Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ab3e73-d13d-4ec2-bf3f-177b5ba32327/1/n8wKAbeQwoniSlzobzWQkZPFQ90.roa
File:                     n8wKAbeQwoniSlzobzWQkZPFQ90.roa (raw, json)
Hash identifier:          gAASzqy3Nb3k3RF3IE7AiqoPFAF8THLrgzOMP+9Awr8=
Subject key identifier:   9F:CC:0A:01:B7:90:C2:89:E2:4A:5C:E8:6F:35:90:91:93:C5:43:DD
Certificate issuer:       /CN=dd4dcb56f79f4a1ded8d95482333961d0264faa5
Certificate serial:       019C907F98000C361B235186C34C4AE9F32A
Authority key identifier: DD:4D:CB:56:F7:9F:4A:1D:ED:8D:95:48:23:33:96:1D:02:64:FA:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3U3LVvefSh3tjZVIIzOWHQJk-qU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ab3e73-d13d-4ec2-bf3f-177b5ba32327/1/n8wKAbeQwoniSlzobzWQkZPFQ90.roa
Signing time:             Tue 24 Feb 2026 16:33:26 +0000
ROA not before:           Tue 24 Feb 2026 16:33:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42335
IP address blocks:        45.95.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/ab3e73-d13d-4ec2-bf3f-177b5ba32327/1/3U3LVvefSh3tjZVIIzOWHQJk-qU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/ab3e73-d13d-4ec2-bf3f-177b5ba32327/1/3U3LVvefSh3tjZVIIzOWHQJk-qU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3U3LVvefSh3tjZVIIzOWHQJk-qU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:90:7f:98:00:0c:36:1b:23:51:86:c3:4c:4a:e9:f3:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd4dcb56f79f4a1ded8d95482333961d0264faa5
        Validity
            Not Before: Feb 24 16:33:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9fcc0a01b790c289e24a5ce86f35909193c543dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:8f:a8:a9:5d:63:f7:a9:61:82:d7:98:c7:77:
                    c9:be:25:2f:01:75:6e:82:54:1c:c7:4d:4e:2d:6b:
                    b3:66:e8:a5:4d:85:81:95:00:0f:98:eb:3b:dc:76:
                    bc:4c:54:28:b9:d3:bf:e6:c3:40:56:f1:de:5f:e9:
                    1d:da:74:9c:00:56:45:d4:e8:76:24:09:b1:a8:59:
                    41:15:89:03:85:11:3a:6c:7c:16:8f:63:21:f4:e2:
                    53:42:f7:56:f3:fb:34:d4:88:27:89:f9:18:84:19:
                    4b:d6:67:35:c4:e7:1e:bd:e5:1e:e6:37:8e:22:4d:
                    aa:3c:8e:7a:74:e9:f2:79:a1:cd:01:a7:9c:40:98:
                    ac:13:49:e6:82:c3:5f:62:80:4e:2a:3c:61:3b:3b:
                    0a:d6:95:ed:65:5d:99:e2:b9:0e:67:b8:3e:33:58:
                    ac:78:38:8f:a0:cf:e8:fd:3b:2d:fd:d1:23:51:d9:
                    45:ac:8f:cc:78:29:ec:36:3c:fc:fe:21:7b:40:ab:
                    2d:3e:be:de:6e:c6:71:02:77:0f:4c:d3:62:35:64:
                    7e:62:d5:62:83:d1:e1:10:46:16:4b:ef:91:c8:2b:
                    be:ee:d9:68:70:70:91:1c:c3:8b:e6:06:54:9d:37:
                    c6:90:12:8b:c0:4f:2c:c9:f3:01:5e:21:7d:6c:87:
                    11:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:CC:0A:01:B7:90:C2:89:E2:4A:5C:E8:6F:35:90:91:93:C5:43:DD
            X509v3 Authority Key Identifier:
