Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/W33DA4Ra2ev8BzJjoe-wM3bwl8A.roa
File:                     W33DA4Ra2ev8BzJjoe-wM3bwl8A.roa (raw, json)
Hash identifier:          GzDFCLGDRrV+J+wOTOCgzPtI2cmsY30naAwADmAxbZk=
Subject key identifier:   5B:7D:C3:03:84:5A:D9:EB:FC:07:32:63:A1:EF:B0:33:76:F0:97:C0
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019D6923650748B2ED8F217EE059B76F8F53
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/W33DA4Ra2ev8BzJjoe-wM3bwl8A.roa
Signing time:             Tue 07 Apr 2026 18:10:20 +0000
ROA not before:           Tue 07 Apr 2026 18:10:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     150293
IP address blocks:        45.8.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:69:23:65:07:48:b2:ed:8f:21:7e:e0:59:b7:6f:8f:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Apr  7 18:10:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5b7dc303845ad9ebfc073263a1efb03376f097c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:5e:7c:7d:85:ae:bb:27:75:d3:9d:71:d2:f7:
                    4a:7b:1c:dc:b1:f1:f9:3d:b8:64:51:dd:86:b1:b4:
                    3d:ac:a8:3f:e8:4d:73:78:d4:cb:a2:18:53:79:fc:
                    bb:6f:5b:75:82:c7:15:a2:68:32:f2:2b:63:af:6e:
                    4c:b7:dd:d9:cf:f3:65:a3:52:d3:d2:b1:f2:8a:3a:
                    ce:6c:9b:8d:e0:64:53:db:13:30:2a:92:00:25:a2:
                    28:a6:2f:75:d6:97:81:d6:30:56:70:76:2e:28:8f:
                    c4:8c:11:fc:84:75:b7:65:aa:e6:aa:ff:82:ae:3a:
                    54:1a:61:f7:0d:90:74:cc:cf:7a:0d:f8:15:3a:dc:
                    85:37:de:18:89:2b:50:c1:1a:b7:5c:d0:87:a8:76:
                    db:73:fa:49:5a:df:19:85:5b:9b:56:cb:08:42:6f:
                    2e:59:6b:ef:cc:f0:4d:14:92:c4:14:01:46:98:c3:
                    a0:97:e4:9a:39:af:af:66:f0:8d:4a:2e:8d:16:55:
                    31:42:8f:ad:94:c7:95:08:3b:bd:af:60:3e:74:45:
                    8a:6c:06:ef:fc:06:7d:8b:ed:ea:9d:5b:f6:ed:e3:
                    79:11:7a:04:df:4c:ff:30:81:4a:28:92:5b:fa:38:
                    b6:39:fd:d0:1d:70:dc:e3:48:b2:12:2d:21:26:5a:
                    eb:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:7D:C3:03:84:5A:D9:EB:FC:07:32:63:A1:EF:B0:33:76:F0:97:C0
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/W33DA4Ra2ev8BzJjoe-wM3bwl8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:f2:58:1f:21:f5:6c:8a:91:7e:28:15:cf:06:cc:b6:36:fe:
         7f:cf:5c:a1:36:3b:35:c2:fc:5d:fa:98:75:4d:c8:c5:e4:b3:
         92:c7:55:c5:14:f6:df:e5:a0:de:e7:f0:df:f8:a2:46:16:2e:
         fa:a1:10:eb:aa:fd:dc:54:32:34:66:56:f5:e6:e9:c5:13:9e:
         39:f8:17:ef:ea:8c:a8:8c:eb:88:65:54:08:77:bb:3b:59:e2:
         2f:7a:c7:50:17:48:b3:a9:0c:61:4d:e1:dc:8f:0d:4b:fd:47:
         34:e5:af:71:9c:9f:bf:a4:9e:5e:be:64:3c:c3:23:9f:e3:39:
         ca:bd:86:96:e4:79:8d:fa:ca:b3:20:d5:cc:e7:1e:4b:07:e0:
         cb:02:34:a3:2a:5d:a7:67:df:dc:97:3f:32:5e:f4:59:1d:27:
         34:bf:05:e7:ff:f8:56:8c:57:cd:fe:19:2f:7b:62:76:1a:0b:
         85:d1:03:8e:01:0e:43:63:28:d1:f7:ee:29:82:bf:9a:3d:92:
         d9:59:05:b4:27:a8:dc:6b:dd:b2:a2:9d:1d:ba:07:6e:f4:2e:
         ce:04:4b:88:30:7b:5e:66:ec:ca:7e:b9:dc:0d:be:d7:05:5c:
         f8:36:0a:fb:bd:dd:c8:31:71:40:b0:93:a5:98:7a:b3:8f:7e:
         88:7f:ec:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1pI2UHSLLtjyF+4Fm3b49TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjYwNDA3MTgxMDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjdkYzMwMzg0NWFkOWViZmMwNzMyNjNhMWVmYjAzMzc2ZjA5N2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjF58fYWuuyd1051x0vdKexzcsfH5
PbhkUd2GsbQ9rKg/6E1zeNTLohhTefy7b1t1gscVomgy8itjr25Mt93Zz/Nlo1LT
0rHyijrObJuN4GRT2xMwKpIAJaIopi911peB1jBWcHYuKI/EjBH8hHW3Zarmqv+C
rjpUGmH3DZB0zM96DfgVOtyFN94YiStQwRq3XNCHqHbbc/pJWt8ZhVubVssIQm8u
WWvvzPBNFJLEFAFGmMOgl+SaOa+vZvCNSi6NFlUxQo+tlMeVCDu9r2A+dEWKbAbv
/AZ9i+3qnVv27eN5EXoE30z/MIFKKJJb+ji2Of3QHXDc40iyEi0hJlrr7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFt9wwOEWtnr/AcyY6HvsDN28JfAMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvVzMzREE0UmEyZXY4QnpKam9lLXdNM2J3bDhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQj9MA0G
CSqGSIb3DQEBCwUAA4IBAQBx8lgfIfVsipF+KBXPBsy2Nv5/z1yhNjs1wvxd+ph1
TcjF5LOSx1XFFPbf5aDe5/Df+KJGFi76oRDrqv3cVDI0Zlb15unFE545+Bfv6oyo
jOuIZVQId7s7WeIvesdQF0izqQxhTeHcjw1L/Uc05a9xnJ+/pJ5evmQ8wyOf4znK
vYaW5HmN+sqzINXM5x5LB+DLAjSjKl2nZ9/clz8yXvRZHSc0vwXn//hWjFfN/hkv
e2J2GguF0QOOAQ5DYyjR9+4pgr+aPZLZWQW0J6jca92yop0dugdu9C7OBEuIMHte
ZuzKfrncDb7XBVz4Ngr7vd3IMXFAsJOlmHqzj36If+wr
-----END CERTIFICATE-----