Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/8iiGHlsOJWwsrr4dYEu2DAJmDu4.roa
File:                     8iiGHlsOJWwsrr4dYEu2DAJmDu4.roa (raw, json)
Hash identifier:          8N8stGdhMpNHOzJEakrzgY5qXFCD32clBj0A+s284Zo=
Subject key identifier:   F2:28:86:1E:5B:0E:25:6C:2C:AE:BE:1D:60:4B:B6:0C:02:66:0E:EE
Certificate issuer:       /CN=d3c35bc9b7f8550be3e467c54a9d3a66e2443bd4
Certificate serial:       019D88E71A65F058E19F113A2691B1F8610C
Authority key identifier: D3:C3:5B:C9:B7:F8:55:0B:E3:E4:67:C5:4A:9D:3A:66:E2:44:3B:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/08Nbybf4VQvj5GfFSp06ZuJEO9Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/8iiGHlsOJWwsrr4dYEu2DAJmDu4.roa
Signing time:             Mon 13 Apr 2026 22:12:20 +0000
ROA not before:           Mon 13 Apr 2026 22:12:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42675
IP address blocks:        45.159.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/08Nbybf4VQvj5GfFSp06ZuJEO9Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/08Nbybf4VQvj5GfFSp06ZuJEO9Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/08Nbybf4VQvj5GfFSp06ZuJEO9Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:88:e7:1a:65:f0:58:e1:9f:11:3a:26:91:b1:f8:61:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3c35bc9b7f8550be3e467c54a9d3a66e2443bd4
        Validity
            Not Before: Apr 13 22:12:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f228861e5b0e256c2caebe1d604bb60c02660eee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:cb:86:0f:fd:40:de:a5:02:4a:9b:85:ef:01:
                    c1:c2:8e:9c:9e:37:b5:00:0f:a9:bf:71:5d:6a:09:
                    60:25:c2:23:59:3f:83:69:f9:5e:fb:0e:64:72:c1:
                    f3:2a:fe:6f:5f:4c:9d:77:b9:9b:69:41:1c:18:b3:
                    e6:4f:27:8c:a3:0d:ba:80:bf:60:1d:6a:15:c1:cc:
                    a5:8f:6f:e1:d2:bc:dd:97:4c:1a:d3:aa:cf:6c:c6:
                    bb:4d:14:a8:61:06:74:e9:2f:0a:9d:4a:4b:36:73:
                    a8:d7:00:f1:0d:01:e4:0a:96:c5:92:36:fa:84:60:
                    8b:2c:f6:6c:1a:70:06:1d:8c:14:e8:81:b1:bd:08:
                    1d:1b:07:40:fe:9e:52:0a:97:bf:73:ff:55:75:93:
                    eb:71:22:e6:1d:c4:97:a4:1b:1a:7f:d0:b7:27:ec:
                    48:1f:e5:fb:ea:a5:37:be:58:00:e2:f0:22:fa:38:
                    4f:a6:49:62:f9:3c:d9:da:b2:1c:81:b2:fc:f0:0a:
                    db:4e:fa:22:d3:9b:84:f0:35:3a:d9:5e:08:08:a8:
                    d6:25:ff:26:0a:b6:f8:b7:96:e9:74:01:53:3b:3f:
                    a7:9a:b7:55:63:a4:00:3e:ff:70:a5:3e:56:02:b9:
                    87:bb:f6:3d:71:4c:54:aa:66:54:3a:e0:d1:ac:7f:
                    cf:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:28:86:1E:5B:0E:25:6C:2C:AE:BE:1D:60:4B:B6:0C:02:66:0E:EE
            X509v3 Authority Key Identifier:
