Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/8fhRtiu_Y-7BuakqbAP1YnjY4eg.roa
File:                     8fhRtiu_Y-7BuakqbAP1YnjY4eg.roa (raw, json)
Hash identifier:          7RxX4BpwVFrs84OiwF2XdVBqm5xQUd4i65cOFdlTJJ0=
Subject key identifier:   F1:F8:51:B6:2B:BF:63:EE:C1:B9:A9:2A:6C:03:F5:62:78:D8:E1:E8
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       019E2C5176EB6E17622A305DF61EF8495332
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/8fhRtiu_Y-7BuakqbAP1YnjY4eg.roa
Signing time:             Fri 15 May 2026 15:46:36 +0000
ROA not before:           Fri 15 May 2026 15:46:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9121
IP address blocks:        45.74.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 01:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2c:51:76:eb:6e:17:62:2a:30:5d:f6:1e:f8:49:53:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: May 15 15:46:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f1f851b62bbf63eec1b9a92a6c03f56278d8e1e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:8c:5f:af:91:25:df:12:16:90:95:31:e5:9c:
                    a1:77:91:4a:53:8e:20:9b:bd:0d:a1:f2:bb:b3:52:
                    e6:d1:c7:7e:d0:9f:2a:82:69:12:80:26:71:7a:ff:
                    cd:ee:34:40:1d:a3:dd:c7:8a:45:91:d3:eb:0b:3a:
                    fe:cc:b0:ab:56:73:27:72:cd:e9:fd:8d:60:9b:bb:
                    7e:1d:95:1a:99:ef:72:ff:f9:33:36:df:b7:99:51:
                    f3:f9:6d:47:f4:0e:25:ea:10:45:53:23:53:14:29:
                    23:73:71:ad:ef:3b:9d:f6:47:d7:f3:b4:3a:2f:ea:
                    57:c4:44:d5:68:64:ea:39:13:79:f1:5d:8c:c9:1b:
                    94:a0:f2:fd:1b:65:c5:79:35:2c:87:ab:5a:a3:d1:
                    cd:90:31:3c:fb:4f:32:e3:d0:2e:60:86:94:4d:c0:
                    2c:5c:a6:f6:2a:a1:a6:aa:1f:14:3d:85:ec:3b:3d:
                    51:15:05:76:64:15:18:4e:bc:e5:cd:5b:d2:10:3a:
                    32:1d:fb:b3:80:d4:98:b8:72:2f:53:f7:d5:74:3d:
                    09:10:3b:0e:fc:1b:10:ac:9b:0a:9b:2a:fc:7b:33:
                    4d:18:99:91:1a:60:b7:5e:1a:a8:39:6f:e7:6c:fe:
                    f9:f2:09:5d:20:6a:5f:dc:eb:ba:b8:ab:28:3e:99:
                    bb:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:F8:51:B6:2B:BF:63:EE:C1:B9:A9:2A:6C:03:F5:62:78:D8:E1:E8
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/8fhRtiu_Y-7BuakqbAP1YnjY4eg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.74.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:b5:92:46:62:c6:fa:dd:80:16:5b:db:be:84:e6:56:0c:3b:
         d8:76:18:f1:ba:50:ee:16:a3:36:30:5b:0b:30:d5:09:4d:5e:
         f7:e3:fa:d8:bc:77:d8:86:96:ba:b2:f4:fa:eb:f1:8e:72:67:
         ac:0f:12:9b:cc:bc:42:34:11:6e:e0:87:a9:38:26:9d:61:65:
         ca:11:1c:42:2c:3a:93:f1:5f:02:3a:94:ea:53:25:cd:36:2d:
         10:1a:29:f6:a2:d3:72:22:33:d6:10:3e:7d:a8:e9:b0:b7:e2:
         14:5d:e1:68:6a:d9:a3:34:ef:10:af:f1:e2:29:1a:ea:58:84:
         55:d6:ff:4b:d0:34:58:9e:ad:e4:24:c3:79:8a:0c:69:42:14:
         b4:e1:45:26:a1:39:36:24:ad:e8:ac:83:b5:7e:3f:1d:9d:5f:
         ba:73:d2:7b:70:55:d5:68:e1:2e:4d:71:42:ba:36:5f:74:45:
         66:9c:5e:a5:70:0f:43:7e:c6:e3:de:9f:1a:bc:66:30:cb:c9:
         3d:9a:71:a1:9f:0c:53:d1:f6:81:68:a0:17:43:a6:ae:e1:27:
         6d:7c:39:b3:5a:88:ca:df:d7:dc:cf:a5:1a:60:43:23:2f:dd:
         e1:7a:36:a2:a3:66:64:5c:63:90:56:65:fc:99:6b:4f:30:7d:
         9c:49:d5:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4sUXbrbhdiKjBd9h74SVMyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjYwNTE1MTU0NjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWY4NTFiNjJiYmY2M2VlYzFiOWE5MmE2YzAzZjU2Mjc4ZDhlMWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz4xfr5El3xIWkJUx5Zyhd5FKU44g
m70NofK7s1Lm0cd+0J8qgmkSgCZxev/N7jRAHaPdx4pFkdPrCzr+zLCrVnMncs3p
/Y1gm7t+HZUame9y//kzNt+3mVHz+W1H9A4l6hBFUyNTFCkjc3Gt7zud9kfX87Q6
L+pXxETVaGTqORN58V2MyRuUoPL9G2XFeTUsh6tao9HNkDE8+08y49AuYIaUTcAs
XKb2KqGmqh8UPYXsOz1RFQV2ZBUYTrzlzVvSEDoyHfuzgNSYuHIvU/fVdD0JEDsO
/BsQrJsKmyr8ezNNGJmRGmC3XhqoOW/nbP758gldIGpf3Ou6uKsoPpm7fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPH4UbYrv2PuwbmpKmwD9WJ42OHoMB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvOGZoUnRpdV9ZLTdCdWFrcWJBUDFZbmpZNGVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUqwMA0G
CSqGSIb3DQEBCwUAA4IBAQCLtZJGYsb63YAWW9u+hOZWDDvYdhjxulDuFqM2MFsL
MNUJTV734/rYvHfYhpa6svT66/GOcmesDxKbzLxCNBFu4IepOCadYWXKERxCLDqT
8V8COpTqUyXNNi0QGin2otNyIjPWED59qOmwt+IUXeFoatmjNO8Qr/HiKRrqWIRV
1v9L0DRYnq3kJMN5igxpQhS04UUmoTk2JK3orIO1fj8dnV+6c9J7cFXVaOEuTXFC
ujZfdEVmnF6lcA9Dfsbj3p8avGYwy8k9mnGhnwxT0faBaKAXQ6au4SdtfDmzWojK
39fcz6UaYEMjL93hejaio2ZkXGOQVmX8mWtPMH2cSdUe
-----END CERTIFICATE-----