Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/hCjWTJUhp9C-lxxCdRV4Jwzm4mk.roa
File:                     hCjWTJUhp9C-lxxCdRV4Jwzm4mk.roa (raw, json)
Hash identifier:          ECwHPN5lxdIugX2ttk1L3l/uci2ps9CeCy1VAcBMeQs=
Subject key identifier:   84:28:D6:4C:95:21:A7:D0:BE:97:1C:42:75:15:78:27:0C:E6:E2:69
Certificate issuer:       /CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
Certificate serial:       019B7F152490682C1528469F503B111A0D34
Authority key identifier: 32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/hCjWTJUhp9C-lxxCdRV4Jwzm4mk.roa
Signing time:             Fri 02 Jan 2026 14:20:50 +0000
ROA not before:           Fri 02 Jan 2026 14:20:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208094
IP address blocks:        45.141.55.0/24 maxlen: 24
                          2a05:4741:20::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:24:90:68:2c:15:28:46:9f:50:3b:11:1a:0d:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
        Validity
            Not Before: Jan  2 14:20:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8428d64c9521a7d0be971c42751578270ce6e269
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:f9:ae:e6:6b:fd:81:c2:20:f7:98:fa:25:51:
                    c2:e9:cc:62:64:62:58:fa:b4:0f:e4:8e:92:31:2e:
                    01:ee:8f:f0:0a:5d:49:cb:21:1d:f3:1c:b6:ab:da:
                    24:b1:07:8c:03:10:a1:19:72:ad:ae:93:e4:9a:05:
                    d2:70:dd:95:16:52:6c:c4:2f:76:bd:17:03:1c:b7:
                    e6:20:21:7a:e0:39:03:0a:5e:77:2c:cb:ce:a2:93:
                    b8:f2:2d:eb:47:28:38:94:58:fd:b0:cd:ad:e8:fc:
                    55:14:3e:43:de:27:d3:6c:e8:3a:07:99:0b:68:e6:
                    d8:6b:bb:b2:14:07:e2:72:2f:8f:aa:57:19:75:29:
                    0c:aa:41:05:77:2e:c4:54:18:d4:c4:b3:dd:97:2d:
                    c0:0b:ee:28:f3:6d:1e:c6:91:fb:cf:81:c4:8a:e8:
                    fa:25:eb:8a:0e:2d:0c:b2:44:de:57:0c:85:dc:2f:
                    2f:70:00:a8:c4:5d:95:94:5f:83:0c:82:38:f5:b5:
                    26:58:03:80:da:6d:f4:cc:a5:d1:90:61:32:55:45:
                    fa:c0:25:2b:e9:41:a1:23:ac:34:0c:74:a4:8f:eb:
                    dd:2f:d8:0c:6c:7e:35:fa:40:5c:30:37:0e:11:1a:
                    1f:9c:0e:98:51:6a:65:10:9c:d4:58:9c:88:2e:a4:
                    5c:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:28:D6:4C:95:21:A7:D0:BE:97:1C:42:75:15:78:27:0C:E6:E2:69
            X509v3 Authority Key Identifier:
                keyid:32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/hCjWTJUhp9C-lxxCdRV4Jwzm4mk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.55.0/24
                IPv6:
                  2a05:4741:20::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:5f:2c:af:33:58:e8:96:30:02:35:32:73:08:1e:f7:d8:ab:
         37:f6:24:41:65:e4:e9:ec:5e:49:c8:8f:33:9a:2c:eb:1d:14:
         20:d7:6c:0f:98:73:8c:db:30:09:39:1b:14:8c:97:c0:8c:9f:
         33:66:db:84:a8:75:03:31:93:fb:d3:cc:74:b1:8a:e2:ae:b1:
         a4:4c:25:24:fe:ba:96:a1:73:16:9a:c5:32:08:7e:5a:a0:81:
         86:9f:71:d4:c1:94:95:06:40:f5:e4:b3:e7:bb:30:f1:2e:b0:
         e9:6c:b1:6f:28:d3:37:b1:22:d7:4f:a2:b4:f4:6b:71:8e:c3:
         5f:c8:0b:35:4b:55:c1:fa:ac:88:44:f8:76:eb:d9:c1:a9:c9:
         a5:aa:47:06:66:c8:ad:7f:bc:c2:a6:ef:c7:6a:89:4e:ff:c7:
         e7:fc:69:74:0b:b8:da:7f:78:ac:43:76:ee:d7:72:ef:2f:7d:
         e6:5e:d0:58:78:ad:a2:5f:b0:f7:87:bc:40:49:8c:20:32:98:
         3c:7e:37:b8:42:89:fe:ef:33:e5:34:f0:13:e7:33:6e:a5:4d:
         2a:e8:42:03:fb:16:21:ea:f8:96:43:a0:e0:b8:8d:f3:e1:7c:
         9b:94:12:1e:67:5e:71:ad:dc:6e:f0:96:f9:23:45:04:93:6a:
         6f:03:77:41
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZt/FSSQaCwVKEafUDsRGg00MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNDc0YWM3Y2E4NWUwOWMyZDQ4YjMzZTdiZjY2ZjhlZDc2
NGRlMGYwHhcNMjYwMTAyMTQyMDUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDI4ZDY0Yzk1MjFhN2QwYmU5NzFjNDI3NTE1NzgyNzBjZTZlMjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvmu5mv9gcIg95j6JVHC6cxiZGJY
+rQP5I6SMS4B7o/wCl1JyyEd8xy2q9oksQeMAxChGXKtrpPkmgXScN2VFlJsxC92
vRcDHLfmICF64DkDCl53LMvOopO48i3rRyg4lFj9sM2t6PxVFD5D3ifTbOg6B5kL
aObYa7uyFAfici+PqlcZdSkMqkEFdy7EVBjUxLPdly3AC+4o820expH7z4HEiuj6
JeuKDi0MskTeVwyF3C8vcACoxF2VlF+DDII49bUmWAOA2m30zKXRkGEyVUX6wCUr
6UGhI6w0DHSkj+vdL9gMbH41+kBcMDcOERofnA6YUWplEJzUWJyILqRcqwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIQo1kyVIafQvpccQnUVeCcM5uJpMB8GA1UdIwQY
MBaAFDJHSsfKheCcLUizPnv2b47XZN4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzkt
MTJlYzIyYzljNWEyLzEvaENqV1RKVWhwOUMtbHh4Q2RSVjRKd3ptNG1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzktMTJlYzIyYzljNWEy
LzEvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALY03MA8E
AgACMAkDBwAqBUdBACAwDQYJKoZIhvcNAQELBQADggEBADVfLK8zWOiWMAI1MnMI
HvfYqzf2JEFl5OnsXknIjzOaLOsdFCDXbA+Yc4zbMAk5GxSMl8CMnzNm24SodQMx
k/vTzHSxiuKusaRMJST+upahcxaaxTIIflqggYafcdTBlJUGQPXks+e7MPEusOls
sW8o0zexItdPorT0a3GOw1/ICzVLVcH6rIhE+Hbr2cGpyaWqRwZmyK1/vMKm78dq
iU7/x+f8aXQLuNp/eKxDdu7Xcu8vfeZe0Fh4raJfsPeHvEBJjCAymDx+N7hCif7v
M+U08BPnM26lTSroQgP7FiHq+JZDoOC4jfPhfJuUEh5nXnGt3G7wlvkjRQSTam8D
d0E=
-----END CERTIFICATE-----