                keyid:D3:C3:5B:C9:B7:F8:55:0B:E3:E4:67:C5:4A:9D:3A:66:E2:44:3B:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/08Nbybf4VQvj5GfFSp06ZuJEO9Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/8iiGHlsOJWwsrr4dYEu2DAJmDu4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/08Nbybf4VQvj5GfFSp06ZuJEO9Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:dd:21:1c:86:1a:8d:ad:cb:79:b6:c3:2c:c0:e3:bc:a7:de:
         37:b3:0d:56:8a:27:20:e1:53:ad:1f:d5:61:d6:96:22:66:84:
         7c:8f:bf:a7:be:b5:56:d1:b6:46:01:05:b9:18:52:c7:9f:26:
         43:8a:48:a2:40:ee:84:ac:f4:f1:4e:dd:a1:d8:1a:35:2a:d8:
         bb:10:3f:5d:44:62:52:c6:a2:be:99:bf:ff:f3:ec:cf:d0:95:
         5e:48:7e:90:a9:e2:7c:dd:03:f8:96:1a:a8:ac:0f:91:db:27:
         4d:4b:43:9f:f8:c9:1d:c6:3d:aa:91:42:0d:b7:9e:23:33:f6:
         ef:31:52:ac:70:3b:bd:64:23:6f:7c:cb:48:2e:91:bf:19:22:
         0c:15:2f:26:79:3b:c3:a5:18:92:7c:47:57:7a:e3:92:33:5d:
         ee:bf:01:fe:6e:6c:e2:e0:dc:5a:79:78:05:ef:3c:58:cf:80:
         dc:7a:fc:5b:5e:13:40:2f:33:fe:14:d6:68:3e:ee:77:b1:fc:
         99:59:56:36:87:6b:6d:55:c9:38:3e:32:f6:4a:bb:f2:06:43:
         b7:28:c3:28:eb:78:9b:5e:f3:18:b0:23:07:d3:2a:17:9c:4c:
         46:25:18:e8:c2:58:e6:3e:86:7d:90:fc:31:f2:57:24:b8:9e:
         70:1e:2d:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2I5xpl8FjhnxE6JpGx+GEMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYzM1YmM5YjdmODU1MGJlM2U0NjdjNTRhOWQzYTY2ZTI0
NDNiZDQwHhcNMjYwNDEzMjIxMjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjI4ODYxZTViMGUyNTZjMmNhZWJlMWQ2MDRiYjYwYzAyNjYwZWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMuGD/1A3qUCSpuF7wHBwo6cnje1
AA+pv3FdaglgJcIjWT+Dafle+w5kcsHzKv5vX0ydd7mbaUEcGLPmTyeMow26gL9g
HWoVwcylj2/h0rzdl0wa06rPbMa7TRSoYQZ06S8KnUpLNnOo1wDxDQHkCpbFkjb6
hGCLLPZsGnAGHYwU6IGxvQgdGwdA/p5SCpe/c/9VdZPrcSLmHcSXpBsaf9C3J+xI
H+X76qU3vlgA4vAi+jhPpkli+TzZ2rIcgbL88ArbTvoi05uE8DU62V4ICKjWJf8m
Crb4t5bpdAFTOz+nmrdVY6QAPv9wpT5WArmHu/Y9cUxUqmZUOuDRrH/PdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPIohh5bDiVsLK6+HWBLtgwCZg7uMB8GA1UdIwQY
MBaAFNPDW8m3+FUL4+RnxUqdOmbiRDvUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDhOYnliZjRWUXZqNUdmRlNwMDZadUpFTzlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy84YmE4YmItYzFjMC00ZDM1LTkwYTct
Y2RhNWMzNzY2ZjAzLzEvOGlpR0hsc09KV3dzcnI0ZFlFdTJEQUptRHU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy84YmE4YmItYzFjMC00ZDM1LTkwYTctY2RhNWMzNzY2ZjAz
LzEvMDhOYnliZjRWUXZqNUdmRlNwMDZadUpFTzlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ8OMA0G
CSqGSIb3DQEBCwUAA4IBAQCg3SEchhqNrct5tsMswOO8p943sw1Wiicg4VOtH9Vh
1pYiZoR8j7+nvrVW0bZGAQW5GFLHnyZDikiiQO6ErPTxTt2h2Bo1Kti7ED9dRGJS
xqK+mb//8+zP0JVeSH6QqeJ83QP4lhqorA+R2ydNS0Of+Mkdxj2qkUINt54jM/bv
MVKscDu9ZCNvfMtILpG/GSIMFS8meTvDpRiSfEdXeuOSM13uvwH+bmzi4NxaeXgF
7zxYz4DcevxbXhNALzP+FNZoPu53sfyZWVY2h2ttVck4PjL2SrvyBkO3KMMo63ib
XvMYsCMH0yoXnExGJRjowljmPoZ9kPwx8lckuJ5wHi3Q
-----END CERTIFICATE-----