Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/ca9274-3a94-4f1a-bee2-266fe2737b8f/1/iNCnK1riCAEKVwhmFq2vhexQ9pk.roa
File:                     iNCnK1riCAEKVwhmFq2vhexQ9pk.roa (raw, json)
Hash identifier:          yp4qo0DIiWYanDrBleb40OUwRPWMr9ZgpnS6B52GREo=
Subject key identifier:   88:D0:A7:2B:5A:E2:08:01:0A:57:08:66:16:AD:AF:85:EC:50:F6:99
Certificate issuer:       /CN=dcbcab4859536cf996596ef19d2a64611d036fe4
Certificate serial:       019DCE469A77697C76CF877D7988D59873BA
Authority key identifier: DC:BC:AB:48:59:53:6C:F9:96:59:6E:F1:9D:2A:64:61:1D:03:6F:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3LyrSFlTbPmWWW7xnSpkYR0Db-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/ca9274-3a94-4f1a-bee2-266fe2737b8f/1/iNCnK1riCAEKVwhmFq2vhexQ9pk.roa
Signing time:             Mon 27 Apr 2026 09:30:26 +0000
ROA not before:           Mon 27 Apr 2026 09:30:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208566
IP address blocks:        45.128.216.0/24 maxlen: 24
                          45.128.217.0/24 maxlen: 24
                          2a0e:41c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/ca9274-3a94-4f1a-bee2-266fe2737b8f/1/3LyrSFlTbPmWWW7xnSpkYR0Db-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/ca9274-3a94-4f1a-bee2-266fe2737b8f/1/3LyrSFlTbPmWWW7xnSpkYR0Db-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3LyrSFlTbPmWWW7xnSpkYR0Db-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ce:46:9a:77:69:7c:76:cf:87:7d:79:88:d5:98:73:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcbcab4859536cf996596ef19d2a64611d036fe4
        Validity
            Not Before: Apr 27 09:30:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=88d0a72b5ae208010a57086616adaf85ec50f699
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:4a:b8:a0:cd:c7:33:7f:c8:60:69:fb:7d:e7:
                    c6:e3:13:7e:bc:66:82:47:3e:f1:5e:b9:35:38:83:
                    f4:6f:d2:6b:97:5c:72:e7:02:9a:bc:b3:fa:09:30:
                    49:eb:df:e6:b7:6e:2b:3d:24:ec:e0:bb:63:3e:69:
                    09:71:1f:da:c9:16:72:2f:40:9e:77:8c:94:c3:10:
                    16:68:0c:08:09:b4:79:cc:cd:1d:f6:c0:9f:05:80:
                    43:c6:ab:a9:a8:e5:4e:18:4d:97:c0:11:ce:25:e6:
                    dc:dd:98:85:2c:16:67:a2:be:be:1c:2d:63:80:86:
                    4e:11:86:c7:5d:3f:ac:17:df:9a:5f:76:fb:02:c3:
                    aa:f9:2c:0a:52:bc:49:bd:b3:4b:b2:77:e1:f3:c7:
                    f2:82:b1:69:c5:3f:0a:d0:9b:6c:98:b1:25:3a:97:
                    c9:a4:d7:dd:9b:df:1f:af:f8:68:c5:57:0c:79:de:
                    dc:7b:e6:e4:6b:85:65:9e:4b:0f:bb:85:af:af:34:
                    86:89:1e:0d:d0:8c:cb:e7:e3:9d:29:2e:94:35:0a:
                    28:6c:f5:73:50:31:10:0b:f6:de:f8:27:26:e5:4e:
                    b7:24:cf:53:8f:05:34:90:7e:88:2a:ed:6d:6d:4b:
                    cb:32:b0:24:91:5f:5e:f8:a5:a0:9c:7e:ff:5c:b1:
                    1d:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:D0:A7:2B:5A:E2:08:01:0A:57:08:66:16:AD:AF:85:EC:50:F6:99
            X509v3 Authority Key Identifier:
