Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/sHElLf18TxGbbXvAPZQGdYP7kkw.roa
File:                     sHElLf18TxGbbXvAPZQGdYP7kkw.roa (raw, json)
Hash identifier:          3CUPvhimZaYLNzOkJz6mBA1rVGWDpwcyNJmFCreMmeg=
Subject key identifier:   B0:71:25:2D:FD:7C:4F:11:9B:6D:7B:C0:3D:94:06:75:83:FB:92:4C
Certificate issuer:       /CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
Certificate serial:       019D869D2A9A8C6B70094AAE85AECB7D6681
Authority key identifier: 05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/sHElLf18TxGbbXvAPZQGdYP7kkw.roa
Signing time:             Mon 13 Apr 2026 11:32:20 +0000
ROA not before:           Mon 13 Apr 2026 11:32:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215541
IP address blocks:        83.245.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:86:9d:2a:9a:8c:6b:70:09:4a:ae:85:ae:cb:7d:66:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
        Validity
            Not Before: Apr 13 11:32:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b071252dfd7c4f119b6d7bc03d94067583fb924c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:76:0a:dd:8b:19:a2:00:6f:f7:44:e7:88:cd:
                    b5:39:75:c6:fd:6c:3e:20:4e:1c:3f:da:06:82:a6:
                    e0:29:f1:1b:1f:ff:7c:2d:bd:96:2f:9f:a7:2f:75:
                    58:b2:bd:4d:6b:e4:33:3a:b3:2d:46:ab:cf:f3:53:
                    67:6a:11:9a:c6:23:9f:43:5a:3d:d6:0d:a9:0a:95:
                    83:24:c1:e0:3c:1d:ec:51:9d:bf:74:6b:47:4d:f4:
                    07:be:cd:e2:01:da:0e:92:0b:c0:95:f2:bf:4d:7c:
                    96:86:71:33:77:0f:cc:9b:67:26:b8:10:c4:9c:b3:
                    04:0a:8e:39:d4:ee:f7:bb:8c:16:2a:0b:6a:b4:37:
                    47:33:45:33:d2:04:d3:ea:41:30:c3:52:24:88:01:
                    f9:7b:b5:99:83:85:33:45:9d:93:cf:9c:61:15:a1:
                    d8:70:6c:85:b2:eb:70:e1:8b:b0:e9:40:8d:e2:3c:
                    18:75:d9:0a:08:7d:00:99:f1:6a:b2:f0:1f:96:17:
                    6c:53:9d:b3:d9:43:08:c5:84:66:53:80:08:3f:93:
                    e7:43:d1:d0:34:83:90:0c:a3:57:6e:99:27:7c:12:
                    62:cd:f8:bb:87:ec:e1:26:03:7e:7d:4e:c1:65:48:
                    b5:4a:82:5a:27:c9:3e:28:38:ee:5c:22:5e:8e:d0:
                    03:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:71:25:2D:FD:7C:4F:11:9B:6D:7B:C0:3D:94:06:75:83:FB:92:4C
            X509v3 Authority Key Identifier:
                keyid:05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/sHElLf18TxGbbXvAPZQGdYP7kkw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.245.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:c8:2e:d1:18:05:fc:51:f5:4d:22:9f:f3:7d:5a:6d:94:31:
         38:57:d1:d9:9f:6e:53:29:fe:00:f8:e7:7d:5b:4f:2a:c1:53:
         3a:f0:e6:19:67:fb:69:f2:69:dd:a6:92:53:8c:0e:3c:05:0b:
         e3:2d:46:3e:91:48:d5:cb:a9:6c:e5:bb:c4:6a:60:c8:35:a7:
         9f:86:77:a2:ae:c2:2b:ac:07:23:3c:bb:b6:c9:e0:52:38:58:
         d9:da:c2:37:88:cc:16:45:77:60:cc:5c:a4:f5:65:0f:67:79:
         71:19:e0:47:d9:be:a5:4d:2e:91:e9:ea:22:34:f4:93:c7:8f:
         66:fa:ec:c8:be:c6:45:f4:9c:b0:0f:9c:d5:55:86:96:c2:37:
         03:56:e0:c0:4b:2e:5c:43:ec:ff:61:5f:20:24:32:e9:6c:b0:
         bc:82:e3:44:1d:89:8a:3d:42:25:4e:4e:73:7d:b4:e6:4a:97:
         52:48:8b:08:39:d5:c4:33:c4:b1:21:57:e5:d2:c0:6b:41:1c:
         b8:54:3d:75:80:8f:bd:c7:cf:4f:ba:76:13:93:ca:c4:78:09:
         89:45:9f:5e:4e:9b:a1:12:3c:b6:06:32:fe:cb:ce:27:7d:58:
         bc:ea:32:35:42:87:7f:56:92:b6:3f:be:ca:9a:06:06:ec:f6:
         4e:dc:88:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2GnSqajGtwCUquha7LfWaBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZjNlMTYwMTcyZWNjNzVjOGNhYjFiYWUyNzFiZTNlYmY0
MDdhODAwHhcNMjYwNDEzMTEzMjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDcxMjUyZGZkN2M0ZjExOWI2ZDdiYzAzZDk0MDY3NTgzZmI5MjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2nYK3YsZogBv90TniM21OXXG/Ww+
IE4cP9oGgqbgKfEbH/98Lb2WL5+nL3VYsr1Na+QzOrMtRqvP81NnahGaxiOfQ1o9
1g2pCpWDJMHgPB3sUZ2/dGtHTfQHvs3iAdoOkgvAlfK/TXyWhnEzdw/Mm2cmuBDE
nLMECo451O73u4wWKgtqtDdHM0Uz0gTT6kEww1IkiAH5e7WZg4UzRZ2Tz5xhFaHY
cGyFsutw4Yuw6UCN4jwYddkKCH0AmfFqsvAflhdsU52z2UMIxYRmU4AIP5PnQ9HQ
NIOQDKNXbpknfBJizfi7h+zhJgN+fU7BZUi1SoJaJ8k+KDjuXCJejtADbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLBxJS39fE8Rm217wD2UBnWD+5JMMB8GA1UdIwQY
MBaAFAXz4WAXLsx1yMqxuuJxvj6/QHqAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0Nzkt
NWQ1NjA5ODljZjdiLzEvc0hFbExmMThUeEdiYlh2QVBaUUdkWVA3a2t3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0NzktNWQ1NjA5ODljZjdi
LzEvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU/U9MA0G
CSqGSIb3DQEBCwUAA4IBAQBkyC7RGAX8UfVNIp/zfVptlDE4V9HZn25TKf4A+Od9
W08qwVM68OYZZ/tp8mndppJTjA48BQvjLUY+kUjVy6ls5bvEamDINaefhneirsIr
rAcjPLu2yeBSOFjZ2sI3iMwWRXdgzFyk9WUPZ3lxGeBH2b6lTS6R6eoiNPSTx49m
+uzIvsZF9JywD5zVVYaWwjcDVuDASy5cQ+z/YV8gJDLpbLC8guNEHYmKPUIlTk5z
fbTmSpdSSIsIOdXEM8SxIVfl0sBrQRy4VD11gI+9x89PunYTk8rEeAmJRZ9eTpuh
Ejy2BjL+y84nfVi86jI1Qod/VpK2P77KmgYG7PZO3IjP
-----END CERTIFICATE-----