Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/CT3vMjevN0fYRTlNcJsck0hB60Y.roa
File:                     CT3vMjevN0fYRTlNcJsck0hB60Y.roa (raw, json)
Hash identifier:          85AL/YEBSQNN6+KYNgUrlSLsBbfZxOy5uaLrLJGec+M=
Subject key identifier:   09:3D:EF:32:37:AF:37:47:D8:45:39:4D:70:9B:1C:93:48:41:EB:46
Certificate issuer:       /CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
Certificate serial:       019D251AAEF5E5F196233769AF9DA01C2004
Authority key identifier: F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/CT3vMjevN0fYRTlNcJsck0hB60Y.roa
Signing time:             Wed 25 Mar 2026 13:06:38 +0000
ROA not before:           Wed 25 Mar 2026 13:06:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59651
IP address blocks:        45.80.104.0/23 maxlen: 23
                          193.202.8.0/23 maxlen: 23
                          193.202.82.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 13:06:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:25:1a:ae:f5:e5:f1:96:23:37:69:af:9d:a0:1c:20:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
        Validity
            Not Before: Mar 25 13:06:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=093def3237af3747d845394d709b1c934841eb46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:7f:e4:b7:71:43:3c:95:7a:70:5e:c3:2e:e0:
                    18:78:0a:f4:04:76:11:23:d7:fb:22:b9:6e:10:ce:
                    23:f6:92:a3:62:7e:0b:7c:b2:36:82:82:8e:e6:37:
                    5e:1a:2b:08:21:8f:6a:78:fb:d5:d3:06:32:b0:fc:
                    76:cf:87:a3:bc:4a:ed:ad:67:4a:d5:05:1b:91:62:
                    81:bc:91:93:3b:ab:de:f6:08:15:d4:c2:ee:14:89:
                    03:4d:ff:b4:74:dd:70:e8:14:e0:89:4f:43:9b:5a:
                    ba:a3:79:5b:9b:1f:b4:d3:ad:c3:fa:79:13:cb:a0:
                    5d:10:af:56:8d:6e:6e:a9:01:69:99:90:95:9c:74:
                    27:f7:d0:d6:f6:ac:f1:eb:18:c8:62:b8:e9:01:2a:
                    a0:a1:99:4f:51:1f:8b:69:e8:cf:b3:b4:97:b8:c6:
                    85:c7:f5:63:13:05:b3:7d:32:5f:87:07:0c:f6:1a:
                    48:4e:49:f6:19:73:f3:b0:af:72:07:55:11:50:42:
                    f1:18:fc:b6:21:32:4e:0b:f2:37:ec:d8:88:8e:d3:
                    72:4e:c0:78:7c:7f:cd:a8:40:8e:8b:27:bf:48:2c:
                    5e:6d:2f:3f:f4:b6:d8:ef:e1:99:51:70:66:93:02:
                    23:42:c7:eb:d6:41:f5:01:13:c5:f0:08:07:19:7f:
                    81:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:3D:EF:32:37:AF:37:47:D8:45:39:4D:70:9B:1C:93:48:41:EB:46
            X509v3 Authority Key Identifier:
                keyid:F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/CT3vMjevN0fYRTlNcJsck0hB60Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.104.0/23
