Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/RKC_1mqLXMIDbGkqZMEJrCSWeCo.roa
File:                     RKC_1mqLXMIDbGkqZMEJrCSWeCo.roa (raw, json)
Hash identifier:          PPGCCrSEwXx1Rr+8w142QOXo4ncdDGVM4h0k0e7qrm8=
Subject key identifier:   44:A0:BF:D6:6A:8B:5C:C2:03:6C:69:2A:64:C1:09:AC:24:96:78:2A
Certificate issuer:       /CN=9868a1992bb8037dde81d0c8cdc0695fcee17c27
Certificate serial:       019D00E87D39E72FEF620ACA32439D4EC525
Authority key identifier: 98:68:A1:99:2B:B8:03:7D:DE:81:D0:C8:CD:C0:69:5F:CE:E1:7C:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/RKC_1mqLXMIDbGkqZMEJrCSWeCo.roa
Signing time:             Wed 18 Mar 2026 12:25:29 +0000
ROA not before:           Wed 18 Mar 2026 12:25:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212477
IP address blocks:        45.15.208.0/24 maxlen: 32
                          45.15.210.0/24 maxlen: 32
                          45.84.59.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:00:e8:7d:39:e7:2f:ef:62:0a:ca:32:43:9d:4e:c5:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9868a1992bb8037dde81d0c8cdc0695fcee17c27
        Validity
            Not Before: Mar 18 12:25:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=44a0bfd66a8b5cc2036c692a64c109ac2496782a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:74:01:43:05:82:54:d1:50:2d:a2:e4:6d:d5:
                    a0:2b:34:c1:f6:81:61:99:4f:83:2a:13:cf:e2:c1:
                    54:1f:65:9c:cd:5d:5a:ed:8f:75:84:2d:88:20:91:
                    ce:dd:34:d4:e3:d7:08:d8:8a:8a:1d:ba:a9:8a:e1:
                    2f:ea:cd:dc:3c:f4:f8:cf:62:23:d9:62:d3:64:cc:
                    c2:07:bd:cb:d0:64:79:e5:ab:c9:8b:d4:b4:35:02:
                    7c:0f:80:2f:8b:de:ff:44:73:c2:30:3c:85:7a:94:
                    ed:da:86:81:a1:9d:4d:08:9f:2c:7a:b3:9c:3d:32:
                    d2:7a:8b:50:c1:23:a4:2a:48:5f:fd:36:61:05:61:
                    a9:74:01:60:21:73:87:46:5b:08:cd:dc:fe:76:67:
                    5d:5a:04:0b:d9:39:62:a0:55:42:cb:2d:44:10:f3:
                    0c:df:fa:23:f4:b1:49:2c:74:e2:36:a7:13:3e:5e:
                    be:e2:4b:d7:a4:be:4d:8d:f6:ee:50:5b:85:e5:1c:
                    88:58:bc:3c:0e:bb:4e:13:10:b6:c1:cc:56:4f:d5:
                    6e:82:81:1a:79:a2:ac:3e:a6:1d:d1:1a:9a:3b:27:
                    01:fe:f4:b3:9e:b3:5c:a1:77:7a:58:16:00:d4:2b:
                    2e:8b:6c:46:1d:fa:34:a2:03:4a:3a:a5:f3:a8:37:
                    72:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:A0:BF:D6:6A:8B:5C:C2:03:6C:69:2A:64:C1:09:AC:24:96:78:2A
            X509v3 Authority Key Identifier:
                keyid:98:68:A1:99:2B:B8:03:7D:DE:81:D0:C8:CD:C0:69:5F:CE:E1:7C:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/RKC_1mqLXMIDbGkqZMEJrCSWeCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.208.0/24
