Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/03f487-0ccd-4f39-aeda-fff5feaa3b64/1/haZE82qyvwkubicw8jZzK_nrWDg.roa
File:                     haZE82qyvwkubicw8jZzK_nrWDg.roa (raw, json)
Hash identifier:          Idp2fSofKC2T4SKeZni0D1Lp8tt7purU0xOSY8SYiLQ=
Subject key identifier:   85:A6:44:F3:6A:B2:BF:09:2E:6E:27:30:F2:36:73:2B:F9:EB:58:38
Certificate issuer:       /CN=c1e4027ae060d737b0a63568c1ecf9b1fb19eb28
Certificate serial:       019D9086170E98901CBDB7DD0146E7E2B6EB
Authority key identifier: C1:E4:02:7A:E0:60:D7:37:B0:A6:35:68:C1:EC:F9:B1:FB:19:EB:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/weQCeuBg1zewpjVowez5sfsZ6yg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/03f487-0ccd-4f39-aeda-fff5feaa3b64/1/haZE82qyvwkubicw8jZzK_nrWDg.roa
Signing time:             Wed 15 Apr 2026 09:43:20 +0000
ROA not before:           Wed 15 Apr 2026 09:43:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208474
IP address blocks:        45.134.204.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/03f487-0ccd-4f39-aeda-fff5feaa3b64/1/weQCeuBg1zewpjVowez5sfsZ6yg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/03f487-0ccd-4f39-aeda-fff5feaa3b64/1/weQCeuBg1zewpjVowez5sfsZ6yg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/weQCeuBg1zewpjVowez5sfsZ6yg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 04:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:90:86:17:0e:98:90:1c:bd:b7:dd:01:46:e7:e2:b6:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1e4027ae060d737b0a63568c1ecf9b1fb19eb28
        Validity
            Not Before: Apr 15 09:43:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=85a644f36ab2bf092e6e2730f236732bf9eb5838
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:58:57:7a:c7:a2:b8:e5:98:40:cc:b6:91:87:
                    51:30:48:27:54:3d:70:7b:7c:bb:8b:30:24:e5:b7:
                    50:5b:9c:56:9d:7f:3d:e3:83:38:75:e8:33:10:4f:
                    96:b7:fb:60:a6:b8:7f:91:b9:11:d6:11:d7:ce:e3:
                    41:e9:86:7c:dd:81:b4:30:58:60:3a:b1:d1:93:f8:
                    cf:de:6e:83:f7:fb:1e:18:9d:75:4d:af:77:05:bc:
                    a0:a9:4d:69:10:f1:a0:ef:b2:a9:24:68:4f:68:4e:
                    1b:af:f4:37:37:25:71:b4:0f:70:ce:d1:83:58:de:
                    e0:91:78:a1:5f:bb:ba:24:97:bb:d0:82:8e:a2:6d:
                    ba:50:ac:d5:f8:2f:40:b0:1e:6b:74:43:c6:32:73:
                    8e:14:d4:c4:4b:21:8a:5e:ed:43:27:9b:50:ed:22:
                    a7:94:8e:34:14:c6:42:6b:bd:4c:ae:7c:e0:e6:d5:
                    8c:4a:6f:b6:4e:cb:67:6e:5e:4d:0c:da:ed:0d:fb:
                    5b:e6:8b:b3:e2:55:b5:6b:8c:d9:d7:be:97:c6:2c:
                    b1:bb:2f:41:2c:7f:3a:7c:7c:03:a4:85:ff:bf:68:
                    06:cf:a5:d2:9c:d1:20:12:f8:d1:f4:c1:b7:2a:c2:
                    b6:7a:5c:04:71:dc:10:20:8a:c2:f4:e3:67:6f:64:
                    e5:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:A6:44:F3:6A:B2:BF:09:2E:6E:27:30:F2:36:73:2B:F9:EB:58:38
            X509v3 Authority Key Identifier:
