Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/3606f5-17e1-4319-9703-ae401a37c044/1/OX-WFn34m-JD1PE0u9eYZk4qKCk.roa
File:                     OX-WFn34m-JD1PE0u9eYZk4qKCk.roa (raw, json)
Hash identifier:          I9b174DioYRAA7Dm+6Il6PksgXPNmVtiUo8IS77/Rvc=
Subject key identifier:   39:7F:96:16:7D:F8:9B:E2:43:D4:F1:34:BB:D7:98:66:4E:2A:28:29
Certificate issuer:       /CN=cf9833261697652c35547e98fc05a7e2294edbc7
Certificate serial:       019DC3B44D90FC386DAEDF37D56A8E331533
Authority key identifier: CF:98:33:26:16:97:65:2C:35:54:7E:98:FC:05:A7:E2:29:4E:DB:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z5gzJhaXZSw1VH6Y_AWn4ilO28c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/3606f5-17e1-4319-9703-ae401a37c044/1/OX-WFn34m-JD1PE0u9eYZk4qKCk.roa
Signing time:             Sat 25 Apr 2026 08:14:26 +0000
ROA not before:           Sat 25 Apr 2026 08:14:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     399955
IP address blocks:        45.149.168.0/23 maxlen: 24
                          45.149.170.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/3606f5-17e1-4319-9703-ae401a37c044/1/z5gzJhaXZSw1VH6Y_AWn4ilO28c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/3606f5-17e1-4319-9703-ae401a37c044/1/z5gzJhaXZSw1VH6Y_AWn4ilO28c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z5gzJhaXZSw1VH6Y_AWn4ilO28c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c3:b4:4d:90:fc:38:6d:ae:df:37:d5:6a:8e:33:15:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf9833261697652c35547e98fc05a7e2294edbc7
        Validity
            Not Before: Apr 25 08:14:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=397f96167df89be243d4f134bbd798664e2a2829
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:82:2c:55:9e:0d:eb:49:6d:cb:c9:6d:b7:cd:
                    ce:cd:cf:27:92:fa:31:5f:3b:01:87:d9:df:da:88:
                    a9:7f:be:43:d4:a5:85:6a:03:e0:b9:1e:7b:61:2b:
                    fe:9a:03:07:9b:3b:18:4d:fb:1f:7a:49:6a:a1:4e:
                    8d:9f:e9:79:86:4f:e8:a4:0e:c9:e6:7a:3c:43:fd:
                    8d:f0:2f:65:99:ea:8f:dd:8c:9b:52:54:ba:41:56:
                    9b:02:c6:03:be:a7:0d:8b:65:f5:52:a9:79:06:7b:
                    7f:6b:66:98:bf:af:b7:05:ce:a4:12:d3:ca:d5:11:
                    9b:71:13:fe:bd:10:bc:f1:fb:e3:1a:53:90:f2:63:
                    5f:32:28:da:47:e0:95:49:7a:21:38:9e:cc:73:fa:
                    3b:ea:3c:53:db:39:b0:7b:a7:4b:e5:b6:35:1b:01:
                    9a:91:8c:0d:04:32:17:a4:8e:82:d3:6f:86:e0:e0:
                    a3:e5:19:ea:0c:ce:19:77:ab:00:e2:e3:8d:3e:d9:
                    14:6d:a7:a5:8a:76:26:ff:f6:65:55:46:c1:f8:06:
                    57:ff:df:52:e8:20:a9:b2:ee:22:28:7d:d1:1c:4d:
                    41:be:82:56:4b:53:f8:b4:bf:b7:6b:81:c6:25:4f:
                    00:20:50:66:53:d9:16:d9:d6:ac:6e:8d:38:65:bb:
                    7b:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:7F:96:16:7D:F8:9B:E2:43:D4:F1:34:BB:D7:98:66:4E:2A:28:29
            X509v3 Authority Key Identifier:
                keyid:CF:98:33:26:16:97:65:2C:35:54:7E:98:FC:05:A7:E2:29:4E:DB:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z5gzJhaXZSw1VH6Y_AWn4ilO28c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/3606f5-17e1-4319-9703-ae401a37c044/1/OX-WFn34m-JD1PE0u9eYZk4qKCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/3606f5-17e1-4319-9703-ae401a37c044/1/z5gzJhaXZSw1VH6Y_AWn4ilO28c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b6:78:ed:4d:7b:e2:23:85:4a:98:9d:cc:87:9b:10:3c:dd:57:
         9b:cd:52:26:99:b5:7b:bf:df:97:76:65:fa:50:75:3d:a8:52:
         4b:e0:05:a8:71:f5:90:1d:19:ea:c9:74:75:df:65:4c:f1:4f:
         ec:4c:4e:75:85:3b:a7:58:0b:2c:64:b3:04:fe:2a:be:dd:07:
         04:b6:59:9f:5f:2a:02:a8:09:63:b5:bf:40:f6:ce:8b:b4:9a:
         b4:99:60:fc:7c:0f:86:a0:7a:f8:8e:fd:68:c9:b1:9f:3e:9b:
         ea:d6:61:ac:bc:fc:e1:cd:87:47:49:ee:3c:7d:33:df:33:dc:
         08:fd:92:2f:72:bd:92:7e:d4:ad:e1:29:08:bd:79:56:89:20:
         8e:54:24:0c:5b:8a:c0:ae:42:1d:9a:cd:bc:b2:c0:e6:14:d2:
         3d:4b:21:7b:b2:ec:ca:de:3e:73:11:90:37:95:bd:dc:9b:1c:
         48:ea:c7:45:71:b8:18:b4:50:60:4e:97:05:9e:09:6f:64:40:
         a3:79:0e:c2:fc:5e:cf:5c:57:bf:63:b7:bc:03:9d:da:c8:d1:
         ae:36:35:e7:c5:52:84:66:55:cd:01:53:4c:ee:c6:c6:65:c8:
         36:39:86:5d:c8:ee:bd:e9:17:a8:3b:6a:f0:e3:20:3d:e4:24:
         4e:71:1a:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3DtE2Q/Dhtrt831WqOMxUzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmOTgzMzI2MTY5NzY1MmMzNTU0N2U5OGZjMDVhN2UyMjk0
ZWRiYzcwHhcNMjYwNDI1MDgxNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTdmOTYxNjdkZjg5YmUyNDNkNGYxMzRiYmQ3OTg2NjRlMmEyODI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6YIsVZ4N60lty8ltt83Ozc8nkvox
XzsBh9nf2oipf75D1KWFagPguR57YSv+mgMHmzsYTfsfeklqoU6Nn+l5hk/opA7J
5no8Q/2N8C9lmeqP3YybUlS6QVabAsYDvqcNi2X1Uql5Bnt/a2aYv6+3Bc6kEtPK
1RGbcRP+vRC88fvjGlOQ8mNfMijaR+CVSXohOJ7Mc/o76jxT2zmwe6dL5bY1GwGa
kYwNBDIXpI6C02+G4OCj5RnqDM4Zd6sA4uONPtkUbaelinYm//ZlVUbB+AZX/99S
6CCpsu4iKH3RHE1BvoJWS1P4tL+3a4HGJU8AIFBmU9kW2dasbo04Zbt7wQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDl/lhZ9+JviQ9TxNLvXmGZOKigpMB8GA1UdIwQY
MBaAFM+YMyYWl2UsNVR+mPwFp+IpTtvHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejVnekpoYVhaU3cxVkg2WV9BV240aWxPMjhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8zNjA2ZjUtMTdlMS00MzE5LTk3MDMt
YWU0MDFhMzdjMDQ0LzEvT1gtV0ZuMzRtLUpEMVBFMHU5ZVlaazRxS0NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8zNjA2ZjUtMTdlMS00MzE5LTk3MDMtYWU0MDFhMzdjMDQ0
LzEvejVnekpoYVhaU3cxVkg2WV9BV240aWxPMjhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZWoMA0G
CSqGSIb3DQEBCwUAA4IBAQC2eO1Ne+IjhUqYncyHmxA83VebzVImmbV7v9+XdmX6
UHU9qFJL4AWocfWQHRnqyXR132VM8U/sTE51hTunWAssZLME/iq+3QcEtlmfXyoC
qAljtb9A9s6LtJq0mWD8fA+GoHr4jv1oybGfPpvq1mGsvPzhzYdHSe48fTPfM9wI
/ZIvcr2SftSt4SkIvXlWiSCOVCQMW4rArkIdms28ssDmFNI9SyF7suzK3j5zEZA3
lb3cmxxI6sdFcbgYtFBgTpcFnglvZECjeQ7C/F7PXFe/Y7e8A53ayNGuNjXnxVKE
ZlXNAVNM7sbGZcg2OYZdyO696ReoO2rw4yA95CROcRoJ
-----END CERTIFICATE-----