                  45.15.210.0/24
                  45.84.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d6:3a:b6:83:16:25:3f:95:d6:c9:d6:c6:1d:d2:0a:b6:7b:bb:
         e1:f7:7c:f7:05:25:86:dd:0f:68:92:23:a3:b2:8f:a8:0f:4f:
         be:e5:87:ee:dd:b4:be:8f:89:da:6b:c9:d4:26:cd:06:df:66:
         94:1f:b0:6d:0c:0e:86:8e:5f:19:88:0d:66:40:e5:53:7d:70:
         3a:11:c6:90:28:0b:2c:07:f2:4e:cc:81:30:2a:dd:b1:e6:bc:
         22:6c:f5:41:8f:ea:e4:17:40:60:dd:24:c4:a4:5b:2b:56:07:
         54:38:fd:3a:66:13:8a:87:54:78:04:7d:52:aa:c2:2a:dc:c6:
         c7:6e:fb:07:25:53:58:30:df:22:14:ae:af:4c:af:dd:c4:08:
         f8:7e:b9:7b:48:a9:8f:35:22:69:dc:8d:7f:84:96:88:4d:0a:
         43:1d:ca:af:47:88:b1:47:72:c8:44:23:79:ba:23:61:4f:25:
         a2:fb:21:df:64:c8:14:72:62:80:93:f5:3e:dc:29:bc:4d:95:
         bb:46:91:82:ed:5e:3e:06:36:b2:3c:10:a6:75:e6:e9:89:97:
         64:e4:31:2f:a6:69:3e:01:d1:5c:6c:0d:6e:b9:35:cb:54:8f:
         b7:48:c5:89:37:78:ff:39:e0:95:e5:4e:b3:8b:60:46:ea:76:
         25:1e:1a:cb
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ0A6H055y/vYgrKMkOdTsUlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NjhhMTk5MmJiODAzN2RkZTgxZDBjOGNkYzA2OTVmY2Vl
MTdjMjcwHhcNMjYwMzE4MTIyNTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGEwYmZkNjZhOGI1Y2MyMDM2YzY5MmE2NGMxMDlhYzI0OTY3ODJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1nQBQwWCVNFQLaLkbdWgKzTB9oFh
mU+DKhPP4sFUH2WczV1a7Y91hC2IIJHO3TTU49cI2IqKHbqpiuEv6s3cPPT4z2Ij
2WLTZMzCB73L0GR55avJi9S0NQJ8D4Avi97/RHPCMDyFepTt2oaBoZ1NCJ8serOc
PTLSeotQwSOkKkhf/TZhBWGpdAFgIXOHRlsIzdz+dmddWgQL2TlioFVCyy1EEPMM
3/oj9LFJLHTiNqcTPl6+4kvXpL5NjfbuUFuF5RyIWLw8DrtOExC2wcxWT9VugoEa
eaKsPqYd0RqaOycB/vSznrNcoXd6WBYA1Csui2xGHfo0ogNKOqXzqDdy1wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFESgv9Zqi1zCA2xpKmTBCawklngqMB8GA1UdIwQY
MBaAFJhooZkruAN93oHQyM3AaV/O4XwnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUdpaG1TdTRBMzNlZ2RESXpjQnBYODdoZkNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC82YjIyZTYtMzUyZi00ZTg4LTgyN2It
ZDc4ZDU2MzFkN2Y2LzEvUktDXzFtcUxYTUlEYkdrcVpNRUpyQ1NXZUNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC82YjIyZTYtMzUyZi00ZTg4LTgyN2ItZDc4ZDU2MzFkN2Y2
LzEvbUdpaG1TdTRBMzNlZ2RESXpjQnBYODdoZkNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALQ/QAwQA
LQ/SAwQALVQ7MA0GCSqGSIb3DQEBCwUAA4IBAQDWOraDFiU/ldbJ1sYd0gq2e7vh
93z3BSWG3Q9okiOjso+oD0++5Yfu3bS+j4naa8nUJs0G32aUH7BtDA6Gjl8ZiA1m
QOVTfXA6EcaQKAssB/JOzIEwKt2x5rwibPVBj+rkF0Bg3STEpFsrVgdUOP06ZhOK
h1R4BH1SqsIq3MbHbvsHJVNYMN8iFK6vTK/dxAj4frl7SKmPNSJp3I1/hJaITQpD
HcqvR4ixR3LIRCN5uiNhTyWi+yHfZMgUcmKAk/U+3Cm8TZW7RpGC7V4+BjayPBCm
debpiZdk5DEvpmk+AdFcbA1uuTXLVI+3SMWJN3j/OeCV5U6zi2BG6nYlHhrL
-----END CERTIFICATE-----