Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/1-9N7F2L3RwSZtMV_bPdtq-DySRU.roa
File:                     1-9N7F2L3RwSZtMV_bPdtq-DySRU.roa (raw, json)
Hash identifier:          Komr1d4LITk1h1UtF3KtaC+lC+V2umoREyRfPw1Ik/E=
Subject key identifier:   FB:D3:7B:17:62:F7:47:04:99:B4:C5:7F:6C:F7:6D:AB:E0:F2:49:15
Certificate issuer:       /CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
Certificate serial:       019CA9C68C4B464ACD1C6F5C0402E0697C4F
Authority key identifier: 8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/1-9N7F2L3RwSZtMV_bPdtq-DySRU.roa
Signing time:             Sun 01 Mar 2026 14:21:27 +0000
ROA not before:           Sun 01 Mar 2026 14:21:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        45.152.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:a9:c6:8c:4b:46:4a:cd:1c:6f:5c:04:02:e0:69:7c:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
        Validity
            Not Before: Mar  1 14:21:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fbd37b1762f7470499b4c57f6cf76dabe0f24915
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:ce:ad:b3:7d:7b:03:57:4e:6e:f4:45:d5:3d:
                    53:ca:6e:03:1c:fe:79:1c:d5:4e:50:4c:7a:10:ab:
                    3f:a1:52:81:7e:f3:20:cc:bc:e6:ab:54:ac:96:20:
                    6a:97:b5:80:28:78:9c:02:39:f5:71:d3:23:21:84:
                    79:fb:08:f3:d2:fb:5b:f4:a0:03:10:bb:f3:53:a5:
                    5a:97:fd:49:c8:85:45:db:b0:df:f0:9e:1c:21:12:
                    fd:5e:7c:34:a0:66:5e:45:97:6f:6a:da:7f:0c:36:
                    d5:d8:65:c5:a7:ed:4c:3c:5c:3c:01:4f:82:ea:a0:
                    b4:ef:25:5f:8e:82:15:b3:ed:41:7f:22:22:0e:4b:
                    ef:18:96:70:c6:89:e7:6d:d2:a4:1a:72:62:b6:9b:
                    82:be:a2:04:37:18:79:c0:e0:55:b0:d4:84:5c:7a:
                    83:16:e6:3a:ae:8d:d4:4f:1f:21:aa:ba:50:75:fc:
                    72:66:09:b5:9f:b3:8b:a5:5d:59:51:98:fa:cb:de:
                    20:d5:cf:f6:dd:ae:89:c1:2a:94:90:e2:0c:1b:62:
                    21:40:1c:76:08:a8:e7:71:4a:7b:4a:a5:63:fc:e4:
                    f7:19:9d:22:4b:cc:6c:a6:29:34:f2:0a:9b:37:8f:
                    ef:ad:35:12:c8:1f:32:b5:32:57:4a:8d:32:51:47:
                    67:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:D3:7B:17:62:F7:47:04:99:B4:C5:7F:6C:F7:6D:AB:E0:F2:49:15
            X509v3 Authority Key Identifier:
                keyid:8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/1-9N7F2L3RwSZtMV_bPdtq-DySRU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:64:04:1b:57:d8:c9:e6:27:9d:df:cd:46:ff:82:24:42:3d:
         40:32:07:b9:b5:91:85:3c:0c:31:0c:28:97:88:24:57:6d:76:
         6f:a3:0a:23:2c:82:75:03:49:11:db:5e:ff:e4:fd:28:30:e5:
         41:9e:7a:30:07:ab:56:a4:6a:a0:90:32:0e:60:a4:aa:8c:4d:
         34:85:69:d5:a3:47:24:1c:fb:cd:2d:98:ea:b6:d9:1f:09:5e:
         0b:d8:6b:df:bd:29:ce:0f:d6:0b:60:89:d4:16:c6:ab:cd:4a:
         23:a6:dd:3f:02:32:0d:12:31:d1:83:93:ab:b5:82:c9:f7:5a:
         77:c7:4c:57:44:84:cb:3c:17:f4:1c:9c:5d:8f:ef:26:1b:29:
         e8:40:4f:65:49:4f:9c:28:ed:ff:da:e3:5b:27:66:86:d3:eb:
         8e:76:c4:1e:b1:4a:06:47:5b:4b:ab:f3:72:0c:6d:f1:76:ed:
         49:68:c9:4c:0f:4d:05:6d:8b:b4:3b:ef:61:3c:c7:a8:7f:43:
         18:19:cd:6e:a8:9e:cb:d2:b5:64:69:f2:13:4f:42:96:b8:dd:
         c0:c1:52:2a:56:58:7d:72:57:c3:68:71:16:eb:1e:d1:6b:32:
         c6:5d:39:d8:64:f7:ee:fc:80:e2:cb:2f:49:62:d4:91:5c:b9:
         6d:7c:2c:98
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZypxoxLRkrNHG9cBALgaXxPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMzcxODMzNDFhMmFiNmRmM2M1OWVjODI3ZWQ3MTIwMGI1
YTYyNDQwHhcNMjYwMzAxMTQyMTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmQzN2IxNzYyZjc0NzA0OTliNGM1N2Y2Y2Y3NmRhYmUwZjI0OTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9s6ts317A1dObvRF1T1Tym4DHP55
HNVOUEx6EKs/oVKBfvMgzLzmq1SsliBql7WAKHicAjn1cdMjIYR5+wjz0vtb9KAD
ELvzU6Val/1JyIVF27Df8J4cIRL9Xnw0oGZeRZdvatp/DDbV2GXFp+1MPFw8AU+C
6qC07yVfjoIVs+1BfyIiDkvvGJZwxonnbdKkGnJitpuCvqIENxh5wOBVsNSEXHqD
FuY6ro3UTx8hqrpQdfxyZgm1n7OLpV1ZUZj6y94g1c/23a6JwSqUkOIMG2IhQBx2
CKjncUp7SqVj/OT3GZ0iS8xspik08gqbN4/vrTUSyB8ytTJXSo0yUUdnGQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPvTexdi90cEmbTFf2z3bavg8kkVMB8GA1UdIwQY
MBaAFIs3GDNBoqtt88WeyCftcSALWmJEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUt
MDg1MmNiMzUzMjkzLzEvMS05TjdGMkwzUndTWnRNVl9iUGR0cS1EeVNSVS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTYvMWM3OGUzLTY3ZDYtNGU5MC1hZWI1LTA4NTJjYjM1MzI5
My8xL2l6Y1lNMEdpcTIzenhaN0lKLTF4SUF0YVlrUS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2YsjAN
BgkqhkiG9w0BAQsFAAOCAQEAbGQEG1fYyeYnnd/NRv+CJEI9QDIHubWRhTwMMQwo
l4gkV212b6MKIyyCdQNJEdte/+T9KDDlQZ56MAerVqRqoJAyDmCkqoxNNIVp1aNH
JBz7zS2Y6rbZHwleC9hr370pzg/WC2CJ1BbGq81KI6bdPwIyDRIx0YOTq7WCyfda
d8dMV0SEyzwX9BycXY/vJhsp6EBPZUlPnCjt/9rjWydmhtPrjnbEHrFKBkdbS6vz
cgxt8XbtSWjJTA9NBW2LtDvvYTzHqH9DGBnNbqiey9K1ZGnyE09ClrjdwMFSKlZY
fXJXw2hxFuse0Wsyxl052GT37vyA4ssvSWLUkVy5bXwsmA==
-----END CERTIFICATE-----