Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/g96pKLe6ZF1dh195VH6q_6jtDKE.roa
File:                     g96pKLe6ZF1dh195VH6q_6jtDKE.roa (raw, json)
Hash identifier:          GXl5Z35Jg4C6xTmicgl5RWGF0PIPfwr7nEkhMgfzcrU=
Subject key identifier:   83:DE:A9:28:B7:BA:64:5D:5D:87:5F:79:54:7E:AA:FF:A8:ED:0C:A1
Certificate issuer:       /CN=3a0b05f40a6916394782302d1b5660737257a48b
Certificate serial:       019BFA16760CFCD9E6399C77CB824D8D18D7
Authority key identifier: 3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/g96pKLe6ZF1dh195VH6q_6jtDKE.roa
Signing time:             Mon 26 Jan 2026 11:35:34 +0000
ROA not before:           Mon 26 Jan 2026 11:35:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206119
IP address blocks:        45.158.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 14:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:fa:16:76:0c:fc:d9:e6:39:9c:77:cb:82:4d:8d:18:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a0b05f40a6916394782302d1b5660737257a48b
        Validity
            Not Before: Jan 26 11:35:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=83dea928b7ba645d5d875f79547eaaffa8ed0ca1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:96:62:b6:6e:7a:53:f5:62:0b:fb:bc:0d:21:
                    e3:5a:72:09:be:f7:61:15:8c:08:7a:f4:34:9e:db:
                    ce:55:34:35:53:75:b1:b7:57:29:39:a4:c6:dc:08:
                    91:6f:40:53:bd:33:2d:f7:12:ff:13:32:b0:1f:42:
                    21:06:2d:75:9a:55:c8:36:2b:f1:bf:53:15:1e:5b:
                    7a:05:3a:47:0d:e0:f7:91:b3:4b:41:a1:3e:c2:fc:
                    42:99:89:f4:fd:b0:df:cc:39:88:28:59:22:4b:05:
                    1a:d1:67:68:cc:1c:50:dd:02:fd:aa:ae:37:3f:d1:
                    ec:30:a5:96:04:3a:55:60:79:c4:fd:a2:5d:87:5e:
                    11:e5:a6:c9:44:10:f0:ee:8f:2d:29:be:44:5b:e7:
                    f2:0a:df:5c:c2:9f:b9:3e:42:7a:44:ba:68:40:f2:
                    41:35:96:14:2d:a0:1c:10:41:47:b7:ea:1c:70:f1:
                    ca:a4:72:22:8b:af:d9:71:8e:d2:ca:8b:0a:03:bd:
                    59:35:83:0f:99:0b:61:55:c9:b5:8c:57:c9:4c:e2:
                    c0:a4:e8:a3:aa:de:40:97:a7:15:10:20:c9:9b:e5:
                    68:98:24:e8:78:3c:f9:ba:8b:c3:37:7e:c3:4a:e1:
                    7d:0d:ac:71:a7:97:bd:bf:66:17:73:9d:9a:f6:71:
                    49:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:DE:A9:28:B7:BA:64:5D:5D:87:5F:79:54:7E:AA:FF:A8:ED:0C:A1
            X509v3 Authority Key Identifier:
                keyid:3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/g96pKLe6ZF1dh195VH6q_6jtDKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:aa:e3:13:cf:3b:22:b6:7e:44:7e:ca:91:53:5e:a2:f9:3f:
         1e:86:63:b7:26:ba:fd:af:c3:20:b6:60:02:24:d2:19:03:65:
         63:62:07:79:39:50:63:ac:d4:2d:ac:4a:55:a9:e8:90:06:56:
         7d:7a:7c:81:15:d7:da:5f:30:a7:39:31:3f:2e:2a:60:7e:5e:
         9d:ad:99:c5:1e:00:15:87:69:db:0b:88:f6:61:73:77:7f:a3:
         70:7c:de:e6:16:ab:69:ff:f7:4b:a8:24:38:41:f9:c3:4f:14:
         1e:b2:b6:b7:7d:f6:f8:fe:56:43:47:84:a0:b7:77:6d:9f:67:
         79:1b:fb:06:7c:96:4e:01:68:e9:e3:09:ec:79:4b:70:67:1f:
         5f:92:f8:80:14:a5:3d:8c:cb:fa:e2:b5:28:cd:d8:cc:bd:03:
         9b:e0:f5:93:f0:47:17:a5:a8:f9:76:ac:b8:2f:5f:2f:0d:88:
         82:81:f3:1b:7f:05:1b:b7:b8:89:74:14:62:73:15:a6:ec:9c:
         76:ef:4c:dd:b3:cf:eb:0b:02:15:20:1c:67:c0:4c:c7:64:d6:
         a9:02:a7:6f:ed:f6:39:60:7b:53:a7:13:08:2c:8a:d7:8b:25:
         d3:af:93:c3:98:e4:b6:83:9b:9d:25:2d:26:07:3a:c9:57:d2:
         5e:a4:f2:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZv6FnYM/NnmOZx3y4JNjRjXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMGIwNWY0MGE2OTE2Mzk0NzgyMzAyZDFiNTY2MDczNzI1
N2E0OGIwHhcNMjYwMTI2MTEzNTM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2RlYTkyOGI3YmE2NDVkNWQ4NzVmNzk1NDdlYWFmZmE4ZWQwY2ExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4pZitm56U/ViC/u8DSHjWnIJvvdh
FYwIevQ0ntvOVTQ1U3Wxt1cpOaTG3AiRb0BTvTMt9xL/EzKwH0IhBi11mlXINivx
v1MVHlt6BTpHDeD3kbNLQaE+wvxCmYn0/bDfzDmIKFkiSwUa0WdozBxQ3QL9qq43
P9HsMKWWBDpVYHnE/aJdh14R5abJRBDw7o8tKb5EW+fyCt9cwp+5PkJ6RLpoQPJB
NZYULaAcEEFHt+occPHKpHIii6/ZcY7SyosKA71ZNYMPmQthVcm1jFfJTOLApOij
qt5Al6cVECDJm+VomCToeDz5uovDN37DSuF9Daxxp5e9v2YXc52a9nFJowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIPeqSi3umRdXYdfeVR+qv+o7QyhMB8GA1UdIwQY
MBaAFDoLBfQKaRY5R4IwLRtWYHNyV6SLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGIt
YjIwZTI4ZjUxODhmLzEvZzk2cEtMZTZaRjFkaDE5NVZINnFfNmp0REtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGItYjIwZTI4ZjUxODhm
LzEvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ4MMA0G
CSqGSIb3DQEBCwUAA4IBAQAMquMTzzsitn5EfsqRU16i+T8ehmO3Jrr9r8MgtmAC
JNIZA2VjYgd5OVBjrNQtrEpVqeiQBlZ9enyBFdfaXzCnOTE/Lipgfl6drZnFHgAV
h2nbC4j2YXN3f6NwfN7mFqtp//dLqCQ4QfnDTxQesra3ffb4/lZDR4Sgt3dtn2d5
G/sGfJZOAWjp4wnseUtwZx9fkviAFKU9jMv64rUozdjMvQOb4PWT8EcXpaj5dqy4
L18vDYiCgfMbfwUbt7iJdBRicxWm7Jx270zds8/rCwIVIBxnwEzHZNapAqdv7fY5
YHtTpxMILIrXiyXTr5PDmOS2g5udJS0mBzrJV9JepPKl
-----END CERTIFICATE-----