Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/h71Yv2JT78lZ32-boHdqirguohk.roa
File:                     h71Yv2JT78lZ32-boHdqirguohk.roa (raw, json)
Hash identifier:          lsiFcaLhUojE1P30MtDW0JIDCpauP4wSFeSBzKbGvF4=
Subject key identifier:   87:BD:58:BF:62:53:EF:C9:59:DF:6F:9B:A0:77:6A:8A:B8:2E:A2:19
Certificate issuer:       /CN=f1b8bbb1e186a599d4cc058cabf4df0e252f31fa
Certificate serial:       019CAAED593925FDDAFB2A4B692F7F450B34
Authority key identifier: F1:B8:BB:B1:E1:86:A5:99:D4:CC:05:8C:AB:F4:DF:0E:25:2F:31:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8bi7seGGpZnUzAWMq_TfDiUvMfo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/h71Yv2JT78lZ32-boHdqirguohk.roa
Signing time:             Sun 01 Mar 2026 19:43:27 +0000
ROA not before:           Sun 01 Mar 2026 19:43:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208427
IP address blocks:        45.154.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/8bi7seGGpZnUzAWMq_TfDiUvMfo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/8bi7seGGpZnUzAWMq_TfDiUvMfo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8bi7seGGpZnUzAWMq_TfDiUvMfo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:aa:ed:59:39:25:fd:da:fb:2a:4b:69:2f:7f:45:0b:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1b8bbb1e186a599d4cc058cabf4df0e252f31fa
        Validity
            Not Before: Mar  1 19:43:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=87bd58bf6253efc959df6f9ba0776a8ab82ea219
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:c6:29:11:38:ad:97:02:06:e5:6d:d9:5c:37:
                    81:e4:ef:18:f0:f2:12:a5:ce:48:a4:79:61:66:7c:
                    5e:07:98:9b:86:9f:a6:46:5f:32:7d:37:fe:fb:27:
                    55:21:16:04:28:5c:3a:23:dd:56:59:b7:eb:9f:35:
                    98:1d:4e:e0:e0:13:30:e0:de:0b:62:59:03:5e:00:
                    96:88:3f:c8:f2:0b:f7:a4:9d:91:9d:83:77:97:5c:
                    fc:bd:af:c2:41:30:c2:2c:be:8e:60:0c:ba:f0:a2:
                    dc:53:72:a1:31:6e:88:a7:8c:c5:84:44:78:c1:f3:
                    81:ed:b4:0e:a8:57:be:19:28:8c:cb:96:3e:f2:40:
                    52:1a:43:07:99:6e:b8:8f:eb:92:19:6a:a4:00:27:
                    c8:38:bf:1b:bf:d3:e7:2a:58:d5:a3:b7:c3:7f:15:
                    65:cd:04:8e:60:ec:4d:09:ad:75:3e:ce:ae:54:4a:
                    59:b9:a7:77:ae:ef:99:cc:22:9a:5a:da:71:07:73:
                    ef:a3:ed:c4:dc:3d:32:28:6a:83:72:e9:b1:8b:01:
                    b5:0c:2a:39:65:e7:9a:c0:6f:5e:ae:e8:f8:d5:1d:
                    eb:61:51:a8:79:00:24:84:91:80:75:3e:30:5e:7b:
                    2e:06:7f:d2:8b:5e:90:74:0c:a9:92:02:63:ab:2a:
                    ce:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:BD:58:BF:62:53:EF:C9:59:DF:6F:9B:A0:77:6A:8A:B8:2E:A2:19
            X509v3 Authority Key Identifier:
