Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/YXUp7zooWjQNk0SCQ3XjU1WJ4p0.roa
File:                     YXUp7zooWjQNk0SCQ3XjU1WJ4p0.roa (raw, json)
Hash identifier:          H3xsqFycou2fUIkaAZhvKohZiXJw23DIcMEfjOBghak=
Subject key identifier:   61:75:29:EF:3A:28:5A:34:0D:93:44:82:43:75:E3:53:55:89:E2:9D
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       019E15538B0643A17122518C2535F2D2543C
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/YXUp7zooWjQNk0SCQ3XjU1WJ4p0.roa
Signing time:             Mon 11 May 2026 04:37:36 +0000
ROA not before:           Mon 11 May 2026 04:37:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        45.146.200.0/23 maxlen: 23
                          45.146.202.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:15:53:8b:06:43:a1:71:22:51:8c:25:35:f2:d2:54:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: May 11 04:37:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=617529ef3a285a340d9344824375e3535589e29d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ca:c2:e2:73:aa:4a:9b:19:e7:85:dd:3a:00:
                    88:01:55:3d:33:59:b7:5b:8c:d0:31:95:ca:1d:82:
                    9a:41:4c:d5:db:eb:b9:b8:ee:6f:8c:46:33:e3:3f:
                    a8:1f:ec:dd:bb:6f:90:a8:77:4f:3b:0d:40:13:76:
                    2f:13:8a:ca:8e:29:50:08:0c:b2:8f:06:7c:e5:b6:
                    d4:19:3a:9a:af:9c:13:1a:29:4b:24:83:06:2e:6c:
                    01:d2:1c:c2:20:2e:07:64:a5:0c:0a:f7:d6:42:3d:
                    12:4c:14:a7:f3:a6:28:f5:f8:c9:2b:77:0b:d6:d2:
                    d1:cc:49:26:03:a5:b0:fb:e0:fb:52:c6:85:13:cd:
                    25:ad:24:d6:68:c0:de:98:23:fc:d2:2c:6f:3c:4e:
                    21:27:7f:1b:bf:e5:f4:6f:a7:72:8c:4d:67:7c:7c:
                    27:ff:c2:79:31:f8:b1:f6:db:97:f1:3f:26:25:f6:
                    3d:0c:e1:e5:32:01:ae:69:46:4e:61:9c:14:40:64:
                    6d:37:5d:c7:c8:86:32:d6:50:c5:79:91:34:3c:fb:
                    6a:9c:fa:29:15:a5:e3:f0:19:3d:e9:90:9e:6c:f8:
                    a6:b5:11:f5:b2:8d:45:08:22:0c:3e:8e:41:bc:56:
                    15:a7:95:51:ab:f8:0b:cb:69:0f:3b:12:ea:6e:60:
                    9a:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:75:29:EF:3A:28:5A:34:0D:93:44:82:43:75:E3:53:55:89:E2:9D
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/YXUp7zooWjQNk0SCQ3XjU1WJ4p0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b9:8a:be:0a:5b:85:ef:79:8d:78:5e:9d:3a:55:30:13:e5:03:
         6a:94:13:a8:92:8d:c7:e6:8a:eb:09:06:0a:9d:dd:79:60:96:
         83:6d:1f:32:03:0c:c8:25:ac:7d:ab:30:54:05:cd:c0:cd:87:
         48:06:8d:60:54:aa:2c:58:1c:9b:65:1d:f3:0f:ea:48:e0:6b:
         3e:a8:43:73:4f:81:a1:56:5b:f4:8e:bb:6e:2a:dd:53:e2:ae:
         1c:e1:51:de:2b:4a:69:6d:32:4b:ad:28:94:94:42:7a:9e:b9:
         b4:09:f7:65:37:bd:47:0f:c5:76:d6:9a:41:98:c3:d1:32:4c:
         02:38:3b:16:17:40:50:52:a1:8f:7e:31:c1:c7:a4:5b:2a:0d:
         6a:32:8d:4e:c9:fb:c9:6c:2c:ba:c0:29:90:89:ce:a4:48:e1:
         c1:f9:b1:d1:e5:1f:6a:57:47:8d:14:4c:c9:c7:88:1e:c1:b9:
         55:06:5c:1e:86:21:57:11:cb:c2:40:f5:74:72:fb:d2:b4:85:
         9d:da:f0:d9:61:3f:14:31:3a:9d:78:39:fa:f2:36:77:a3:7d:
         df:09:b3:6e:c2:31:71:0d:7e:39:fc:e3:4a:b3:d3:c7:c8:f3:
         cf:0a:ef:1f:1e:89:23:80:e3:52:78:b3:1f:12:09:99:40:0a:
         f6:e3:91:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4VU4sGQ6FxIlGMJTXy0lQ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjYwNTExMDQzNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTc1MjllZjNhMjg1YTM0MGQ5MzQ0ODI0Mzc1ZTM1MzU1ODllMjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlcrC4nOqSpsZ54XdOgCIAVU9M1m3
W4zQMZXKHYKaQUzV2+u5uO5vjEYz4z+oH+zdu2+QqHdPOw1AE3YvE4rKjilQCAyy
jwZ85bbUGTqar5wTGilLJIMGLmwB0hzCIC4HZKUMCvfWQj0STBSn86Yo9fjJK3cL
1tLRzEkmA6Ww++D7UsaFE80lrSTWaMDemCP80ixvPE4hJ38bv+X0b6dyjE1nfHwn
/8J5Mfix9tuX8T8mJfY9DOHlMgGuaUZOYZwUQGRtN13HyIYy1lDFeZE0PPtqnPop
FaXj8Bk96ZCebPimtRH1so1FCCIMPo5BvFYVp5VRq/gLy2kPOxLqbmCaVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGF1Ke86KFo0DZNEgkN141NVieKdMB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEvWVhVcDd6b29XalFOazBTQ1EzWGpVMVdKNHAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZLIMA0G
CSqGSIb3DQEBCwUAA4IBAQC5ir4KW4XveY14Xp06VTAT5QNqlBOoko3H5orrCQYK
nd15YJaDbR8yAwzIJax9qzBUBc3AzYdIBo1gVKosWBybZR3zD+pI4Gs+qENzT4Gh
Vlv0jrtuKt1T4q4c4VHeK0ppbTJLrSiUlEJ6nrm0CfdlN71HD8V21ppBmMPRMkwC
ODsWF0BQUqGPfjHBx6RbKg1qMo1OyfvJbCy6wCmQic6kSOHB+bHR5R9qV0eNFEzJ
x4gewblVBlwehiFXEcvCQPV0cvvStIWd2vDZYT8UMTqdeDn68jZ3o33fCbNuwjFx
DX45/ONKs9PHyPPPCu8fHokjgONSeLMfEgmZQAr245Fp
-----END CERTIFICATE-----