                keyid:C1:E4:02:7A:E0:60:D7:37:B0:A6:35:68:C1:EC:F9:B1:FB:19:EB:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/weQCeuBg1zewpjVowez5sfsZ6yg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/03f487-0ccd-4f39-aeda-fff5feaa3b64/1/haZE82qyvwkubicw8jZzK_nrWDg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/03f487-0ccd-4f39-aeda-fff5feaa3b64/1/weQCeuBg1zewpjVowez5sfsZ6yg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:40:2e:fb:a9:2c:c9:85:b3:3c:19:0c:f9:86:cd:22:18:83:
         4b:9f:6b:09:44:07:00:5f:fe:aa:45:cf:77:79:9c:35:5a:8b:
         b5:b0:88:79:22:51:e9:4b:48:97:d4:22:d7:bb:94:51:21:97:
         44:94:c8:3d:a1:8c:4e:82:6b:59:ad:59:d4:50:6c:2c:d0:25:
         b5:49:5f:09:c5:80:36:e9:9f:e6:f9:78:d1:69:18:08:ab:b2:
         6d:94:e7:d1:c9:02:cc:ff:28:b6:d1:07:0a:6d:4a:94:a8:7a:
         fb:50:64:c3:39:e1:9b:33:e0:af:9a:8e:13:b7:d2:4d:a6:11:
         56:c8:73:a4:79:8f:e5:f5:94:d9:1b:b4:ac:1a:6b:ca:a2:ea:
         ac:97:bd:fe:cf:d7:ab:5b:b1:59:8e:a1:ab:de:30:d8:af:66:
         9f:ec:d8:60:78:27:8b:fd:b6:70:49:96:b3:1d:c7:d1:d8:8a:
         28:f1:8b:ad:f2:d9:a0:e9:f8:94:74:0b:cb:80:ea:c1:40:78:
         ae:e3:1e:a5:1d:40:a2:3b:ba:bb:50:4f:f4:82:20:85:4d:38:
         4d:f3:82:e8:2e:d8:48:db:68:6d:27:aa:64:c9:e9:c0:a5:17:
         8f:4d:df:57:0a:39:e7:1d:47:dd:a8:51:fa:6a:7d:c4:f8:4c:
         b1:5c:5c:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2QhhcOmJAcvbfdAUbn4rbrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxZTQwMjdhZTA2MGQ3MzdiMGE2MzU2OGMxZWNmOWIxZmIx
OWViMjgwHhcNMjYwNDE1MDk0MzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWE2NDRmMzZhYjJiZjA5MmU2ZTI3MzBmMjM2NzMyYmY5ZWI1ODM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFhXeseiuOWYQMy2kYdRMEgnVD1w
e3y7izAk5bdQW5xWnX8944M4degzEE+Wt/tgprh/kbkR1hHXzuNB6YZ83YG0MFhg
OrHRk/jP3m6D9/seGJ11Ta93BbygqU1pEPGg77KpJGhPaE4br/Q3NyVxtA9wztGD
WN7gkXihX7u6JJe70IKOom26UKzV+C9AsB5rdEPGMnOOFNTESyGKXu1DJ5tQ7SKn
lI40FMZCa71Mrnzg5tWMSm+2Tstnbl5NDNrtDftb5ouz4lW1a4zZ176Xxiyxuy9B
LH86fHwDpIX/v2gGz6XSnNEgEvjR9MG3KsK2elwEcdwQIIrC9ONnb2TldwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIWmRPNqsr8JLm4nMPI2cyv561g4MB8GA1UdIwQY
MBaAFMHkAnrgYNc3sKY1aMHs+bH7GesoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2VRQ2V1QmcxemV3cGpWb3dlejVzZnNaNnlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC8wM2Y0ODctMGNjZC00ZjM5LWFlZGEt
ZmZmNWZlYWEzYjY0LzEvaGFaRTgycXl2d2t1YmljdzhqWnpLX25yV0RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC8wM2Y0ODctMGNjZC00ZjM5LWFlZGEtZmZmNWZlYWEzYjY0
LzEvd2VRQ2V1QmcxemV3cGpWb3dlejVzZnNaNnlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYbMMA0G
CSqGSIb3DQEBCwUAA4IBAQCSQC77qSzJhbM8GQz5hs0iGINLn2sJRAcAX/6qRc93
eZw1Wou1sIh5IlHpS0iX1CLXu5RRIZdElMg9oYxOgmtZrVnUUGws0CW1SV8JxYA2
6Z/m+XjRaRgIq7JtlOfRyQLM/yi20QcKbUqUqHr7UGTDOeGbM+Cvmo4Tt9JNphFW
yHOkeY/l9ZTZG7SsGmvKouqsl73+z9erW7FZjqGr3jDYr2af7NhgeCeL/bZwSZaz
HcfR2Ioo8Yut8tmg6fiUdAvLgOrBQHiu4x6lHUCiO7q7UE/0giCFTThN84LoLthI
22htJ6pkyenApRePTd9XCjnnHUfdqFH6an3E+EyxXFxb
-----END CERTIFICATE-----