Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/MHRGHVH_9ryY5YWmrqyOo25Yw-w.roa
File:                     MHRGHVH_9ryY5YWmrqyOo25Yw-w.roa (raw, json)
Hash identifier:          p0ZTTiOVdQ6jigzVZJJBkL+3fqMDD1xA2wHogGA9TUQ=
Subject key identifier:   30:74:46:1D:51:FF:F6:BC:98:E5:85:A6:AE:AC:8E:A3:6E:58:C3:EC
Certificate issuer:       /CN=6a0e16cc2a8b91cb483f451e813b678ae97582b0
Certificate serial:       019F2368434468654A8EE83CDA63CD414E5A
Authority key identifier: 6A:0E:16:CC:2A:8B:91:CB:48:3F:45:1E:81:3B:67:8A:E9:75:82:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ag4WzCqLkctIP0UegTtniul1grA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/MHRGHVH_9ryY5YWmrqyOo25Yw-w.roa
Signing time:             Thu 02 Jul 2026 15:17:43 +0000
ROA not before:           Thu 02 Jul 2026 15:17:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        86.110.42.0/24 maxlen: 24
                          86.110.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/ag4WzCqLkctIP0UegTtniul1grA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/ag4WzCqLkctIP0UegTtniul1grA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ag4WzCqLkctIP0UegTtniul1grA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 Jul 2026 03:02:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:43:44:68:65:4a:8e:e8:3c:da:63:cd:41:4e:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a0e16cc2a8b91cb483f451e813b678ae97582b0
        Validity
            Not Before: Jul  2 15:17:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3074461d51fff6bc98e585a6aeac8ea36e58c3ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:80:5c:5d:09:26:a1:f1:34:5b:7d:4b:30:bc:
                    9b:4e:df:0b:1f:b4:5e:f2:14:28:f4:59:06:a4:2c:
                    1d:62:38:a1:df:67:b4:3a:8e:97:96:67:a5:da:2f:
                    25:01:49:7d:42:63:9c:0e:4b:bb:33:c2:ab:4e:ae:
                    7f:10:48:1f:28:d9:ed:52:dc:ad:16:84:29:0a:ea:
                    dd:f2:51:b5:db:15:70:1b:6e:57:3b:2c:a5:0c:07:
                    cb:1a:a5:31:e4:e4:0d:2c:56:a2:49:69:41:2b:6a:
                    d7:5a:89:04:c3:55:5c:89:f3:5a:2d:11:2c:e2:7a:
                    ce:14:c8:5e:d0:63:8e:99:36:29:9c:2d:5c:cb:c7:
                    bb:ef:a5:ee:23:d2:d7:aa:a8:e4:f8:61:90:1c:a2:
                    43:09:ed:91:31:f4:5a:f1:6b:4f:8d:98:2d:26:1a:
                    4a:c2:29:2e:c0:0b:18:c7:8b:10:36:21:ea:88:91:
                    44:cb:17:5e:6e:dc:f7:bc:fe:40:86:30:05:6d:cd:
                    70:5d:d3:ef:34:69:b4:28:7c:35:9d:27:ed:12:79:
                    22:c9:e7:43:c6:a2:8b:c4:e4:b4:cd:64:57:93:ec:
                    a8:2c:af:be:81:08:a8:37:0d:06:3b:8f:c3:34:d3:
                    b4:26:a8:d0:d8:1f:bc:aa:07:8f:98:37:fc:1d:9f:
                    94:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:74:46:1D:51:FF:F6:BC:98:E5:85:A6:AE:AC:8E:A3:6E:58:C3:EC
            X509v3 Authority Key Identifier:
                keyid:6A:0E:16:CC:2A:8B:91:CB:48:3F:45:1E:81:3B:67:8A:E9:75:82:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ag4WzCqLkctIP0UegTtniul1grA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/MHRGHVH_9ryY5YWmrqyOo25Yw-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/ag4WzCqLkctIP0UegTtniul1grA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.110.42.0/24
                  86.110.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:51:73:d8:24:b3:50:7e:a1:2a:25:49:c9:f5:4b:26:ad:12:
         73:19:5a:c2:05:a9:30:32:7f:87:b2:0f:61:00:bc:8b:41:15:
         5a:6e:ec:7d:ed:95:e6:7d:7e:c5:cb:e6:c8:75:4f:ab:4c:52:
         cc:2f:19:23:df:83:e6:3f:fc:0e:76:ea:70:6d:cd:96:8f:0b:
         04:1d:d3:af:32:ce:a4:dc:3c:58:58:2b:c3:92:3e:ab:c2:8f:
         2c:2d:ef:45:89:7a:5b:d4:46:75:32:3d:92:a7:60:bb:90:c6:
         82:e4:4e:55:b5:f1:87:7f:bd:76:a5:3c:ca:5e:f9:0d:ed:e2:
         1f:25:3b:b9:89:d1:4e:0f:ee:fd:80:0d:d4:16:d0:c3:c9:43:
         5b:b8:d0:b6:a0:ff:6f:1d:fe:2b:70:5c:7a:f5:36:af:e3:c4:
         41:64:69:a1:bd:dd:25:70:98:56:58:af:06:d8:bb:39:5f:13:
         48:d7:0c:e4:eb:b6:81:c4:5f:c5:c2:21:ca:7a:61:31:8b:4b:
         5e:b7:31:b6:58:3a:15:bf:60:1e:d8:ee:2b:06:6c:20:6e:a3:
         5d:7e:42:66:8f:ed:81:9e:34:74:4d:0b:57:df:1a:88:2b:0a:
         59:52:c9:94:31:5f:29:31:94:f1:6c:1f:0a:15:ec:9c:32:8c:
         48:32:7c:65
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ8jaENEaGVKjug82mPNQU5aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhMGUxNmNjMmE4YjkxY2I0ODNmNDUxZTgxM2I2NzhhZTk3
NTgyYjAwHhcNMjYwNzAyMTUxNzQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDc0NDYxZDUxZmZmNmJjOThlNTg1YTZhZWFjOGVhMzZlNThjM2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1oBcXQkmofE0W31LMLybTt8LH7Re
8hQo9FkGpCwdYjih32e0Oo6Xlmel2i8lAUl9QmOcDku7M8KrTq5/EEgfKNntUtyt
FoQpCurd8lG12xVwG25XOyylDAfLGqUx5OQNLFaiSWlBK2rXWokEw1VcifNaLREs
4nrOFMhe0GOOmTYpnC1cy8e776XuI9LXqqjk+GGQHKJDCe2RMfRa8WtPjZgtJhpK
wikuwAsYx4sQNiHqiJFEyxdebtz3vP5AhjAFbc1wXdPvNGm0KHw1nSftEnkiyedD
xqKLxOS0zWRXk+yoLK++gQioNw0GO4/DNNO0JqjQ2B+8qgePmDf8HZ+UzwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDB0Rh1R//a8mOWFpq6sjqNuWMPsMB8GA1UdIwQY
MBaAFGoOFswqi5HLSD9FHoE7Z4rpdYKwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWc0V3pDcUxrY3RJUDBVZWdUdG5pdWwxZ3JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUt
ZDFhNzc3MmRiMDc2LzEvTUhSR0hWSF85cnlZNVlXbXJxeU9vMjVZdy13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUtZDFhNzc3MmRiMDc2
LzEvYWc0V3pDcUxrY3RJUDBVZWdUdG5pdWwxZ3JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVm4qAwQA
Vm4xMA0GCSqGSIb3DQEBCwUAA4IBAQApUXPYJLNQfqEqJUnJ9UsmrRJzGVrCBakw
Mn+Hsg9hALyLQRVabux97ZXmfX7Fy+bIdU+rTFLMLxkj34PmP/wOdupwbc2WjwsE
HdOvMs6k3DxYWCvDkj6rwo8sLe9FiXpb1EZ1Mj2Sp2C7kMaC5E5VtfGHf712pTzK
XvkN7eIfJTu5idFOD+79gA3UFtDDyUNbuNC2oP9vHf4rcFx69Tav48RBZGmhvd0l
cJhWWK8G2Ls5XxNI1wzk67aBxF/FwiHKemExi0tetzG2WDoVv2Ae2O4rBmwgbqNd
fkJmj+2BnjR0TQtX3xqIKwpZUsmUMV8pMZTxbB8KFeycMoxIMnxl
-----END CERTIFICATE-----
Generated at Sat Jul 4 09:20:38 2026 by rpki-client