Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/1bmj8GONQQBKMf3s4Oxc-ZlfsBM.roa
File:                     1bmj8GONQQBKMf3s4Oxc-ZlfsBM.roa (raw, json)
Hash identifier:          wkPtMNp/SGcXYDsb9VbL+hkba8hGwB+mm04x9jIVPQo=
Subject key identifier:   D5:B9:A3:F0:63:8D:41:00:4A:31:FD:EC:E0:EC:5C:F9:99:5F:B0:13
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       019C1EF666B7C6900C2CD11712F167B00991
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/1bmj8GONQQBKMf3s4Oxc-ZlfsBM.roa
Signing time:             Mon 02 Feb 2026 15:26:30 +0000
ROA not before:           Mon 02 Feb 2026 15:26:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209456
IP address blocks:        45.74.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:1e:f6:66:b7:c6:90:0c:2c:d1:17:12:f1:67:b0:09:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: Feb  2 15:26:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d5b9a3f0638d41004a31fdece0ec5cf9995fb013
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:40:7e:7c:e3:92:dd:7e:67:57:2c:93:91:2a:
                    50:3d:53:36:8e:8a:0a:6e:79:10:18:76:7b:44:18:
                    9f:bb:1d:79:d0:a9:16:5d:23:8c:6b:d8:71:09:66:
                    69:d4:d1:bc:d5:2f:e5:ba:bc:76:89:38:92:35:f7:
                    3d:ea:30:16:4f:fb:43:0d:7d:2c:fe:d9:f3:4a:9f:
                    6f:3c:9b:ea:b6:b8:2c:a9:a9:85:60:c9:5f:13:02:
                    3b:0b:af:0a:e4:0c:fb:dc:bf:72:83:78:a1:f4:5d:
                    5c:3c:d6:39:a2:aa:78:72:23:21:cd:e1:7c:a2:57:
                    81:41:4d:ee:df:a1:fb:c2:79:aa:1d:67:41:40:2e:
                    32:b3:fa:68:7d:d0:e2:b0:7a:aa:3a:97:0e:b0:b0:
                    15:5d:49:1a:b6:c2:50:01:a7:72:c7:26:28:e5:e3:
                    f0:f6:e1:d0:c1:85:5b:8e:e8:90:5b:82:d9:e0:26:
                    60:c3:31:10:cd:0b:39:7a:bf:22:2c:d9:ca:6a:80:
                    f8:1b:fb:cb:04:b8:58:69:ce:fb:15:65:9c:72:14:
                    46:1f:8d:99:1d:17:7c:79:ad:12:6f:63:29:a4:96:
                    2a:45:a2:ae:9c:a6:15:af:6c:f0:49:bc:a4:63:84:
                    84:27:8a:21:bb:5c:e1:b6:1d:50:c0:1a:ec:b1:46:
                    8a:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:B9:A3:F0:63:8D:41:00:4A:31:FD:EC:E0:EC:5C:F9:99:5F:B0:13
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/1bmj8GONQQBKMf3s4Oxc-ZlfsBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.74.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:59:4a:a9:b1:44:26:ad:b2:7c:9d:6e:77:2e:00:54:03:44:
         af:65:06:02:7e:8e:55:a5:ff:fa:6c:e0:66:a0:87:87:e0:4a:
         4c:26:72:74:97:15:bd:0f:d1:ed:a2:b8:54:da:54:9e:bf:fc:
         d9:b1:22:50:21:76:f7:b7:de:03:3c:bd:96:84:4d:98:e7:b9:
         cb:18:da:d9:30:42:f1:1d:51:43:c0:bd:62:bb:09:c6:3c:70:
         3e:30:57:34:e8:0b:39:b4:b7:d9:7c:d8:95:a0:5e:a7:6a:df:
         28:a1:65:81:61:d5:40:73:42:99:c8:cb:33:df:da:e8:ee:80:
         bc:9c:88:3f:4d:0e:dd:fe:9f:cf:e1:e6:dc:91:09:9e:e6:bd:
         68:e8:47:87:f7:10:8b:4a:75:15:b1:1c:1f:7b:3b:fb:2f:d7:
         52:89:6f:64:13:37:6a:7a:9c:e6:1a:f5:34:ac:3a:a5:9c:bd:
         25:b9:8f:29:be:30:60:59:ab:39:16:51:86:5d:b7:76:08:09:
         07:a0:4c:e0:c0:b0:69:46:e4:15:ee:2e:4d:43:18:98:d4:df:
         92:c4:a2:32:da:2d:6a:45:5e:5e:bf:b6:6f:f2:23:64:ff:91:
         d0:c8:2f:7a:24:6a:8d:04:b4:62:fc:8e:d5:85:9c:bb:48:b5:
         43:fa:95:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwe9ma3xpAMLNEXEvFnsAmRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjYwMjAyMTUyNjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWI5YTNmMDYzOGQ0MTAwNGEzMWZkZWNlMGVjNWNmOTk5NWZiMDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0B+fOOS3X5nVyyTkSpQPVM2jooK
bnkQGHZ7RBifux150KkWXSOMa9hxCWZp1NG81S/lurx2iTiSNfc96jAWT/tDDX0s
/tnzSp9vPJvqtrgsqamFYMlfEwI7C68K5Az73L9yg3ih9F1cPNY5oqp4ciMhzeF8
oleBQU3u36H7wnmqHWdBQC4ys/pofdDisHqqOpcOsLAVXUkatsJQAadyxyYo5ePw
9uHQwYVbjuiQW4LZ4CZgwzEQzQs5er8iLNnKaoD4G/vLBLhYac77FWWcchRGH42Z
HRd8ea0Sb2MppJYqRaKunKYVr2zwSbykY4SEJ4ohu1zhth1QwBrssUaK0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNW5o/BjjUEASjH97ODsXPmZX7ATMB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvMWJtajhHT05RUUJLTWYzczRPeGMtWmxmc0JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUr1MA0G
CSqGSIb3DQEBCwUAA4IBAQBvWUqpsUQmrbJ8nW53LgBUA0SvZQYCfo5Vpf/6bOBm
oIeH4EpMJnJ0lxW9D9HtorhU2lSev/zZsSJQIXb3t94DPL2WhE2Y57nLGNrZMELx
HVFDwL1iuwnGPHA+MFc06As5tLfZfNiVoF6nat8ooWWBYdVAc0KZyMsz39ro7oC8
nIg/TQ7d/p/P4ebckQme5r1o6EeH9xCLSnUVsRwfezv7L9dSiW9kEzdqepzmGvU0
rDqlnL0luY8pvjBgWas5FlGGXbd2CAkHoEzgwLBpRuQV7i5NQxiY1N+SxKIy2i1q
RV5ev7Zv8iNk/5HQyC96JGqNBLRi/I7VhZy7SLVD+pUe
-----END CERTIFICATE-----