Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/3pUEM8DyBmmeHFZmqd4fWqzdcYE.roa
File:                     3pUEM8DyBmmeHFZmqd4fWqzdcYE.roa (raw, json)
Hash identifier:          cJ7Mf/0HZ1KXKzAP4jZlmAoZSXzsllEtrLYKByPM+y4=
Subject key identifier:   DE:95:04:33:C0:F2:06:69:9E:1C:56:66:A9:DE:1F:5A:AC:DD:71:81
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019D01EE55F966BB5500376A3D850CB424B5
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/3pUEM8DyBmmeHFZmqd4fWqzdcYE.roa
Signing time:             Wed 18 Mar 2026 17:11:29 +0000
ROA not before:           Wed 18 Mar 2026 17:11:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     267823
IP address blocks:        45.80.81.0/24 maxlen: 24
                          45.80.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 21:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:01:ee:55:f9:66:bb:55:00:37:6a:3d:85:0c:b4:24:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Mar 18 17:11:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=de950433c0f206699e1c5666a9de1f5aacdd7181
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:27:96:c4:c5:8c:ca:7a:9a:ae:d9:9e:8a:04:
                    02:de:1d:51:0b:0c:2b:04:7a:f9:44:cf:9e:87:57:
                    1d:af:7a:f9:47:fb:45:d7:81:12:03:d4:e0:1a:26:
                    d7:88:3c:fd:e6:7e:55:18:26:fe:0b:5a:2b:63:1a:
                    56:72:a8:02:72:1b:2f:bd:e5:82:76:6c:e6:1e:ce:
                    a3:a7:06:28:3a:c4:8f:4c:cb:d6:e6:19:2b:d8:0c:
                    22:23:f9:86:e5:82:28:37:b8:f7:99:84:5b:54:41:
                    ed:30:30:c6:3f:2b:ad:e2:8e:b1:88:c0:9d:d2:6b:
                    70:ad:26:b0:94:f4:be:c5:00:26:d1:6f:5f:fd:6d:
                    9b:85:cd:d3:07:2a:a0:a4:70:4b:a0:3e:d9:15:e5:
                    9e:9d:07:51:b4:d6:ed:5a:f6:f3:8c:59:88:71:be:
                    2b:f3:2a:2e:f0:42:01:9a:27:15:59:66:96:40:59:
                    8d:50:ae:61:09:a9:53:43:38:12:25:8e:c5:ee:7a:
                    ff:cc:c5:70:5f:97:07:81:51:94:9b:15:cb:b4:96:
                    6f:ab:49:b0:e5:9e:3c:b6:cd:01:cf:72:79:77:02:
                    2c:e8:9b:3a:c9:a1:e6:a9:92:fb:53:bb:33:8e:d5:
                    11:0a:77:5e:44:7e:b7:1c:b8:d4:a2:46:e4:fc:50:
                    d9:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:95:04:33:C0:F2:06:69:9E:1C:56:66:A9:DE:1F:5A:AC:DD:71:81
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/3pUEM8DyBmmeHFZmqd4fWqzdcYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.81.0-45.80.82.255

    Signature Algorithm: sha256WithRSAEncryption
         b9:b3:10:c7:9e:9d:b8:67:1f:75:b2:24:12:30:61:02:29:c9:
         27:a3:75:3c:7d:a2:51:3c:22:74:21:e6:e8:14:e7:ec:8b:81:
         57:2a:5c:c5:fa:ea:eb:09:a9:f3:fe:6e:bc:b7:79:ef:79:98:
         74:b5:c5:0e:e6:75:27:50:2d:ec:48:e6:c2:a0:5c:4c:0d:d0:
         fa:4e:67:8c:38:e6:ad:fc:2f:5e:8f:4c:2b:82:55:e9:8b:0c:
         62:4a:13:50:fe:91:b7:9c:73:73:ce:dc:af:fe:2f:6d:05:56:
         d9:38:a4:14:48:80:be:31:fb:51:97:11:82:4b:b4:34:82:e4:
         52:6f:a5:27:6c:65:62:64:30:c4:a8:88:0e:88:bb:e3:7e:96:
         fb:e1:36:55:ad:80:ac:8e:69:50:8b:f0:40:10:ad:14:e2:4b:
         f3:1d:ce:fe:cf:e8:a4:9e:b3:8a:28:62:49:fc:cb:3f:6b:9f:
         3c:60:f2:cd:5b:3d:61:fa:13:8e:60:38:17:cf:d0:15:e7:2f:
         47:10:0c:c1:5d:6f:08:88:b1:83:03:63:33:ee:29:5b:5e:f6:
         fd:74:c5:7e:85:81:a2:0c:51:4e:c9:03:5e:08:c8:28:22:f5:
         dc:8d:ce:2c:e8:b2:03:38:88:d8:a5:d6:70:19:cc:5c:ee:d0:
         89:c5:91:68
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ0B7lX5ZrtVADdqPYUMtCS1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjYwMzE4MTcxMTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTk1MDQzM2MwZjIwNjY5OWUxYzU2NjZhOWRlMWY1YWFjZGQ3MTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSeWxMWMynqartmeigQC3h1RCwwr
BHr5RM+eh1cdr3r5R/tF14ESA9TgGibXiDz95n5VGCb+C1orYxpWcqgCchsvveWC
dmzmHs6jpwYoOsSPTMvW5hkr2AwiI/mG5YIoN7j3mYRbVEHtMDDGPyut4o6xiMCd
0mtwrSawlPS+xQAm0W9f/W2bhc3TByqgpHBLoD7ZFeWenQdRtNbtWvbzjFmIcb4r
8you8EIBmicVWWaWQFmNUK5hCalTQzgSJY7F7nr/zMVwX5cHgVGUmxXLtJZvq0mw
5Z48ts0Bz3J5dwIs6Js6yaHmqZL7U7szjtURCndeRH63HLjUokbk/FDZ3wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFN6VBDPA8gZpnhxWZqneH1qs3XGBMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvM3BVRU04RHlCbW1lSEZabXFkNGZXcXpkY1lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAtUFED
BAAtUFIwDQYJKoZIhvcNAQELBQADggEBALmzEMeenbhnH3WyJBIwYQIpySejdTx9
olE8InQh5ugU5+yLgVcqXMX66usJqfP+bry3ee95mHS1xQ7mdSdQLexI5sKgXEwN
0PpOZ4w45q38L16PTCuCVemLDGJKE1D+kbecc3PO3K/+L20FVtk4pBRIgL4x+1GX
EYJLtDSC5FJvpSdsZWJkMMSoiA6Iu+N+lvvhNlWtgKyOaVCL8EAQrRTiS/Mdzv7P
6KSes4ooYkn8yz9rnzxg8s1bPWH6E45gOBfP0BXnL0cQDMFdbwiIsYMDYzPuKVte
9v10xX6FgaIMUU7JA14IyCgi9dyNzizosgM4iNil1nAZzFzu0InFkWg=
-----END CERTIFICATE-----