Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/5KqisG8I4aftfbpV-Wm5RoZOAu4.roa
File:                     5KqisG8I4aftfbpV-Wm5RoZOAu4.roa (raw, json)
Hash identifier:          aWHlE7ObMJmJWXU63vmIza0enQBptwax9xe4eo6h4LY=
Subject key identifier:   E4:AA:A2:B0:6F:08:E1:A7:ED:7D:BA:55:F9:69:B9:46:86:4E:02:EE
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       019EB67528817C573F212B756871C8C19901
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/5KqisG8I4aftfbpV-Wm5RoZOAu4.roa
Signing time:             Thu 11 Jun 2026 11:33:11 +0000
ROA not before:           Thu 11 Jun 2026 11:33:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        45.146.200.0/23 maxlen: 23
                          45.146.202.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 23:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b6:75:28:81:7c:57:3f:21:2b:75:68:71:c8:c1:99:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: Jun 11 11:33:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e4aaa2b06f08e1a7ed7dba55f969b946864e02ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:5c:57:3e:7b:91:f9:22:11:f5:f5:f4:3d:0e:
                    fe:e7:b5:a7:f3:91:60:65:27:7b:6e:af:4b:25:5d:
                    67:73:fe:d7:f2:19:4e:5f:ad:69:1f:da:0f:62:83:
                    eb:52:73:73:c7:6f:b5:16:aa:4a:71:c0:49:3e:9f:
                    d9:11:39:fd:dd:03:30:98:0e:fc:38:c2:6f:4c:68:
                    21:b2:ee:79:eb:5d:cb:aa:b3:36:f6:6a:bf:ea:65:
                    e3:8d:ca:02:67:fe:ab:99:09:2c:f7:d3:a7:08:6b:
                    52:4a:35:42:c6:84:1e:13:72:35:ad:fa:68:73:4e:
                    8a:76:ce:a2:e8:91:3b:5a:bf:67:ab:9f:15:6c:6f:
                    d6:0b:dd:42:ca:d8:1a:e4:d3:00:37:8a:50:ef:59:
                    cc:e6:10:0e:ba:de:c9:bf:f0:75:c8:ac:17:d9:bf:
                    53:26:cd:d6:a8:d2:0f:33:fe:24:73:27:e4:2e:1b:
                    38:4d:dd:99:9f:41:dd:31:67:c4:78:d9:ef:df:cf:
                    8c:ad:a8:6a:0b:38:af:db:42:d6:fd:59:1b:e2:2d:
                    4e:aa:8f:03:7c:59:50:28:2e:f3:6b:92:b8:5d:38:
                    e2:74:5d:1f:d2:28:88:30:69:cd:18:ad:e1:7d:67:
                    b9:8f:b7:33:55:9e:b5:be:23:8b:8f:f4:13:87:fd:
                    c5:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:AA:A2:B0:6F:08:E1:A7:ED:7D:BA:55:F9:69:B9:46:86:4E:02:EE
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/5KqisG8I4aftfbpV-Wm5RoZOAu4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9f:b5:cd:fc:07:eb:d1:78:c5:ab:35:d4:25:1b:97:96:14:88:
         70:59:a9:c5:f4:32:f2:c3:96:00:45:29:7d:cb:12:72:ff:e0:
         d5:6e:5c:e1:3a:c6:ce:6b:fc:20:d4:2d:47:80:3b:57:3e:f7:
         e2:56:38:03:c0:30:04:e7:41:cc:51:2f:f4:49:9f:ac:27:99:
         28:de:fc:d3:60:87:d8:3c:9b:b4:91:50:64:bb:c3:bb:30:7c:
         78:a8:db:03:dc:85:4f:3f:39:bc:a1:74:3a:3c:41:f8:7b:00:
         d7:5f:d9:61:44:6b:c0:5e:28:14:a3:f5:ad:bd:2f:44:7d:ed:
         93:fa:3d:34:0e:c5:0c:1b:45:75:e8:a9:43:a8:06:1e:6f:5f:
         61:99:8b:ed:7c:2a:54:9a:a7:5e:8e:0e:3c:74:8b:04:40:4a:
         76:90:ea:7c:cb:80:b8:54:c7:58:cb:01:8f:7e:c4:c7:8d:05:
         7f:22:c2:f7:23:30:c0:13:e3:94:d9:db:77:1b:40:83:15:fc:
         0e:6e:46:95:06:33:2a:31:4e:d5:60:bd:15:73:fd:bd:aa:fa:
         ff:1e:31:84:80:73:f5:42:e9:ad:4f:e2:3c:52:c9:29:d4:1c:
         5e:85:4f:b5:aa:22:a1:3f:79:8d:9e:9b:d6:a6:fb:78:9a:de:
         7f:a1:61:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ62dSiBfFc/ISt1aHHIwZkBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjYwNjExMTEzMzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGFhYTJiMDZmMDhlMWE3ZWQ3ZGJhNTVmOTY5Yjk0Njg2NGUwMmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmlxXPnuR+SIR9fX0PQ7+57Wn85Fg
ZSd7bq9LJV1nc/7X8hlOX61pH9oPYoPrUnNzx2+1FqpKccBJPp/ZETn93QMwmA78
OMJvTGghsu55613LqrM29mq/6mXjjcoCZ/6rmQks99OnCGtSSjVCxoQeE3I1rfpo
c06Kds6i6JE7Wr9nq58VbG/WC91Cytga5NMAN4pQ71nM5hAOut7Jv/B1yKwX2b9T
Js3WqNIPM/4kcyfkLhs4Td2Zn0HdMWfEeNnv38+MrahqCziv20LW/Vkb4i1Oqo8D
fFlQKC7za5K4XTjidF0f0iiIMGnNGK3hfWe5j7czVZ61viOLj/QTh/3FkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOSqorBvCOGn7X26VflpuUaGTgLuMB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEvNUtxaXNHOEk0YWZ0ZmJwVi1XbTVSb1pPQXU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZLIMA0G
CSqGSIb3DQEBCwUAA4IBAQCftc38B+vReMWrNdQlG5eWFIhwWanF9DLyw5YARSl9
yxJy/+DVblzhOsbOa/wg1C1HgDtXPvfiVjgDwDAE50HMUS/0SZ+sJ5ko3vzTYIfY
PJu0kVBku8O7MHx4qNsD3IVPPzm8oXQ6PEH4ewDXX9lhRGvAXigUo/WtvS9Efe2T
+j00DsUMG0V16KlDqAYeb19hmYvtfCpUmqdejg48dIsEQEp2kOp8y4C4VMdYywGP
fsTHjQV/IsL3IzDAE+OU2dt3G0CDFfwObkaVBjMqMU7VYL0Vc/29qvr/HjGEgHP1
QumtT+I8Uskp1BxehU+1qiKhP3mNnpvWpvt4mt5/oWGH
-----END CERTIFICATE-----