Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/PkTdOvHQpAoLE5-E62yI2NnbOcc.roa
File:                     PkTdOvHQpAoLE5-E62yI2NnbOcc.roa (raw, json)
Hash identifier:          BRkGV2HSAKwuVpy88X5Qo6iT+ihU5FcatMIoPr6oe40=
Subject key identifier:   3E:44:DD:3A:F1:D0:A4:0A:0B:13:9F:84:EB:6C:88:D8:D9:DB:39:C7
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       019CB83DD98EFC5A2EEFE2C846633C22C788
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/PkTdOvHQpAoLE5-E62yI2NnbOcc.roa
Signing time:             Wed 04 Mar 2026 09:46:26 +0000
ROA not before:           Wed 04 Mar 2026 09:46:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12401
IP address blocks:        45.74.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 19:59:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b8:3d:d9:8e:fc:5a:2e:ef:e2:c8:46:63:3c:22:c7:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: Mar  4 09:46:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3e44dd3af1d0a40a0b139f84eb6c88d8d9db39c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:c2:41:9b:13:74:75:fa:21:2b:b7:8b:20:65:
                    05:a0:5d:55:be:91:9f:d1:4a:83:8e:c9:d3:e3:d6:
                    4e:b2:19:57:5c:71:a0:bd:09:ee:e4:06:da:fc:16:
                    9d:9f:27:f7:90:29:78:b0:53:4e:68:8c:75:98:06:
                    1a:d0:48:62:23:4e:de:db:6b:2b:27:d2:6e:e3:d4:
                    e5:fa:d7:b5:8b:34:b4:04:a4:92:1f:57:a1:fb:92:
                    1e:fa:a6:75:0d:2d:d4:bf:56:e5:92:23:6c:a3:0d:
                    77:f5:97:06:4e:44:bf:b0:e9:8d:a0:b0:ec:6c:71:
                    33:c4:0d:a0:e4:e2:be:94:d4:49:1a:b5:f6:2e:8c:
                    89:c3:e7:63:6a:22:6d:45:94:e9:0a:ca:46:17:0a:
                    85:67:33:85:e1:0c:02:40:f3:67:1a:bf:55:b4:c0:
                    84:65:60:fa:3a:dd:00:3c:c4:8c:86:df:e5:dc:bc:
                    74:8b:d2:96:6f:65:ff:1f:2d:7f:cf:fe:52:63:ab:
                    42:bf:57:db:f2:19:a8:b0:15:18:86:88:ea:1f:e7:
                    79:a4:10:8c:02:f8:62:15:23:1a:5c:c4:0b:48:07:
                    fa:94:88:62:34:23:be:22:d6:4a:d0:c4:e7:47:9d:
                    f8:f4:5a:71:8c:8f:b6:73:02:9c:87:e5:d7:b6:0f:
                    8c:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:44:DD:3A:F1:D0:A4:0A:0B:13:9F:84:EB:6C:88:D8:D9:DB:39:C7
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/PkTdOvHQpAoLE5-E62yI2NnbOcc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.74.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:a0:f3:43:c6:68:f3:87:92:48:56:07:45:d3:62:6d:81:bc:
         eb:7a:6b:9f:21:4f:30:9b:ab:55:79:16:54:56:2e:ec:e6:56:
         1e:df:6d:30:d8:62:0c:8f:b6:19:98:4b:b5:01:5b:52:46:01:
         8c:02:2c:1f:48:43:0e:be:58:de:c0:26:6b:b9:bc:67:50:01:
         05:7a:0e:f1:7a:81:d2:7d:c6:4f:a4:23:c1:5b:dd:92:f5:2f:
         15:f6:0a:91:1c:86:90:b5:59:cd:a7:b2:83:a1:45:d0:54:e5:
         04:5f:47:c5:26:cc:d5:8d:39:50:53:e2:2d:e6:24:0c:e9:47:
         d1:93:71:7e:04:37:9f:97:6a:39:39:02:27:a4:6b:f7:9c:8e:
         7b:ba:a1:2b:8d:6f:6e:b1:59:4b:96:d5:ae:65:f5:66:6c:87:
         d3:ad:ca:7e:35:18:43:db:65:3d:57:a2:37:90:9c:8a:95:95:
         cf:07:ae:57:1a:be:49:26:0b:ab:9c:9e:8a:00:39:16:ac:b2:
         7e:b0:43:23:b6:a3:0d:86:45:1a:eb:90:4c:a4:9d:53:42:92:
         74:57:d5:35:d1:55:87:7d:0d:9d:a2:ff:24:5b:76:e4:32:1e:
         3a:df:18:85:03:e2:75:f9:eb:74:29:c4:f9:09:8a:e5:0a:90:
         f5:c6:6b:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy4PdmO/Fou7+LIRmM8IseIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjYwMzA0MDk0NjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTQ0ZGQzYWYxZDBhNDBhMGIxMzlmODRlYjZjODhkOGQ5ZGIzOWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjcJBmxN0dfohK7eLIGUFoF1VvpGf
0UqDjsnT49ZOshlXXHGgvQnu5Aba/Badnyf3kCl4sFNOaIx1mAYa0EhiI07e22sr
J9Ju49Tl+te1izS0BKSSH1eh+5Ie+qZ1DS3Uv1blkiNsow139ZcGTkS/sOmNoLDs
bHEzxA2g5OK+lNRJGrX2LoyJw+djaiJtRZTpCspGFwqFZzOF4QwCQPNnGr9VtMCE
ZWD6Ot0APMSMht/l3Lx0i9KWb2X/Hy1/z/5SY6tCv1fb8hmosBUYhojqH+d5pBCM
AvhiFSMaXMQLSAf6lIhiNCO+ItZK0MTnR5349FpxjI+2cwKch+XXtg+MxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD5E3Trx0KQKCxOfhOtsiNjZ2znHMB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvUGtUZE92SFFwQW9MRTUtRTYyeUkyTm5iT2NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUr2MA0G
CSqGSIb3DQEBCwUAA4IBAQBOoPNDxmjzh5JIVgdF02JtgbzremufIU8wm6tVeRZU
Vi7s5lYe320w2GIMj7YZmEu1AVtSRgGMAiwfSEMOvljewCZrubxnUAEFeg7xeoHS
fcZPpCPBW92S9S8V9gqRHIaQtVnNp7KDoUXQVOUEX0fFJszVjTlQU+It5iQM6UfR
k3F+BDefl2o5OQInpGv3nI57uqErjW9usVlLltWuZfVmbIfTrcp+NRhD22U9V6I3
kJyKlZXPB65XGr5JJgurnJ6KADkWrLJ+sEMjtqMNhkUa65BMpJ1TQpJ0V9U10VWH
fQ2dov8kW3bkMh463xiFA+J1+et0KcT5CYrlCpD1xmud
-----END CERTIFICATE-----