Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/w-AsRDp_CXstLs7WJCf0HgpD0BA.roa
File:                     w-AsRDp_CXstLs7WJCf0HgpD0BA.roa (raw, json)
Hash identifier:          f8I1TLMY9SAV84WOWqD1p8IYj+SBKnxlo9PHaRV221Y=
Subject key identifier:   C3:E0:2C:44:3A:7F:09:7B:2D:2E:CE:D6:24:27:F4:1E:0A:43:D0:10
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       019E2C0CCC934A237CB44FAB748F5B6D9BB6
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/w-AsRDp_CXstLs7WJCf0HgpD0BA.roa
Signing time:             Fri 15 May 2026 14:31:36 +0000
ROA not before:           Fri 15 May 2026 14:31:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56582
IP address blocks:        45.74.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2c:0c:cc:93:4a:23:7c:b4:4f:ab:74:8f:5b:6d:9b:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: May 15 14:31:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c3e02c443a7f097b2d2eced62427f41e0a43d010
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:72:75:49:7a:64:5d:0f:d8:88:a9:a9:5c:99:
                    e0:c6:6c:60:0a:09:80:aa:05:25:92:74:fa:4a:2f:
                    2d:d4:8b:1d:c9:6d:6b:2a:36:74:44:06:33:b7:1b:
                    ed:43:a7:7f:d5:12:03:77:95:41:45:41:e1:1f:59:
                    2f:0f:54:20:7a:51:7c:a1:6a:e5:dd:46:82:5d:0b:
                    da:d5:f7:57:f0:02:c4:a8:0f:62:75:0b:ba:f6:c4:
                    e4:6c:d7:aa:76:bd:c7:ad:dc:d1:44:82:1a:8e:4c:
                    c7:d7:67:8a:61:7a:27:2c:8d:39:c3:b8:3e:76:a4:
                    78:89:a0:2b:4f:e1:b4:5c:af:b8:cb:3f:a5:69:86:
                    0b:5a:eb:2b:26:f4:31:be:43:84:35:5e:2a:59:c8:
                    f8:c1:8e:a7:ca:fb:a2:37:99:85:24:3d:2e:35:b1:
                    d6:88:0b:2e:72:82:fb:5c:25:06:57:92:81:98:0b:
                    99:23:d4:b8:ce:9d:49:c1:87:be:13:6f:c5:8c:ef:
                    f8:c4:2c:8d:d3:d9:f1:8a:50:78:32:8f:62:fa:8a:
                    d4:be:fe:36:8a:0a:1b:f9:71:91:1d:2b:13:fb:1c:
                    79:ee:7e:de:16:8a:b0:2b:2c:50:d1:8a:88:66:ef:
                    2f:96:94:12:7f:c6:96:1a:4f:53:2e:33:cb:bc:5c:
                    84:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:E0:2C:44:3A:7F:09:7B:2D:2E:CE:D6:24:27:F4:1E:0A:43:D0:10
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/w-AsRDp_CXstLs7WJCf0HgpD0BA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.74.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:74:7c:0a:18:a8:de:a1:5a:25:8c:f8:e3:25:09:44:39:05:
         b7:60:e3:7b:31:a9:cd:70:fd:f6:d1:8e:8a:c8:88:4f:a1:af:
         cd:78:39:75:a3:21:57:dd:13:6d:80:c0:75:c3:06:ea:c5:0f:
         a0:8e:a4:4e:7a:1d:7b:03:2f:83:94:bd:bd:8b:9b:51:bd:6d:
         ca:1c:1a:4a:3c:6e:54:55:0b:84:78:a1:b7:c8:dd:ba:4e:37:
         df:d3:1f:06:7b:b2:a8:68:08:a5:64:e8:9f:fa:ad:c1:90:ae:
         a7:04:f9:68:0e:5a:9b:44:95:14:4b:b6:00:0d:50:73:1b:6d:
         15:60:e7:cb:04:ba:40:ef:51:16:64:ac:e8:1a:fc:c3:07:db:
         c0:28:f6:f2:cf:1e:e8:90:7e:4a:10:49:2b:54:5c:42:a5:c6:
         fc:1b:ca:a4:7d:f7:29:a3:c3:9f:29:1b:e2:88:87:94:f1:a7:
         c6:23:1c:73:09:2c:fb:e8:04:d2:35:88:2a:d6:96:75:c5:fa:
         76:53:18:36:1f:31:73:3c:36:01:35:fb:c1:90:2a:66:35:4c:
         6f:9a:55:e6:f6:57:3b:03:4b:cf:ab:84:fd:85:c4:a1:46:ea:
         56:18:f1:c8:90:2b:52:2c:05:3a:95:86:c9:bd:ea:3c:d5:42:
         2d:d5:8e:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4sDMyTSiN8tE+rdI9bbZu2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjYwNTE1MTQzMTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2UwMmM0NDNhN2YwOTdiMmQyZWNlZDYyNDI3ZjQxZTBhNDNkMDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwXJ1SXpkXQ/YiKmpXJngxmxgCgmA
qgUlknT6Si8t1IsdyW1rKjZ0RAYztxvtQ6d/1RIDd5VBRUHhH1kvD1QgelF8oWrl
3UaCXQva1fdX8ALEqA9idQu69sTkbNeqdr3HrdzRRIIajkzH12eKYXonLI05w7g+
dqR4iaArT+G0XK+4yz+laYYLWusrJvQxvkOENV4qWcj4wY6nyvuiN5mFJD0uNbHW
iAsucoL7XCUGV5KBmAuZI9S4zp1JwYe+E2/FjO/4xCyN09nxilB4Mo9i+orUvv42
igob+XGRHSsT+xx57n7eFoqwKyxQ0YqIZu8vlpQSf8aWGk9TLjPLvFyErwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMPgLEQ6fwl7LS7O1iQn9B4KQ9AQMB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvdy1Bc1JEcF9DWHN0THM3V0pDZjBIZ3BEMEJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUqwMA0G
CSqGSIb3DQEBCwUAA4IBAQBIdHwKGKjeoVoljPjjJQlEOQW3YON7ManNcP320Y6K
yIhPoa/NeDl1oyFX3RNtgMB1wwbqxQ+gjqROeh17Ay+DlL29i5tRvW3KHBpKPG5U
VQuEeKG3yN26Tjff0x8Ge7KoaAilZOif+q3BkK6nBPloDlqbRJUUS7YADVBzG20V
YOfLBLpA71EWZKzoGvzDB9vAKPbyzx7okH5KEEkrVFxCpcb8G8qkffcpo8OfKRvi
iIeU8afGIxxzCSz76ATSNYgq1pZ1xfp2Uxg2HzFzPDYBNfvBkCpmNUxvmlXm9lc7
A0vPq4T9hcShRupWGPHIkCtSLAU6lYbJveo81UIt1Y4X
-----END CERTIFICATE-----