Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/8GHxhczLsxNPXT0AFhy_VkKTbqg.roa
File:                     8GHxhczLsxNPXT0AFhy_VkKTbqg.roa (raw, json)
Hash identifier:          nzgtHPVATb2b1f8mLNSXlVp0YS8HLQNSgGGJDEj1uZw=
Subject key identifier:   F0:61:F1:85:CC:CB:B3:13:4F:5D:3D:00:16:1C:BF:56:42:93:6E:A8
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019D00EA53E5EEB276B2F698BAC8651681AC
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/8GHxhczLsxNPXT0AFhy_VkKTbqg.roa
Signing time:             Wed 18 Mar 2026 12:27:30 +0000
ROA not before:           Wed 18 Mar 2026 12:27:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197432
IP address blocks:        45.123.40.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:00:ea:53:e5:ee:b2:76:b2:f6:98:ba:c8:65:16:81:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Mar 18 12:27:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f061f185cccbb3134f5d3d00161cbf5642936ea8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:bb:2b:40:62:8b:c7:dd:ed:c6:ea:55:6d:61:
                    32:90:07:32:b3:48:1c:a3:6b:88:ba:97:3b:cc:97:
                    ad:13:a5:7e:ab:94:9c:f5:d0:b0:6c:cf:43:d5:bc:
                    ec:2b:02:72:b9:ad:83:07:58:b3:f4:93:a5:f7:2c:
                    a5:aa:56:d9:dd:94:49:5a:17:35:b9:e1:7f:16:28:
                    ef:99:0d:9f:e9:6e:c7:e4:f6:af:a2:9b:61:f5:8a:
                    97:98:2c:c4:ec:6d:02:56:0b:36:60:da:22:a4:bc:
                    73:62:be:34:e6:ce:af:96:59:b0:d5:34:d1:3b:9b:
                    fd:c5:b2:b7:32:6e:7d:08:b4:1f:01:b6:1f:27:fe:
                    05:cc:c8:19:a2:95:62:58:40:65:7f:fd:b8:25:ef:
                    95:47:f9:e8:12:a9:53:ae:39:cb:87:75:84:39:73:
                    e1:91:46:21:59:6a:67:0c:2e:53:b6:e4:77:44:63:
                    eb:69:d1:93:06:82:6a:bd:3d:7f:2e:ca:a9:57:1d:
                    ba:11:40:07:fd:49:72:a1:b6:e8:27:61:26:53:aa:
                    4d:74:42:f3:ea:e5:c6:30:71:54:8f:bc:57:64:22:
                    59:e9:ee:12:14:14:8c:5c:d8:a6:5b:b7:5f:d1:4c:
                    f5:b8:72:39:e1:dd:84:d6:fb:8a:66:40:0b:18:60:
                    58:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:61:F1:85:CC:CB:B3:13:4F:5D:3D:00:16:1C:BF:56:42:93:6E:A8
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/8GHxhczLsxNPXT0AFhy_VkKTbqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.123.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:63:4d:d7:8e:0e:e6:b6:ba:5a:6a:ab:e3:22:b9:6c:60:52:
         a1:20:b7:6e:db:b2:3a:a0:8c:b6:f9:7c:9c:be:03:8f:31:37:
         a1:97:b4:15:b5:f7:41:8c:e0:e0:16:96:18:6f:31:0e:b5:d1:
         31:8d:e9:a2:0f:47:3f:e7:d7:fb:68:3a:c9:e7:eb:4a:11:d0:
         dc:ba:4e:3b:24:62:b7:81:d3:00:5a:91:ad:bc:96:b9:75:cd:
         07:86:83:f3:cd:83:63:3d:d3:3e:d3:6e:fd:34:0e:b3:74:9d:
         6f:ec:6f:df:a7:17:0a:67:7a:33:8b:d6:e9:37:c1:54:ff:8f:
         94:97:62:51:7a:68:37:69:bf:67:67:62:40:17:05:c3:8e:5d:
         af:7b:64:b8:ca:ba:f6:0b:44:10:b1:59:7c:93:e4:94:8f:69:
         69:c6:b8:3d:9f:bc:18:d0:a3:21:95:22:40:d0:65:2e:6f:b0:
         c3:bb:d0:f9:e3:a2:64:5e:5e:61:ff:5b:75:82:36:f5:9c:34:
         a9:04:48:cb:dd:87:61:4e:e0:59:c4:a5:28:83:cb:cc:4d:80:
         b8:35:17:c6:bb:e0:aa:1e:f9:d5:9b:64:8c:5c:36:bc:28:41:
         27:7b:30:29:b2:bc:4e:2f:7c:3f:25:29:21:8b:bb:6c:57:f1:
         8a:f8:ef:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0A6lPl7rJ2svaYushlFoGsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwMzE4MTIyNzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDYxZjE4NWNjY2JiMzEzNGY1ZDNkMDAxNjFjYmY1NjQyOTM2ZWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbsrQGKLx93txupVbWEykAcys0gc
o2uIupc7zJetE6V+q5Sc9dCwbM9D1bzsKwJyua2DB1iz9JOl9yylqlbZ3ZRJWhc1
ueF/FijvmQ2f6W7H5Pavopth9YqXmCzE7G0CVgs2YNoipLxzYr405s6vllmw1TTR
O5v9xbK3Mm59CLQfAbYfJ/4FzMgZopViWEBlf/24Je+VR/noEqlTrjnLh3WEOXPh
kUYhWWpnDC5TtuR3RGPradGTBoJqvT1/LsqpVx26EUAH/UlyobboJ2EmU6pNdELz
6uXGMHFUj7xXZCJZ6e4SFBSMXNimW7df0Uz1uHI54d2E1vuKZkALGGBYxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPBh8YXMy7MTT109ABYcv1ZCk26oMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvOEdIeGhjekxzeE5QWFQwQUZoeV9Wa0tUYnFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALXsoMA0G
CSqGSIb3DQEBCwUAA4IBAQApY03Xjg7mtrpaaqvjIrlsYFKhILdu27I6oIy2+Xyc
vgOPMTehl7QVtfdBjODgFpYYbzEOtdExjemiD0c/59f7aDrJ5+tKEdDcuk47JGK3
gdMAWpGtvJa5dc0HhoPzzYNjPdM+0279NA6zdJ1v7G/fpxcKZ3ozi9bpN8FU/4+U
l2JRemg3ab9nZ2JAFwXDjl2ve2S4yrr2C0QQsVl8k+SUj2lpxrg9n7wY0KMhlSJA
0GUub7DDu9D546JkXl5h/1t1gjb1nDSpBEjL3YdhTuBZxKUog8vMTYC4NRfGu+Cq
HvnVm2SMXDa8KEEnezApsrxOL3w/JSkhi7tsV/GK+O8V
-----END CERTIFICATE-----