                keyid:F1:B8:BB:B1:E1:86:A5:99:D4:CC:05:8C:AB:F4:DF:0E:25:2F:31:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8bi7seGGpZnUzAWMq_TfDiUvMfo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/h71Yv2JT78lZ32-boHdqirguohk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/8bi7seGGpZnUzAWMq_TfDiUvMfo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:f3:a7:d5:3e:e0:22:4a:53:d7:bd:2c:11:03:8a:65:f8:17:
         5c:9d:3e:ca:7e:a0:91:c2:c3:f6:2c:9e:b2:94:34:d3:8d:17:
         04:e4:05:c9:1b:8a:ad:15:89:f2:16:93:c5:c0:72:80:7e:da:
         64:12:8b:07:9f:73:8d:a1:3c:c5:8d:89:e0:3a:78:30:b2:a3:
         a2:0c:13:ae:8e:d9:4f:29:46:33:9f:db:a7:38:57:33:d6:3a:
         ff:73:a5:01:f1:7b:2c:36:fa:c0:91:81:8e:cc:8d:08:8c:03:
         83:d0:d0:ba:3f:70:7f:5e:fa:99:7b:13:5a:57:1e:2b:a8:b1:
         97:38:e1:eb:17:dc:fb:b6:36:c8:22:cf:ec:49:9a:f9:05:ad:
         d9:55:5b:b6:9e:21:24:d6:1f:b9:c9:0e:a3:4a:7f:34:34:4e:
         78:c1:9c:ce:2f:a9:96:fc:89:c8:98:e3:57:38:55:8c:82:20:
         e2:9f:27:c1:6c:91:21:c7:ec:8a:ac:18:8b:41:e0:1d:14:d6:
         0c:a4:29:de:bc:a2:0e:03:b1:30:a2:5e:a0:7f:a2:38:f4:67:
         b1:23:34:19:f4:f2:90:d7:ac:65:83:29:45:1c:e8:17:bd:1b:
         4f:07:57:8c:8f:0d:41:65:8c:1f:a7:2f:37:91:4c:ec:e5:7b:
         e7:1a:af:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyq7Vk5Jf3a+ypLaS9/RQs0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxYjhiYmIxZTE4NmE1OTlkNGNjMDU4Y2FiZjRkZjBlMjUy
ZjMxZmEwHhcNMjYwMzAxMTk0MzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2JkNThiZjYyNTNlZmM5NTlkZjZmOWJhMDc3NmE4YWI4MmVhMjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8YpETitlwIG5W3ZXDeB5O8Y8PIS
pc5IpHlhZnxeB5ibhp+mRl8yfTf++ydVIRYEKFw6I91WWbfrnzWYHU7g4BMw4N4L
YlkDXgCWiD/I8gv3pJ2RnYN3l1z8va/CQTDCLL6OYAy68KLcU3KhMW6Ip4zFhER4
wfOB7bQOqFe+GSiMy5Y+8kBSGkMHmW64j+uSGWqkACfIOL8bv9PnKljVo7fDfxVl
zQSOYOxNCa11Ps6uVEpZuad3ru+ZzCKaWtpxB3Pvo+3E3D0yKGqDcumxiwG1DCo5
ZeeawG9eruj41R3rYVGoeQAkhJGAdT4wXnsuBn/Si16QdAypkgJjqyrOyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIe9WL9iU+/JWd9vm6B3aoq4LqIZMB8GA1UdIwQY
MBaAFPG4u7HhhqWZ1MwFjKv03w4lLzH6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGJpN3NlR0dwWm5VekFXTXFfVGZEaVV2TWZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi8zMjFlYTYtZWZmNy00NTE0LWFiMmQt
NWI0Yjg1ZmQ1YWU1LzEvaDcxWXYySlQ3OGxaMzItYm9IZHFpcmd1b2hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi8zMjFlYTYtZWZmNy00NTE0LWFiMmQtNWI0Yjg1ZmQ1YWU1
LzEvOGJpN3NlR0dwWm5VekFXTXFfVGZEaVV2TWZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZoAMA0G
CSqGSIb3DQEBCwUAA4IBAQAW86fVPuAiSlPXvSwRA4pl+BdcnT7KfqCRwsP2LJ6y
lDTTjRcE5AXJG4qtFYnyFpPFwHKAftpkEosHn3ONoTzFjYngOngwsqOiDBOujtlP
KUYzn9unOFcz1jr/c6UB8XssNvrAkYGOzI0IjAOD0NC6P3B/XvqZexNaVx4rqLGX
OOHrF9z7tjbIIs/sSZr5Ba3ZVVu2niEk1h+5yQ6jSn80NE54wZzOL6mW/InImONX
OFWMgiDinyfBbJEhx+yKrBiLQeAdFNYMpCnevKIOA7Ewol6gf6I49GexIzQZ9PKQ
16xlgylFHOgXvRtPB1eMjw1BZYwfpy83kUzs5XvnGq/a
-----END CERTIFICATE-----