Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/661dad-00c9-4f17-94d8-2bbd01f9e500/1/NQhohxpX79LaflkqFn_SdMtNXkc.roa
File:                     NQhohxpX79LaflkqFn_SdMtNXkc.roa (raw, json)
Hash identifier:          hz/eOIHPRLWhV6gGQdsCHSgfHNHYQpMaIgkZOgKyDdU=
Subject key identifier:   35:08:68:87:1A:57:EF:D2:DA:7E:59:2A:16:7F:D2:74:CB:4D:5E:47
Certificate issuer:       /CN=9a6e147448289634b98688ee5a5af447d42cbb07
Certificate serial:       019CFBEEFD7F02D49BEE323465C5F1C1EE18
Authority key identifier: 9A:6E:14:74:48:28:96:34:B9:86:88:EE:5A:5A:F4:47:D4:2C:BB:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mm4UdEgoljS5hojuWlr0R9Qsuwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/661dad-00c9-4f17-94d8-2bbd01f9e500/1/NQhohxpX79LaflkqFn_SdMtNXkc.roa
Signing time:             Tue 17 Mar 2026 13:14:29 +0000
ROA not before:           Tue 17 Mar 2026 13:14:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        45.12.197.0/24 maxlen: 24
                          45.12.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/661dad-00c9-4f17-94d8-2bbd01f9e500/1/mm4UdEgoljS5hojuWlr0R9Qsuwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/661dad-00c9-4f17-94d8-2bbd01f9e500/1/mm4UdEgoljS5hojuWlr0R9Qsuwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mm4UdEgoljS5hojuWlr0R9Qsuwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fb:ee:fd:7f:02:d4:9b:ee:32:34:65:c5:f1:c1:ee:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a6e147448289634b98688ee5a5af447d42cbb07
        Validity
            Not Before: Mar 17 13:14:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=350868871a57efd2da7e592a167fd274cb4d5e47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:21:34:2f:91:f9:86:7b:35:fb:b3:fa:56:09:
                    95:8e:f2:a5:34:5e:f0:97:01:09:70:88:5d:e8:2b:
                    63:a9:5c:71:0f:4f:b1:51:62:2c:9e:59:72:4e:5e:
                    6f:80:58:43:13:03:0d:74:2f:34:a5:7f:2c:41:0e:
                    37:ba:92:dc:e9:ed:88:8a:cc:e3:3b:8e:ad:9d:f7:
                    b3:7b:55:35:e6:0b:87:cb:15:6e:92:b9:78:44:bc:
                    17:78:20:bb:a2:99:12:17:e0:17:62:16:b7:81:e6:
                    4f:b5:5d:47:24:22:d3:20:0b:94:bb:aa:8f:88:00:
                    a1:f1:52:c6:e8:35:a5:5f:3c:00:ce:18:2e:b3:1e:
                    88:38:6b:e8:8f:d6:d8:0e:61:01:b7:86:df:9f:e5:
                    c1:a3:fe:07:53:08:04:ac:19:57:fa:ff:b3:9e:25:
                    0c:9a:77:8b:c9:7d:d8:34:fd:36:9b:b2:fa:fc:50:
                    69:ef:64:06:a1:dd:be:93:3a:96:86:b1:51:e6:91:
                    74:a0:ad:2e:f3:de:cc:2b:6d:c7:4e:d0:99:23:76:
                    a2:86:d9:d4:69:21:c6:c3:f5:0e:d3:92:b1:45:58:
                    3a:f7:b4:e4:96:fc:3d:5b:5a:aa:a5:d5:98:28:d9:
                    ef:27:c5:06:c1:3c:f4:aa:6a:16:30:bb:b0:5b:62:
                    3c:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:08:68:87:1A:57:EF:D2:DA:7E:59:2A:16:7F:D2:74:CB:4D:5E:47
            X509v3 Authority Key Identifier:
                keyid:9A:6E:14:74:48:28:96:34:B9:86:88:EE:5A:5A:F4:47:D4:2C:BB:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mm4UdEgoljS5hojuWlr0R9Qsuwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/661dad-00c9-4f17-94d8-2bbd01f9e500/1/NQhohxpX79LaflkqFn_SdMtNXkc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/661dad-00c9-4f17-94d8-2bbd01f9e500/1/mm4UdEgoljS5hojuWlr0R9Qsuwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.197.0-45.12.198.255

    Signature Algorithm: sha256WithRSAEncryption
         9b:45:97:e4:9d:94:bd:2f:64:38:06:22:87:44:ce:ea:96:f6:
         83:6f:e0:e9:d1:b1:ca:72:d8:79:3a:56:1a:a3:ec:df:33:68:
         d0:8a:60:8e:49:8d:92:fb:20:4f:b9:03:fb:0f:dd:7a:f5:6e:
         1e:7c:1d:fd:4c:16:fe:18:48:bd:50:43:5c:4c:79:76:63:95:
         26:94:bd:7e:e7:7f:be:da:40:4b:16:d6:dc:a0:5e:cf:70:91:
         4d:ec:78:3d:63:97:cb:3e:4b:84:ca:77:82:55:af:b5:f1:6a:
         d2:30:1b:a3:27:2c:cc:5e:70:76:cd:97:73:b2:a3:f1:fe:12:
         d9:21:3e:43:6f:2a:b1:52:d4:a6:94:92:b3:91:95:e5:c1:ab:
         fe:82:06:94:61:a8:b4:fa:cb:d9:a9:e7:54:d8:d6:c1:8d:13:
         48:e1:fe:17:18:f3:85:1a:54:1e:41:c1:95:a5:62:4c:b8:9d:
         8e:28:2d:10:95:10:ba:78:d5:a0:6c:08:c0:63:79:eb:c7:94:
         8b:78:4b:8c:7e:75:bf:d2:f8:63:65:45:84:e4:b6:ba:b6:b1:
         ec:ba:a9:f3:3a:58:14:cb:b7:53:80:e5:99:69:ae:66:85:29:
         fa:48:5d:13:1d:88:96:60:74:3a:1b:3b:34:f1:fc:14:04:73:
         fd:89:8d:57
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZz77v1/AtSb7jI0ZcXxwe4YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNmUxNDc0NDgyODk2MzRiOTg2ODhlZTVhNWFmNDQ3ZDQy
Y2JiMDcwHhcNMjYwMzE3MTMxNDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTA4Njg4NzFhNTdlZmQyZGE3ZTU5MmExNjdmZDI3NGNiNGQ1ZTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyiE0L5H5hns1+7P6VgmVjvKlNF7w
lwEJcIhd6CtjqVxxD0+xUWIsnllyTl5vgFhDEwMNdC80pX8sQQ43upLc6e2Iiszj
O46tnfeze1U15guHyxVukrl4RLwXeCC7opkSF+AXYha3geZPtV1HJCLTIAuUu6qP
iACh8VLG6DWlXzwAzhgusx6IOGvoj9bYDmEBt4bfn+XBo/4HUwgErBlX+v+zniUM
mneLyX3YNP02m7L6/FBp72QGod2+kzqWhrFR5pF0oK0u897MK23HTtCZI3aihtnU
aSHGw/UO05KxRVg697Tklvw9W1qqpdWYKNnvJ8UGwTz0qmoWMLuwW2I8HQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDUIaIcaV+/S2n5ZKhZ/0nTLTV5HMB8GA1UdIwQY
MBaAFJpuFHRIKJY0uYaI7lpa9EfULLsHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbW00VWRFZ29salM1aG9qdVdscjBSOVFzdXdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC82NjFkYWQtMDBjOS00ZjE3LTk0ZDgt
MmJiZDAxZjllNTAwLzEvTlFob2h4cFg3OUxhZmxrcUZuX1NkTXROWGtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC82NjFkYWQtMDBjOS00ZjE3LTk0ZDgtMmJiZDAxZjllNTAw
LzEvbW00VWRFZ29salM1aG9qdVdscjBSOVFzdXdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAtDMUD
BAAtDMYwDQYJKoZIhvcNAQELBQADggEBAJtFl+SdlL0vZDgGIodEzuqW9oNv4OnR
scpy2Hk6Vhqj7N8zaNCKYI5JjZL7IE+5A/sP3Xr1bh58Hf1MFv4YSL1QQ1xMeXZj
lSaUvX7nf77aQEsW1tygXs9wkU3seD1jl8s+S4TKd4JVr7XxatIwG6MnLMxecHbN
l3Oyo/H+EtkhPkNvKrFS1KaUkrORleXBq/6CBpRhqLT6y9mp51TY1sGNE0jh/hcY
84UaVB5BwZWlYky4nY4oLRCVELp41aBsCMBjeevHlIt4S4x+db/S+GNlRYTktrq2
sey6qfM6WBTLt1OA5ZlprmaFKfpIXRMdiJZgdDobOzTx/BQEc/2JjVc=
-----END CERTIFICATE-----