Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/AEW0ZS8kzA3qSHqmDhH--7uVuSM.roa
File:                     AEW0ZS8kzA3qSHqmDhH--7uVuSM.roa (raw, json)
Hash identifier:          R8yELbtsmOnCsIdhB2TZWXOI3aekHY/DqHs5TO+3uP8=
Subject key identifier:   00:45:B4:65:2F:24:CC:0D:EA:48:7A:A6:0E:11:FE:FB:BB:95:B9:23
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       019C04F77066BA2D316EAE0947B08C011886
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/AEW0ZS8kzA3qSHqmDhH--7uVuSM.roa
Signing time:             Wed 28 Jan 2026 14:17:30 +0000
ROA not before:           Wed 28 Jan 2026 14:17:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205974
IP address blocks:        82.137.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 03:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:04:f7:70:66:ba:2d:31:6e:ae:09:47:b0:8c:01:18:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan 28 14:17:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0045b4652f24cc0dea487aa60e11fefbbb95b923
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:9c:c3:00:6b:04:51:ea:98:c7:57:9e:4d:34:
                    14:9e:e2:20:52:f8:09:e7:c0:bf:3e:66:53:0a:5e:
                    38:d3:84:d9:2b:bb:68:bc:d8:8d:55:63:ab:7b:aa:
                    a0:ff:2b:09:f8:c7:c0:71:c5:2b:fd:ab:8f:47:25:
                    a0:27:fe:0a:12:3d:2d:50:44:38:e4:66:e3:dd:1b:
                    96:a1:86:3e:8e:de:64:69:2b:2c:5a:c8:42:67:55:
                    fa:9d:d7:2b:15:d2:5e:7a:89:54:01:99:d2:df:ec:
                    c1:86:b2:cb:a4:7a:e8:bd:57:e1:81:6b:75:0c:36:
                    d4:d2:56:da:a5:24:46:3a:6f:ab:7c:8e:d9:b2:b9:
                    12:31:07:a9:13:e0:b2:a6:94:51:a0:d9:81:de:00:
                    42:2e:20:71:f0:0c:1e:aa:83:ed:f9:5d:9e:ff:be:
                    d2:4f:89:96:d9:fa:d4:b5:79:1c:7e:d8:9e:f7:df:
                    34:fe:c4:5e:bf:39:cc:77:8e:a0:21:11:cc:83:ce:
                    71:1d:00:25:de:2b:fa:f8:26:f9:37:d0:51:d0:d8:
                    61:97:24:07:c9:69:ac:bd:5a:a7:04:cb:4c:be:18:
                    f5:ac:89:92:11:45:59:fc:6c:db:16:14:09:b0:6a:
                    87:1e:87:24:af:3e:bf:74:6f:91:ee:ea:fc:f6:a0:
                    01:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:45:B4:65:2F:24:CC:0D:EA:48:7A:A6:0E:11:FE:FB:BB:95:B9:23
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/AEW0ZS8kzA3qSHqmDhH--7uVuSM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.137.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:c3:2d:e6:49:49:b7:6b:ad:29:c0:0c:5f:da:70:6e:e4:4b:
         5e:c1:3f:6e:17:cf:86:36:79:be:e7:d9:4b:ea:ca:bc:c7:fa:
         56:fd:d7:a7:30:96:5a:0b:37:73:1b:88:02:01:4d:8f:10:11:
         ad:63:d0:6c:a4:c6:d4:55:5b:fd:ab:e2:f5:fd:d8:e2:97:bb:
         29:46:9d:18:17:b1:ec:bf:a5:2b:9f:7e:22:91:67:4a:21:9f:
         55:ff:3e:c6:91:6d:a4:05:4e:88:fe:8b:89:c4:2b:f2:4d:3a:
         89:4f:1c:6d:bd:13:66:c6:3e:8a:97:de:fc:79:59:d8:8f:0c:
         2a:23:52:fa:c8:dc:d9:27:da:10:b7:f4:4a:ce:ba:bd:bf:d9:
         41:93:b1:b3:3e:80:43:50:27:6f:db:2b:73:4a:35:2f:29:53:
         35:17:d2:e2:9d:a8:d0:2c:36:9d:37:1e:ea:2a:7f:0a:ba:d3:
         f3:cb:6f:b2:00:4f:9e:4f:63:bd:3f:9b:f0:0d:3f:06:52:8e:
         24:56:56:ab:0d:79:ea:fb:2c:f0:0f:b5:5f:65:d1:34:fb:ea:
         96:a6:9b:2c:a2:0d:33:b1:da:94:0e:40:93:e2:ef:30:9b:f1:
         68:b0:94:88:9c:66:7c:6a:d6:06:1b:8f:35:ca:a1:e0:67:17:
         c6:6e:ca:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwE93Bmui0xbq4JR7CMARiGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjYwMTI4MTQxNzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDQ1YjQ2NTJmMjRjYzBkZWE0ODdhYTYwZTExZmVmYmJiOTViOTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4pzDAGsEUeqYx1eeTTQUnuIgUvgJ
58C/PmZTCl4404TZK7tovNiNVWOre6qg/ysJ+MfAccUr/auPRyWgJ/4KEj0tUEQ4
5Gbj3RuWoYY+jt5kaSssWshCZ1X6ndcrFdJeeolUAZnS3+zBhrLLpHrovVfhgWt1
DDbU0lbapSRGOm+rfI7ZsrkSMQepE+CyppRRoNmB3gBCLiBx8AweqoPt+V2e/77S
T4mW2frUtXkcftie9980/sRevznMd46gIRHMg85xHQAl3iv6+Cb5N9BR0NhhlyQH
yWmsvVqnBMtMvhj1rImSEUVZ/GzbFhQJsGqHHockrz6/dG+R7ur89qAB4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFABFtGUvJMwN6kh6pg4R/vu7lbkjMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvQUVXMFpTOGt6QTNxU0hxbURoSC0tN3VWdVNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUolFMA0G
CSqGSIb3DQEBCwUAA4IBAQBlwy3mSUm3a60pwAxf2nBu5EtewT9uF8+GNnm+59lL
6sq8x/pW/denMJZaCzdzG4gCAU2PEBGtY9BspMbUVVv9q+L1/djil7spRp0YF7Hs
v6Urn34ikWdKIZ9V/z7GkW2kBU6I/ouJxCvyTTqJTxxtvRNmxj6Kl978eVnYjwwq
I1L6yNzZJ9oQt/RKzrq9v9lBk7GzPoBDUCdv2ytzSjUvKVM1F9LinajQLDadNx7q
Kn8KutPzy2+yAE+eT2O9P5vwDT8GUo4kVlarDXnq+yzwD7VfZdE0++qWppssog0z
sdqUDkCT4u8wm/FosJSInGZ8atYGG481yqHgZxfGbspj
-----END CERTIFICATE-----