Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/HbOjPbv5QjdLQhQdTvtkCXnt7nc.roa
File:                     HbOjPbv5QjdLQhQdTvtkCXnt7nc.roa (raw, json)
Hash identifier:          KR5O2ujcW7+YDAn9ZT3+iWV89KxEtRFeqHSPp1JTNPs=
Subject key identifier:   1D:B3:A3:3D:BB:F9:42:37:4B:42:14:1D:4E:FB:64:09:79:ED:EE:77
Certificate issuer:       /CN=c089423af1be03027196d1f81df22992978cda6e
Certificate serial:       019DC104BF3A548583F9D6FB0E8D9C6B8367
Authority key identifier: C0:89:42:3A:F1:BE:03:02:71:96:D1:F8:1D:F2:29:92:97:8C:DA:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/HbOjPbv5QjdLQhQdTvtkCXnt7nc.roa
Signing time:             Fri 24 Apr 2026 19:43:26 +0000
ROA not before:           Fri 24 Apr 2026 19:43:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210528
IP address blocks:        93.90.72.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Apr 2026 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c1:04:bf:3a:54:85:83:f9:d6:fb:0e:8d:9c:6b:83:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c089423af1be03027196d1f81df22992978cda6e
        Validity
            Not Before: Apr 24 19:43:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1db3a33dbbf942374b42141d4efb640979edee77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:9a:d5:67:ed:a5:31:dd:03:5a:67:3c:83:ba:
                    6a:c6:8e:a9:69:8c:a1:77:03:bb:d1:2e:27:50:75:
                    6c:b2:d7:81:0c:27:c5:d6:8d:bd:c3:ce:86:6a:08:
                    fb:c2:7f:20:44:ad:d8:b3:30:25:6e:c8:a9:69:f4:
                    ca:d2:14:2d:a4:73:c0:f6:85:0c:35:46:6e:59:4f:
                    75:a9:b4:12:11:d8:ec:40:13:0d:f2:71:f6:75:bc:
                    cc:14:7d:94:a2:dd:e2:df:6d:80:ee:5c:1e:d5:f0:
                    bf:06:ae:b6:80:20:9c:50:b8:92:9a:64:91:fb:32:
                    97:bf:ee:14:f0:a7:3e:e5:d4:41:5c:35:e6:e1:0c:
                    97:e3:6e:f3:46:6a:c0:a6:ac:f5:44:22:f5:10:7e:
                    15:73:f5:d9:f3:69:bc:e3:b3:b8:2c:a9:8a:7c:23:
                    cc:e3:50:87:ab:f1:2d:f7:23:3d:26:0f:f3:fe:09:
                    7d:92:ed:1f:c9:d2:60:66:11:18:aa:36:3c:8e:9e:
                    e2:d1:4b:38:7c:7b:ab:b2:99:2d:14:af:d3:50:c3:
                    20:3a:d7:bd:2e:6a:ab:f5:e5:fd:1d:f1:58:44:87:
                    27:f7:c0:6b:ea:12:08:d2:7e:1e:30:a0:41:5a:14:
                    8c:4b:02:b9:45:b9:65:b0:03:46:fc:c9:03:76:be:
                    38:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:B3:A3:3D:BB:F9:42:37:4B:42:14:1D:4E:FB:64:09:79:ED:EE:77
            X509v3 Authority Key Identifier:
                keyid:C0:89:42:3A:F1:BE:03:02:71:96:D1:F8:1D:F2:29:92:97:8C:DA:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/HbOjPbv5QjdLQhQdTvtkCXnt7nc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.90.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3a:87:2d:3c:df:f2:b4:61:d0:4f:4d:46:bb:8a:bc:34:23:b8:
         92:9f:c9:cf:c7:e6:dc:eb:ec:20:75:db:7a:4d:60:49:70:f0:
         c9:11:4e:f5:6c:79:05:87:30:7b:8a:11:82:87:b0:b9:aa:0d:
         7f:5a:bb:fe:68:fb:d7:59:65:fa:61:50:a7:7b:25:19:fc:c7:
         4e:c2:75:98:c7:d5:14:2e:17:5c:fc:c6:80:6f:d9:03:9b:99:
         5f:4a:b3:78:56:4f:27:cb:90:fa:79:35:4b:81:23:eb:ac:63:
         cc:c8:39:5b:5f:17:f6:bf:39:97:65:8c:43:eb:e1:16:04:e1:
         23:b3:dc:19:6c:29:d1:0a:89:eb:cd:a1:c3:10:36:dc:9f:bb:
         46:73:f6:dd:aa:5f:a4:51:54:46:06:c1:a7:00:47:0d:f8:b2:
         61:3a:b7:80:2a:05:19:05:33:36:22:14:c0:32:cc:f7:19:01:
         22:56:76:2e:86:bd:ad:96:b9:68:17:b5:9e:77:2f:8d:73:ac:
         45:6d:97:37:74:d4:2d:f8:1b:6b:96:03:55:8a:d9:f3:36:78:
         17:4f:8e:be:be:13:71:60:ee:19:56:c2:8d:fb:ce:ed:f7:c5:
         aa:c7:34:57:e0:ad:27:80:4f:f8:7b:d1:dc:95:8e:07:62:b2:
         e0:1f:71:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3BBL86VIWD+db7Do2ca4NnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwODk0MjNhZjFiZTAzMDI3MTk2ZDFmODFkZjIyOTkyOTc4
Y2RhNmUwHhcNMjYwNDI0MTk0MzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGIzYTMzZGJiZjk0MjM3NGI0MjE0MWQ0ZWZiNjQwOTc5ZWRlZTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJrVZ+2lMd0DWmc8g7pqxo6paYyh
dwO70S4nUHVssteBDCfF1o29w86Gagj7wn8gRK3YszAlbsipafTK0hQtpHPA9oUM
NUZuWU91qbQSEdjsQBMN8nH2dbzMFH2Uot3i322A7lwe1fC/Bq62gCCcULiSmmSR
+zKXv+4U8Kc+5dRBXDXm4QyX427zRmrApqz1RCL1EH4Vc/XZ82m847O4LKmKfCPM
41CHq/Et9yM9Jg/z/gl9ku0fydJgZhEYqjY8jp7i0Us4fHurspktFK/TUMMgOte9
Lmqr9eX9HfFYRIcn98Br6hII0n4eMKBBWhSMSwK5RbllsANG/MkDdr44bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB2zoz27+UI3S0IUHU77ZAl57e53MB8GA1UdIwQY
MBaAFMCJQjrxvgMCcZbR+B3yKZKXjNpuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0lsQ092Ry1Bd0p4bHRINEhmSXBrcGVNMm00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9kYzI5MTItYzdiMC00ZGY0LTlhYTgt
NjUzMzJiNDdmNWViLzEvSGJPalBidjVRamRMUWhRZFR2dGtDWG50N25jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9kYzI5MTItYzdiMC00ZGY0LTlhYTgtNjUzMzJiNDdmNWVi
LzEvd0lsQ092Ry1Bd0p4bHRINEhmSXBrcGVNMm00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXVpIMA0G
CSqGSIb3DQEBCwUAA4IBAQA6hy083/K0YdBPTUa7irw0I7iSn8nPx+bc6+wgddt6
TWBJcPDJEU71bHkFhzB7ihGCh7C5qg1/Wrv+aPvXWWX6YVCneyUZ/MdOwnWYx9UU
Lhdc/MaAb9kDm5lfSrN4Vk8ny5D6eTVLgSPrrGPMyDlbXxf2vzmXZYxD6+EWBOEj
s9wZbCnRConrzaHDEDbcn7tGc/bdql+kUVRGBsGnAEcN+LJhOreAKgUZBTM2IhTA
Msz3GQEiVnYuhr2tlrloF7Wedy+Nc6xFbZc3dNQt+BtrlgNVitnzNngXT46+vhNx
YO4ZVsKN+87t98WqxzRX4K0ngE/4e9HclY4HYrLgH3F0
-----END CERTIFICATE-----