Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/_vhX2x0MSW_lCM__SUwIoa5cOwM.roa
File:                     _vhX2x0MSW_lCM__SUwIoa5cOwM.roa (raw, json)
Hash identifier:          RJcLvbkKer+dH4YPNNJOTYi3iU1xlbLYxn2gdUfEcwE=
Subject key identifier:   FE:F8:57:DB:1D:0C:49:6F:E5:08:CF:FF:49:4C:08:A1:AE:5C:3B:03
Certificate issuer:       /CN=7e3150f8c67063121027328954968d08d4cf329a
Certificate serial:       019D42E773293D97C13778348880BD98DE23
Authority key identifier: 7E:31:50:F8:C6:70:63:12:10:27:32:89:54:96:8D:08:D4:CF:32:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/_vhX2x0MSW_lCM__SUwIoa5cOwM.roa
Signing time:             Tue 31 Mar 2026 07:59:17 +0000
ROA not before:           Tue 31 Mar 2026 07:59:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209952
IP address blocks:        45.151.90.0/24 maxlen: 24
                          2a06:2c87:ff00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 13:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:42:e7:73:29:3d:97:c1:37:78:34:88:80:bd:98:de:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e3150f8c67063121027328954968d08d4cf329a
        Validity
            Not Before: Mar 31 07:59:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fef857db1d0c496fe508cfff494c08a1ae5c3b03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:0c:83:64:46:df:01:ac:43:4e:2a:56:14:eb:
                    4e:da:9b:7d:cf:3a:06:b4:f4:d9:cb:5b:c8:c5:bd:
                    80:8a:60:f3:81:f9:46:ca:08:40:0d:68:a9:b0:44:
                    65:d7:8b:87:6a:2a:60:17:43:7d:ea:55:a4:05:1f:
                    a2:01:57:82:c7:fd:cb:93:c5:cb:4b:b7:dd:f2:ec:
                    ce:94:69:f7:ac:d3:6b:be:99:62:5e:9b:17:9b:46:
                    c1:b1:3b:a2:56:56:ce:d1:20:ff:33:1b:28:34:f0:
                    b9:f7:92:2b:fd:a8:de:b7:ea:4f:83:5f:ac:24:fc:
                    1b:01:85:b4:ed:da:34:72:bc:cb:57:e8:3e:16:8e:
                    ac:08:e2:fc:16:35:cd:15:1a:c4:c8:ea:db:0c:b2:
                    1a:ea:01:a9:50:90:d5:91:4d:f1:18:16:15:a6:f4:
                    18:87:5a:25:85:c0:16:e3:16:4f:bf:8f:a1:4f:3f:
                    12:6f:d7:4d:95:f7:b8:56:3f:43:64:ac:60:c7:c4:
                    ab:8f:46:e4:bd:24:43:1c:b6:bf:db:53:88:69:01:
                    a0:f5:1f:a9:b9:dd:c2:07:3a:4e:eb:dc:41:8c:1b:
                    18:74:86:2e:33:db:5b:aa:7a:90:8d:dd:b2:94:27:
                    81:80:82:d6:63:38:dd:48:57:41:71:f3:bd:3c:16:
                    23:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:F8:57:DB:1D:0C:49:6F:E5:08:CF:FF:49:4C:08:A1:AE:5C:3B:03
            X509v3 Authority Key Identifier:
                keyid:7E:31:50:F8:C6:70:63:12:10:27:32:89:54:96:8D:08:D4:CF:32:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/_vhX2x0MSW_lCM__SUwIoa5cOwM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.90.0/24
