Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/O9b4MiyQJf7ADeyK6FOskAUc3rU.roa
File:                     O9b4MiyQJf7ADeyK6FOskAUc3rU.roa (raw, json)
Hash identifier:          lycf7IhJhl3N0Ed4djWaYauK9bDCqpC39os1AcnPPrA=
Subject key identifier:   3B:D6:F8:32:2C:90:25:FE:C0:0D:EC:8A:E8:53:AC:90:05:1C:DE:B5
Certificate issuer:       /CN=9f0743496c7ff3effb870601139cad9d2f271e10
Certificate serial:       019C8E55B32DAE75734713C68682672F7F38
Authority key identifier: 9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/O9b4MiyQJf7ADeyK6FOskAUc3rU.roa
Signing time:             Tue 24 Feb 2026 06:28:26 +0000
ROA not before:           Tue 24 Feb 2026 06:28:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206150
IP address blocks:        45.144.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 06:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8e:55:b3:2d:ae:75:73:47:13:c6:86:82:67:2f:7f:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f0743496c7ff3effb870601139cad9d2f271e10
        Validity
            Not Before: Feb 24 06:28:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3bd6f8322c9025fec00dec8ae853ac90051cdeb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:76:2b:6b:2a:0c:c3:76:0e:c7:2e:f5:b7:36:
                    ae:9f:0a:61:c6:7e:d3:6f:0e:0b:a8:d7:b6:d1:3e:
                    c4:09:bd:15:d5:ba:78:28:9d:35:34:18:77:a5:82:
                    d5:d6:ee:24:35:7d:84:cf:40:57:24:43:c3:42:61:
                    fa:a9:05:d5:b9:3e:20:72:9a:4a:3a:c0:20:3d:68:
                    1b:c8:88:f9:39:e7:b9:38:91:37:83:b1:33:39:46:
                    d1:80:fd:f8:b6:5c:ba:c5:85:0c:25:bd:47:67:8c:
                    0b:71:0d:fb:04:67:79:64:6a:0d:11:1b:79:d6:50:
                    a3:23:a3:6f:90:76:42:d1:af:67:d0:7c:4e:0d:d7:
                    da:e7:60:41:ad:b6:6f:ee:0b:a2:57:e0:d8:d8:61:
                    41:56:66:c9:1b:cf:e4:c8:80:28:a1:d4:90:93:6b:
                    11:4c:38:95:b6:7a:1d:f4:41:c2:d3:65:e5:c5:bd:
                    b7:1f:99:0b:6a:76:bf:dd:8a:34:53:0c:62:0b:00:
                    2a:96:35:be:8d:7b:9e:54:92:46:a2:cc:b6:b0:eb:
                    5f:c9:db:ee:d0:8c:7e:c3:06:ef:28:be:a6:79:96:
                    54:aa:f1:26:6b:65:f3:d6:d0:97:6a:9d:6e:40:01:
                    8b:2b:1a:54:96:b7:fc:0d:04:14:78:9e:ba:46:e2:
                    4f:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:D6:F8:32:2C:90:25:FE:C0:0D:EC:8A:E8:53:AC:90:05:1C:DE:B5
            X509v3 Authority Key Identifier:
                keyid:9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/O9b4MiyQJf7ADeyK6FOskAUc3rU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:07:8d:4d:73:57:1a:12:4b:93:f0:dd:3e:ab:3f:2a:69:37:
         4e:05:89:cb:9a:34:1d:91:d8:bc:0d:cd:7a:bf:48:fa:d9:6b:
         e3:9d:79:2d:59:b6:e3:3e:c9:a8:58:f3:e1:4c:c8:76:88:26:
         70:ed:37:b8:93:cb:22:74:6a:38:c9:f5:36:02:4f:cf:61:5c:
         63:30:9e:81:a9:5e:45:0b:de:30:8c:86:69:ed:f6:29:ea:09:
         c4:03:d6:1f:83:c9:02:6e:67:19:5f:00:4d:f8:8f:be:a3:6f:
         16:5e:24:b0:0c:e6:9e:6b:93:d4:93:bb:fd:6d:ba:bc:8d:85:
         cb:75:c5:f9:21:f8:4a:f7:bb:74:cc:bd:e5:bd:a6:2b:41:33:
         f7:5c:eb:78:b2:d7:7c:7b:55:94:80:8a:43:6f:8d:9f:9c:c2:
         d6:bb:41:f2:0d:6f:dd:1e:30:c8:42:a1:71:ea:f6:c5:9f:87:
         d2:e3:3e:7d:be:6a:ae:9e:1a:38:5b:d2:d2:7c:8f:78:c1:61:
         2c:d3:be:2e:26:c8:fa:46:79:7c:f0:3d:e4:0d:aa:89:d2:7b:
         90:2d:8d:2b:03:71:d3:1b:4d:63:10:62:0a:8d:c9:86:74:bc:
         18:8a:91:dc:78:a0:cd:98:e3:2c:d6:db:16:e5:d6:98:c7:54:
         22:af:7d:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyOVbMtrnVzRxPGhoJnL384MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMDc0MzQ5NmM3ZmYzZWZmYjg3MDYwMTEzOWNhZDlkMmYy
NzFlMTAwHhcNMjYwMjI0MDYyODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmQ2ZjgzMjJjOTAyNWZlYzAwZGVjOGFlODUzYWM5MDA1MWNkZWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkHYrayoMw3YOxy71tzaunwphxn7T
bw4LqNe20T7ECb0V1bp4KJ01NBh3pYLV1u4kNX2Ez0BXJEPDQmH6qQXVuT4gcppK
OsAgPWgbyIj5Oee5OJE3g7EzOUbRgP34tly6xYUMJb1HZ4wLcQ37BGd5ZGoNERt5
1lCjI6NvkHZC0a9n0HxODdfa52BBrbZv7guiV+DY2GFBVmbJG8/kyIAoodSQk2sR
TDiVtnod9EHC02Xlxb23H5kLana/3Yo0UwxiCwAqljW+jXueVJJGosy2sOtfydvu
0Ix+wwbvKL6meZZUqvEma2Xz1tCXap1uQAGLKxpUlrf8DQQUeJ66RuJPcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDvW+DIskCX+wA3siuhTrJAFHN61MB8GA1UdIwQY
MBaAFJ8HQ0lsf/Pv+4cGAROcrZ0vJx4QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbndkRFNXeF84LV83aHdZQkU1eXRuUzhuSGhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8yMmI3YWItZmMxMS00MDdhLWJkM2Mt
NjM0MTEzNjdkOTBhLzEvTzliNE1peVFKZjdBRGV5SzZGT3NrQVVjM3JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8yMmI3YWItZmMxMS00MDdhLWJkM2MtNjM0MTEzNjdkOTBh
LzEvbndkRFNXeF84LV83aHdZQkU1eXRuUzhuSGhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZCBMA0G
CSqGSIb3DQEBCwUAA4IBAQA7B41Nc1caEkuT8N0+qz8qaTdOBYnLmjQdkdi8Dc16
v0j62WvjnXktWbbjPsmoWPPhTMh2iCZw7Te4k8sidGo4yfU2Ak/PYVxjMJ6BqV5F
C94wjIZp7fYp6gnEA9Yfg8kCbmcZXwBN+I++o28WXiSwDOaea5PUk7v9bbq8jYXL
dcX5IfhK97t0zL3lvaYrQTP3XOt4std8e1WUgIpDb42fnMLWu0HyDW/dHjDIQqFx
6vbFn4fS4z59vmqunho4W9LSfI94wWEs074uJsj6Rnl88D3kDaqJ0nuQLY0rA3HT
G01jEGIKjcmGdLwYipHceKDNmOMs1tsW5daYx1Qir314
-----END CERTIFICATE-----