Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/8146d8-31b0-4022-af7e-fa5b2199a739/1/igu1HBQCLR1V-K0-3zcWvVR38_Q.roa
File:                     igu1HBQCLR1V-K0-3zcWvVR38_Q.roa (raw, json)
Hash identifier:          haVmzp4loEFEIlfjU/Ifex5GRzP7g2ubGaSjmF5LzcI=
Subject key identifier:   8A:0B:B5:1C:14:02:2D:1D:55:F8:AD:3E:DF:37:16:BD:54:77:F3:F4
Certificate issuer:       /CN=b56fa2bcfb1ba199d0a6597fb88954c0a6c512d5
Certificate serial:       019B79ECADEDBF57058991EE44C368BF1552
Authority key identifier: B5:6F:A2:BC:FB:1B:A1:99:D0:A6:59:7F:B8:89:54:C0:A6:C5:12:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tW-ivPsboZnQpll_uIlUwKbFEtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/8146d8-31b0-4022-af7e-fa5b2199a739/1/igu1HBQCLR1V-K0-3zcWvVR38_Q.roa
Signing time:             Thu 01 Jan 2026 14:18:32 +0000
ROA not before:           Thu 01 Jan 2026 14:18:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21769
IP address blocks:        45.11.32.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/8146d8-31b0-4022-af7e-fa5b2199a739/1/tW-ivPsboZnQpll_uIlUwKbFEtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/8146d8-31b0-4022-af7e-fa5b2199a739/1/tW-ivPsboZnQpll_uIlUwKbFEtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tW-ivPsboZnQpll_uIlUwKbFEtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:ad:ed:bf:57:05:89:91:ee:44:c3:68:bf:15:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b56fa2bcfb1ba199d0a6597fb88954c0a6c512d5
        Validity
            Not Before: Jan  1 14:18:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8a0bb51c14022d1d55f8ad3edf3716bd5477f3f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:3d:1a:1c:92:6d:2f:ca:b7:44:7e:80:49:37:
                    5c:d0:d1:9c:68:92:04:d6:c7:19:a3:c2:a9:4e:c1:
                    9f:ad:7f:15:33:57:53:93:f0:af:83:b8:fa:88:79:
                    a4:27:a5:57:cc:12:50:6c:b5:cd:a9:2b:27:12:21:
                    4c:92:e7:ee:18:ab:e3:bc:48:c3:f4:0f:e1:95:9d:
                    17:9b:54:26:1e:97:57:2d:68:a3:b8:56:c7:86:28:
                    c7:ec:6c:d2:2d:f2:ea:fc:1b:e8:42:f1:b3:f8:b4:
                    78:49:b2:b8:a8:83:34:83:d6:94:e2:57:ac:65:9d:
                    04:f3:69:5a:d3:13:17:e1:7b:1f:ea:93:1c:58:b3:
                    16:f3:35:e2:36:dc:8f:49:f3:59:97:e8:55:8c:a7:
                    0a:3d:a9:1d:5c:47:cc:6d:f4:96:2b:2a:3a:a6:80:
                    de:69:c3:c3:3f:41:8e:d2:3c:af:23:6a:c6:7d:f6:
                    84:22:e7:1a:49:cf:3d:3e:0a:c5:be:c3:e2:1b:83:
                    62:04:e8:6b:fa:9f:6f:49:18:a1:5f:ce:13:84:c5:
                    67:e0:68:4d:7e:18:0f:b8:f8:e8:5a:87:28:b6:39:
                    f2:46:57:62:8f:c7:36:20:6a:f2:83:14:a8:c4:6c:
                    f1:90:5e:c4:d3:34:a5:db:8a:85:f0:ac:99:ed:85:
                    51:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:0B:B5:1C:14:02:2D:1D:55:F8:AD:3E:DF:37:16:BD:54:77:F3:F4
            X509v3 Authority Key Identifier:
