Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/01db82-4172-4405-ab55-0086d02385d6/1/PHk_vBlGAMsxS-MnrekIlyqTI-4.roa
File:                     PHk_vBlGAMsxS-MnrekIlyqTI-4.roa (raw, json)
Hash identifier:          DfXZCDYGxK8xf8JFedzWYQFF9T3pi36VwRR9xAmGXEk=
Subject key identifier:   3C:79:3F:BC:19:46:00:CB:31:4B:E3:27:AD:E9:08:97:2A:93:23:EE
Certificate issuer:       /CN=2a4472336c9d02a488cdd77534d65fb1465ec09a
Certificate serial:       019CE1884813EBC6F05E64D2149813E67C6E
Authority key identifier: 2A:44:72:33:6C:9D:02:A4:88:CD:D7:75:34:D6:5F:B1:46:5E:C0:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KkRyM2ydAqSIzdd1NNZfsUZewJo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/01db82-4172-4405-ab55-0086d02385d6/1/PHk_vBlGAMsxS-MnrekIlyqTI-4.roa
Signing time:             Thu 12 Mar 2026 10:12:10 +0000
ROA not before:           Thu 12 Mar 2026 10:12:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51048
IP address blocks:        45.88.25.0/24 maxlen: 24
                          45.88.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/01db82-4172-4405-ab55-0086d02385d6/1/KkRyM2ydAqSIzdd1NNZfsUZewJo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/01db82-4172-4405-ab55-0086d02385d6/1/KkRyM2ydAqSIzdd1NNZfsUZewJo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KkRyM2ydAqSIzdd1NNZfsUZewJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e1:88:48:13:eb:c6:f0:5e:64:d2:14:98:13:e6:7c:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a4472336c9d02a488cdd77534d65fb1465ec09a
        Validity
            Not Before: Mar 12 10:12:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3c793fbc194600cb314be327ade908972a9323ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:e8:36:ac:4b:0f:d4:21:0b:8a:1f:cb:24:48:
                    8f:1d:2e:ca:31:68:37:54:ce:67:59:80:01:74:4c:
                    ff:02:a8:c4:97:73:fa:96:a2:7c:ae:b1:a7:1c:28:
                    48:4b:2d:e8:5e:76:ac:71:52:56:b3:83:0b:82:de:
                    87:02:f5:b1:3a:8e:a0:b8:d6:39:d6:c8:6a:b2:d1:
                    6b:16:17:e8:d3:61:88:f1:78:78:a6:cb:fb:be:cb:
                    44:0a:6c:af:1c:2b:98:ab:8f:99:de:61:f0:db:b1:
                    82:2c:6c:cb:94:52:47:a1:4e:f2:c6:1c:87:30:b0:
                    27:ef:59:6e:d5:0f:f7:08:15:5d:9c:e6:e0:0a:1a:
                    58:d4:d5:93:40:7d:37:6b:8a:c0:8b:16:91:eb:91:
                    ad:88:bb:f2:9e:8c:47:82:47:e6:3f:ed:5a:73:da:
                    3f:97:4e:02:91:66:b0:90:7f:ef:da:d9:8d:55:98:
                    e5:66:b8:5e:4b:fc:30:d8:9a:8a:24:67:ed:98:8d:
                    77:ec:05:65:20:03:bc:f5:6d:8c:3f:b6:36:ec:65:
                    87:b2:f9:8f:d6:83:27:da:18:14:e7:d8:4b:9a:fa:
                    a6:a0:48:17:2e:71:59:33:b9:50:5c:ef:8e:42:c4:
                    16:bb:44:2c:2f:c3:38:e4:3d:07:6f:02:25:64:ce:
                    d5:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:79:3F:BC:19:46:00:CB:31:4B:E3:27:AD:E9:08:97:2A:93:23:EE
            X509v3 Authority Key Identifier:
                keyid:2A:44:72:33:6C:9D:02:A4:88:CD:D7:75:34:D6:5F:B1:46:5E:C0:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KkRyM2ydAqSIzdd1NNZfsUZewJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/01db82-4172-4405-ab55-0086d02385d6/1/PHk_vBlGAMsxS-MnrekIlyqTI-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/01db82-4172-4405-ab55-0086d02385d6/1/KkRyM2ydAqSIzdd1NNZfsUZewJo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.25.0/24
                  45.88.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:fe:e1:4b:cb:54:69:20:fd:03:4c:aa:99:b9:66:90:65:f5:
         e6:24:c5:69:59:72:30:1b:5a:eb:da:37:fc:35:ee:fb:b3:b2:
         e8:54:08:88:59:74:ab:f0:13:01:2d:e0:cf:9a:ff:4a:c8:2b:
         af:5e:64:e2:77:55:c5:6e:54:aa:49:64:cb:40:9a:d4:6f:68:
         bd:7c:6e:1a:b7:62:11:8b:c1:47:fe:4e:15:98:09:e6:07:0a:
         5c:11:7c:06:c5:be:92:34:b5:3e:ae:78:30:0c:01:11:3b:2f:
         dd:34:0c:75:43:ea:d3:08:af:70:0d:e7:2c:bf:96:f8:e9:2f:
         19:ac:9a:f9:d7:21:df:ab:7e:92:38:c8:8e:9a:c6:e7:b4:b5:
         e7:ba:25:7d:1e:2b:8c:1a:78:38:52:37:c4:31:85:d7:ed:a5:
         ed:f0:07:7e:6b:7a:a3:8b:70:0e:28:f1:53:07:ab:32:d5:a4:
         5c:1e:5b:48:b5:dd:9c:bc:37:25:78:90:25:39:26:aa:df:9b:
         91:6a:2a:c5:8c:54:19:8a:a2:85:b8:ad:09:92:3b:cd:89:25:
         7e:bf:a0:26:c5:80:0a:c6:40:95:a8:eb:db:06:34:e1:a3:f2:
         2c:bc:20:75:4b:55:a4:74:7a:6c:04:7c:c1:da:f8:58:b3:0a:
         b1:79:bb:eb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZzhiEgT68bwXmTSFJgT5nxuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhNDQ3MjMzNmM5ZDAyYTQ4OGNkZDc3NTM0ZDY1ZmIxNDY1
ZWMwOWEwHhcNMjYwMzEyMTAxMjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzc5M2ZiYzE5NDYwMGNiMzE0YmUzMjdhZGU5MDg5NzJhOTMyM2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ug2rEsP1CELih/LJEiPHS7KMWg3
VM5nWYABdEz/AqjEl3P6lqJ8rrGnHChISy3oXnascVJWs4MLgt6HAvWxOo6guNY5
1shqstFrFhfo02GI8Xh4psv7vstECmyvHCuYq4+Z3mHw27GCLGzLlFJHoU7yxhyH
MLAn71lu1Q/3CBVdnObgChpY1NWTQH03a4rAixaR65GtiLvynoxHgkfmP+1ac9o/
l04CkWawkH/v2tmNVZjlZrheS/ww2JqKJGftmI137AVlIAO89W2MP7Y27GWHsvmP
1oMn2hgU59hLmvqmoEgXLnFZM7lQXO+OQsQWu0QsL8M45D0HbwIlZM7V/QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDx5P7wZRgDLMUvjJ63pCJcqkyPuMB8GA1UdIwQY
MBaAFCpEcjNsnQKkiM3XdTTWX7FGXsCaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2tSeU0yeWRBcVNJemRkMU5OWmZzVVpld0pvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8wMWRiODItNDE3Mi00NDA1LWFiNTUt
MDA4NmQwMjM4NWQ2LzEvUEhrX3ZCbEdBTXN4Uy1NbnJla0lseXFUSS00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8wMWRiODItNDE3Mi00NDA1LWFiNTUtMDA4NmQwMjM4NWQ2
LzEvS2tSeU0yeWRBcVNJemRkMU5OWmZzVVpld0pvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVgZAwQA
LVgbMA0GCSqGSIb3DQEBCwUAA4IBAQAB/uFLy1RpIP0DTKqZuWaQZfXmJMVpWXIw
G1rr2jf8Ne77s7LoVAiIWXSr8BMBLeDPmv9KyCuvXmTid1XFblSqSWTLQJrUb2i9
fG4at2IRi8FH/k4VmAnmBwpcEXwGxb6SNLU+rngwDAEROy/dNAx1Q+rTCK9wDecs
v5b46S8ZrJr51yHfq36SOMiOmsbntLXnuiV9HiuMGng4UjfEMYXX7aXt8Ad+a3qj
i3AOKPFTB6sy1aRcHltItd2cvDcleJAlOSaq35uRairFjFQZiqKFuK0JkjvNiSV+
v6AmxYAKxkCVqOvbBjTho/IsvCB1S1WkdHpsBHzB2vhYswqxebvr
-----END CERTIFICATE-----