Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/e376af-2641-4aeb-b89f-c11de3925043/1/2lSIdgx3Qs-YZF0wAAumY43frjg.roa
File:                     2lSIdgx3Qs-YZF0wAAumY43frjg.roa (raw, json)
Hash identifier:          HAwBeX3iybs+ecUh2CgT9lHQ03ODLUy9p/NbMRpq8Z4=
Subject key identifier:   DA:54:88:76:0C:77:42:CF:98:64:5D:30:00:0B:A6:63:8D:DF:AE:38
Certificate issuer:       /CN=836a773d633245619c8ecdedd4c94b418fe3d76d
Certificate serial:       019CE76174EB8C708F16F00F5F1C66C89D1F
Authority key identifier: 83:6A:77:3D:63:32:45:61:9C:8E:CD:ED:D4:C9:4B:41:8F:E3:D7:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g2p3PWMyRWGcjs3t1MlLQY_j120.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/e376af-2641-4aeb-b89f-c11de3925043/1/2lSIdgx3Qs-YZF0wAAumY43frjg.roa
Signing time:             Fri 13 Mar 2026 13:27:29 +0000
ROA not before:           Fri 13 Mar 2026 13:27:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206548
IP address blocks:        45.81.96.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/e376af-2641-4aeb-b89f-c11de3925043/1/g2p3PWMyRWGcjs3t1MlLQY_j120.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/e376af-2641-4aeb-b89f-c11de3925043/1/g2p3PWMyRWGcjs3t1MlLQY_j120.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g2p3PWMyRWGcjs3t1MlLQY_j120.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 20:56:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e7:61:74:eb:8c:70:8f:16:f0:0f:5f:1c:66:c8:9d:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=836a773d633245619c8ecdedd4c94b418fe3d76d
        Validity
            Not Before: Mar 13 13:27:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=da5488760c7742cf98645d30000ba6638ddfae38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:55:35:86:64:f5:72:db:df:31:95:6d:e2:96:
                    e0:ab:c0:b1:4c:6e:8f:5f:2c:c0:5b:06:41:a2:5c:
                    8c:d1:49:46:09:71:2f:cc:69:e8:84:39:26:8e:5e:
                    89:2a:42:f9:c5:ca:9b:3c:21:a8:52:58:e5:cf:e5:
                    cb:76:04:e2:d2:37:83:17:78:27:3a:2a:ba:d5:c8:
                    3b:ea:df:8e:5f:af:6f:38:b3:d9:62:81:39:5f:69:
                    ee:65:88:77:99:b7:04:60:7a:51:d9:10:0b:6f:b9:
                    57:d9:30:7f:b5:62:b8:bc:ae:e3:e3:01:93:a7:82:
                    63:3c:c6:f9:e3:25:c9:eb:e8:f5:18:b0:cc:28:cb:
                    da:6e:8b:8d:ce:ee:f8:bf:ba:e6:28:c0:b3:c1:9e:
                    ad:49:56:20:e5:21:d2:47:d7:8b:3b:b9:ce:8a:4f:
                    e4:ce:3a:71:57:68:0f:00:1b:03:03:b2:b3:1d:6a:
                    90:d2:62:6a:62:02:df:9c:28:c4:3d:e7:ab:d2:24:
                    45:f8:2f:8a:b1:a3:c7:b7:2f:74:83:0a:8e:b6:67:
                    3d:ad:28:16:8e:68:59:0e:75:74:21:13:d7:b3:cf:
                    8d:69:bb:20:8b:ba:56:63:f2:c2:68:b4:c7:de:5a:
                    49:25:c0:9e:d8:e5:9e:f6:3f:1b:e4:8b:b3:ec:06:
                    ac:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:54:88:76:0C:77:42:CF:98:64:5D:30:00:0B:A6:63:8D:DF:AE:38
            X509v3 Authority Key Identifier:
                keyid:83:6A:77:3D:63:32:45:61:9C:8E:CD:ED:D4:C9:4B:41:8F:E3:D7:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g2p3PWMyRWGcjs3t1MlLQY_j120.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/e376af-2641-4aeb-b89f-c11de3925043/1/2lSIdgx3Qs-YZF0wAAumY43frjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/e376af-2641-4aeb-b89f-c11de3925043/1/g2p3PWMyRWGcjs3t1MlLQY_j120.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9b:df:57:c1:54:12:0e:e6:04:37:57:36:02:a8:5b:7b:4d:95:
         5a:03:23:56:c6:39:f6:0a:ff:a3:78:19:42:15:43:d2:3c:79:
         03:31:39:8e:ef:8c:23:87:cf:ea:4b:94:95:4d:e0:4c:a5:ad:
         a3:f2:5b:3c:e5:3f:1f:22:0e:17:81:5b:31:b3:f7:cf:19:30:
         4d:7c:68:2d:9b:cb:d1:6e:e0:12:b0:83:71:77:7a:65:5d:e9:
         0d:6f:b1:e8:72:c0:40:a2:31:28:dd:46:7f:ee:43:f9:55:e7:
         e8:8e:e7:ac:9e:63:c6:f6:78:81:e1:b2:59:8c:eb:44:53:77:
         2e:08:75:12:c2:38:fe:47:11:54:5c:9e:09:fa:1a:a2:cc:1b:
         e1:80:c9:fe:a9:28:0c:6d:d5:4a:03:12:2c:1f:15:a8:82:5a:
         54:16:a9:06:45:be:6a:c1:9c:41:c0:2d:98:0e:2d:bd:67:9a:
         f9:cd:3e:81:c9:cf:67:79:de:72:e6:e2:10:b7:0f:8e:61:5d:
         b3:c6:f1:f2:51:9a:08:d2:11:14:c4:7f:43:17:43:62:1b:5f:
         cb:cf:a2:1a:ba:a9:01:9f:9c:cc:fb:10:fc:6b:fa:2f:10:a5:
         1e:83:e1:de:b1:bc:83:e8:de:3c:10:af:5a:a9:e9:1f:1e:e7:
         21:13:41:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZznYXTrjHCPFvAPXxxmyJ0fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNmE3NzNkNjMzMjQ1NjE5YzhlY2RlZGQ0Yzk0YjQxOGZl
M2Q3NmQwHhcNMjYwMzEzMTMyNzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTU0ODg3NjBjNzc0MmNmOTg2NDVkMzAwMDBiYTY2MzhkZGZhZTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAplU1hmT1ctvfMZVt4pbgq8CxTG6P
XyzAWwZBolyM0UlGCXEvzGnohDkmjl6JKkL5xcqbPCGoUljlz+XLdgTi0jeDF3gn
Oiq61cg76t+OX69vOLPZYoE5X2nuZYh3mbcEYHpR2RALb7lX2TB/tWK4vK7j4wGT
p4JjPMb54yXJ6+j1GLDMKMvabouNzu74v7rmKMCzwZ6tSVYg5SHSR9eLO7nOik/k
zjpxV2gPABsDA7KzHWqQ0mJqYgLfnCjEPeer0iRF+C+KsaPHty90gwqOtmc9rSgW
jmhZDnV0IRPXs8+Nabsgi7pWY/LCaLTH3lpJJcCe2OWe9j8b5Iuz7AascQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNpUiHYMd0LPmGRdMAALpmON3644MB8GA1UdIwQY
MBaAFINqdz1jMkVhnI7N7dTJS0GP49dtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzJwM1BXTXlSV0djanMzdDFNbExRWV9qMTIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9lMzc2YWYtMjY0MS00YWViLWI4OWYt
YzExZGUzOTI1MDQzLzEvMmxTSWRneDNRcy1ZWkYwd0FBdW1ZNDNmcmpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9lMzc2YWYtMjY0MS00YWViLWI4OWYtYzExZGUzOTI1MDQz
LzEvZzJwM1BXTXlSV0djanMzdDFNbExRWV9qMTIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVFgMA0G
CSqGSIb3DQEBCwUAA4IBAQCb31fBVBIO5gQ3VzYCqFt7TZVaAyNWxjn2Cv+jeBlC
FUPSPHkDMTmO74wjh8/qS5SVTeBMpa2j8ls85T8fIg4XgVsxs/fPGTBNfGgtm8vR
buASsINxd3plXekNb7HocsBAojEo3UZ/7kP5VefojuesnmPG9niB4bJZjOtEU3cu
CHUSwjj+RxFUXJ4J+hqizBvhgMn+qSgMbdVKAxIsHxWoglpUFqkGRb5qwZxBwC2Y
Di29Z5r5zT6Byc9ned5y5uIQtw+OYV2zxvHyUZoI0hEUxH9DF0NiG1/Lz6IauqkB
n5zM+xD8a/ovEKUeg+HesbyD6N48EK9aqekfHuchE0GC
-----END CERTIFICATE-----