Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/Y1o82bE2-gHB1r-LJfG7FW6CDno.roa
File:                     Y1o82bE2-gHB1r-LJfG7FW6CDno.roa (raw, json)
Hash identifier:          M0bYY1tvqoKKPy6ihZHMLQgzM3Djtdt9R4G+PSmX6ng=
Subject key identifier:   63:5A:3C:D9:B1:36:FA:01:C1:D6:BF:8B:25:F1:BB:15:6E:82:0E:7A
Certificate issuer:       /CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
Certificate serial:       019DAF807E3B1A97298CB9D3C7F9C8FB7774
Authority key identifier: E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/Y1o82bE2-gHB1r-LJfG7FW6CDno.roa
Signing time:             Tue 21 Apr 2026 10:05:26 +0000
ROA not before:           Tue 21 Apr 2026 10:05:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198828
IP address blocks:        46.32.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:af:80:7e:3b:1a:97:29:8c:b9:d3:c7:f9:c8:fb:77:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
        Validity
            Not Before: Apr 21 10:05:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=635a3cd9b136fa01c1d6bf8b25f1bb156e820e7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:21:e6:4b:23:e6:e1:88:7e:db:9b:80:c8:b6:
                    f1:67:e9:e9:84:50:d5:4c:4f:10:46:78:d0:ee:5b:
                    de:b4:96:c0:cb:51:6e:69:e8:25:76:71:ea:e2:4b:
                    6b:93:84:af:fb:da:73:a2:6c:cc:dd:15:75:c5:b5:
                    25:87:20:34:1b:20:bd:66:f1:c4:4f:fb:3d:98:5f:
                    c9:0b:51:6c:fe:91:af:40:63:07:74:1d:25:68:b5:
                    4c:db:87:29:01:52:fb:73:17:b7:7f:32:fa:97:73:
                    96:7a:d9:e3:b2:e6:fd:da:db:63:86:13:95:91:d1:
                    da:be:5d:cd:3d:2b:07:a6:30:df:c9:3f:a1:c2:b4:
                    48:a1:bd:26:42:b7:7f:da:02:5e:70:37:95:07:b7:
                    f0:41:35:8b:66:30:d0:b6:4c:e8:f4:25:66:1c:f8:
                    4e:09:6b:41:55:0c:f1:5c:2e:2d:28:58:0d:2f:9e:
                    88:78:48:39:45:a0:e3:4a:25:54:03:da:53:93:b8:
                    1b:f5:6f:c2:f3:6d:fa:64:06:3e:0f:dd:75:b1:0e:
                    3a:21:b8:94:ff:72:e8:7c:27:21:6b:f3:70:2f:95:
                    7e:c5:1f:ec:12:5f:cd:eb:40:40:23:0e:4e:2f:86:
                    2e:c4:08:fd:2c:1e:17:c3:7f:85:37:f0:e6:98:d3:
                    4a:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:5A:3C:D9:B1:36:FA:01:C1:D6:BF:8B:25:F1:BB:15:6E:82:0E:7A
            X509v3 Authority Key Identifier:
                keyid:E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/Y1o82bE2-gHB1r-LJfG7FW6CDno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.32.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:d2:71:a6:f4:f6:88:7b:8d:0e:60:e6:04:d5:7c:25:44:fa:
         60:eb:da:7c:15:27:f0:3c:7b:0e:cb:1f:67:b8:e5:24:c9:bc:
         a8:3a:b2:8f:39:fa:31:78:41:cc:6b:63:e3:3c:ab:21:ec:ab:
         9c:55:62:9d:f5:9e:69:e9:77:4d:23:93:06:8d:61:d6:e2:3b:
         b0:4c:20:3f:99:3d:7b:74:f8:f8:70:db:e0:f5:9d:a9:b4:ad:
         fa:cf:05:73:a5:d3:da:0b:27:0a:2a:65:49:e3:c4:c5:85:94:
         b1:ac:f3:15:5d:9c:58:ca:92:d9:ee:1d:b0:ff:2a:a9:62:b3:
         3c:bf:97:8e:6b:10:a5:a0:59:04:23:4f:e0:10:38:2f:1f:23:
         ce:8e:ed:8d:fe:39:e0:b0:48:1e:0a:38:70:7e:90:de:97:a1:
         4b:0e:38:1a:29:12:95:d3:fb:87:b0:ad:06:cc:0b:f4:d3:58:
         7c:64:ce:4e:f5:12:34:3b:e8:45:58:c8:54:88:d5:7a:7a:93:
         d7:d9:f8:0b:51:1d:60:d0:a5:e6:7a:c1:70:f4:21:0e:e5:02:
         1f:4d:58:c7:01:fe:5f:dc:87:89:02:2f:d7:c0:cb:81:62:08:
         cc:b1:09:4a:67:cf:24:68:17:c0:a2:18:77:9d:9e:2b:cc:ca:
         eb:0f:2e:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2vgH47GpcpjLnTx/nI+3d0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzN2VlMWVjZWQxOWY4YTBhM2E2MzViZmFhMjY0MjkzZTM0
Mzc3OTUwHhcNMjYwNDIxMTAwNTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzVhM2NkOWIxMzZmYTAxYzFkNmJmOGIyNWYxYmIxNTZlODIwZTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqSHmSyPm4Yh+25uAyLbxZ+nphFDV
TE8QRnjQ7lvetJbAy1FuaegldnHq4ktrk4Sv+9pzomzM3RV1xbUlhyA0GyC9ZvHE
T/s9mF/JC1Fs/pGvQGMHdB0laLVM24cpAVL7cxe3fzL6l3OWetnjsub92ttjhhOV
kdHavl3NPSsHpjDfyT+hwrRIob0mQrd/2gJecDeVB7fwQTWLZjDQtkzo9CVmHPhO
CWtBVQzxXC4tKFgNL56IeEg5RaDjSiVUA9pTk7gb9W/C8236ZAY+D911sQ46IbiU
/3LofCcha/NwL5V+xR/sEl/N60BAIw5OL4YuxAj9LB4Xw3+FN/DmmNNK6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGNaPNmxNvoBwda/iyXxuxVugg56MB8GA1UdIwQY
MBaAFON+4eztGfigo6Y1v6omQpPjQ3eVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMt
MzZlMzQ0YWJjOWQzLzEvWTFvODJiRTItZ0hCMXItTEpmRzdGVzZDRG5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMtMzZlMzQ0YWJjOWQz
LzEvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiCiMA0G
CSqGSIb3DQEBCwUAA4IBAQBH0nGm9PaIe40OYOYE1XwlRPpg69p8FSfwPHsOyx9n
uOUkybyoOrKPOfoxeEHMa2PjPKsh7KucVWKd9Z5p6XdNI5MGjWHW4juwTCA/mT17
dPj4cNvg9Z2ptK36zwVzpdPaCycKKmVJ48TFhZSxrPMVXZxYypLZ7h2w/yqpYrM8
v5eOaxCloFkEI0/gEDgvHyPOju2N/jngsEgeCjhwfpDel6FLDjgaKRKV0/uHsK0G
zAv001h8ZM5O9RI0O+hFWMhUiNV6epPX2fgLUR1g0KXmesFw9CEO5QIfTVjHAf5f
3IeJAi/XwMuBYgjMsQlKZ88kaBfAohh3nZ4rzMrrDy4m
-----END CERTIFICATE-----