Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/Ckbmwdo69uWZLFdhnIqi1EVx-As.roa
File:                     Ckbmwdo69uWZLFdhnIqi1EVx-As.roa (raw, json)
Hash identifier:          0See61yjqZJwFH53PpcLw3mYiFIVA0D2E4nf89wyg+A=
Subject key identifier:   0A:46:E6:C1:DA:3A:F6:E5:99:2C:57:61:9C:8A:A2:D4:45:71:F8:0B
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       019D04C62D75453CD76FB3633C4FD293B46D
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/Ckbmwdo69uWZLFdhnIqi1EVx-As.roa
Signing time:             Thu 19 Mar 2026 06:26:29 +0000
ROA not before:           Thu 19 Mar 2026 06:26:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205463
IP address blocks:        45.74.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 22:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:04:c6:2d:75:45:3c:d7:6f:b3:63:3c:4f:d2:93:b4:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: Mar 19 06:26:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0a46e6c1da3af6e5992c57619c8aa2d44571f80b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:60:98:94:1d:9a:e1:d8:ec:29:42:11:e5:0f:
                    1b:1f:85:f5:43:2d:96:25:a1:f3:03:24:94:40:9d:
                    a3:2b:c1:ed:f5:c8:e7:f3:85:72:06:71:14:a9:19:
                    9f:03:59:f9:01:c3:97:09:f1:df:5d:23:29:9c:dc:
                    58:28:01:57:84:a6:c6:23:33:a7:67:8e:b8:8f:37:
                    cd:42:1b:41:f5:3e:01:55:2f:69:67:6c:0e:a1:df:
                    18:38:f4:c4:8b:90:ae:6e:4e:ba:7a:e1:9c:0f:c7:
                    78:6a:9e:f1:28:89:ee:d5:ae:cb:97:9a:ff:00:07:
                    f2:2b:95:f4:74:80:1c:a6:06:76:3a:83:4d:6e:7d:
                    00:94:d6:cb:a2:74:70:f8:51:9a:b1:18:24:8e:27:
                    17:be:6b:8a:7d:a8:32:6e:f8:9a:c4:42:63:c4:41:
                    25:a0:c2:4f:e0:8f:61:51:83:e7:f3:15:4f:b0:10:
                    07:85:5a:19:30:8f:0a:3e:63:6d:ea:85:c3:d2:04:
                    a2:3b:e0:b9:1b:b7:71:5f:f5:2b:e6:87:05:ff:1e:
                    59:16:1f:b1:09:00:f0:9f:d6:63:32:00:58:0a:0b:
                    09:28:91:01:c2:40:30:c4:71:30:a6:45:b3:05:8c:
                    78:24:f6:11:b7:24:7c:69:27:61:10:61:2d:d9:71:
                    e8:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:46:E6:C1:DA:3A:F6:E5:99:2C:57:61:9C:8A:A2:D4:45:71:F8:0B
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/Ckbmwdo69uWZLFdhnIqi1EVx-As.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.74.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:55:91:1c:28:9d:a8:ba:cd:1b:dc:a6:42:aa:6d:f0:8c:95:
         78:d0:95:56:ab:64:19:a0:07:ae:5f:22:d9:08:76:d5:52:26:
         3f:71:e4:5b:24:b3:f6:e7:e8:7a:42:11:d4:43:56:13:ca:7d:
         2a:b4:35:ed:3b:5f:8e:f2:49:a3:b7:ff:c3:a9:92:fa:c8:4a:
         7a:46:22:67:44:f4:23:64:fd:99:16:f1:76:4a:51:48:bc:ae:
         ec:c7:18:99:5e:a0:66:52:a2:44:c2:ac:89:d3:d0:a9:36:8b:
         ff:14:c6:d9:08:e8:61:58:9e:95:47:31:cd:07:67:8e:88:18:
         ca:a7:f3:64:8f:7f:3b:36:14:02:43:8c:76:d0:74:70:f2:bc:
         ec:25:48:e1:f7:ca:39:b8:75:1a:49:94:4e:ac:8d:74:e0:93:
         a2:95:87:b3:c2:87:f2:a8:e9:d9:d6:c0:6e:20:d8:f4:ab:cf:
         d2:1d:5c:71:a9:eb:73:f1:12:44:8e:e4:77:74:38:75:15:30:
         5f:72:eb:00:82:41:b7:d7:73:6f:9f:74:8a:39:71:64:c2:f8:
         66:2a:ac:4b:95:07:7d:2c:3a:ce:59:ba:d6:fc:c7:5e:f5:87:
         96:74:52:eb:be:31:ac:d1:12:43:9a:67:de:30:59:49:e8:52:
         42:a4:25:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0Exi11RTzXb7NjPE/Sk7RtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjYwMzE5MDYyNjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTQ2ZTZjMWRhM2FmNmU1OTkyYzU3NjE5YzhhYTJkNDQ1NzFmODBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5mCYlB2a4djsKUIR5Q8bH4X1Qy2W
JaHzAySUQJ2jK8Ht9cjn84VyBnEUqRmfA1n5AcOXCfHfXSMpnNxYKAFXhKbGIzOn
Z464jzfNQhtB9T4BVS9pZ2wOod8YOPTEi5Cubk66euGcD8d4ap7xKInu1a7Ll5r/
AAfyK5X0dIAcpgZ2OoNNbn0AlNbLonRw+FGasRgkjicXvmuKfagybviaxEJjxEEl
oMJP4I9hUYPn8xVPsBAHhVoZMI8KPmNt6oXD0gSiO+C5G7dxX/Ur5ocF/x5ZFh+x
CQDwn9ZjMgBYCgsJKJEBwkAwxHEwpkWzBYx4JPYRtyR8aSdhEGEt2XHocwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFApG5sHaOvblmSxXYZyKotRFcfgLMB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvQ2tibXdkbzY5dVdaTEZkaG5JcWkxRVZ4LUFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUr3MA0G
CSqGSIb3DQEBCwUAA4IBAQCbVZEcKJ2ous0b3KZCqm3wjJV40JVWq2QZoAeuXyLZ
CHbVUiY/ceRbJLP25+h6QhHUQ1YTyn0qtDXtO1+O8kmjt//DqZL6yEp6RiJnRPQj
ZP2ZFvF2SlFIvK7sxxiZXqBmUqJEwqyJ09CpNov/FMbZCOhhWJ6VRzHNB2eOiBjK
p/Nkj387NhQCQ4x20HRw8rzsJUjh98o5uHUaSZROrI104JOilYezwofyqOnZ1sBu
INj0q8/SHVxxqetz8RJEjuR3dDh1FTBfcusAgkG313Nvn3SKOXFkwvhmKqxLlQd9
LDrOWbrW/Mde9YeWdFLrvjGs0RJDmmfeMFlJ6FJCpCVE
-----END CERTIFICATE-----