Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/dd394b-6bc4-4e47-b012-518f2c8f846b/1/wqH1Eu0Nagz4x3ByIPaww4OjY90.roa
File:                     wqH1Eu0Nagz4x3ByIPaww4OjY90.roa (raw, json)
Hash identifier:          ndCk0ZYQmCN0rN8uSUZdNlPR/tHVwKDPfY3qSmJpImo=
Subject key identifier:   C2:A1:F5:12:ED:0D:6A:0C:F8:C7:70:72:20:F6:B0:C3:83:A3:63:DD
Certificate issuer:       /CN=23329cb3abe4e940cfc62a20e2a6e2c28fc28329
Certificate serial:       019CE0D795ED6EC9609E51BFAA5A26345CFE
Authority key identifier: 23:32:9C:B3:AB:E4:E9:40:CF:C6:2A:20:E2:A6:E2:C2:8F:C2:83:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IzKcs6vk6UDPxiog4qbiwo_Cgyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/dd394b-6bc4-4e47-b012-518f2c8f846b/1/wqH1Eu0Nagz4x3ByIPaww4OjY90.roa
Signing time:             Thu 12 Mar 2026 06:59:10 +0000
ROA not before:           Thu 12 Mar 2026 06:59:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215620
IP address blocks:        45.15.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/dd394b-6bc4-4e47-b012-518f2c8f846b/1/IzKcs6vk6UDPxiog4qbiwo_Cgyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/dd394b-6bc4-4e47-b012-518f2c8f846b/1/IzKcs6vk6UDPxiog4qbiwo_Cgyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IzKcs6vk6UDPxiog4qbiwo_Cgyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e0:d7:95:ed:6e:c9:60:9e:51:bf:aa:5a:26:34:5c:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23329cb3abe4e940cfc62a20e2a6e2c28fc28329
        Validity
            Not Before: Mar 12 06:59:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c2a1f512ed0d6a0cf8c7707220f6b0c383a363dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:64:7f:e0:27:83:d1:f7:76:de:13:19:91:9c:
                    40:4a:60:aa:7b:0a:e4:e4:6f:5c:8c:c8:9f:22:80:
                    28:96:54:fd:61:79:14:6b:42:5a:cb:c1:5d:5e:21:
                    31:85:f6:4a:76:71:1a:13:8e:fd:b3:0d:a3:67:24:
                    dc:22:88:7a:ba:13:b4:45:03:14:22:2f:7b:8e:71:
                    62:7e:5d:29:0d:30:a7:1e:3a:50:38:cb:ef:3d:7a:
                    50:7f:4e:37:2a:2a:ad:36:1f:8b:d9:a5:03:ce:18:
                    10:fa:19:a6:ce:a5:b8:ce:d5:ad:18:ac:0d:51:62:
                    8e:6c:99:d0:df:bc:45:95:6b:ce:34:29:c4:a0:b9:
                    f4:64:83:18:87:46:8c:05:3b:30:57:2a:10:fb:cb:
                    cf:0d:3b:64:88:48:00:17:8a:60:a0:bd:ae:e1:12:
                    30:09:2d:d0:f2:b6:b1:3a:23:36:eb:76:2e:fc:8e:
                    6c:02:c9:7f:b2:7e:bc:56:5b:73:63:bc:dc:cf:de:
                    e9:d0:bf:57:b2:4e:7c:23:03:be:50:c7:62:9f:66:
                    22:7d:d5:9e:44:0d:61:24:5e:13:75:c5:8f:1f:34:
                    ef:c9:9e:f0:c7:4d:61:10:50:3d:92:83:cb:2b:7b:
                    b2:71:da:2c:29:be:d4:aa:64:10:09:e5:fe:06:5b:
                    f4:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:A1:F5:12:ED:0D:6A:0C:F8:C7:70:72:20:F6:B0:C3:83:A3:63:DD
            X509v3 Authority Key Identifier:
