Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ab3e73-d13d-4ec2-bf3f-177b5ba32327/1/iTAqvs2G1UdUfx5Fmn2Z7H7-Wuo.roa
File:                     iTAqvs2G1UdUfx5Fmn2Z7H7-Wuo.roa (raw, json)
Hash identifier:          L18Wb/sBRdrTPyOX3b7ZSqqO81GWE2YfQWPbOKytco8=
Subject key identifier:   89:30:2A:BE:CD:86:D5:47:54:7F:1E:45:9A:7D:99:EC:7E:FE:5A:EA
Certificate issuer:       /CN=dd4dcb56f79f4a1ded8d95482333961d0264faa5
Certificate serial:       019C907F99A05FC24E05EB67372C04D49F0C
Authority key identifier: DD:4D:CB:56:F7:9F:4A:1D:ED:8D:95:48:23:33:96:1D:02:64:FA:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3U3LVvefSh3tjZVIIzOWHQJk-qU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ab3e73-d13d-4ec2-bf3f-177b5ba32327/1/iTAqvs2G1UdUfx5Fmn2Z7H7-Wuo.roa
Signing time:             Tue 24 Feb 2026 16:33:27 +0000
ROA not before:           Tue 24 Feb 2026 16:33:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200482
IP address blocks:        45.142.112.0/24 maxlen: 24
                          45.142.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/ab3e73-d13d-4ec2-bf3f-177b5ba32327/1/3U3LVvefSh3tjZVIIzOWHQJk-qU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/ab3e73-d13d-4ec2-bf3f-177b5ba32327/1/3U3LVvefSh3tjZVIIzOWHQJk-qU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3U3LVvefSh3tjZVIIzOWHQJk-qU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 08:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:90:7f:99:a0:5f:c2:4e:05:eb:67:37:2c:04:d4:9f:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd4dcb56f79f4a1ded8d95482333961d0264faa5
        Validity
            Not Before: Feb 24 16:33:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=89302abecd86d547547f1e459a7d99ec7efe5aea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:f8:89:b4:b9:25:4a:80:37:0e:79:ce:fa:58:
                    fb:a1:8a:60:67:f2:bf:35:e0:d9:bc:6b:7c:df:5e:
                    07:9c:72:ff:9c:6d:17:47:6a:52:cc:e5:fd:2c:50:
                    04:41:6c:15:dd:d6:38:9b:ba:0d:95:16:c2:3f:3f:
                    ac:a9:34:5d:38:a2:e6:43:3e:04:ef:6a:95:9a:fa:
                    8a:30:96:31:ad:94:7b:86:5f:3a:10:e0:94:74:6d:
                    bd:60:04:9e:20:fa:98:45:7e:da:bd:37:e8:a2:05:
                    f4:a8:6e:59:8e:d8:43:56:c3:09:cd:05:d8:ee:df:
                    36:8b:a6:77:c6:34:21:3f:5f:5e:6f:65:4d:62:d1:
                    01:41:1c:87:c4:f7:31:b2:85:67:4d:34:ec:b1:37:
                    d1:5b:1d:1f:96:a2:85:fa:1d:31:27:f9:0b:32:95:
                    4b:73:b1:4e:13:0d:10:c1:50:4b:a3:39:b9:5c:02:
                    b6:ce:2a:84:5f:4c:a5:3c:d6:52:e2:c0:79:a0:a8:
                    16:39:10:3f:31:46:9d:59:01:d5:4d:da:de:49:9e:
                    0d:ea:8c:f4:f0:89:07:6c:8d:20:eb:a2:56:fe:95:
                    dd:9a:18:11:99:50:a1:d0:98:47:60:cd:3f:90:8a:
                    74:56:69:e4:c5:32:9c:1f:b8:1c:2f:cd:e9:15:26:
                    13:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:30:2A:BE:CD:86:D5:47:54:7F:1E:45:9A:7D:99:EC:7E:FE:5A:EA
            X509v3 Authority Key Identifier:
                keyid:DD:4D:CB:56:F7:9F:4A:1D:ED:8D:95:48:23:33:96:1D:02:64:FA:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3U3LVvefSh3tjZVIIzOWHQJk-qU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ab3e73-d13d-4ec2-bf3f-177b5ba32327/1/iTAqvs2G1UdUfx5Fmn2Z7H7-Wuo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ab3e73-d13d-4ec2-bf3f-177b5ba32327/1/3U3LVvefSh3tjZVIIzOWHQJk-qU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.112.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:95:11:28:7c:5b:11:77:02:b1:71:45:cd:bf:e1:1c:98:e8:
         9c:cc:f1:b9:53:26:19:65:af:00:0d:5b:37:9e:4d:12:8b:b3:
         7a:93:a7:58:d3:ed:22:3d:32:23:d3:2b:48:bf:22:b4:cf:39:
         19:0f:16:ee:53:22:56:28:46:cc:06:61:82:eb:89:d3:fa:43:
         c3:d9:51:76:94:7c:df:72:b8:c4:ce:75:41:1b:39:0e:a0:e1:
         2b:de:19:7e:3f:a4:ff:84:4b:bc:a5:c8:58:55:2c:3f:74:0a:
         42:44:77:3a:02:ed:ef:c4:0e:b2:76:02:b9:5f:ba:77:ee:b1:
         1d:4a:e5:1b:0a:6c:52:65:61:f9:70:aa:f3:8e:30:04:2d:69:
         60:dc:55:8f:22:35:85:fb:c4:4c:46:24:69:04:31:49:0d:bd:
         0c:8f:e8:5e:55:fc:cc:10:d8:e9:41:0a:35:3b:f5:b7:9d:37:
         5a:2c:8a:ad:0c:d0:35:39:f7:65:59:8b:3e:35:8a:94:55:48:
         4e:b6:7c:ab:31:0e:0f:04:74:e2:7b:1d:67:f7:1f:8d:bb:08:
         18:20:01:49:ba:d6:84:6d:10:a7:b5:1c:ad:58:38:e6:8e:fc:
         70:74:b9:58:56:60:8a:a8:86:47:b2:e6:eb:00:81:06:77:03:
         bb:25:49:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyQf5mgX8JOBetnNywE1J8MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNGRjYjU2Zjc5ZjRhMWRlZDhkOTU0ODIzMzM5NjFkMDI2
NGZhYTUwHhcNMjYwMjI0MTYzMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTMwMmFiZWNkODZkNTQ3NTQ3ZjFlNDU5YTdkOTllYzdlZmU1YWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/iJtLklSoA3DnnO+lj7oYpgZ/K/
NeDZvGt8314HnHL/nG0XR2pSzOX9LFAEQWwV3dY4m7oNlRbCPz+sqTRdOKLmQz4E
72qVmvqKMJYxrZR7hl86EOCUdG29YASeIPqYRX7avTfoogX0qG5ZjthDVsMJzQXY
7t82i6Z3xjQhP19eb2VNYtEBQRyHxPcxsoVnTTTssTfRWx0flqKF+h0xJ/kLMpVL
c7FOEw0QwVBLozm5XAK2ziqEX0ylPNZS4sB5oKgWORA/MUadWQHVTdreSZ4N6oz0
8IkHbI0g66JW/pXdmhgRmVCh0JhHYM0/kIp0VmnkxTKcH7gcL83pFSYTJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIkwKr7NhtVHVH8eRZp9mex+/lrqMB8GA1UdIwQY
MBaAFN1Ny1b3n0od7Y2VSCMzlh0CZPqlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1UzTFZ2ZWZTaDN0alpWSUl6T1dIUUprLXFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9hYjNlNzMtZDEzZC00ZWMyLWJmM2Yt
MTc3YjViYTMyMzI3LzEvaVRBcXZzMkcxVWRVZng1Rm1uMlo3SDctV3VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9hYjNlNzMtZDEzZC00ZWMyLWJmM2YtMTc3YjViYTMyMzI3
LzEvM1UzTFZ2ZWZTaDN0alpWSUl6T1dIUUprLXFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLY5wMA0G
CSqGSIb3DQEBCwUAA4IBAQBGlREofFsRdwKxcUXNv+EcmOiczPG5UyYZZa8ADVs3
nk0Si7N6k6dY0+0iPTIj0ytIvyK0zzkZDxbuUyJWKEbMBmGC64nT+kPD2VF2lHzf
crjEznVBGzkOoOEr3hl+P6T/hEu8pchYVSw/dApCRHc6Au3vxA6ydgK5X7p37rEd
SuUbCmxSZWH5cKrzjjAELWlg3FWPIjWF+8RMRiRpBDFJDb0Mj+heVfzMENjpQQo1
O/W3nTdaLIqtDNA1OfdlWYs+NYqUVUhOtnyrMQ4PBHTiex1n9x+NuwgYIAFJutaE
bRCntRytWDjmjvxwdLlYVmCKqIZHsubrAIEGdwO7JUm3
-----END CERTIFICATE-----