                keyid:DD:4D:CB:56:F7:9F:4A:1D:ED:8D:95:48:23:33:96:1D:02:64:FA:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3U3LVvefSh3tjZVIIzOWHQJk-qU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ab3e73-d13d-4ec2-bf3f-177b5ba32327/1/n8wKAbeQwoniSlzobzWQkZPFQ90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ab3e73-d13d-4ec2-bf3f-177b5ba32327/1/3U3LVvefSh3tjZVIIzOWHQJk-qU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:5e:35:78:26:d0:ee:76:8a:76:dd:d4:5e:81:14:ab:59:0e:
         b1:32:cf:d1:f7:76:8c:86:91:ee:ec:48:d4:54:68:26:fd:3c:
         e5:f6:00:6b:34:72:dc:cd:51:01:ba:8b:52:ad:90:80:4e:02:
         26:e7:85:a8:56:e2:e5:ec:7d:71:43:48:f0:e0:d9:72:f1:f7:
         14:67:17:68:42:f1:58:44:1c:9a:3d:a6:f1:d6:27:12:a3:ef:
         92:21:34:6e:8f:d3:32:e3:8e:d8:4e:f6:0c:b9:10:33:94:3d:
         bb:e8:c5:a1:79:07:a9:34:c4:13:19:7d:c5:d9:7a:4c:2f:11:
         75:f8:84:9f:b1:1c:b2:83:43:44:7e:f5:a1:e4:1f:7b:43:8a:
         67:d8:ad:66:29:18:a8:fc:45:16:32:dc:13:41:71:94:02:83:
         9a:31:ea:65:bd:a1:46:00:5f:8b:49:bd:0d:be:28:e4:3b:70:
         69:8d:57:ea:29:07:29:63:c1:68:d5:a9:4d:07:e7:d9:ac:c0:
         63:5d:15:e3:0f:67:57:5c:3a:aa:f9:10:fe:4a:29:d1:8b:91:
         0e:44:6e:fa:a4:b9:bf:a7:92:79:2d:94:ae:a4:6c:ae:86:cc:
         ac:db:8d:0c:9b:04:b3:33:9e:23:36:b9:e6:a8:0c:53:56:f7:
         cf:c5:99:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyQf5gADDYbI1GGw0xK6fMqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNGRjYjU2Zjc5ZjRhMWRlZDhkOTU0ODIzMzM5NjFkMDI2
NGZhYTUwHhcNMjYwMjI0MTYzMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmNjMGEwMWI3OTBjMjg5ZTI0YTVjZTg2ZjM1OTA5MTkzYzU0M2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhI+oqV1j96lhgteYx3fJviUvAXVu
glQcx01OLWuzZuilTYWBlQAPmOs73Ha8TFQoudO/5sNAVvHeX+kd2nScAFZF1Oh2
JAmxqFlBFYkDhRE6bHwWj2Mh9OJTQvdW8/s01IgnifkYhBlL1mc1xOceveUe5jeO
Ik2qPI56dOnyeaHNAaecQJisE0nmgsNfYoBOKjxhOzsK1pXtZV2Z4rkOZ7g+M1is
eDiPoM/o/Tst/dEjUdlFrI/MeCnsNjz8/iF7QKstPr7ebsZxAncPTNNiNWR+YtVi
g9HhEEYWS++RyCu+7tlocHCRHMOL5gZUnTfGkBKLwE8syfMBXiF9bIcR8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ/MCgG3kMKJ4kpc6G81kJGTxUPdMB8GA1UdIwQY
MBaAFN1Ny1b3n0od7Y2VSCMzlh0CZPqlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1UzTFZ2ZWZTaDN0alpWSUl6T1dIUUprLXFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9hYjNlNzMtZDEzZC00ZWMyLWJmM2Yt
MTc3YjViYTMyMzI3LzEvbjh3S0FiZVF3b25pU2x6b2J6V1FrWlBGUTkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9hYjNlNzMtZDEzZC00ZWMyLWJmM2YtMTc3YjViYTMyMzI3
LzEvM1UzTFZ2ZWZTaDN0alpWSUl6T1dIUUprLXFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV82MA0G
CSqGSIb3DQEBCwUAA4IBAQCYXjV4JtDudop23dRegRSrWQ6xMs/R93aMhpHu7EjU
VGgm/Tzl9gBrNHLczVEBuotSrZCATgIm54WoVuLl7H1xQ0jw4Nly8fcUZxdoQvFY
RByaPabx1icSo++SITRuj9My447YTvYMuRAzlD276MWheQepNMQTGX3F2XpMLxF1
+ISfsRyyg0NEfvWh5B97Q4pn2K1mKRio/EUWMtwTQXGUAoOaMeplvaFGAF+LSb0N
vijkO3BpjVfqKQcpY8Fo1alNB+fZrMBjXRXjD2dXXDqq+RD+SinRi5EORG76pLm/
p5J5LZSupGyuhsys240MmwSzM54jNrnmqAxTVvfPxZmK
-----END CERTIFICATE-----