Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/e0af68-dc6e-41cc-a6de-5583e61adb38/1/HKpda77oV2jtNLAlS_XPuxfsfvU.roa
File:                     HKpda77oV2jtNLAlS_XPuxfsfvU.roa (raw, json)
Hash identifier:          fXjuC5XD+6PMUGUG/uqb5vV7VXDjvxnnbMukaXj/ZNA=
Subject key identifier:   1C:AA:5D:6B:BE:E8:57:68:ED:34:B0:25:4B:F5:CF:BB:17:EC:7E:F5
Certificate issuer:       /CN=ab7be34f5d269da502aa68348bf07b92d92c0cc4
Certificate serial:       019DDE8804DA42B02C508F5A21467EFFCF92
Authority key identifier: AB:7B:E3:4F:5D:26:9D:A5:02:AA:68:34:8B:F0:7B:92:D9:2C:0C:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q3vjT10mnaUCqmg0i_B7ktksDMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/e0af68-dc6e-41cc-a6de-5583e61adb38/1/HKpda77oV2jtNLAlS_XPuxfsfvU.roa
Signing time:             Thu 30 Apr 2026 13:15:49 +0000
ROA not before:           Thu 30 Apr 2026 13:15:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214949
IP address blocks:        45.89.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/e0af68-dc6e-41cc-a6de-5583e61adb38/1/q3vjT10mnaUCqmg0i_B7ktksDMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/e0af68-dc6e-41cc-a6de-5583e61adb38/1/q3vjT10mnaUCqmg0i_B7ktksDMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q3vjT10mnaUCqmg0i_B7ktksDMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:de:88:04:da:42:b0:2c:50:8f:5a:21:46:7e:ff:cf:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab7be34f5d269da502aa68348bf07b92d92c0cc4
        Validity
            Not Before: Apr 30 13:15:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1caa5d6bbee85768ed34b0254bf5cfbb17ec7ef5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:27:96:f4:10:63:e8:d2:d0:b3:f6:1d:7d:29:
                    88:ce:90:e9:7d:7a:61:8a:93:67:50:77:9c:9e:9a:
                    9d:3e:5d:5f:e6:19:e3:2d:b5:c4:d8:de:c9:06:e5:
                    66:cd:5d:1a:cd:9a:c5:12:f2:d1:6f:58:20:b2:89:
                    d5:0e:a0:79:00:28:b3:48:22:d2:e3:be:23:92:37:
                    af:50:5d:e0:7d:e0:9a:89:69:57:27:9c:6a:ed:a4:
                    b0:bb:05:65:ab:21:81:66:80:a8:90:25:56:e7:ef:
                    76:de:a3:c4:f9:a0:ed:23:63:85:9e:b0:5f:13:89:
                    56:54:a3:89:ea:8b:6e:31:14:c5:ef:44:49:34:b7:
                    11:90:ac:69:19:0e:f9:88:e7:eb:e4:6b:c6:b5:49:
                    da:ae:93:c0:f7:0c:ec:22:ad:e1:84:c0:8b:3d:e0:
                    fe:03:55:e4:6c:47:59:de:f0:f0:0f:79:8e:36:94:
                    d9:ba:f8:4a:f9:86:4a:81:31:8a:f8:65:a3:12:94:
                    83:30:a0:dd:7e:94:8a:02:0d:f8:41:9b:f7:a8:e1:
                    d3:e9:ea:db:87:e2:53:b3:a9:94:b1:a3:ef:ef:38:
                    91:d9:6b:73:4d:65:ae:fd:d5:da:43:54:48:39:05:
                    7d:82:64:1f:3f:30:d9:86:c5:b3:f1:f3:13:a3:74:
                    92:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:AA:5D:6B:BE:E8:57:68:ED:34:B0:25:4B:F5:CF:BB:17:EC:7E:F5
            X509v3 Authority Key Identifier:
                keyid:AB:7B:E3:4F:5D:26:9D:A5:02:AA:68:34:8B:F0:7B:92:D9:2C:0C:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3vjT10mnaUCqmg0i_B7ktksDMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/e0af68-dc6e-41cc-a6de-5583e61adb38/1/HKpda77oV2jtNLAlS_XPuxfsfvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/e0af68-dc6e-41cc-a6de-5583e61adb38/1/q3vjT10mnaUCqmg0i_B7ktksDMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:57:10:7a:df:da:9d:ba:c0:a4:12:eb:95:84:bd:1b:85:24:
         f9:24:8a:c1:35:64:d4:10:cd:90:04:4d:4e:75:8c:a7:e5:8d:
         cd:9a:db:35:86:57:72:b6:11:41:24:ed:a6:fa:6c:ab:79:cf:
         df:3e:07:98:ee:e5:33:eb:d5:8d:58:4a:da:2c:72:15:79:2a:
         d7:0b:81:cc:ca:6b:fc:a6:2c:1b:cd:37:9a:e1:e3:ca:0e:57:
         74:5f:98:d2:12:fe:8f:59:45:24:14:e8:69:8a:32:2c:7f:8e:
         ad:85:a0:a0:85:79:79:15:75:35:95:13:be:e1:b3:db:a5:77:
         f7:4c:d9:68:93:c7:8d:9b:dc:84:c7:e9:84:6b:8a:7b:93:90:
         32:83:a9:89:6a:4e:1f:d2:30:cb:0d:69:c9:ed:c2:7a:a5:5a:
         43:35:9a:04:73:25:33:e2:10:5c:f4:f8:30:dd:df:2a:5e:46:
         4e:c9:dc:2b:d6:0b:9b:30:8f:1d:0e:a5:65:18:c9:58:8e:b8:
         48:ec:a3:a7:06:4c:8e:16:68:52:30:9c:1c:6d:99:d9:b6:73:
         34:1d:6e:27:d9:96:f5:4e:87:a9:7d:e7:78:d1:71:20:e7:b1:
         5c:75:a3:13:f3:4c:20:c4:7b:34:5e:0f:f5:6f:0d:81:e4:b4:
         d9:03:80:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3eiATaQrAsUI9aIUZ+/8+SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiN2JlMzRmNWQyNjlkYTUwMmFhNjgzNDhiZjA3YjkyZDky
YzBjYzQwHhcNMjYwNDMwMTMxNTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2FhNWQ2YmJlZTg1NzY4ZWQzNGIwMjU0YmY1Y2ZiYjE3ZWM3ZWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmyeW9BBj6NLQs/YdfSmIzpDpfXph
ipNnUHecnpqdPl1f5hnjLbXE2N7JBuVmzV0azZrFEvLRb1ggsonVDqB5ACizSCLS
474jkjevUF3gfeCaiWlXJ5xq7aSwuwVlqyGBZoCokCVW5+923qPE+aDtI2OFnrBf
E4lWVKOJ6otuMRTF70RJNLcRkKxpGQ75iOfr5GvGtUnarpPA9wzsIq3hhMCLPeD+
A1XkbEdZ3vDwD3mONpTZuvhK+YZKgTGK+GWjEpSDMKDdfpSKAg34QZv3qOHT6erb
h+JTs6mUsaPv7ziR2WtzTWWu/dXaQ1RIOQV9gmQfPzDZhsWz8fMTo3SS5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFByqXWu+6Fdo7TSwJUv1z7sX7H71MB8GA1UdIwQY
MBaAFKt7409dJp2lAqpoNIvwe5LZLAzEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTN2alQxMG1uYVVDcW1nMGlfQjdrdGtzRE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9lMGFmNjgtZGM2ZS00MWNjLWE2ZGUt
NTU4M2U2MWFkYjM4LzEvSEtwZGE3N29WMmp0TkxBbFNfWFB1eGZzZnZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9lMGFmNjgtZGM2ZS00MWNjLWE2ZGUtNTU4M2U2MWFkYjM4
LzEvcTN2alQxMG1uYVVDcW1nMGlfQjdrdGtzRE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVndMA0G
CSqGSIb3DQEBCwUAA4IBAQA/VxB639qdusCkEuuVhL0bhST5JIrBNWTUEM2QBE1O
dYyn5Y3Nmts1hldythFBJO2m+myrec/fPgeY7uUz69WNWEraLHIVeSrXC4HMymv8
piwbzTea4ePKDld0X5jSEv6PWUUkFOhpijIsf46thaCghXl5FXU1lRO+4bPbpXf3
TNlok8eNm9yEx+mEa4p7k5Ayg6mJak4f0jDLDWnJ7cJ6pVpDNZoEcyUz4hBc9Pgw
3d8qXkZOydwr1gubMI8dDqVlGMlYjrhI7KOnBkyOFmhSMJwcbZnZtnM0HW4n2Zb1
Toepfed40XEg57FcdaMT80wgxHs0Xg/1bw2B5LTZA4BJ
-----END CERTIFICATE-----