Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/pGeq0B-Mzg0q4NmMgPUNvpE-lTI.roa
File:                     pGeq0B-Mzg0q4NmMgPUNvpE-lTI.roa (raw, json)
Hash identifier:          cINCKzd3dIf/VdNxQaJ9bIeKFH1cTlbmZ9wu/VN+feI=
Subject key identifier:   A4:67:AA:D0:1F:8C:CE:0D:2A:E0:D9:8C:80:F5:0D:BE:91:3E:95:32
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       019D11F6A406CCEE1E08F714DDBE9C82B347
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/pGeq0B-Mzg0q4NmMgPUNvpE-lTI.roa
Signing time:             Sat 21 Mar 2026 19:54:29 +0000
ROA not before:           Sat 21 Mar 2026 19:54:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199897
IP address blocks:        45.74.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 22:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:11:f6:a4:06:cc:ee:1e:08:f7:14:dd:be:9c:82:b3:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: Mar 21 19:54:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a467aad01f8cce0d2ae0d98c80f50dbe913e9532
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:0a:e0:f9:78:21:4b:d6:0d:aa:cf:f1:93:f4:
                    b1:0f:58:ea:4f:41:5a:e0:20:c4:2c:a0:a8:ae:8b:
                    ea:d4:f4:3f:a3:39:f9:be:27:48:1d:93:d4:73:d5:
                    16:3e:5c:0b:97:d4:ad:c6:0c:f8:31:7c:c4:f1:6b:
                    13:5f:f7:94:5c:87:3c:96:20:3d:c7:68:82:16:a4:
                    24:a1:c1:1e:4c:6d:9c:bf:9f:e4:91:9c:62:96:fd:
                    bc:42:d9:c0:12:4a:22:82:07:fb:7e:66:ef:97:d6:
                    51:2d:35:82:35:2b:19:41:67:f1:56:f2:1a:27:08:
                    dd:ab:de:18:fc:df:ce:3e:d3:a4:9d:83:dd:54:69:
                    43:0c:a0:d1:e9:a5:c8:d1:4d:ab:c1:64:19:95:a3:
                    97:d7:19:8a:bf:a9:e8:19:72:6f:0e:ae:ec:9b:bb:
                    14:a2:36:d8:ac:45:0d:72:e4:b6:1d:9e:d8:b5:5c:
                    5b:73:69:81:f6:14:3f:15:2a:82:4f:d3:e4:6b:43:
                    c6:41:90:0a:6e:85:ba:3f:9a:08:cc:72:ef:46:e8:
                    1f:8e:9e:d2:f7:2d:36:cd:01:83:d3:32:bd:0f:93:
                    ea:5d:7c:66:b4:e2:33:6d:e9:f0:e5:4d:f4:af:b7:
                    1c:26:12:9c:11:68:cf:b4:60:29:75:c0:99:67:93:
                    1d:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:67:AA:D0:1F:8C:CE:0D:2A:E0:D9:8C:80:F5:0D:BE:91:3E:95:32
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/pGeq0B-Mzg0q4NmMgPUNvpE-lTI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.74.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:34:4b:bf:e7:95:a3:48:68:3d:1d:7e:fd:c1:2f:58:24:dd:
         00:84:b1:92:56:7b:c7:da:5f:a8:f4:ad:9f:93:e4:28:df:4a:
         ca:9c:d4:2b:7f:18:bc:64:b9:90:c1:99:43:3a:d2:67:f7:3f:
         2d:3e:87:80:7b:e5:d2:f4:94:25:e9:b8:af:39:5d:07:3c:da:
         09:a5:3e:33:2e:00:e6:34:83:eb:ab:8c:dc:5e:44:04:02:f0:
         bd:4a:c0:7b:46:37:83:f6:9b:9c:34:b2:67:ae:96:2a:eb:0d:
         bd:3a:2f:7d:6f:81:a9:d2:8b:00:4c:47:b0:6a:c8:cc:29:bf:
         fd:e1:b3:84:ee:b0:95:88:18:84:2c:91:64:b4:be:c0:e7:ef:
         91:34:c2:b7:61:de:28:22:8f:ed:08:63:0f:17:46:bb:7b:cc:
         8b:da:dc:54:47:02:a0:fd:0c:ed:35:7c:07:54:ce:41:b8:a6:
         87:db:7a:bf:8f:84:04:14:c3:39:63:04:3f:04:f3:d3:1d:e8:
         40:38:89:ac:58:1b:cb:16:5b:85:ec:da:c2:93:30:b9:fc:95:
         d4:ef:4f:1b:4a:a8:6a:0f:fd:0a:76:05:68:f5:41:3a:1e:83:
         b6:19:1c:a6:c1:f4:f9:6d:19:64:e3:8a:4e:d5:fe:91:c3:e2:
         a6:f3:bf:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0R9qQGzO4eCPcU3b6cgrNHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjYwMzIxMTk1NDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDY3YWFkMDFmOGNjZTBkMmFlMGQ5OGM4MGY1MGRiZTkxM2U5NTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxgrg+XghS9YNqs/xk/SxD1jqT0Fa
4CDELKCorovq1PQ/ozn5vidIHZPUc9UWPlwLl9Stxgz4MXzE8WsTX/eUXIc8liA9
x2iCFqQkocEeTG2cv5/kkZxilv28QtnAEkoiggf7fmbvl9ZRLTWCNSsZQWfxVvIa
Jwjdq94Y/N/OPtOknYPdVGlDDKDR6aXI0U2rwWQZlaOX1xmKv6noGXJvDq7sm7sU
ojbYrEUNcuS2HZ7YtVxbc2mB9hQ/FSqCT9Pka0PGQZAKboW6P5oIzHLvRugfjp7S
9y02zQGD0zK9D5PqXXxmtOIzbenw5U30r7ccJhKcEWjPtGApdcCZZ5MdBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKRnqtAfjM4NKuDZjID1Db6RPpUyMB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvcEdlcTBCLU16ZzBxNE5tTWdQVU52cEUtbFRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUr3MA0G
CSqGSIb3DQEBCwUAA4IBAQBFNEu/55WjSGg9HX79wS9YJN0AhLGSVnvH2l+o9K2f
k+Qo30rKnNQrfxi8ZLmQwZlDOtJn9z8tPoeAe+XS9JQl6bivOV0HPNoJpT4zLgDm
NIPrq4zcXkQEAvC9SsB7RjeD9pucNLJnrpYq6w29Oi99b4Gp0osATEewasjMKb/9
4bOE7rCViBiELJFktL7A5++RNMK3Yd4oIo/tCGMPF0a7e8yL2txURwKg/QztNXwH
VM5BuKaH23q/j4QEFMM5YwQ/BPPTHehAOImsWBvLFluF7NrCkzC5/JXU708bSqhq
D/0KdgVo9UE6HoO2GRymwfT5bRlk44pO1f6Rw+Km8793
-----END CERTIFICATE-----