Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/8EH8XojvTl59fMj28V15lI3rA6o.roa
File:                     8EH8XojvTl59fMj28V15lI3rA6o.roa (raw, json)
Hash identifier:          i/MZ1nWymwFA/vv9I9GDpd/nHPWEr35DQR2JO9bzttA=
Subject key identifier:   F0:41:FC:5E:88:EF:4E:5E:7D:7C:C8:F6:F1:5D:79:94:8D:EB:03:AA
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       019CCC66AD56BB4F3E5BA82B64E5DEAE91E7
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/8EH8XojvTl59fMj28V15lI3rA6o.roa
Signing time:             Sun 08 Mar 2026 07:43:26 +0000
ROA not before:           Sun 08 Mar 2026 07:43:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402044
IP address blocks:        45.145.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:cc:66:ad:56:bb:4f:3e:5b:a8:2b:64:e5:de:ae:91:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: Mar  8 07:43:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f041fc5e88ef4e5e7d7cc8f6f15d79948deb03aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:a7:f0:4e:11:89:9d:d8:eb:b4:ea:4a:58:99:
                    55:3b:90:78:ac:96:1d:f6:9f:06:99:e0:fc:c1:0f:
                    1a:21:9b:89:5d:38:f4:ad:9b:c7:bb:75:52:55:44:
                    34:8d:0f:d2:e6:0f:db:74:1b:d4:ab:7e:f3:4d:b1:
                    d5:0b:86:a6:e0:8d:37:97:66:af:e3:b6:d4:67:30:
                    76:f7:c4:e1:d4:eb:3f:4e:81:18:4a:62:12:0b:9b:
                    34:55:f1:18:8b:92:41:24:5f:30:05:d5:fa:b3:1b:
                    34:cd:d2:d7:3f:5a:b6:37:43:b5:97:89:0d:ca:bf:
                    f0:85:2c:0f:b8:2e:1d:5f:0e:58:4a:57:18:4d:ce:
                    0a:55:1b:a7:e8:66:a2:b6:da:64:4f:ec:38:87:08:
                    6f:aa:bb:f7:3e:78:18:84:e5:b2:c1:76:f4:9d:a0:
                    a9:8c:ce:b5:9f:65:b8:77:43:06:9c:22:6b:0d:14:
                    60:83:f8:f8:21:01:c5:53:71:b2:8e:c2:24:11:cb:
                    41:c7:8b:51:3c:2f:1a:75:22:b2:e8:a4:f2:64:42:
                    1a:1c:93:31:13:a8:79:40:15:37:4b:78:8d:bc:e5:
                    4d:fa:11:98:d4:66:62:a8:24:c3:81:fa:fa:bf:58:
                    19:0b:b5:cd:b1:a2:5a:23:4e:39:f6:7a:73:45:3d:
                    dc:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:41:FC:5E:88:EF:4E:5E:7D:7C:C8:F6:F1:5D:79:94:8D:EB:03:AA
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/8EH8XojvTl59fMj28V15lI3rA6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:52:1a:29:9b:0e:f0:07:c6:8c:8f:73:be:57:ea:24:a4:6e:
         dd:ff:12:5a:38:54:85:13:7d:8f:35:73:63:73:a9:7e:13:b5:
         14:d4:8e:ad:0c:dd:aa:9e:8f:e6:fd:18:02:49:12:e3:65:a3:
         25:8b:e4:1e:3a:2f:a4:c8:49:11:b5:e1:d9:5f:60:d7:75:50:
         fa:dc:80:06:71:91:a5:de:84:2f:7d:35:db:d5:54:5c:12:41:
         70:4f:4e:f3:92:9e:b7:4b:46:a9:77:53:c8:42:b7:94:80:af:
         df:27:c4:88:c2:6e:99:b2:a2:f9:12:f5:dd:39:85:c8:52:51:
         d2:7d:2e:b2:2d:73:e2:ed:89:af:69:bf:05:77:38:84:e4:78:
         7c:b2:58:24:41:ab:7d:a4:44:53:f5:a4:ba:da:c0:a0:13:aa:
         4a:92:70:7b:b8:6f:e8:49:7c:b6:34:2c:90:06:c0:60:55:4c:
         10:47:bd:02:85:43:d4:26:a2:b2:d0:b8:ed:fc:11:4a:7d:f4:
         ce:fd:f0:a0:95:da:02:05:cc:dc:e4:0f:9f:32:4c:98:31:30:
         4c:7c:25:38:40:e7:ae:43:ef:75:44:38:d0:a5:f6:39:80:74:
         2a:30:f2:5e:27:ce:57:80:4d:17:6a:ca:ed:f5:f8:89:d6:54:
         52:14:e5:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzMZq1Wu08+W6grZOXerpHnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjYwMzA4MDc0MzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDQxZmM1ZTg4ZWY0ZTVlN2Q3Y2M4ZjZmMTVkNzk5NDhkZWIwM2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzqfwThGJndjrtOpKWJlVO5B4rJYd
9p8GmeD8wQ8aIZuJXTj0rZvHu3VSVUQ0jQ/S5g/bdBvUq37zTbHVC4am4I03l2av
47bUZzB298Th1Os/ToEYSmISC5s0VfEYi5JBJF8wBdX6sxs0zdLXP1q2N0O1l4kN
yr/whSwPuC4dXw5YSlcYTc4KVRun6GaittpkT+w4hwhvqrv3PngYhOWywXb0naCp
jM61n2W4d0MGnCJrDRRgg/j4IQHFU3GyjsIkEctBx4tRPC8adSKy6KTyZEIaHJMx
E6h5QBU3S3iNvOVN+hGY1GZiqCTDgfr6v1gZC7XNsaJaI0459npzRT3ckwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPBB/F6I705efXzI9vFdeZSN6wOqMB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvOEVIOFhvanZUbDU5Zk1qMjhWMTVsSTNyQTZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQtMzMyNDdjOGUxYzFm
LzEvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZGZMA0G
CSqGSIb3DQEBCwUAA4IBAQA2Uhopmw7wB8aMj3O+V+okpG7d/xJaOFSFE32PNXNj
c6l+E7UU1I6tDN2qno/m/RgCSRLjZaMli+QeOi+kyEkRteHZX2DXdVD63IAGcZGl
3oQvfTXb1VRcEkFwT07zkp63S0apd1PIQreUgK/fJ8SIwm6ZsqL5EvXdOYXIUlHS
fS6yLXPi7Ymvab8FdziE5Hh8slgkQat9pERT9aS62sCgE6pKknB7uG/oSXy2NCyQ
BsBgVUwQR70ChUPUJqKy0Ljt/BFKffTO/fCgldoCBczc5A+fMkyYMTBMfCU4QOeu
Q+91RDjQpfY5gHQqMPJeJ85XgE0Xasrt9fiJ1lRSFOU6
-----END CERTIFICATE-----