Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/fea1b9-fc1c-4960-b903-e239c9a9f674/1/8yeFiATSyAXfiOazb7-TVzpxgPA.roa
File:                     8yeFiATSyAXfiOazb7-TVzpxgPA.roa (raw, json)
Hash identifier:          /+IrcoQvrMrLoWvFl+U97S495MR+5y6wumyj8v/0eso=
Subject key identifier:   F3:27:85:88:04:D2:C8:05:DF:88:E6:B3:6F:BF:93:57:3A:71:80:F0
Certificate issuer:       /CN=a57ba8db5630624c653a2639174b3590ce041406
Certificate serial:       019D7299650B0829F7DDAD2E786A2522902F
Authority key identifier: A5:7B:A8:DB:56:30:62:4C:65:3A:26:39:17:4B:35:90:CE:04:14:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXuo21YwYkxlOiY5F0s1kM4EFAY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/fea1b9-fc1c-4960-b903-e239c9a9f674/1/8yeFiATSyAXfiOazb7-TVzpxgPA.roa
Signing time:             Thu 09 Apr 2026 14:15:48 +0000
ROA not before:           Thu 09 Apr 2026 14:15:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212966
IP address blocks:        45.154.32.0/24 maxlen: 24
                          2a13:87c0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/fea1b9-fc1c-4960-b903-e239c9a9f674/1/pXuo21YwYkxlOiY5F0s1kM4EFAY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/fea1b9-fc1c-4960-b903-e239c9a9f674/1/pXuo21YwYkxlOiY5F0s1kM4EFAY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXuo21YwYkxlOiY5F0s1kM4EFAY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:72:99:65:0b:08:29:f7:dd:ad:2e:78:6a:25:22:90:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a57ba8db5630624c653a2639174b3590ce041406
        Validity
            Not Before: Apr  9 14:15:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f327858804d2c805df88e6b36fbf93573a7180f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:e0:55:2c:b3:fa:33:be:9a:7e:18:8d:f0:42:
                    f6:f1:33:f0:cb:f5:00:f5:ed:22:4e:84:d1:bd:31:
                    63:af:71:b6:13:21:c4:5d:fd:bd:2c:a1:70:2d:15:
                    22:f3:53:d3:94:b9:2e:a6:b0:c4:aa:0f:52:c6:64:
                    07:77:b5:68:b7:5a:43:77:64:01:6a:8e:76:d9:70:
                    86:74:d8:40:66:e3:a2:c6:b8:11:f3:bb:41:55:b2:
                    ec:5f:f3:33:8e:54:54:44:dc:81:5f:64:0d:17:0b:
                    d3:fb:2f:97:df:c2:f6:e7:fc:cd:6c:51:bf:5d:9e:
                    9c:91:75:38:b3:99:12:8f:88:0c:2f:aa:c1:c9:9b:
                    e5:59:22:cc:0f:33:11:2e:e6:14:83:59:9a:2e:ab:
                    dd:d0:3b:a8:26:73:e9:b5:0e:83:ee:cf:52:c9:99:
                    3b:11:ff:30:6e:27:0d:be:09:87:37:84:6d:70:29:
                    b0:d7:39:45:8c:93:e8:54:f5:ff:69:26:ba:3c:4e:
                    8b:2d:d1:b4:01:e6:f7:79:08:20:e8:3f:e8:15:ca:
                    f3:d0:4e:31:48:d0:29:c0:6b:a0:0d:05:29:f3:05:
                    7e:56:72:91:a5:21:af:9a:2e:7e:7d:6b:dd:14:3f:
                    ea:2c:93:80:52:4c:13:1f:7e:3e:ea:c6:62:05:cb:
                    a0:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:27:85:88:04:D2:C8:05:DF:88:E6:B3:6F:BF:93:57:3A:71:80:F0
            X509v3 Authority Key Identifier:
