Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/Mq-mUEFWUlYQLR9Q1TOKn44hQIg.roa
File:                     Mq-mUEFWUlYQLR9Q1TOKn44hQIg.roa (raw, json)
Hash identifier:          1b2depu8gD6fJwhzPUpGSrMletWb/nZZ5ISRNX0Cqhc=
Subject key identifier:   32:AF:A6:50:41:56:52:56:10:2D:1F:50:D5:33:8A:9F:8E:21:40:88
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       019E15538BA3655D8D12DFA145538771C465
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/Mq-mUEFWUlYQLR9Q1TOKn44hQIg.roa
Signing time:             Mon 11 May 2026 04:37:37 +0000
ROA not before:           Mon 11 May 2026 04:37:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203874
IP address blocks:        45.146.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:15:53:8b:a3:65:5d:8d:12:df:a1:45:53:87:71:c4:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: May 11 04:37:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=32afa65041565256102d1f50d5338a9f8e214088
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:69:0e:cf:4c:2e:3f:a1:4a:f4:81:a8:88:3a:
                    9f:df:5b:6e:2a:a7:4c:b3:83:2d:28:de:7d:6b:dc:
                    8f:af:d0:53:61:f0:26:a4:4f:cc:59:ae:3f:7a:79:
                    65:7c:47:04:75:99:af:76:b9:8e:f0:8d:c9:a8:7b:
                    1a:8b:3b:80:22:18:84:b8:d7:16:3c:b3:87:20:45:
                    13:24:1b:0c:fb:a7:a6:5a:a2:d3:14:99:f6:10:2d:
                    41:70:05:76:69:81:0c:79:09:c1:2a:04:7a:d6:67:
                    7a:59:b3:af:3a:5d:80:6c:94:e4:20:36:fe:78:58:
                    fd:70:9e:04:f1:76:3d:fa:2c:6c:d3:6f:90:76:a8:
                    45:bb:ee:ff:14:8f:1a:f6:db:3c:cf:c6:df:1f:ed:
                    07:a9:e9:2a:47:3c:0f:75:a4:f7:7f:cb:25:15:db:
                    2b:28:26:17:6c:cb:ea:ea:b0:7d:d9:35:6b:f9:ed:
                    d4:96:50:83:cd:76:c8:16:51:58:a8:cc:ab:ef:93:
                    ec:e8:78:be:36:ed:72:ad:7a:c4:d0:0b:7b:46:91:
                    d1:1a:b4:50:2b:11:53:bf:a7:ce:fc:f8:8b:ba:43:
                    f9:f5:f7:13:25:09:ce:9d:88:0a:0d:1b:cf:f8:d6:
                    2a:05:2a:03:1e:9a:25:63:ef:b2:33:1c:ca:20:5a:
                    97:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:AF:A6:50:41:56:52:56:10:2D:1F:50:D5:33:8A:9F:8E:21:40:88
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/Mq-mUEFWUlYQLR9Q1TOKn44hQIg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:23:4d:44:3a:d3:4a:06:ac:f4:22:c6:eb:8e:29:f2:80:c0:
         ff:51:58:a3:4f:53:7e:c2:59:61:9f:e6:65:ce:b2:fe:29:55:
         18:b0:c1:99:00:7d:5f:ea:f3:fb:6f:cb:3c:53:6a:d3:62:c3:
         30:9a:58:b6:d7:3d:e0:05:ef:f2:22:1a:57:65:8e:2b:1c:a5:
         16:52:78:49:c9:23:3e:b7:22:14:6c:27:36:f0:af:b1:97:a1:
         48:5c:da:f8:45:30:2c:1d:43:12:3c:f9:6b:c2:e9:ec:24:f9:
         e4:d2:9f:93:b2:af:3c:8e:95:37:80:77:7a:f6:f3:60:08:9f:
         4a:df:51:c7:c2:ff:c6:36:ed:28:b5:8f:cc:d5:c6:9f:03:1f:
         ee:f6:d1:e2:c9:a7:ad:ec:88:a2:40:86:b6:5c:64:90:8b:40:
         e2:65:22:f8:42:30:9a:09:07:55:b8:5d:60:2f:76:7f:ec:a5:
         0d:b1:6d:52:09:f8:2f:c2:a6:f7:88:68:48:53:e0:f7:bf:90:
         0d:c6:73:78:7d:65:ca:58:ed:a7:09:af:fb:15:88:ff:b1:05:
         ce:cc:a6:43:79:ba:7f:ef:49:26:25:c3:f7:28:6c:14:b8:97:
         d1:5a:05:c7:f2:c4:8b:d2:e3:1d:27:1b:9a:e4:7c:60:d4:4a:
         4d:f1:87:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4VU4ujZV2NEt+hRVOHccRlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjYwNTExMDQzNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmFmYTY1MDQxNTY1MjU2MTAyZDFmNTBkNTMzOGE5ZjhlMjE0MDg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkWkOz0wuP6FK9IGoiDqf31tuKqdM
s4MtKN59a9yPr9BTYfAmpE/MWa4/enllfEcEdZmvdrmO8I3JqHsaizuAIhiEuNcW
PLOHIEUTJBsM+6emWqLTFJn2EC1BcAV2aYEMeQnBKgR61md6WbOvOl2AbJTkIDb+
eFj9cJ4E8XY9+ixs02+QdqhFu+7/FI8a9ts8z8bfH+0HqekqRzwPdaT3f8slFdsr
KCYXbMvq6rB92TVr+e3UllCDzXbIFlFYqMyr75Ps6Hi+Nu1yrXrE0At7RpHRGrRQ
KxFTv6fO/PiLukP59fcTJQnOnYgKDRvP+NYqBSoDHpolY++yMxzKIFqXYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDKvplBBVlJWEC0fUNUzip+OIUCIMB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEvTXEtbVVFRldVbFlRTFI5UTFUT0tuNDRoUUlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZLIMA0G
CSqGSIb3DQEBCwUAA4IBAQBQI01EOtNKBqz0IsbrjinygMD/UVijT1N+wllhn+Zl
zrL+KVUYsMGZAH1f6vP7b8s8U2rTYsMwmli21z3gBe/yIhpXZY4rHKUWUnhJySM+
tyIUbCc28K+xl6FIXNr4RTAsHUMSPPlrwunsJPnk0p+Tsq88jpU3gHd69vNgCJ9K
31HHwv/GNu0otY/M1cafAx/u9tHiyaet7IiiQIa2XGSQi0DiZSL4QjCaCQdVuF1g
L3Z/7KUNsW1SCfgvwqb3iGhIU+D3v5ANxnN4fWXKWO2nCa/7FYj/sQXOzKZDebp/
70kmJcP3KGwUuJfRWgXH8sSL0uMdJxua5Hxg1EpN8Yfc
-----END CERTIFICATE-----