Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/pxRlg7r3zdKrN0xbgGYg6pE-_pM.roa
File:                     pxRlg7r3zdKrN0xbgGYg6pE-_pM.roa (raw, json)
Hash identifier:          QBOLNoLZhiGqlcS+xFgWsoHdojvIbwRLNghhP9v+5Wc=
Subject key identifier:   A7:14:65:83:BA:F7:CD:D2:AB:37:4C:5B:80:66:20:EA:91:3E:FE:93
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019CAA7AE6E5936CA01249902F25ECE69E9F
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/pxRlg7r3zdKrN0xbgGYg6pE-_pM.roa
Signing time:             Sun 01 Mar 2026 17:38:27 +0000
ROA not before:           Sun 01 Mar 2026 17:38:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207359
IP address blocks:        45.43.148.0/24 maxlen: 24
                          104.239.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:aa:7a:e6:e5:93:6c:a0:12:49:90:2f:25:ec:e6:9e:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Mar  1 17:38:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a7146583baf7cdd2ab374c5b806620ea913efe93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:8e:8f:25:40:63:c7:ca:26:8d:48:02:a2:ab:
                    13:15:5d:72:52:6b:49:65:ef:85:77:42:8f:99:fc:
                    1b:d8:03:ca:b3:79:1a:18:4a:53:a9:41:ac:78:13:
                    1b:ad:ef:e6:a1:7a:17:59:42:ff:a5:bb:4f:8d:d4:
                    cb:a5:e6:e1:65:19:46:44:c4:1c:6f:3b:d0:0c:97:
                    9e:7a:03:c7:28:7f:e2:b6:fa:45:f1:bc:6d:c3:75:
                    53:81:51:38:34:a0:df:40:cf:ba:77:7d:29:87:76:
                    e0:28:da:7e:05:94:52:f6:68:90:91:85:7b:21:b5:
                    cf:19:ce:ec:20:68:8b:8c:19:8b:78:1f:2f:b5:1e:
                    06:bc:7e:5f:9e:54:dd:46:11:25:bd:a8:51:a8:88:
                    c3:b7:ae:24:73:e4:7a:dc:9c:24:d9:86:b3:ea:9c:
                    d1:a6:33:01:ad:c9:e5:24:22:3f:21:25:88:21:95:
                    ec:c1:e8:1b:9c:81:a8:7a:a3:76:b2:58:d6:4e:cb:
                    f6:30:09:09:7a:75:5c:0b:00:cc:e7:9b:01:34:e9:
                    fe:30:e4:c4:53:70:97:78:6b:10:e0:35:46:a7:ec:
                    96:63:e1:a7:be:97:b0:0c:c7:c3:a5:55:ce:7b:d7:
                    88:95:53:1e:18:68:19:8e:f4:ee:a2:e3:8f:74:c3:
                    b8:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:14:65:83:BA:F7:CD:D2:AB:37:4C:5B:80:66:20:EA:91:3E:FE:93
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/pxRlg7r3zdKrN0xbgGYg6pE-_pM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.148.0/24
                  104.239.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:a2:70:f0:63:9f:d5:98:4d:96:60:d2:ca:2d:32:b9:99:1a:
         25:32:df:e0:a5:cd:e4:24:02:1d:2a:54:d7:15:ff:ce:4b:33:
         96:2d:ab:34:f3:10:5b:c1:51:fa:2f:b1:02:2b:a0:9b:e8:85:
         6f:0e:41:7a:60:6f:dc:c9:05:d0:cc:7d:e8:f5:cf:17:6d:a0:
         9c:cb:ed:f3:2a:f6:bd:58:b5:14:6b:fa:b5:3a:47:7f:46:fe:
         ea:53:3d:6a:67:b1:39:a6:f8:2b:36:81:a1:60:46:7e:c4:ab:
         00:ca:07:31:03:68:00:d3:7c:b8:7a:07:7f:4c:2f:37:a5:63:
         fe:f1:dd:5d:dc:6b:d7:75:65:97:d2:f4:52:25:70:0c:79:62:
         d2:e9:29:bb:a0:02:ba:2b:e0:a0:e8:83:6a:24:24:c1:9e:b4:
         0d:2f:6b:25:f6:c8:42:5a:49:0e:04:4a:24:67:26:2b:4b:05:
         34:06:af:6d:6f:c0:64:57:47:f7:59:4f:ab:c8:4f:d3:b5:57:
         2a:cb:a2:02:22:10:a5:10:bd:cb:90:6f:7f:0c:a5:08:18:68:
         41:4e:12:76:2b:fc:7a:f3:3e:9c:2d:cf:d3:16:b5:ea:9e:53:
         fb:8e:90:31:46:c0:7f:b4:37:29:29:f3:83:49:35:cb:31:ee:
         20:0e:a5:9c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyqeublk2ygEkmQLyXs5p6fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjYwMzAxMTczODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzE0NjU4M2JhZjdjZGQyYWIzNzRjNWI4MDY2MjBlYTkxM2VmZTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp46PJUBjx8omjUgCoqsTFV1yUmtJ
Ze+Fd0KPmfwb2APKs3kaGEpTqUGseBMbre/moXoXWUL/pbtPjdTLpebhZRlGRMQc
bzvQDJeeegPHKH/itvpF8bxtw3VTgVE4NKDfQM+6d30ph3bgKNp+BZRS9miQkYV7
IbXPGc7sIGiLjBmLeB8vtR4GvH5fnlTdRhElvahRqIjDt64kc+R63Jwk2Yaz6pzR
pjMBrcnlJCI/ISWIIZXswegbnIGoeqN2sljWTsv2MAkJenVcCwDM55sBNOn+MOTE
U3CXeGsQ4DVGp+yWY+GnvpewDMfDpVXOe9eIlVMeGGgZjvTuouOPdMO4NwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKcUZYO6983SqzdMW4BmIOqRPv6TMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvcHhSbGc3cjN6ZEtyTjB4YmdHWWc2cEUtX3BNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALSuUAwQA
aO8OMA0GCSqGSIb3DQEBCwUAA4IBAQB1onDwY5/VmE2WYNLKLTK5mRolMt/gpc3k
JAIdKlTXFf/OSzOWLas08xBbwVH6L7ECK6Cb6IVvDkF6YG/cyQXQzH3o9c8XbaCc
y+3zKva9WLUUa/q1Okd/Rv7qUz1qZ7E5pvgrNoGhYEZ+xKsAygcxA2gA03y4egd/
TC83pWP+8d1d3GvXdWWX0vRSJXAMeWLS6Sm7oAK6K+Cg6INqJCTBnrQNL2sl9shC
WkkOBEokZyYrSwU0Bq9tb8BkV0f3WU+ryE/TtVcqy6ICIhClEL3LkG9/DKUIGGhB
ThJ2K/x68z6cLc/TFrXqnlP7jpAxRsB/tDcpKfODSTXLMe4gDqWc
-----END CERTIFICATE-----