                keyid:23:32:9C:B3:AB:E4:E9:40:CF:C6:2A:20:E2:A6:E2:C2:8F:C2:83:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IzKcs6vk6UDPxiog4qbiwo_Cgyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/dd394b-6bc4-4e47-b012-518f2c8f846b/1/wqH1Eu0Nagz4x3ByIPaww4OjY90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/dd394b-6bc4-4e47-b012-518f2c8f846b/1/IzKcs6vk6UDPxiog4qbiwo_Cgyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:30:c1:bd:ba:0c:fd:7a:4b:37:10:c4:c8:e0:ae:1a:6d:4f:
         44:62:5c:d0:00:fb:37:77:82:70:6e:bc:38:94:c2:2e:29:e7:
         24:58:fa:85:b1:a3:c5:35:5b:66:7f:d5:25:d6:3a:9a:14:79:
         e0:3f:3f:83:d7:a4:2d:1f:b3:84:0f:93:f8:eb:d6:6e:bf:aa:
         bc:7d:b4:24:48:1a:35:36:c9:21:b1:05:6f:32:a4:6c:31:46:
         88:65:a4:d3:e2:0a:18:b0:40:52:9f:93:9d:20:b9:66:fe:84:
         1e:2f:55:92:cf:fb:4d:51:bf:31:7c:d5:2b:76:29:22:3b:ac:
         a4:bf:3e:31:de:2f:cf:a6:0d:30:f7:32:a6:ce:41:b1:47:86:
         96:70:64:dc:90:8e:bd:1d:cd:24:b5:2a:3f:99:aa:4b:0e:c5:
         0a:07:84:08:50:ff:9e:af:ab:a1:0c:54:e1:5c:c0:3c:52:88:
         65:1a:70:7b:60:0c:41:e7:40:62:4f:16:e5:f9:1e:68:b2:8f:
         57:c2:58:0a:6b:e7:8b:52:65:55:44:1b:95:03:79:4b:77:38:
         dd:93:2d:c2:08:05:aa:75:ff:55:61:05:16:58:e3:e7:ea:f4:
         38:12:5b:6e:63:3f:62:51:61:e3:a1:90:1d:5a:1d:98:27:d5:
         22:50:a7:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzg15XtbslgnlG/qlomNFz+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMzI5Y2IzYWJlNGU5NDBjZmM2MmEyMGUyYTZlMmMyOGZj
MjgzMjkwHhcNMjYwMzEyMDY1OTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmExZjUxMmVkMGQ2YTBjZjhjNzcwNzIyMGY2YjBjMzgzYTM2M2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2R/4CeD0fd23hMZkZxASmCqewrk
5G9cjMifIoAollT9YXkUa0Jay8FdXiExhfZKdnEaE479sw2jZyTcIoh6uhO0RQMU
Ii97jnFifl0pDTCnHjpQOMvvPXpQf043KiqtNh+L2aUDzhgQ+hmmzqW4ztWtGKwN
UWKObJnQ37xFlWvONCnEoLn0ZIMYh0aMBTswVyoQ+8vPDTtkiEgAF4pgoL2u4RIw
CS3Q8raxOiM263Yu/I5sAsl/sn68VltzY7zcz97p0L9Xsk58IwO+UMdin2YifdWe
RA1hJF4TdcWPHzTvyZ7wx01hEFA9koPLK3uycdosKb7UqmQQCeX+Blv0HQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMKh9RLtDWoM+MdwciD2sMODo2PdMB8GA1UdIwQY
MBaAFCMynLOr5OlAz8YqIOKm4sKPwoMpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXpLY3M2dms2VURQeGlvZzRxYml3b19DZ3lrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9kZDM5NGItNmJjNC00ZTQ3LWIwMTIt
NTE4ZjJjOGY4NDZiLzEvd3FIMUV1ME5hZ3o0eDNCeUlQYXd3NE9qWTkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9kZDM5NGItNmJjNC00ZTQ3LWIwMTItNTE4ZjJjOGY4NDZi
LzEvSXpLY3M2dms2VURQeGlvZzRxYml3b19DZ3lrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ8pMA0G
CSqGSIb3DQEBCwUAA4IBAQCiMMG9ugz9eks3EMTI4K4abU9EYlzQAPs3d4Jwbrw4
lMIuKeckWPqFsaPFNVtmf9Ul1jqaFHngPz+D16QtH7OED5P469Zuv6q8fbQkSBo1
NskhsQVvMqRsMUaIZaTT4goYsEBSn5OdILlm/oQeL1WSz/tNUb8xfNUrdikiO6yk
vz4x3i/Ppg0w9zKmzkGxR4aWcGTckI69Hc0ktSo/mapLDsUKB4QIUP+er6uhDFTh
XMA8UohlGnB7YAxB50BiTxbl+R5oso9XwlgKa+eLUmVVRBuVA3lLdzjdky3CCAWq
df9VYQUWWOPn6vQ4EltuYz9iUWHjoZAdWh2YJ9UiUKcX
-----END CERTIFICATE-----