Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/uFdeFfyqWzWzy9XpWgp6RzS5Po4.roa
File:                     uFdeFfyqWzWzy9XpWgp6RzS5Po4.roa (raw, json)
Hash identifier:          S0V35aejjxrKec51/7roxw6JaJ93CJSt3HkBa4plctg=
Subject key identifier:   B8:57:5E:15:FC:AA:5B:35:B3:CB:D5:E9:5A:0A:7A:47:34:B9:3E:8E
Certificate issuer:       /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial:       019C7FB0A06F8622D8E8AA018D1A8840CB05
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/uFdeFfyqWzWzy9XpWgp6RzS5Po4.roa
Signing time:             Sat 21 Feb 2026 10:13:27 +0000
ROA not before:           Sat 21 Feb 2026 10:13:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213694
IP address blocks:        45.66.250.0/23 maxlen: 23
                          45.83.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 16:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7f:b0:a0:6f:86:22:d8:e8:aa:01:8d:1a:88:40:cb:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
        Validity
            Not Before: Feb 21 10:13:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b8575e15fcaa5b35b3cbd5e95a0a7a4734b93e8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:a2:33:92:cc:ea:f5:a2:8b:f1:a8:7c:83:14:
                    6f:f7:99:0b:24:d9:e9:d6:86:b2:18:58:40:28:8f:
                    42:6e:c7:6e:fe:ed:68:ae:40:08:29:d7:f4:07:05:
                    f6:f3:48:d8:81:96:f6:3f:ed:b0:10:e7:5d:d8:78:
                    8b:47:8b:03:de:67:73:51:01:62:57:57:57:9c:53:
                    19:6f:af:1f:52:c6:a8:3e:97:3f:5d:00:7c:4a:de:
                    c8:22:3b:b7:d9:70:9c:c2:3f:2b:94:8a:f2:11:83:
                    f7:8d:d6:64:73:74:34:30:00:53:06:d8:94:15:32:
                    0e:eb:99:e1:c3:c6:7e:e0:c9:9d:56:d1:48:c6:e7:
                    23:6d:1e:b4:64:3c:b5:72:e3:b6:8e:47:23:c0:01:
                    0f:fd:36:fb:c8:b2:cc:2c:40:19:3e:45:aa:76:a9:
                    f1:e1:11:77:53:ec:28:8d:be:bf:df:b5:eb:78:70:
                    5e:cd:4c:37:89:ba:e0:fe:17:bf:e0:90:cf:fb:48:
                    bb:67:98:20:d6:d7:37:af:96:8d:d3:a1:c2:60:a3:
                    b7:68:db:e5:92:d1:97:7d:f6:be:af:58:9d:ee:f0:
                    7c:ec:17:5b:55:3f:63:db:d5:ff:0e:32:dc:5c:6e:
                    04:be:86:ab:44:7c:f2:54:4a:7f:21:65:b6:96:56:
                    98:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:57:5E:15:FC:AA:5B:35:B3:CB:D5:E9:5A:0A:7A:47:34:B9:3E:8E
            X509v3 Authority Key Identifier:
                keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/uFdeFfyqWzWzy9XpWgp6RzS5Po4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.250.0/23
                  45.83.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:6b:0f:f0:0e:cc:24:5a:14:f7:7c:1a:43:71:93:2b:85:a5:
         a5:4b:08:7f:0f:a5:24:66:fa:4c:ae:7c:cb:eb:7f:d0:1b:5d:
         1e:51:26:1b:df:04:4d:b1:4c:59:39:7f:8b:48:92:f8:a2:36:
         a9:12:95:f7:40:f2:7e:ad:b1:34:d8:17:16:a0:95:65:b1:92:
         51:e2:57:c2:87:23:86:2e:1b:ca:6c:de:d5:f7:56:d1:78:e2:
         ed:a2:60:12:4b:94:4c:21:7c:7a:e0:00:85:6e:61:b8:57:83:
         94:63:4e:53:93:46:33:3b:3c:51:1f:d9:9d:92:1b:cc:eb:9f:
         0f:58:27:5c:02:d8:d2:c6:01:33:98:cd:9d:35:25:53:9e:ae:
         14:24:23:0f:17:1d:3b:9e:d9:e2:25:13:ed:2a:a2:4f:e7:3d:
         bc:5d:e2:d3:4f:5d:f9:d4:86:1e:42:3c:9f:37:33:46:4f:03:
         06:7b:9a:c0:d1:56:9c:f2:57:d9:f0:18:34:ad:1d:1f:dd:94:
         68:42:44:ff:ae:58:f4:ae:95:dc:29:d5:53:62:82:59:0e:00:
         0e:70:d0:15:7d:88:83:31:ce:0d:25:a6:bc:b1:e2:83:13:9d:
         7d:8e:d0:3d:17:88:04:8a:96:9d:09:27:9d:14:80:f6:28:b7:
         61:71:28:74
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZx/sKBvhiLY6KoBjRqIQMsFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjYwMjIxMTAxMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODU3NWUxNWZjYWE1YjM1YjNjYmQ1ZTk1YTBhN2E0NzM0YjkzZThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKIzkszq9aKL8ah8gxRv95kLJNnp
1oayGFhAKI9Cbsdu/u1orkAIKdf0BwX280jYgZb2P+2wEOdd2HiLR4sD3mdzUQFi
V1dXnFMZb68fUsaoPpc/XQB8St7IIju32XCcwj8rlIryEYP3jdZkc3Q0MABTBtiU
FTIO65nhw8Z+4MmdVtFIxucjbR60ZDy1cuO2jkcjwAEP/Tb7yLLMLEAZPkWqdqnx
4RF3U+wojb6/37XreHBezUw3ibrg/he/4JDP+0i7Z5gg1tc3r5aN06HCYKO3aNvl
ktGXffa+r1id7vB87BdbVT9j29X/DjLcXG4EvoarRHzyVEp/IWW2llaYnwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLhXXhX8qls1s8vV6VoKekc0uT6OMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvdUZkZUZmeXFXeld6eTlYcFdncDZSelM1UG80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLUL6AwQA
LVO3MA0GCSqGSIb3DQEBCwUAA4IBAQAKaw/wDswkWhT3fBpDcZMrhaWlSwh/D6Uk
ZvpMrnzL63/QG10eUSYb3wRNsUxZOX+LSJL4ojapEpX3QPJ+rbE02BcWoJVlsZJR
4lfChyOGLhvKbN7V91bReOLtomASS5RMIXx64ACFbmG4V4OUY05Tk0YzOzxRH9md
khvM658PWCdcAtjSxgEzmM2dNSVTnq4UJCMPFx07ntniJRPtKqJP5z28XeLTT135
1IYeQjyfNzNGTwMGe5rA0Vac8lfZ8Bg0rR0f3ZRoQkT/rlj0rpXcKdVTYoJZDgAO
cNAVfYiDMc4NJaa8seKDE519jtA9F4gEipadCSedFID2KLdhcSh0
-----END CERTIFICATE-----