Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/454412-c062-4b45-a644-a038ef1eff39/1/8pNTjqniMFk_l88aCl3q4gxjvCw.roa
File:                     8pNTjqniMFk_l88aCl3q4gxjvCw.roa (raw, json)
Hash identifier:          NhOt3V4pCHJS3ioRSgsTAxEcfjN40UAKQmrhzy1cBHI=
Subject key identifier:   F2:93:53:8E:A9:E2:30:59:3F:97:CF:1A:0A:5D:EA:E2:0C:63:BC:2C
Certificate issuer:       /CN=45ed111630e05297795dddd298ea1fb29e695c53
Certificate serial:       019CB86F48E33871C5557E00808D31CB0BB2
Authority key identifier: 45:ED:11:16:30:E0:52:97:79:5D:DD:D2:98:EA:1F:B2:9E:69:5C:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Re0RFjDgUpd5Xd3SmOofsp5pXFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/454412-c062-4b45-a644-a038ef1eff39/1/8pNTjqniMFk_l88aCl3q4gxjvCw.roa
Signing time:             Wed 04 Mar 2026 10:40:26 +0000
ROA not before:           Wed 04 Mar 2026 10:40:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     680
IP address blocks:        141.64.0.0/16 maxlen: 16
                          195.88.209.0/24 maxlen: 24
                          2a12:e140::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/454412-c062-4b45-a644-a038ef1eff39/1/Re0RFjDgUpd5Xd3SmOofsp5pXFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/454412-c062-4b45-a644-a038ef1eff39/1/Re0RFjDgUpd5Xd3SmOofsp5pXFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Re0RFjDgUpd5Xd3SmOofsp5pXFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Mar 2026 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b8:6f:48:e3:38:71:c5:55:7e:00:80:8d:31:cb:0b:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45ed111630e05297795dddd298ea1fb29e695c53
        Validity
            Not Before: Mar  4 10:40:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f293538ea9e230593f97cf1a0a5deae20c63bc2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:57:ab:fd:bd:da:5e:7e:71:1a:f4:6c:05:7e:
                    ac:51:23:00:2d:78:6c:0e:a0:27:a5:70:9f:44:9e:
                    54:18:cf:5c:c1:1c:e8:77:f7:be:da:36:97:de:ba:
                    e5:8e:f4:79:b7:d5:61:1e:f7:6c:57:43:e4:e1:9d:
                    0c:17:e5:8c:08:45:24:7b:f6:04:71:b0:12:d5:06:
                    f4:ac:e3:70:76:62:1d:a5:c8:54:3a:5a:a2:e5:09:
                    e9:4e:82:6b:bf:1f:26:0b:10:96:5e:ca:1d:ef:21:
                    ca:7f:88:53:c1:f3:4f:34:92:53:12:33:c3:0a:07:
                    89:89:65:a4:cf:1e:ed:54:84:f6:be:fa:57:26:91:
                    b2:76:44:1a:aa:32:38:13:93:b3:70:3e:68:8c:2e:
                    d8:b9:00:a6:bc:2d:c1:53:45:83:0d:86:34:09:e1:
                    8d:04:55:fc:b5:a9:9d:2f:63:8a:b1:79:af:81:c0:
                    d7:b6:a7:7b:d9:dd:56:64:3b:66:da:c9:23:7b:76:
                    a7:aa:50:13:30:3b:a7:4f:44:a8:62:2e:ef:45:2e:
                    89:2d:84:36:41:c4:a3:62:36:d2:bd:8a:d7:14:d9:
                    82:37:20:c8:e3:5f:cb:62:6b:08:0f:9c:4b:75:41:
                    a9:2c:fe:24:c0:6b:05:55:96:45:26:fb:25:0c:95:
                    3a:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:93:53:8E:A9:E2:30:59:3F:97:CF:1A:0A:5D:EA:E2:0C:63:BC:2C
            X509v3 Authority Key Identifier:
                keyid:45:ED:11:16:30:E0:52:97:79:5D:DD:D2:98:EA:1F:B2:9E:69:5C:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Re0RFjDgUpd5Xd3SmOofsp5pXFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/454412-c062-4b45-a644-a038ef1eff39/1/8pNTjqniMFk_l88aCl3q4gxjvCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/454412-c062-4b45-a644-a038ef1eff39/1/Re0RFjDgUpd5Xd3SmOofsp5pXFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.64.0.0/16
                  195.88.209.0/24
                IPv6:
                  2a12:e140::/29

    Signature Algorithm: sha256WithRSAEncryption
         85:c4:ef:dd:1c:03:09:86:83:39:ee:0c:a1:ff:b3:19:ac:81:
         e8:89:6d:44:b4:d3:45:88:33:57:eb:62:58:af:dc:76:44:63:
         29:26:56:7d:91:2c:c7:05:fd:0e:b3:29:4c:59:14:8f:95:6e:
         bf:6f:9c:31:18:ca:9d:28:0b:9e:91:fd:89:6f:0f:bd:09:29:
         7f:32:8b:7e:f1:22:54:18:ca:c7:3d:16:e6:27:eb:75:73:a1:
         f7:9f:80:de:98:52:0e:ef:87:18:f6:dc:c6:70:49:52:72:a3:
         46:6b:3c:24:21:02:dc:78:d5:1c:fc:fd:69:a9:63:dd:5c:39:
         89:35:1c:24:d8:13:de:0d:bb:7b:ba:71:6b:a5:62:15:4c:8b:
         77:77:2e:f6:0d:8c:32:d5:20:b8:b7:54:87:fd:95:0a:b4:a1:
         bc:72:a8:df:22:f9:04:7e:c9:af:3b:27:3a:6f:f0:4e:45:09:
         fa:7e:dc:81:98:85:d8:02:0c:45:d9:1f:8e:38:f8:17:f7:17:
         50:85:47:30:9f:59:56:e5:bf:60:92:3d:4d:54:bb:ef:11:41:
         6c:b4:13:60:f4:fb:05:19:5b:ff:56:a8:1a:b2:a0:8a:2c:ec:
         dc:10:ff:a2:49:01:12:f0:44:dd:1e:70:f9:18:45:82:08:28:
         f4:6c:74:36
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZy4b0jjOHHFVX4AgI0xywuyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1ZWQxMTE2MzBlMDUyOTc3OTVkZGRkMjk4ZWExZmIyOWU2
OTVjNTMwHhcNMjYwMzA0MTA0MDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjkzNTM4ZWE5ZTIzMDU5M2Y5N2NmMWEwYTVkZWFlMjBjNjNiYzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVer/b3aXn5xGvRsBX6sUSMALXhs
DqAnpXCfRJ5UGM9cwRzod/e+2jaX3rrljvR5t9VhHvdsV0Pk4Z0MF+WMCEUke/YE
cbAS1Qb0rONwdmIdpchUOlqi5QnpToJrvx8mCxCWXsod7yHKf4hTwfNPNJJTEjPD
CgeJiWWkzx7tVIT2vvpXJpGydkQaqjI4E5OzcD5ojC7YuQCmvC3BU0WDDYY0CeGN
BFX8tamdL2OKsXmvgcDXtqd72d1WZDtm2skje3anqlATMDunT0SoYi7vRS6JLYQ2
QcSjYjbSvYrXFNmCNyDI41/LYmsID5xLdUGpLP4kwGsFVZZFJvslDJU6/QIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFPKTU46p4jBZP5fPGgpd6uIMY7wsMB8GA1UdIwQY
MBaAFEXtERYw4FKXeV3d0pjqH7KeaVxTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmUwUkZqRGdVcGQ1WGQzU21Pb2ZzcDVwWEZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi80NTQ0MTItYzA2Mi00YjQ1LWE2NDQt
YTAzOGVmMWVmZjM5LzEvOHBOVGpxbmlNRmtfbDg4YUNsM3E0Z3hqdkN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi80NTQ0MTItYzA2Mi00YjQ1LWE2NDQtYTAzOGVmMWVmZjM5
LzEvUmUwUkZqRGdVcGQ1WGQzU21Pb2ZzcDVwWEZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjARBAIAATALAwMAjUADBADD
WNEwDQQCAAIwBwMFAyoS4UAwDQYJKoZIhvcNAQELBQADggEBAIXE790cAwmGgznu
DKH/sxmsgeiJbUS000WIM1frYliv3HZEYykmVn2RLMcF/Q6zKUxZFI+Vbr9vnDEY
yp0oC56R/YlvD70JKX8yi37xIlQYysc9FuYn63VzofefgN6YUg7vhxj23MZwSVJy
o0ZrPCQhAtx41Rz8/WmpY91cOYk1HCTYE94Nu3u6cWulYhVMi3d3LvYNjDLVILi3
VIf9lQq0obxyqN8i+QR+ya87Jzpv8E5FCfp+3IGYhdgCDEXZH444+Bf3F1CFRzCf
WVblv2CSPU1Uu+8RQWy0E2D0+wUZW/9WqBqyoIos7NwQ/6JJARLwRN0ecPkYRYII
KPRsdDY=
-----END CERTIFICATE-----