Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/2dab18-7bb7-4aa1-98ad-27c9d9114238/1/AhYsuHNUbK8a0XunNi5rUoZZd74.roa
File:                     AhYsuHNUbK8a0XunNi5rUoZZd74.roa (raw, json)
Hash identifier:          +Iz4KrzXh/10Mx5yBgfEhonyL6CqUOw7mbJ6px2LQGs=
Subject key identifier:   02:16:2C:B8:73:54:6C:AF:1A:D1:7B:A7:36:2E:6B:52:86:59:77:BE
Certificate issuer:       /CN=a1a55bf2888753e44675b61dda30394d90156c0a
Certificate serial:       019C9EFF246E586607874478E9B514F007A8
Authority key identifier: A1:A5:5B:F2:88:87:53:E4:46:75:B6:1D:DA:30:39:4D:90:15:6C:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oaVb8oiHU-RGdbYd2jA5TZAVbAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/2dab18-7bb7-4aa1-98ad-27c9d9114238/1/AhYsuHNUbK8a0XunNi5rUoZZd74.roa
Signing time:             Fri 27 Feb 2026 12:07:26 +0000
ROA not before:           Fri 27 Feb 2026 12:07:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        45.138.190.0/24 maxlen: 24
                          45.138.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/2dab18-7bb7-4aa1-98ad-27c9d9114238/1/oaVb8oiHU-RGdbYd2jA5TZAVbAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/2dab18-7bb7-4aa1-98ad-27c9d9114238/1/oaVb8oiHU-RGdbYd2jA5TZAVbAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oaVb8oiHU-RGdbYd2jA5TZAVbAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9e:ff:24:6e:58:66:07:87:44:78:e9:b5:14:f0:07:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1a55bf2888753e44675b61dda30394d90156c0a
        Validity
            Not Before: Feb 27 12:07:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=02162cb873546caf1ad17ba7362e6b52865977be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d4:e8:35:8c:ed:a2:7b:05:2b:bd:19:87:ee:
                    f9:a4:18:1d:40:ac:56:6e:68:5c:4a:79:f8:2a:f5:
                    fd:d8:2c:85:ed:99:d2:cf:ab:cd:3e:3f:4d:40:13:
                    b5:a7:69:27:8e:a9:8a:6a:ea:6f:80:8f:c7:12:bf:
                    b3:a5:ef:a8:7b:d4:8b:ce:b4:7b:a9:26:80:af:8c:
                    cd:68:6e:1b:4c:23:5d:4b:7b:39:63:1c:63:ed:fc:
                    fa:6b:84:2c:9d:c2:71:ab:bf:a1:56:41:e7:9c:f4:
                    15:c9:1f:e2:2d:5e:c9:86:dd:2a:b3:84:ee:e7:a8:
                    04:db:67:8f:ba:f4:c3:0d:42:68:22:eb:7f:de:d3:
                    58:19:a5:7e:ef:e5:d6:2e:76:b6:47:f9:a1:b2:b0:
                    7c:55:4b:d2:6d:46:c0:05:56:89:99:d9:59:08:b7:
                    ca:c6:10:bd:41:66:0f:cb:d2:30:0c:be:4d:00:6b:
                    f2:49:e9:d6:8a:ec:96:cb:89:8a:fd:d8:c2:83:13:
                    ee:00:a9:8c:a4:a9:d7:30:8f:a7:72:f9:9f:2d:5d:
                    38:9b:bc:9f:be:12:f9:cd:73:0b:8d:d5:b6:c5:88:
                    f2:1f:3f:2b:dc:bf:26:ab:47:dc:62:d8:2c:79:96:
                    cc:7a:a1:2a:35:85:f4:ba:31:a9:76:08:50:c3:9e:
                    42:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:16:2C:B8:73:54:6C:AF:1A:D1:7B:A7:36:2E:6B:52:86:59:77:BE
            X509v3 Authority Key Identifier:
                keyid:A1:A5:5B:F2:88:87:53:E4:46:75:B6:1D:DA:30:39:4D:90:15:6C:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oaVb8oiHU-RGdbYd2jA5TZAVbAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/2dab18-7bb7-4aa1-98ad-27c9d9114238/1/AhYsuHNUbK8a0XunNi5rUoZZd74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/2dab18-7bb7-4aa1-98ad-27c9d9114238/1/oaVb8oiHU-RGdbYd2jA5TZAVbAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0a:0d:14:80:ca:3b:94:62:a7:d5:ff:06:f5:c7:9c:75:18:d9:
         e0:09:19:7d:0c:f8:e7:d9:82:55:c6:34:4d:fc:a0:6b:e2:cf:
         94:5b:e2:ad:23:af:49:72:be:c3:53:8e:42:0a:08:dc:71:27:
         c1:21:02:80:7d:28:66:52:30:4b:23:c0:6b:a5:15:fa:32:1f:
         f3:b3:73:aa:53:4f:fc:17:bc:57:1d:54:0b:14:d9:97:58:ef:
         ab:20:26:d3:97:e8:26:46:51:b4:53:f7:56:1a:5c:53:88:87:
         c0:a2:d6:6d:da:a1:c0:ee:22:c5:8d:81:a5:e0:99:b4:9b:06:
         f2:16:05:60:8b:00:f4:34:ba:93:18:ba:c4:17:ed:5e:d3:b0:
         b6:c5:11:c2:28:1e:3f:fd:22:64:35:66:9f:bb:40:36:65:f0:
         16:86:56:81:f7:db:bb:de:aa:40:c6:8b:fe:28:ca:55:9a:b3:
         80:88:de:f0:76:18:61:d9:c5:f0:28:83:cd:1e:89:f7:fe:28:
         f4:72:56:29:e5:b4:96:60:fb:7c:89:43:2b:8a:ff:e3:53:e2:
         aa:76:16:f0:81:35:4f:da:0e:84:10:46:a1:a8:12:fb:0d:fe:
         c0:f6:6f:ce:8e:91:37:b4:bf:41:23:e4:0c:e9:bc:27:33:f1:
         b5:51:0a:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZye/yRuWGYHh0R46bUU8AeoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExYTU1YmYyODg4NzUzZTQ0Njc1YjYxZGRhMzAzOTRkOTAx
NTZjMGEwHhcNMjYwMjI3MTIwNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjE2MmNiODczNTQ2Y2FmMWFkMTdiYTczNjJlNmI1Mjg2NTk3N2JlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9ToNYztonsFK70Zh+75pBgdQKxW
bmhcSnn4KvX92CyF7ZnSz6vNPj9NQBO1p2knjqmKaupvgI/HEr+zpe+oe9SLzrR7
qSaAr4zNaG4bTCNdS3s5Yxxj7fz6a4QsncJxq7+hVkHnnPQVyR/iLV7Jht0qs4Tu
56gE22ePuvTDDUJoIut/3tNYGaV+7+XWLna2R/mhsrB8VUvSbUbABVaJmdlZCLfK
xhC9QWYPy9IwDL5NAGvySenWiuyWy4mK/djCgxPuAKmMpKnXMI+ncvmfLV04m7yf
vhL5zXMLjdW2xYjyHz8r3L8mq0fcYtgseZbMeqEqNYX0ujGpdghQw55CKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAIWLLhzVGyvGtF7pzYua1KGWXe+MB8GA1UdIwQY
MBaAFKGlW/KIh1PkRnW2HdowOU2QFWwKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2FWYjhvaUhVLVJHZGJZZDJqQTVUWkFWYkFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8yZGFiMTgtN2JiNy00YWExLTk4YWQt
MjdjOWQ5MTE0MjM4LzEvQWhZc3VITlViSzhhMFh1bk5pNXJVb1paZDc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8yZGFiMTgtN2JiNy00YWExLTk4YWQtMjdjOWQ5MTE0MjM4
LzEvb2FWYjhvaUhVLVJHZGJZZDJqQTVUWkFWYkFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYq+MA0G
CSqGSIb3DQEBCwUAA4IBAQAKDRSAyjuUYqfV/wb1x5x1GNngCRl9DPjn2YJVxjRN
/KBr4s+UW+KtI69Jcr7DU45CCgjccSfBIQKAfShmUjBLI8BrpRX6Mh/zs3OqU0/8
F7xXHVQLFNmXWO+rICbTl+gmRlG0U/dWGlxTiIfAotZt2qHA7iLFjYGl4Jm0mwby
FgVgiwD0NLqTGLrEF+1e07C2xRHCKB4//SJkNWafu0A2ZfAWhlaB99u73qpAxov+
KMpVmrOAiN7wdhhh2cXwKIPNHon3/ij0clYp5bSWYPt8iUMriv/jU+KqdhbwgTVP
2g6EEEahqBL7Df7A9m/OjpE3tL9BI+QM6bwnM/G1UQo4
-----END CERTIFICATE-----