Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/CSHq2VNBK49Kb5yEHr25AHq4oM0.roa
File:                     CSHq2VNBK49Kb5yEHr25AHq4oM0.roa (raw, json)
Hash identifier:          ALFbBIwmoB68OFvOKrRtrEVl5gFCkjA3RWGyNMCVHII=
Subject key identifier:   09:21:EA:D9:53:41:2B:8F:4A:6F:9C:84:1E:BD:B9:00:7A:B8:A0:CD
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       019C8EB056BB2F8221F3BFDBC2F7D2F8A67C
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/CSHq2VNBK49Kb5yEHr25AHq4oM0.roa
Signing time:             Tue 24 Feb 2026 08:07:27 +0000
ROA not before:           Tue 24 Feb 2026 08:07:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2914
IP address blocks:        45.134.146.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 14:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8e:b0:56:bb:2f:82:21:f3:bf:db:c2:f7:d2:f8:a6:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Feb 24 08:07:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0921ead953412b8f4a6f9c841ebdb9007ab8a0cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:82:98:b7:82:ea:26:41:19:55:65:95:af:08:
                    6b:64:ce:c0:e4:0b:3e:7d:4e:a9:8d:c7:32:fb:27:
                    c7:02:ca:8b:d5:6a:a6:73:44:9c:e0:e7:d7:46:ba:
                    c3:03:f0:ad:0c:ad:f9:45:35:2f:ba:e5:0e:20:4b:
                    e5:d2:a0:fc:cb:6f:e1:8e:ea:89:4e:6d:ae:9f:6a:
                    4c:d5:99:1d:c8:5d:43:39:f2:6a:34:fc:cc:a5:ee:
                    24:a9:98:69:8d:5d:72:2a:cb:69:18:fd:29:e4:14:
                    17:59:e5:a5:77:a0:81:5a:88:82:d4:bf:12:44:68:
                    e3:b2:fc:a7:6f:f2:d0:3a:39:c6:1d:5e:81:cf:5b:
                    77:10:7e:1a:cd:20:71:de:b4:57:80:90:13:c5:88:
                    be:37:a7:ab:ba:6f:24:47:96:61:d8:47:10:b1:9f:
                    76:33:42:7c:74:3a:10:d5:a3:fe:fb:0f:0a:67:c3:
                    78:f2:4b:0a:99:a1:59:c8:a0:d9:b8:fd:ff:06:42:
                    d8:32:42:fc:e2:21:5f:65:27:4f:80:88:ce:d9:d3:
                    5b:60:5d:d1:76:06:1f:72:6d:7d:0b:cd:95:ff:7a:
                    d0:2d:13:67:d1:fd:fb:06:c4:88:2a:33:77:74:b6:
                    c7:0d:be:51:66:d9:91:a7:23:bb:69:4e:88:82:c7:
                    0e:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:21:EA:D9:53:41:2B:8F:4A:6F:9C:84:1E:BD:B9:00:7A:B8:A0:CD
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/CSHq2VNBK49Kb5yEHr25AHq4oM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:45:9b:3f:d5:1a:ef:24:37:41:38:35:40:01:78:b4:cb:a3:
         88:be:08:60:9e:c6:72:4f:f6:0a:4a:9c:10:33:2a:e7:e0:95:
         7c:08:0e:09:47:d7:de:47:ec:33:41:4f:3a:10:14:4e:e7:62:
         a9:cc:c5:0e:ce:c9:42:d0:a4:c1:a3:67:33:d7:de:51:de:c7:
         d7:45:09:b8:db:ac:67:da:6b:33:6a:6c:11:86:16:08:6e:9e:
         8b:02:ff:ed:58:73:34:2a:e8:ef:d9:af:13:e7:87:43:d8:4b:
         38:9d:b8:c4:e8:a8:b0:5e:7a:6e:93:9a:04:1d:09:14:97:5c:
         26:3f:da:e0:cb:69:fa:a7:f5:7b:f7:5d:fe:67:b8:48:bb:56:
         8a:4d:26:80:5c:bd:bb:3c:38:67:a6:bc:1f:e6:8f:ae:22:a3:
         3b:82:27:5b:7d:7d:f2:74:6d:ed:11:03:76:b4:58:65:e9:92:
         60:c2:96:4d:11:28:82:88:aa:31:8f:d5:f1:52:fd:a7:2f:c0:
         18:61:33:74:0c:e4:38:ee:9e:ee:01:60:f4:ce:cd:f9:62:bf:
         19:1e:1c:0f:4f:8e:f3:0d:74:1d:9a:88:92:ea:ad:8c:41:7e:
         62:51:45:77:7f:14:48:f4:e4:a0:29:94:21:47:d9:2b:2f:38:
         b1:37:85:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyOsFa7L4Ih87/bwvfS+KZ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjYwMjI0MDgwNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTIxZWFkOTUzNDEyYjhmNGE2ZjljODQxZWJkYjkwMDdhYjhhMGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhYKYt4LqJkEZVWWVrwhrZM7A5As+
fU6pjccy+yfHAsqL1Wqmc0Sc4OfXRrrDA/CtDK35RTUvuuUOIEvl0qD8y2/hjuqJ
Tm2un2pM1ZkdyF1DOfJqNPzMpe4kqZhpjV1yKstpGP0p5BQXWeWld6CBWoiC1L8S
RGjjsvynb/LQOjnGHV6Bz1t3EH4azSBx3rRXgJATxYi+N6erum8kR5Zh2EcQsZ92
M0J8dDoQ1aP++w8KZ8N48ksKmaFZyKDZuP3/BkLYMkL84iFfZSdPgIjO2dNbYF3R
dgYfcm19C82V/3rQLRNn0f37BsSIKjN3dLbHDb5RZtmRpyO7aU6IgscOmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAkh6tlTQSuPSm+chB69uQB6uKDNMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvQ1NIcTJWTkJLNDlLYjV5RUhyMjVBSHE0b00wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYaSMA0G
CSqGSIb3DQEBCwUAA4IBAQApRZs/1RrvJDdBODVAAXi0y6OIvghgnsZyT/YKSpwQ
Myrn4JV8CA4JR9feR+wzQU86EBRO52KpzMUOzslC0KTBo2cz195R3sfXRQm426xn
2mszamwRhhYIbp6LAv/tWHM0Kujv2a8T54dD2Es4nbjE6KiwXnpuk5oEHQkUl1wm
P9rgy2n6p/V7913+Z7hIu1aKTSaAXL27PDhnprwf5o+uIqM7gidbfX3ydG3tEQN2
tFhl6ZJgwpZNESiCiKoxj9XxUv2nL8AYYTN0DOQ47p7uAWD0zs35Yr8ZHhwPT47z
DXQdmoiS6q2MQX5iUUV3fxRI9OSgKZQhR9krLzixN4Uk
-----END CERTIFICATE-----