Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/nKK3dV4sCZvhEnzWigTy4AMRkxc.roa
File:                     nKK3dV4sCZvhEnzWigTy4AMRkxc.roa (raw, json)
Hash identifier:          /i65JRFsQQ3dlByGhxKkfo+fNkLgqelN8rEaSQrqHsI=
Subject key identifier:   9C:A2:B7:75:5E:2C:09:9B:E1:12:7C:D6:8A:04:F2:E0:03:11:93:17
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       019E24FA9D9EF0C820EAF9D1EC3CB35CFA6B
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/nKK3dV4sCZvhEnzWigTy4AMRkxc.roa
Signing time:             Thu 14 May 2026 05:34:24 +0000
ROA not before:           Thu 14 May 2026 05:34:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212289
IP address blocks:        45.74.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:24:fa:9d:9e:f0:c8:20:ea:f9:d1:ec:3c:b3:5c:fa:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: May 14 05:34:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9ca2b7755e2c099be1127cd68a04f2e003119317
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:90:4b:f4:9e:dc:e3:58:7b:ba:23:8a:11:e3:
                    3a:d4:23:5f:5c:ab:dd:1c:68:a5:33:f6:5f:75:53:
                    d1:af:96:a2:4b:7d:d5:f9:11:d7:2d:20:c4:33:7a:
                    1e:11:47:9e:c9:ba:54:2b:13:3e:8e:4b:2d:18:c3:
                    36:bc:9a:20:88:8d:bb:73:42:18:7d:8f:45:d3:c7:
                    2b:ee:4c:33:d8:6a:2b:95:32:43:ed:6c:53:20:22:
                    08:9f:d4:87:01:48:5f:9b:46:cb:09:c5:42:cb:f8:
                    87:20:42:6d:21:a3:f8:8e:56:e5:cb:bc:41:b5:22:
                    6d:14:80:11:9e:f4:d5:64:65:88:b7:28:71:8e:31:
                    0b:36:69:c7:0c:40:6d:a3:fd:82:ca:56:bb:cb:2d:
                    49:07:6f:d1:f5:a4:a8:1c:c7:7b:91:38:88:22:b6:
                    75:9d:9a:4a:54:44:1d:96:73:ca:ea:52:57:67:cd:
                    61:98:d4:36:f6:d1:e0:df:ef:4e:98:03:bf:61:a1:
                    e4:2b:c9:76:23:97:9a:37:86:37:7d:e9:81:2e:37:
                    d5:7a:05:1d:d6:39:35:42:c3:46:9e:7a:dd:65:7c:
                    dc:22:84:5b:8b:8f:a2:b0:52:e3:6b:86:7f:6c:e8:
                    37:49:00:cc:1f:94:ca:dd:94:a8:03:8a:26:eb:92:
                    be:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:A2:B7:75:5E:2C:09:9B:E1:12:7C:D6:8A:04:F2:E0:03:11:93:17
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/nKK3dV4sCZvhEnzWigTy4AMRkxc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.74.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:0b:7b:fe:0c:7f:39:f2:15:93:88:1b:b6:cc:9c:cf:87:62:
         b1:1e:17:31:aa:b2:64:86:83:0e:ba:af:ff:ad:64:6b:0d:55:
         21:f4:a0:44:e9:2b:38:e0:c9:a5:c5:b6:15:08:71:81:e2:88:
         39:68:57:d0:5d:5c:88:fd:11:9c:70:06:9c:32:9f:15:b0:9b:
         f5:4a:ae:81:c6:76:da:bc:5a:cb:ab:c2:dd:f1:92:10:93:4b:
         65:ba:2b:c6:2a:99:d7:bd:16:bf:a5:c7:74:2d:1f:03:25:5a:
         c8:9a:d8:7c:ef:46:39:1f:eb:31:44:db:28:13:57:ee:12:bc:
         81:40:7c:29:11:85:6d:09:bb:f5:e0:98:a9:ac:9b:1d:6a:33:
         2c:e0:5f:3e:1f:ba:86:ba:8b:98:19:b0:e9:6a:21:d7:15:96:
         d4:9e:99:e5:33:91:cb:58:e7:fd:4a:dd:36:86:2e:ed:56:1a:
         15:cf:ef:4f:74:dc:f4:6d:17:d2:4c:3e:02:5c:d2:02:77:a0:
         07:3e:45:13:99:fe:37:16:30:17:46:2d:7f:ad:e1:0b:f9:5d:
         7d:10:68:ca:ab:e0:b5:0c:a4:ce:8c:67:6e:29:6c:28:89:8f:
         47:d7:0c:b1:53:c6:c8:da:23:3b:c1:d0:3c:00:e4:d4:e2:29:
         19:6c:be:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4k+p2e8Mgg6vnR7DyzXPprMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjYwNTE0MDUzNDI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2EyYjc3NTVlMmMwOTliZTExMjdjZDY4YTA0ZjJlMDAzMTE5MzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj5BL9J7c41h7uiOKEeM61CNfXKvd
HGilM/ZfdVPRr5aiS33V+RHXLSDEM3oeEUeeybpUKxM+jkstGMM2vJogiI27c0IY
fY9F08cr7kwz2GorlTJD7WxTICIIn9SHAUhfm0bLCcVCy/iHIEJtIaP4jlbly7xB
tSJtFIARnvTVZGWItyhxjjELNmnHDEBto/2Cyla7yy1JB2/R9aSoHMd7kTiIIrZ1
nZpKVEQdlnPK6lJXZ81hmNQ29tHg3+9OmAO/YaHkK8l2I5eaN4Y3femBLjfVegUd
1jk1QsNGnnrdZXzcIoRbi4+isFLja4Z/bOg3SQDMH5TK3ZSoA4om65K+6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJyit3VeLAmb4RJ81ooE8uADEZMXMB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvbktLM2RWNHNDWnZoRW56V2lnVHk0QU1Sa3hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUqyMA0G
CSqGSIb3DQEBCwUAA4IBAQBNC3v+DH858hWTiBu2zJzPh2KxHhcxqrJkhoMOuq//
rWRrDVUh9KBE6Ss44MmlxbYVCHGB4og5aFfQXVyI/RGccAacMp8VsJv1Sq6Bxnba
vFrLq8Ld8ZIQk0tluivGKpnXvRa/pcd0LR8DJVrImth870Y5H+sxRNsoE1fuEryB
QHwpEYVtCbv14JiprJsdajMs4F8+H7qGuouYGbDpaiHXFZbUnpnlM5HLWOf9St02
hi7tVhoVz+9PdNz0bRfSTD4CXNICd6AHPkUTmf43FjAXRi1/reEL+V19EGjKq+C1
DKTOjGduKWwoiY9H1wyxU8bI2iM7wdA8AOTU4ikZbL5F
-----END CERTIFICATE-----