                  193.202.8.0/23
                  193.202.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         18:f3:9b:ac:3b:f0:5d:bb:38:44:2b:b6:18:97:4d:08:aa:b4:
         aa:99:a9:d1:a7:6c:30:b9:06:bd:2a:60:8d:01:29:d8:1c:d9:
         3d:01:ec:bc:f7:98:68:f7:ff:4b:73:cc:1c:7e:6a:7b:57:7e:
         07:ce:04:81:f6:53:a7:60:36:f0:a3:cf:4d:4b:86:55:72:3f:
         fa:63:7e:79:ff:8b:02:40:7b:67:b0:16:a9:53:4f:75:d1:a5:
         9a:5c:62:b1:a9:e1:9c:00:9c:a6:71:5d:b8:63:24:4b:53:88:
         34:73:44:b1:0c:72:04:2d:0d:90:8f:1b:b9:c8:c6:43:27:c4:
         c0:60:15:27:a1:4f:d2:08:63:54:9a:6b:43:c1:8c:86:73:84:
         d9:d6:b0:a9:1b:db:e5:f6:f1:c9:80:8c:f3:f5:1d:fc:38:76:
         66:e4:bd:37:34:2d:c2:d2:f4:ce:3a:59:52:00:9c:06:6b:af:
         50:16:17:16:4e:c1:e3:0e:63:bb:92:7e:4b:85:fa:6b:be:88:
         00:5e:e6:08:09:b0:7c:63:59:26:8e:cd:e0:4a:ab:67:f8:6e:
         ba:1f:8c:51:71:88:f0:db:b2:ab:6c:c6:5a:58:8b:34:0c:4e:
         93:cd:71:4a:4e:9d:73:1b:a9:5e:dd:a7:5b:8e:fa:ac:13:82:
         33:42:12:96
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ0lGq715fGWIzdpr52gHCAEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NjUxYjExOTRmMTJlOThlNzBkM2RhNzhlZmU0ZGQyNDY3
Y2Q0MjMwHhcNMjYwMzI1MTMwNjM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTNkZWYzMjM3YWYzNzQ3ZDg0NTM5NGQ3MDliMWM5MzQ4NDFlYjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArn/kt3FDPJV6cF7DLuAYeAr0BHYR
I9f7IrluEM4j9pKjYn4LfLI2goKO5jdeGisIIY9qePvV0wYysPx2z4ejvErtrWdK
1QUbkWKBvJGTO6ve9ggV1MLuFIkDTf+0dN1w6BTgiU9Dm1q6o3lbmx+0063D+nkT
y6BdEK9WjW5uqQFpmZCVnHQn99DW9qzx6xjIYrjpASqgoZlPUR+LaejPs7SXuMaF
x/VjEwWzfTJfhwcM9hpITkn2GXPzsK9yB1URUELxGPy2ITJOC/I37NiIjtNyTsB4
fH/NqECOiye/SCxebS8/9LbY7+GZUXBmkwIjQsfr1kH1ARPF8AgHGX+BMQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFAk97zI3rzdH2EU5TXCbHJNIQetGMB8GA1UdIwQY
MBaAFPhlGxGU8S6Y5w09p47+TdJGfNQjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1HVWJFWlR4THBqbkRUMm5qdjVOMGtaODFDTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjli
LWExYjdjZWVmYTE2Yy8xL0NUM3ZNamV2TjBmWVJUbE5jSnNjazBoQjYwWS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjliLWExYjdjZWVmYTE2
Yy8xLzEtR1ViRVpUeExwam5EVDJuanY1TjBrWjgxQ00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAEtUGgD
BAHByggDBAHBylIwDQYJKoZIhvcNAQELBQADggEBABjzm6w78F27OEQrthiXTQiq
tKqZqdGnbDC5Br0qYI0BKdgc2T0B7Lz3mGj3/0tzzBx+antXfgfOBIH2U6dgNvCj
z01LhlVyP/pjfnn/iwJAe2ewFqlTT3XRpZpcYrGp4ZwAnKZxXbhjJEtTiDRzRLEM
cgQtDZCPG7nIxkMnxMBgFSehT9IIY1Saa0PBjIZzhNnWsKkb2+X28cmAjPP1Hfw4
dmbkvTc0LcLS9M46WVIAnAZrr1AWFxZOweMOY7uSfkuF+mu+iABe5ggJsHxjWSaO
zeBKq2f4brofjFFxiPDbsqtsxlpYizQMTpPNcUpOnXMbqV7dp1uO+qwTgjNCEpY=
-----END CERTIFICATE-----