                IPv6:
                  2a06:2c87:ff00::/40

    Signature Algorithm: sha256WithRSAEncryption
         56:af:48:a1:a6:dd:05:25:ed:0e:fe:f8:57:55:be:1b:e3:0c:
         81:97:c3:d8:89:85:22:eb:84:44:00:ef:03:30:21:36:ea:9e:
         7e:37:ef:1d:6b:ee:6c:96:59:ad:46:b4:2b:72:35:e3:74:11:
         13:cd:1d:a6:a8:e0:43:78:32:e3:5a:01:69:f2:08:a1:a5:f7:
         69:df:6e:2d:ca:ef:e8:71:0e:f0:15:92:52:e9:2f:c4:d1:c8:
         ac:71:09:3b:8c:b6:c5:6b:72:4b:77:c8:3c:56:0b:9a:66:3f:
         92:06:14:82:5a:fc:62:2e:3d:7f:56:3d:ce:6c:30:e8:66:80:
         32:52:83:b9:86:9b:82:fa:b8:6c:eb:44:95:fb:c5:fb:28:b9:
         37:87:4a:6f:0c:56:87:72:78:c2:a3:38:6b:38:3d:0e:51:89:
         4e:74:27:18:ab:a7:d2:2a:03:ef:49:85:ec:89:b4:2b:15:3f:
         78:0a:a3:d8:97:fc:44:27:db:6c:b1:12:f7:83:61:4b:39:de:
         b6:6a:2c:c4:83:cc:7f:42:ec:54:f2:ab:61:06:91:da:07:d6:
         d5:bb:31:77:c0:1e:63:8f:78:eb:38:41:b9:83:51:fb:7f:54:
         b6:8d:fb:15:70:ea:5b:fe:0c:a9:70:61:b1:3d:6e:28:15:b6:
         05:f9:de:f9
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZ1C53MpPZfBN3g0iIC9mN4jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMzE1MGY4YzY3MDYzMTIxMDI3MzI4OTU0OTY4ZDA4ZDRj
ZjMyOWEwHhcNMjYwMzMxMDc1OTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWY4NTdkYjFkMGM0OTZmZTUwOGNmZmY0OTRjMDhhMWFlNWMzYjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzAyDZEbfAaxDTipWFOtO2pt9zzoG
tPTZy1vIxb2AimDzgflGyghADWipsERl14uHaipgF0N96lWkBR+iAVeCx/3Lk8XL
S7fd8uzOlGn3rNNrvpliXpsXm0bBsTuiVlbO0SD/MxsoNPC595Ir/ajet+pPg1+s
JPwbAYW07do0crzLV+g+Fo6sCOL8FjXNFRrEyOrbDLIa6gGpUJDVkU3xGBYVpvQY
h1olhcAW4xZPv4+hTz8Sb9dNlfe4Vj9DZKxgx8Srj0bkvSRDHLa/21OIaQGg9R+p
ud3CBzpO69xBjBsYdIYuM9tbqnqQjd2ylCeBgILWYzjdSFdBcfO9PBYjtQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFP74V9sdDElv5QjP/0lMCKGuXDsDMB8GA1UdIwQY
MBaAFH4xUPjGcGMSECcyiVSWjQjUzzKaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmpGUS1NWndZeElRSnpLSlZKYU5DTlRQTXBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi84YmNmZDctZjZkMy00MzJhLWI1ZjAt
OTM1ZTQxOGJkYmU3LzEvX3ZoWDJ4ME1TV19sQ01fX1NVd0lvYTVjT3dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi84YmNmZDctZjZkMy00MzJhLWI1ZjAtOTM1ZTQxOGJkYmU3
LzEvZmpGUS1NWndZeElRSnpLSlZKYU5DTlRQTXBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQALZdaMA4E
AgACMAgDBgAqBiyH/zANBgkqhkiG9w0BAQsFAAOCAQEAVq9IoabdBSXtDv74V1W+
G+MMgZfD2ImFIuuERADvAzAhNuqefjfvHWvubJZZrUa0K3I143QRE80dpqjgQ3gy
41oBafIIoaX3ad9uLcrv6HEO8BWSUukvxNHIrHEJO4y2xWtyS3fIPFYLmmY/kgYU
glr8Yi49f1Y9zmww6GaAMlKDuYabgvq4bOtElfvF+yi5N4dKbwxWh3J4wqM4azg9
DlGJTnQnGKun0ioD70mF7Im0KxU/eAqj2Jf8RCfbbLES94NhSznetmosxIPMf0Ls
VPKrYQaR2gfW1bsxd8AeY4946zhBuYNR+39Uto37FXDqW/4MqXBhsT1uKBW2Bfne
+Q==
-----END CERTIFICATE-----