                keyid:B5:6F:A2:BC:FB:1B:A1:99:D0:A6:59:7F:B8:89:54:C0:A6:C5:12:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tW-ivPsboZnQpll_uIlUwKbFEtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/8146d8-31b0-4022-af7e-fa5b2199a739/1/igu1HBQCLR1V-K0-3zcWvVR38_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/8146d8-31b0-4022-af7e-fa5b2199a739/1/tW-ivPsboZnQpll_uIlUwKbFEtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4a:8d:65:ac:fd:48:4b:3e:3e:c7:6f:ba:db:30:ec:72:40:c2:
         3b:22:ef:72:65:44:b0:a5:48:b0:d0:39:87:b6:e5:31:f8:d9:
         8a:5a:6e:33:4d:d4:c4:d4:6e:57:e7:c9:62:87:4e:fc:21:f0:
         f4:ef:e8:22:e2:36:d3:03:0d:cd:82:51:bf:bf:2e:06:d5:9b:
         92:95:7e:62:1f:5c:08:39:81:68:3d:ba:24:9e:4a:be:f3:7e:
         56:5c:a7:6d:1a:33:f5:1a:e2:50:a7:7c:82:eb:53:81:4f:42:
         16:6f:a7:6b:d7:4e:30:f2:d9:5e:f5:43:42:bf:d4:5b:a3:a1:
         76:4f:7c:4e:59:dc:42:05:73:b8:00:d6:89:ae:27:57:e1:5e:
         75:e2:6f:4c:ee:00:7c:82:08:b8:40:3b:a7:a6:59:4c:3c:8d:
         f7:c4:10:8d:08:e3:56:57:46:fa:56:3a:9d:cb:1a:d9:5f:e1:
         09:a0:47:57:cd:e4:b4:3b:45:58:67:4c:f2:11:81:1b:3b:cc:
         11:84:e5:3a:5b:76:5a:64:80:d6:b6:9f:3f:07:1a:74:71:21:
         d6:7e:52:db:37:cc:1a:8f:1b:15:9b:5c:f8:3a:de:0c:48:d3:
         ef:b3:9c:d4:5b:cd:13:d6:2c:bb:9b:92:89:6d:7a:ef:fe:8e:
         1b:47:ab:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57K3tv1cFiZHuRMNovxVSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NmZhMmJjZmIxYmExOTlkMGE2NTk3ZmI4ODk1NGMwYTZj
NTEyZDUwHhcNMjYwMTAxMTQxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTBiYjUxYzE0MDIyZDFkNTVmOGFkM2VkZjM3MTZiZDU0NzdmM2Y0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuj0aHJJtL8q3RH6ASTdc0NGcaJIE
1scZo8KpTsGfrX8VM1dTk/Cvg7j6iHmkJ6VXzBJQbLXNqSsnEiFMkufuGKvjvEjD
9A/hlZ0Xm1QmHpdXLWijuFbHhijH7GzSLfLq/BvoQvGz+LR4SbK4qIM0g9aU4les
ZZ0E82la0xMX4Xsf6pMcWLMW8zXiNtyPSfNZl+hVjKcKPakdXEfMbfSWKyo6poDe
acPDP0GO0jyvI2rGffaEIucaSc89PgrFvsPiG4NiBOhr+p9vSRihX84ThMVn4GhN
fhgPuPjoWocotjnyRldij8c2IGrygxSoxGzxkF7E0zSl24qF8KyZ7YVRkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIoLtRwUAi0dVfitPt83Fr1Ud/P0MB8GA1UdIwQY
MBaAFLVvorz7G6GZ0KZZf7iJVMCmxRLVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFctaXZQc2JvWm5RcGxsX3VJbFV3S2JGRXRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS84MTQ2ZDgtMzFiMC00MDIyLWFmN2Ut
ZmE1YjIxOTlhNzM5LzEvaWd1MUhCUUNMUjFWLUswLTN6Y1d2VlIzOF9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS84MTQ2ZDgtMzFiMC00MDIyLWFmN2UtZmE1YjIxOTlhNzM5
LzEvdFctaXZQc2JvWm5RcGxsX3VJbFV3S2JGRXRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQsgMA0G
CSqGSIb3DQEBCwUAA4IBAQBKjWWs/UhLPj7Hb7rbMOxyQMI7Iu9yZUSwpUiw0DmH
tuUx+NmKWm4zTdTE1G5X58lih078IfD07+gi4jbTAw3NglG/vy4G1ZuSlX5iH1wI
OYFoPboknkq+835WXKdtGjP1GuJQp3yC61OBT0IWb6dr104w8tle9UNCv9Rbo6F2
T3xOWdxCBXO4ANaJridX4V514m9M7gB8ggi4QDunpllMPI33xBCNCONWV0b6Vjqd
yxrZX+EJoEdXzeS0O0VYZ0zyEYEbO8wRhOU6W3ZaZIDWtp8/Bxp0cSHWflLbN8wa
jxsVm1z4Ot4MSNPvs5zUW80T1iy7m5KJbXrv/o4bR6uV
-----END CERTIFICATE-----