t5A517Sn7Y.roa
File:                     41CnWU7PjEAFuw792t5A517Sn7Y.roa (raw, json)
Hash identifier:          zvVh+bIH1zp58GW8FaRNQSHYWUI+hp/KhdCSLTbP6t8=
Subject key identifier:   E3:50:A7:59:4E:CF:8C:40:05:BB:0E:FD:DA:DE:40:E7:5E:D2:9F:B6
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       019DC11365E35BF24693663F18C744DE5749
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/41CnWU7PjEAFuw792t5A517Sn7Y.roa
Signing time:             Fri 24 Apr 2026 19:59:27 +0000
ROA not before:           Fri 24 Apr 2026 19:59:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213637
IP address blocks:        45.74.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c1:13:65:e3:5b:f2:46:93:66:3f:18:c7:44:de:57:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: Apr 24 19:59:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e350a7594ecf8c4005bb0efddade40e75ed29fb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e5:02:c9:2c:a4:f4:59:58:8a:77:47:7f:47:
                    93:25:a9:a9:cd:68:2c:d2:b7:4e:fd:e2:25:bc:18:
                    bc:21:01:a9:a2:00:ec:51:29:bc:b1:84:9b:45:12:
                    8c:b4:24:ea:be:e3:a9:6b:07:dd:e7:38:83:33:68:
                    ca:fe:34:da:0e:94:e6:a9:d1:84:85:16:f4:4e:22:
                    20:c9:b3:c2:35:8b:2a:a2:8d:8d:f7:30:53:d7:cc:
                    b5:6d:95:a2:72:24:f5:3a:e0:5f:29:bd:0c:ee:f3:
                    33:03:a7:49:3f:b5:39:88:d3:11:7c:7f:4d:43:ba:
                    0a:55:5e:5d:35:59:a8:bf:cc:90:f7:cd:38:9c:e7:
                    de:23:31:cf:b8:c0:4a:b5:6d:f5:eb:de:65:e2:a6:
                    8b:f5:b8:8a:2b:08:21:5d:87:c1:83:54:6b:32:d8:
                    e4:c4:29:2e:6e:43:dc:5d:aa:c6:1a:33:a1:8e:1f:
                    1e:78:f1:e5:89:92:2b:c3:5d:f7:1b:da:26:f3:96:
                    b5:50:6e:0a:aa:e3:f4:91:fd:8e:03:00:0b:7b:fc:
                    be:df:55:9c:f9:b8:65:98:06:0e:55:89:f9:d6:9d:
                    10:56:52:d0:13:bd:97:99:6a:22:b3:5d:3b:3a:fa:
                    89:07:7f:2d:2b:05:50:dd:f8:e4:8c:04:b7:5b:ae:
                    d3:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:50:A7:59:4E:CF:8C:40:05:BB:0E:FD:DA:DE:40:E7:5E:D2:9F:B6
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/41CnWU7PjEAFuw792t5A517Sn7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.74.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:3a:a4:4c:f1:82:d7:61:fd:c1:82:6a:55:fb:28:87:de:b2:
         12:1f:1c:63:3b:ed:4d:43:39:06:b3:c9:d6:fc:1b:90:35:03:
         1c:25:6e:89:0b:5f:bd:1c:be:21:05:a9:33:3d:e9:30:7f:ac:
         20:ff:76:2a:83:6b:71:ae:f2:d8:c9:e2:89:3a:87:92:2b:50:
         e9:50:5f:ed:74:0c:c4:9e:c7:31:c1:08:d0:43:6c:73:65:68:
         bf:0d:3c:16:b2:15:0d:a2:b5:01:b9:85:e7:c8:1f:27:e1:bf:
         31:2f:e7:85:37:15:f9:58:be:64:39:56:28:a1:ae:7e:ed:c8:
         c7:00:d0:16:74:cb:9b:0d:53:81:e6:94:d7:5e:bb:78:2a:e9:
         d2:6b:13:93:da:30:46:7a:f9:01:71:9f:7f:cd:be:81:84:bb:
         83:04:34:e9:19:3b:b2:f7:1b:27:e9:08:7f:89:ef:81:85:a7:
         ec:94:80:06:a0:70:85:8a:f8:8d:30:77:f8:b7:b2:de:0d:ef:
         ed:75:64:75:38:24:96:ec:c9:95:79:c8:89:b3:22:ae:0c:e8:
         2c:ff:54:15:22:f9:af:18:99:e6:34:d6:90:db:11:c2:a0:fb:
         79:15:3e:42:c1:d7:55:a9:80:13:3a:5c:c7:ac:18:63:30:dc:
         4d:6f:c4:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3BE2XjW/JGk2Y/GMdE3ldJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjYwNDI0MTk1OTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzUwYTc1OTRlY2Y4YzQwMDViYjBlZmRkYWRlNDBlNzVlZDI5ZmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOUCySyk9FlYindHf0eTJampzWgs
0rdO/eIlvBi8IQGpogDsUSm8sYSbRRKMtCTqvuOpawfd5ziDM2jK/jTaDpTmqdGE
hRb0TiIgybPCNYsqoo2N9zBT18y1bZWiciT1OuBfKb0M7vMzA6dJP7U5iNMRfH9N
Q7oKVV5dNVmov8yQ9804nOfeIzHPuMBKtW31695l4qaL9biKKwghXYfBg1RrMtjk
xCkubkPcXarGGjOhjh8eePHliZIrw133G9om85a1UG4KquP0kf2OAwALe/y+31Wc
+bhlmAYOVYn51p0QVlLQE72XmWois107OvqJB38tKwVQ3fjkjAS3W67TSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFONQp1lOz4xABbsO/dreQOde0p+2MB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvNDFDbldVN1BqRUFGdXc3OTJ0NUE1MTdTbjdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUr2MA0G
CSqGSIb3DQEBCwUAA4IBAQCdOqRM8YLXYf3BgmpV+yiH3rISHxxjO+1NQzkGs8nW
/BuQNQMcJW6JC1+9HL4hBakzPekwf6wg/3Yqg2txrvLYyeKJOoeSK1DpUF/tdAzE
nscxwQjQQ2xzZWi/DTwWshUNorUBuYXnyB8n4b8xL+eFNxX5WL5kOVYooa5+7cjH
ANAWdMubDVOB5pTXXrt4KunSaxOT2jBGevkBcZ9/zb6BhLuDBDTpGTuy9xsn6Qh/
ie+BhafslIAGoHCFiviNMHf4t7LeDe/tdWR1OCSW7MmVeciJsyKuDOgs/1QVIvmv
GJnmNNaQ2xHCoPt5FT5CwddVqYATOlzHrBhjMNxNb8RN
-----END CERTIFICATE-----