                keyid:A5:7B:A8:DB:56:30:62:4C:65:3A:26:39:17:4B:35:90:CE:04:14:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXuo21YwYkxlOiY5F0s1kM4EFAY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/fea1b9-fc1c-4960-b903-e239c9a9f674/1/8yeFiATSyAXfiOazb7-TVzpxgPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/fea1b9-fc1c-4960-b903-e239c9a9f674/1/pXuo21YwYkxlOiY5F0s1kM4EFAY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.32.0/24
                IPv6:
                  2a13:87c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         81:cf:35:e5:8d:f3:a6:1d:54:5b:a3:00:06:6f:a7:37:87:14:
         11:ad:13:35:7f:5f:0e:4c:33:54:da:2d:cb:9c:2a:33:16:8c:
         66:c1:71:ab:10:32:ed:03:2c:75:c3:5e:63:1a:a6:c3:e8:03:
         f5:50:84:a6:bf:20:45:99:dd:2d:c0:85:32:62:64:35:44:77:
         ed:90:83:68:ba:14:51:17:4b:96:01:62:da:90:b0:22:be:58:
         1d:cd:f5:65:1a:87:0f:b1:50:06:4f:4a:9e:88:5e:1f:26:b1:
         10:37:a4:62:d7:db:1d:08:2e:70:44:51:1a:8d:30:c1:8a:1d:
         9a:2c:0a:f7:5d:2e:d6:73:45:ba:7f:3e:cc:54:7b:e9:e8:bd:
         0f:9a:94:61:30:0c:ae:fb:5c:ee:57:a3:7a:50:2b:a6:54:e1:
         30:04:76:89:34:60:e6:87:65:a1:78:a6:4d:d5:b5:2d:b1:87:
         e3:53:91:22:69:4c:d0:1b:95:e4:ed:60:9d:a0:b4:09:58:0e:
         fe:2b:9d:c1:d3:90:04:19:d1:ba:fb:10:9e:83:22:44:3b:1a:
         7d:78:dd:69:3b:ea:c1:d8:84:c0:ed:cc:8f:bb:29:3c:83:96:
         6d:01:a0:26:a9:97:da:a6:17:e2:29:41:ab:77:94:54:d1:7f:
         5c:96:8d:b5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ1ymWULCCn33a0ueGolIpAvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1N2JhOGRiNTYzMDYyNGM2NTNhMjYzOTE3NGIzNTkwY2Uw
NDE0MDYwHhcNMjYwNDA5MTQxNTQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzI3ODU4ODA0ZDJjODA1ZGY4OGU2YjM2ZmJmOTM1NzNhNzE4MGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsuBVLLP6M76afhiN8EL28TPwy/UA
9e0iToTRvTFjr3G2EyHEXf29LKFwLRUi81PTlLkuprDEqg9SxmQHd7Vot1pDd2QB
ao522XCGdNhAZuOixrgR87tBVbLsX/MzjlRURNyBX2QNFwvT+y+X38L25/zNbFG/
XZ6ckXU4s5kSj4gML6rByZvlWSLMDzMRLuYUg1maLqvd0DuoJnPptQ6D7s9SyZk7
Ef8wbicNvgmHN4RtcCmw1zlFjJPoVPX/aSa6PE6LLdG0Aeb3eQgg6D/oFcrz0E4x
SNApwGugDQUp8wV+VnKRpSGvmi5+fWvdFD/qLJOAUkwTH34+6sZiBcugcQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPMnhYgE0sgF34jms2+/k1c6cYDwMB8GA1UdIwQY
MBaAFKV7qNtWMGJMZTomORdLNZDOBBQGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFh1bzIxWXdZa3hsT2lZNUYwczFrTTRFRkFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9mZWExYjktZmMxYy00OTYwLWI5MDMt
ZTIzOWM5YTlmNjc0LzEvOHllRmlBVFN5QVhmaU9hemI3LVRWenB4Z1BBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9mZWExYjktZmMxYy00OTYwLWI5MDMtZTIzOWM5YTlmNjc0
LzEvcFh1bzIxWXdZa3hsT2lZNUYwczFrTTRFRkFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALZogMA0E
AgACMAcDBQMqE4fAMA0GCSqGSIb3DQEBCwUAA4IBAQCBzzXljfOmHVRbowAGb6c3
hxQRrRM1f18OTDNU2i3LnCozFoxmwXGrEDLtAyx1w15jGqbD6AP1UISmvyBFmd0t
wIUyYmQ1RHftkINouhRRF0uWAWLakLAivlgdzfVlGocPsVAGT0qeiF4fJrEQN6Ri
19sdCC5wRFEajTDBih2aLAr3XS7Wc0W6fz7MVHvp6L0PmpRhMAyu+1zuV6N6UCum
VOEwBHaJNGDmh2WheKZN1bUtsYfjU5EiaUzQG5Xk7WCdoLQJWA7+K53B05AEGdG6
+xCegyJEOxp9eN1pO+rB2ITA7cyPuyk8g5ZtAaAmqZfaphfiKUGrd5RU0X9clo21
-----END CERTIFICATE-----