                keyid:DC:BC:AB:48:59:53:6C:F9:96:59:6E:F1:9D:2A:64:61:1D:03:6F:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3LyrSFlTbPmWWW7xnSpkYR0Db-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/ca9274-3a94-4f1a-bee2-266fe2737b8f/1/iNCnK1riCAEKVwhmFq2vhexQ9pk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/ca9274-3a94-4f1a-bee2-266fe2737b8f/1/3LyrSFlTbPmWWW7xnSpkYR0Db-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.216.0/23
                IPv6:
                  2a0e:41c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6f:36:07:bc:70:3b:46:1d:49:84:77:1a:a1:93:69:07:cb:4f:
         14:61:f0:6e:f4:bb:e9:52:a1:b4:19:22:35:c6:eb:2f:3f:a3:
         70:dc:85:29:9c:8f:6d:92:ec:b0:47:45:2e:df:02:2f:c4:25:
         92:c7:18:59:0f:88:ca:4f:98:6d:0b:48:b0:49:58:03:4a:70:
         95:c4:6b:52:a6:e4:a6:8e:bc:71:39:a6:d4:7c:9c:d8:78:3a:
         91:8a:60:bb:9f:09:d0:41:c8:c8:ac:e6:99:b9:ba:72:f2:2b:
         30:fc:1c:2f:36:cb:1d:86:84:7e:6f:2d:5a:ba:c5:3d:57:52:
         88:cf:b6:8f:a9:61:e0:e6:21:25:8b:44:19:88:4e:0a:ec:2f:
         c0:04:91:3c:a6:aa:f1:de:b9:fa:dd:b4:f5:13:a9:41:a3:c0:
         55:03:20:4b:43:d7:ea:f2:b1:2d:f7:ee:10:be:62:4a:28:50:
         83:52:21:b0:f1:bd:2c:da:f3:e4:67:72:cf:39:2e:cd:9e:45:
         c8:c8:d4:f5:c2:c5:45:39:a1:be:db:13:40:75:ff:03:63:91:
         df:22:47:1f:e6:1d:84:62:f5:60:29:23:6b:df:fc:9b:3f:92:
         19:ad:78:4c:a3:d6:2c:32:25:34:a3:70:07:55:0e:a2:06:67:
         52:d6:b1:ea
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ3ORpp3aXx2z4d9eYjVmHO6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjYmNhYjQ4NTk1MzZjZjk5NjU5NmVmMTlkMmE2NDYxMWQw
MzZmZTQwHhcNMjYwNDI3MDkzMDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGQwYTcyYjVhZTIwODAxMGE1NzA4NjYxNmFkYWY4NWVjNTBmNjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUq4oM3HM3/IYGn7fefG4xN+vGaC
Rz7xXrk1OIP0b9Jrl1xy5wKavLP6CTBJ69/mt24rPSTs4LtjPmkJcR/ayRZyL0Ce
d4yUwxAWaAwICbR5zM0d9sCfBYBDxqupqOVOGE2XwBHOJebc3ZiFLBZnor6+HC1j
gIZOEYbHXT+sF9+aX3b7AsOq+SwKUrxJvbNLsnfh88fygrFpxT8K0JtsmLElOpfJ
pNfdm98fr/hoxVcMed7ce+bka4VlnksPu4WvrzSGiR4N0IzL5+OdKS6UNQoobPVz
UDEQC/be+Ccm5U63JM9TjwU0kH6IKu1tbUvLMrAkkV9e+KWgnH7/XLEdDQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIjQpyta4ggBClcIZhatr4XsUPaZMB8GA1UdIwQY
MBaAFNy8q0hZU2z5lllu8Z0qZGEdA2/kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0x5clNGbFRiUG1XV1c3eG5TcGtZUjBEYi1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9jYTkyNzQtM2E5NC00ZjFhLWJlZTIt
MjY2ZmUyNzM3YjhmLzEvaU5DbksxcmlDQUVLVndobUZxMnZoZXhROXBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9jYTkyNzQtM2E5NC00ZjFhLWJlZTItMjY2ZmUyNzM3Yjhm
LzEvM0x5clNGbFRiUG1XV1c3eG5TcGtZUjBEYi1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBLYDYMA0E
AgACMAcDBQMqDkHAMA0GCSqGSIb3DQEBCwUAA4IBAQBvNge8cDtGHUmEdxqhk2kH
y08UYfBu9LvpUqG0GSI1xusvP6Nw3IUpnI9tkuywR0Uu3wIvxCWSxxhZD4jKT5ht
C0iwSVgDSnCVxGtSpuSmjrxxOabUfJzYeDqRimC7nwnQQcjIrOaZubpy8isw/Bwv
NssdhoR+by1ausU9V1KIz7aPqWHg5iEli0QZiE4K7C/ABJE8pqrx3rn63bT1E6lB
o8BVAyBLQ9fq8rEt9+4QvmJKKFCDUiGw8b0s2vPkZ3LPOS7NnkXIyNT1wsVFOaG+
2xNAdf8DY5HfIkcf5h2EYvVgKSNr3/ybP5IZrXhMo9YsMiU0o3AHVQ6iBmdS1rHq
-----END CERTIFICATE-----