Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/HLaMmGlmei5SFSCCf1VqtxvW2iA.roa
File:                     HLaMmGlmei5SFSCCf1VqtxvW2iA.roa (raw, json)
Hash identifier:          BDvfp/D9kdUy65kPOfsxE3PD2icp9M/FCtwb350XPOY=
Subject key identifier:   1C:B6:8C:98:69:66:7A:2E:52:15:20:82:7F:55:6A:B7:1B:D6:DA:20
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019CACF1B5832E5C765F3A10124361145B9E
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/HLaMmGlmei5SFSCCf1VqtxvW2iA.roa
Signing time:             Mon 02 Mar 2026 05:07:27 +0000
ROA not before:           Mon 02 Mar 2026 05:07:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43260
IP address blocks:        77.90.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 12:02:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ac:f1:b5:83:2e:5c:76:5f:3a:10:12:43:61:14:5b:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Mar  2 05:07:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1cb68c9869667a2e521520827f556ab71bd6da20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:1d:10:6b:14:07:28:d6:bd:82:21:71:e9:04:
                    8f:ed:3f:fe:5f:64:d7:98:02:f0:a6:19:5f:d5:52:
                    9a:5e:a9:a6:83:fd:34:7d:62:1d:b3:b0:31:8a:10:
                    5f:9a:75:2b:a0:c5:5c:18:86:e4:39:15:c9:79:aa:
                    3c:c4:a6:34:2b:69:af:5b:00:b8:4b:6f:77:e5:ae:
                    f0:9a:6d:c2:dd:31:d0:03:61:7a:0f:cb:f7:ef:c0:
                    5e:e3:81:6d:e7:8e:e4:3e:15:b6:b4:f4:7a:12:90:
                    6f:cf:9c:22:34:84:f6:1d:7c:8a:73:53:b4:e9:22:
                    e9:6d:a4:b4:6f:d5:b4:20:81:22:ad:2a:db:c6:d4:
                    fe:5e:35:27:3d:da:51:17:19:38:9c:47:ed:fe:e2:
                    5e:14:bd:9f:01:96:6a:14:71:90:9d:1c:a6:5e:1c:
                    3c:00:da:9d:16:ff:8c:8b:b8:2b:8a:90:9f:e0:e8:
                    67:36:02:3a:12:f6:5d:81:6b:a8:60:1a:59:a1:44:
                    57:5d:88:95:54:b1:7c:ac:92:0b:a2:ed:1c:d8:10:
                    41:f2:b7:9e:1f:d8:cd:c6:6c:93:e3:b3:2e:96:85:
                    6f:85:7e:e0:8d:17:7d:bd:1a:46:88:fb:dc:82:28:
                    02:eb:04:a0:90:f8:52:4c:fc:a3:15:26:b7:c2:d5:
                    0f:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:B6:8C:98:69:66:7A:2E:52:15:20:82:7F:55:6A:B7:1B:D6:DA:20
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/HLaMmGlmei5SFSCCf1VqtxvW2iA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:6d:e4:fd:0b:db:69:be:43:b6:4f:43:d1:88:77:15:92:3d:
         ce:80:17:17:0d:70:96:f9:1b:db:15:04:92:bf:24:4b:79:b0:
         a6:e4:2b:62:a7:e3:10:e6:32:ba:df:f4:35:c9:cd:a2:78:da:
         07:7a:5c:72:e4:b0:97:ab:90:13:5d:fc:44:20:3a:20:d7:b5:
         c7:9f:f8:44:29:06:11:45:7d:51:70:85:ee:fd:ef:2a:13:74:
         db:d5:2f:52:78:56:77:7d:97:40:6a:b9:c1:02:d2:97:36:e2:
         ac:de:58:ee:e6:55:b5:92:11:a5:52:00:72:fb:ec:98:20:68:
         4f:2b:5b:7f:a9:55:62:30:96:f3:f5:b0:1e:44:fd:20:fb:d9:
         7d:08:aa:9b:57:01:5b:5b:9f:4c:a3:67:26:5e:ff:73:d3:75:
         e6:92:e7:66:24:6d:02:4e:9b:d4:60:92:68:f4:a6:6f:e4:2e:
         50:5f:e7:31:6d:2e:a3:f8:1c:05:0b:36:f2:d0:e7:cf:71:2c:
         ce:09:e3:d1:e4:15:8a:fd:88:09:bc:04:64:dd:bb:01:39:bc:
         bc:fe:fe:13:04:35:e0:9d:84:cb:4c:cd:c5:7d:07:fe:57:31:
         80:74:b4:6a:a2:77:9e:b2:53:59:11:91:f2:54:70:16:14:79:
         79:63:78:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZys8bWDLlx2XzoQEkNhFFueMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwMzAyMDUwNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2I2OGM5ODY5NjY3YTJlNTIxNTIwODI3ZjU1NmFiNzFiZDZkYTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtB0QaxQHKNa9giFx6QSP7T/+X2TX
mALwphlf1VKaXqmmg/00fWIds7AxihBfmnUroMVcGIbkORXJeao8xKY0K2mvWwC4
S2935a7wmm3C3THQA2F6D8v378Be44Ft547kPhW2tPR6EpBvz5wiNIT2HXyKc1O0
6SLpbaS0b9W0IIEirSrbxtT+XjUnPdpRFxk4nEft/uJeFL2fAZZqFHGQnRymXhw8
ANqdFv+Mi7gripCf4OhnNgI6EvZdgWuoYBpZoURXXYiVVLF8rJILou0c2BBB8ree
H9jNxmyT47MuloVvhX7gjRd9vRpGiPvcgigC6wSgkPhSTPyjFSa3wtUP8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBy2jJhpZnouUhUggn9Varcb1togMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvSExhTW1HbG1laTVTRlNDQ2YxVnF0eHZXMmlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVo2MA0G
CSqGSIb3DQEBCwUAA4IBAQAAbeT9C9tpvkO2T0PRiHcVkj3OgBcXDXCW+RvbFQSS
vyRLebCm5Ctip+MQ5jK63/Q1yc2ieNoHelxy5LCXq5ATXfxEIDog17XHn/hEKQYR
RX1RcIXu/e8qE3Tb1S9SeFZ3fZdAarnBAtKXNuKs3lju5lW1khGlUgBy++yYIGhP
K1t/qVViMJbz9bAeRP0g+9l9CKqbVwFbW59Mo2cmXv9z03XmkudmJG0CTpvUYJJo
9KZv5C5QX+cxbS6j+BwFCzby0OfPcSzOCePR5BWK/YgJvARk3bsBOby8/v4TBDXg
nYTLTM3FfQf+VzGAdLRqoneeslNZEZHyVHAWFHl5Y3hE
-----END CERTIFICATE-----