Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/464660-7a6e-49a7-903d-5cbc636bd7e7/1/YNzgRRzWdr4v8acL2_mrerBZEBY.roa
File:                     YNzgRRzWdr4v8acL2_mrerBZEBY.roa (raw, json)
Hash identifier:          0vVcOkUILWsiRv1XZ/svhufbrbQADvOSN3QtFvRS5U8=
Subject key identifier:   60:DC:E0:45:1C:D6:76:BE:2F:F1:A7:0B:DB:F9:AB:7A:B0:59:10:16
Certificate issuer:       /CN=a018d68115dc4b730f157906b04426e599b3a8ca
Certificate serial:       019B7C11A4DC89F80718A8010D52A61E0F3E
Authority key identifier: A0:18:D6:81:15:DC:4B:73:0F:15:79:06:B0:44:26:E5:99:B3:A8:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oBjWgRXcS3MPFXkGsEQm5ZmzqMo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/464660-7a6e-49a7-903d-5cbc636bd7e7/1/YNzgRRzWdr4v8acL2_mrerBZEBY.roa
Signing time:             Fri 02 Jan 2026 00:18:09 +0000
ROA not before:           Fri 02 Jan 2026 00:18:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8749
IP address blocks:        45.140.92.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/464660-7a6e-49a7-903d-5cbc636bd7e7/1/oBjWgRXcS3MPFXkGsEQm5ZmzqMo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/464660-7a6e-49a7-903d-5cbc636bd7e7/1/oBjWgRXcS3MPFXkGsEQm5ZmzqMo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oBjWgRXcS3MPFXkGsEQm5ZmzqMo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:a4:dc:89:f8:07:18:a8:01:0d:52:a6:1e:0f:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a018d68115dc4b730f157906b04426e599b3a8ca
        Validity
            Not Before: Jan  2 00:18:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=60dce0451cd676be2ff1a70bdbf9ab7ab0591016
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:23:ae:97:1a:a4:d8:42:96:10:da:9d:e1:ef:
                    c9:fc:d4:91:06:1b:98:47:3b:23:97:7f:db:5a:31:
                    13:6a:65:e0:1d:23:9c:c9:10:15:c5:05:d0:54:79:
                    8d:7a:5c:bd:b6:41:24:c5:18:71:99:59:b6:6d:05:
                    ae:f4:09:0c:4a:df:0d:ca:21:57:a4:50:30:44:7d:
                    ff:21:7e:b5:6a:ad:45:3f:54:a4:72:6b:27:0a:2f:
                    bc:3e:49:f7:58:aa:aa:0a:b8:a4:31:69:b1:7b:f4:
                    71:30:37:31:8f:f9:16:4a:18:8c:f1:3c:fa:30:d8:
                    4f:f7:0a:c4:f4:85:f0:b8:c6:ba:c4:66:fc:a9:1c:
                    0c:5a:c0:bb:f1:c8:be:b7:41:ba:37:35:44:11:89:
                    f9:3e:d4:50:d6:dc:a3:2d:96:9c:e8:89:8e:79:0d:
                    85:63:21:8f:d8:4d:86:e7:ae:51:7a:27:1f:17:c2:
                    e5:4e:25:9d:79:5b:3a:fe:16:3e:4d:57:ed:fd:0a:
                    9a:17:e1:e0:47:4d:43:0f:a0:08:b4:a9:35:e5:54:
                    0d:32:6c:ea:85:34:39:46:8b:b3:c9:fb:9b:19:10:
                    cb:4b:91:70:7e:91:30:66:1d:d8:a6:8e:61:4d:ab:
                    2b:3c:61:70:10:90:43:6f:8c:2b:5d:2d:ae:60:62:
                    3d:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:DC:E0:45:1C:D6:76:BE:2F:F1:A7:0B:DB:F9:AB:7A:B0:59:10:16
            X509v3 Authority Key Identifier:
                keyid:A0:18:D6:81:15:DC:4B:73:0F:15:79:06:B0:44:26:E5:99:B3:A8:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oBjWgRXcS3MPFXkGsEQm5ZmzqMo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/464660-7a6e-49a7-903d-5cbc636bd7e7/1/YNzgRRzWdr4v8acL2_mrerBZEBY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/464660-7a6e-49a7-903d-5cbc636bd7e7/1/oBjWgRXcS3MPFXkGsEQm5ZmzqMo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a1:70:63:00:77:4b:6f:79:d8:33:34:71:2c:26:26:df:3e:c4:
         ab:32:52:25:44:4f:38:33:99:86:70:5b:b2:d3:05:7f:b7:6f:
         d9:99:ea:3d:21:86:ec:e4:78:bf:3f:0c:4b:18:8b:82:d1:ca:
         9c:f2:f4:b2:3d:8c:04:0b:2e:ef:71:df:86:20:4f:3f:d3:bb:
         09:1a:e4:ba:09:74:21:72:97:6c:23:bd:7e:cc:3f:e9:e5:1d:
         a0:b2:2a:69:11:b0:2d:27:d7:2b:9a:fa:cb:2f:ac:54:72:e4:
         a8:e6:46:6d:af:23:fa:5b:59:e4:32:98:81:49:2f:b2:f4:7a:
         d6:90:0b:ae:d9:3c:e0:6e:0f:23:e3:47:45:f5:39:bd:5e:9c:
         dd:86:f3:d5:93:59:47:e7:2e:0f:cd:5e:51:4e:ba:c6:4c:56:
         86:af:6a:c3:79:ee:2f:b0:9a:29:e0:a5:f0:a4:39:e6:eb:63:
         86:c1:d1:82:f0:56:96:66:87:e8:37:d4:72:03:e8:55:a6:9e:
         46:81:6b:1f:26:1d:44:5a:13:9f:06:64:59:55:67:84:cf:8d:
         40:61:d3:cd:ad:3c:fc:52:4f:50:92:87:09:08:0f:35:24:4f:
         36:51:f8:7b:44:c8:fa:45:c1:3f:a6:55:5c:85:da:d0:3c:a7:
         68:56:c2:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EaTcifgHGKgBDVKmHg8+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwMThkNjgxMTVkYzRiNzMwZjE1NzkwNmIwNDQyNmU1OTli
M2E4Y2EwHhcNMjYwMTAyMDAxODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGRjZTA0NTFjZDY3NmJlMmZmMWE3MGJkYmY5YWI3YWIwNTkxMDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCOulxqk2EKWENqd4e/J/NSRBhuY
Rzsjl3/bWjETamXgHSOcyRAVxQXQVHmNely9tkEkxRhxmVm2bQWu9AkMSt8NyiFX
pFAwRH3/IX61aq1FP1SkcmsnCi+8Pkn3WKqqCrikMWmxe/RxMDcxj/kWShiM8Tz6
MNhP9wrE9IXwuMa6xGb8qRwMWsC78ci+t0G6NzVEEYn5PtRQ1tyjLZac6ImOeQ2F
YyGP2E2G565ReicfF8LlTiWdeVs6/hY+TVft/QqaF+HgR01DD6AItKk15VQNMmzq
hTQ5RouzyfubGRDLS5FwfpEwZh3Ypo5hTasrPGFwEJBDb4wrXS2uYGI98wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGDc4EUc1na+L/GnC9v5q3qwWRAWMB8GA1UdIwQY
MBaAFKAY1oEV3EtzDxV5BrBEJuWZs6jKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0JqV2dSWGNTM01QRlhrR3NFUW01Wm16cU1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC80NjQ2NjAtN2E2ZS00OWE3LTkwM2Qt
NWNiYzYzNmJkN2U3LzEvWU56Z1JSeldkcjR2OGFjTDJfbXJlckJaRUJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC80NjQ2NjAtN2E2ZS00OWE3LTkwM2QtNWNiYzYzNmJkN2U3
LzEvb0JqV2dSWGNTM01QRlhrR3NFUW01Wm16cU1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYxcMA0G
CSqGSIb3DQEBCwUAA4IBAQChcGMAd0tvedgzNHEsJibfPsSrMlIlRE84M5mGcFuy
0wV/t2/Zmeo9IYbs5Hi/PwxLGIuC0cqc8vSyPYwECy7vcd+GIE8/07sJGuS6CXQh
cpdsI71+zD/p5R2gsippEbAtJ9crmvrLL6xUcuSo5kZtryP6W1nkMpiBSS+y9HrW
kAuu2Tzgbg8j40dF9Tm9XpzdhvPVk1lH5y4PzV5RTrrGTFaGr2rDee4vsJop4KXw
pDnm62OGwdGC8FaWZofoN9RyA+hVpp5GgWsfJh1EWhOfBmRZVWeEz41AYdPNrTz8
Uk9QkocJCA81JE82Ufh7RMj6RcE/plVchdrQPKdoVsL7
-----END CERTIFICATE-----