Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/jlG9y1XwIb8wc_C_We-qtbjo09Y.roa
File:                     jlG9y1XwIb8wc_C_We-qtbjo09Y.roa (raw, json)
Hash identifier:          tx2ZQ5ic2oGjyxJfXoPm9eCoE4D1ij8/jlq+e5xg560=
Subject key identifier:   8E:51:BD:CB:55:F0:21:BF:30:73:F0:BF:59:EF:AA:B5:B8:E8:D3:D6
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       019E425BDC04741B26B9B631A8804B8E1ECD
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/jlG9y1XwIb8wc_C_We-qtbjo09Y.roa
Signing time:             Tue 19 May 2026 22:29:36 +0000
ROA not before:           Tue 19 May 2026 22:29:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216084
IP address blocks:        45.74.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 May 2026 11:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:42:5b:dc:04:74:1b:26:b9:b6:31:a8:80:4b:8e:1e:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: May 19 22:29:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8e51bdcb55f021bf3073f0bf59efaab5b8e8d3d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:5a:08:de:89:89:42:03:d6:36:b9:c7:60:e3:
                    f1:c5:a3:67:dd:db:7d:c0:cb:fc:ea:ed:ad:13:cd:
                    84:4f:82:62:8a:6f:59:21:e7:46:76:e2:30:db:b9:
                    d1:a7:8a:8f:d1:69:61:8e:9e:ea:21:5b:7d:ad:95:
                    46:51:4c:42:65:14:09:c2:b0:87:cf:d5:61:82:3c:
                    aa:52:b7:59:da:0c:aa:d4:9a:04:ba:5c:49:56:31:
                    08:2b:c9:6c:d2:f0:22:ca:43:35:1e:ca:dc:60:4f:
                    79:99:3f:d9:1c:03:94:3f:bf:dc:e5:87:23:b5:c9:
                    89:0f:8a:3c:18:42:37:85:fb:20:9c:6d:50:f3:38:
                    cb:b7:2c:07:ec:0a:4f:ba:48:3b:f3:69:3b:cf:f9:
                    9c:cf:ae:a5:9c:fd:3c:c2:90:35:74:e8:c7:bf:42:
                    8a:3a:89:91:79:69:77:4e:10:9b:3c:31:a9:17:d3:
                    23:f1:19:1f:67:e8:34:d0:2a:a0:98:d6:f7:bb:18:
                    c5:66:98:f7:da:6e:17:c1:6d:fe:5f:aa:76:68:06:
                    7a:eb:24:b7:14:b6:60:89:92:03:af:0c:b7:0e:04:
                    e7:55:c1:29:ec:cd:8c:bb:c3:dc:16:79:a3:4b:c8:
                    86:a2:2f:e3:72:c5:55:96:a1:26:0e:9b:7a:be:62:
                    6c:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:51:BD:CB:55:F0:21:BF:30:73:F0:BF:59:EF:AA:B5:B8:E8:D3:D6
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/jlG9y1XwIb8wc_C_We-qtbjo09Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.74.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:2d:40:64:b8:67:c7:85:32:a1:74:79:d8:90:aa:47:c5:77:
         e4:15:1c:63:b0:41:5a:91:da:33:28:80:6e:9d:56:a2:25:01:
         6d:a4:7d:86:51:17:c4:f9:86:f4:ae:d6:dc:93:23:ed:2b:03:
         dc:40:c2:97:b4:1e:e9:15:8b:21:26:a7:e3:0e:a8:68:8e:e3:
         f1:2a:57:16:c3:d8:18:92:65:54:f8:7e:86:26:1f:ff:ae:fe:
         51:f7:a9:ad:6b:98:70:24:31:59:98:39:55:54:ee:8b:50:8b:
         f7:c5:0e:ca:35:ce:9b:98:78:c2:58:58:32:f6:85:df:4d:ac:
         c3:9e:e6:ee:44:3d:4a:29:8c:1a:3e:92:0b:2e:7a:52:32:59:
         1c:67:7f:7c:f2:45:81:dd:89:82:e8:3b:f3:8e:a5:ff:c3:2c:
         60:c9:28:f4:a7:ce:8c:13:7d:4b:2c:50:bd:5a:bd:9d:4e:67:
         ed:e7:8f:b6:ae:2f:34:7d:b0:54:4b:32:71:42:0f:88:00:2b:
         74:ef:37:9e:9b:c6:70:3a:e0:09:ee:29:9a:2c:db:16:76:af:
         1b:eb:23:8b:3c:fe:68:99:65:25:af:ae:f6:ca:e0:48:52:ee:
         19:a8:67:ca:65:69:6b:77:15:94:5a:2d:62:f2:94:1a:98:1d:
         6b:97:f2:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5CW9wEdBsmubYxqIBLjh7NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjYwNTE5MjIyOTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTUxYmRjYjU1ZjAyMWJmMzA3M2YwYmY1OWVmYWFiNWI4ZThkM2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArloI3omJQgPWNrnHYOPxxaNn3dt9
wMv86u2tE82ET4Jiim9ZIedGduIw27nRp4qP0Wlhjp7qIVt9rZVGUUxCZRQJwrCH
z9VhgjyqUrdZ2gyq1JoEulxJVjEIK8ls0vAiykM1HsrcYE95mT/ZHAOUP7/c5Ycj
tcmJD4o8GEI3hfsgnG1Q8zjLtywH7ApPukg782k7z/mcz66lnP08wpA1dOjHv0KK
OomReWl3ThCbPDGpF9Mj8RkfZ+g00CqgmNb3uxjFZpj32m4XwW3+X6p2aAZ66yS3
FLZgiZIDrwy3DgTnVcEp7M2Mu8PcFnmjS8iGoi/jcsVVlqEmDpt6vmJsXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI5RvctV8CG/MHPwv1nvqrW46NPWMB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvamxHOXkxWHdJYjh3Y19DX1dlLXF0YmpvMDlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUqxMA0G
CSqGSIb3DQEBCwUAA4IBAQB1LUBkuGfHhTKhdHnYkKpHxXfkFRxjsEFakdozKIBu
nVaiJQFtpH2GURfE+Yb0rtbckyPtKwPcQMKXtB7pFYshJqfjDqhojuPxKlcWw9gY
kmVU+H6GJh//rv5R96mta5hwJDFZmDlVVO6LUIv3xQ7KNc6bmHjCWFgy9oXfTazD
nubuRD1KKYwaPpILLnpSMlkcZ3988kWB3YmC6DvzjqX/wyxgySj0p86ME31LLFC9
Wr2dTmft54+2ri80fbBUSzJxQg+IACt07zeem8ZwOuAJ7imaLNsWdq8b6yOLPP5o
mWUlr672yuBIUu4ZqGfKZWlrdxWUWi1i8pQamB1rl/JY
-----END CERTIFICATE-----