Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/O-i1rC1f7BE3Y8fLVkNpebeGeGs.roa
File:                     O-i1rC1f7BE3Y8fLVkNpebeGeGs.roa (raw, json)
Hash identifier:          bCqBB+ncUGUt72TM8p8OBDdOP6g9yB8O/RTZw31zEF8=
Subject key identifier:   3B:E8:B5:AC:2D:5F:EC:11:37:63:C7:CB:56:43:69:79:B7:86:78:6B
Certificate issuer:       /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial:       019CF6580604A59EE841B01CA901C58FCA55
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/O-i1rC1f7BE3Y8fLVkNpebeGeGs.roa
Signing time:             Mon 16 Mar 2026 11:11:29 +0000
ROA not before:           Mon 16 Mar 2026 11:11:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57844
IP address blocks:        45.83.182.0/24 maxlen: 24
                          139.28.72.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f6:58:06:04:a5:9e:e8:41:b0:1c:a9:01:c5:8f:ca:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
        Validity
            Not Before: Mar 16 11:11:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3be8b5ac2d5fec113763c7cb56436979b786786b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:c3:15:e1:3a:36:d3:14:d3:6e:31:51:5e:4c:
                    fa:30:d4:62:11:9f:88:f6:b0:49:fc:ce:fa:94:cd:
                    f2:d6:e8:7c:db:7b:29:40:53:60:71:c4:eb:25:8c:
                    54:a5:2e:db:84:50:18:52:90:04:e5:11:85:b9:da:
                    e8:2b:e7:d6:09:b1:63:b2:0d:8c:07:5c:04:a4:55:
                    29:4b:f7:45:10:12:b4:cf:01:c6:1a:0d:82:f5:72:
                    63:67:5b:a5:2c:66:34:a0:f9:9f:9c:ee:2f:c1:b0:
                    98:e1:88:e6:ad:0a:80:42:b1:9e:61:19:56:c5:9e:
                    17:20:be:f0:8b:00:9c:a1:f2:8c:d4:17:76:29:f0:
                    a6:c5:11:16:0d:2e:1f:f7:aa:2c:f0:2d:e3:b1:39:
                    2d:35:3d:15:41:af:de:01:a9:ee:0d:ad:ff:4c:2d:
                    42:d5:95:63:a2:bc:eb:e4:df:47:a2:2d:05:91:6f:
                    fd:c7:2e:2b:e0:22:ec:e1:5f:ac:dc:09:17:24:2a:
                    9b:4b:4c:c0:ad:c7:6f:b1:4b:f2:03:12:61:a5:fc:
                    f0:67:13:78:f8:b6:92:84:76:7b:c1:0e:76:fe:ed:
                    87:35:27:63:7d:b1:fb:aa:a2:37:3c:94:c2:f9:7b:
                    b1:6e:2a:a2:ef:8b:08:cf:bd:bb:e6:9a:04:1f:71:
                    a6:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:E8:B5:AC:2D:5F:EC:11:37:63:C7:CB:56:43:69:79:B7:86:78:6B
            X509v3 Authority Key Identifier:
                keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/O-i1rC1f7BE3Y8fLVkNpebeGeGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.182.0/24
                  139.28.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         68:68:87:06:d9:73:33:8c:0d:69:1b:90:de:19:3e:d4:c2:fc:
         51:56:b5:36:43:ec:96:6e:fd:6d:3e:dc:ff:2c:3c:a2:51:49:
         09:bb:ce:a5:1b:48:45:14:64:38:9a:76:31:9c:11:ed:7c:7d:
         d0:31:a3:91:52:59:6c:9d:52:be:bd:ba:fd:55:15:42:d1:f1:
         7a:83:97:7a:b0:3e:67:ad:fc:47:74:c9:5a:46:a6:63:34:7e:
         ed:f6:bb:de:d2:4b:95:dd:5a:70:43:e5:a6:d2:e3:44:67:3b:
         37:3f:fe:74:a3:f7:50:ff:23:5b:05:31:42:74:24:33:f8:fc:
         a5:44:a8:75:58:c1:82:50:fc:e2:89:a9:c2:91:ce:62:72:d7:
         71:0d:ce:db:40:f5:e2:a9:53:ff:fe:8b:a7:64:dd:a9:7d:83:
         dd:cb:33:86:00:30:a4:95:07:46:56:fe:d4:3e:49:1f:cd:10:
         c1:f9:42:7b:73:ae:4b:ad:dd:79:84:4b:f4:e6:5e:51:27:bb:
         c5:62:bc:49:75:c6:ab:81:3b:9b:0a:63:b3:35:fa:84:e7:0f:
         05:f0:28:c7:33:eb:11:bd:63:0a:90:a6:3a:50:f3:86:34:cd:
         ef:49:f3:e0:44:60:d3:90:fd:22:97:44:9d:8e:2c:ba:2a:eb:
         00:97:2a:c6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZz2WAYEpZ7oQbAcqQHFj8pVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjYwMzE2MTExMTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmU4YjVhYzJkNWZlYzExMzc2M2M3Y2I1NjQzNjk3OWI3ODY3ODZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkcMV4To20xTTbjFRXkz6MNRiEZ+I
9rBJ/M76lM3y1uh823spQFNgccTrJYxUpS7bhFAYUpAE5RGFudroK+fWCbFjsg2M
B1wEpFUpS/dFEBK0zwHGGg2C9XJjZ1ulLGY0oPmfnO4vwbCY4YjmrQqAQrGeYRlW
xZ4XIL7wiwCcofKM1Bd2KfCmxREWDS4f96os8C3jsTktNT0VQa/eAanuDa3/TC1C
1ZVjorzr5N9Hoi0FkW/9xy4r4CLs4V+s3AkXJCqbS0zArcdvsUvyAxJhpfzwZxN4
+LaShHZ7wQ52/u2HNSdjfbH7qqI3PJTC+Xuxbiqi74sIz7275poEH3GmTQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDvotawtX+wRN2PHy1ZDaXm3hnhrMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvTy1pMXJDMWY3QkUzWThmTFZrTnBlYmVHZUdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVO2AwQC
ixxIMA0GCSqGSIb3DQEBCwUAA4IBAQBoaIcG2XMzjA1pG5DeGT7UwvxRVrU2Q+yW
bv1tPtz/LDyiUUkJu86lG0hFFGQ4mnYxnBHtfH3QMaORUllsnVK+vbr9VRVC0fF6
g5d6sD5nrfxHdMlaRqZjNH7t9rve0kuV3VpwQ+Wm0uNEZzs3P/50o/dQ/yNbBTFC
dCQz+PylRKh1WMGCUPziianCkc5ictdxDc7bQPXiqVP//ounZN2pfYPdyzOGADCk
lQdGVv7UPkkfzRDB+UJ7c65Lrd15hEv05l5RJ7vFYrxJdcargTubCmOzNfqE5w8F
8CjHM+sRvWMKkKY6UPOGNM3vSfPgRGDTkP0il0Sdjiy6KusAlyrG
-----END CERTIFICATE-----