Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/05b0d2-16ba-4d71-a218-43e6bff9a25e/1/hRF9ml8v_UduMvXzWno8qvtUHJY.roa
File:                     hRF9ml8v_UduMvXzWno8qvtUHJY.roa (raw, json)
Hash identifier:          aeqiSYNEe9b/RioY7u2z8TFho5XR5ZNUJdfUaIjcd7A=
Subject key identifier:   85:11:7D:9A:5F:2F:FD:47:6E:32:F5:F3:5A:7A:3C:AA:FB:54:1C:96
Certificate issuer:       /CN=4593b9ac0a486b0037765d605c8b1c8104046f0a
Certificate serial:       019DE23C8080B9DE6E9D9C38D7BDCF9037F5
Authority key identifier: 45:93:B9:AC:0A:48:6B:00:37:76:5D:60:5C:8B:1C:81:04:04:6F:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RZO5rApIawA3dl1gXIscgQQEbwo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/05b0d2-16ba-4d71-a218-43e6bff9a25e/1/hRF9ml8v_UduMvXzWno8qvtUHJY.roa
Signing time:             Fri 01 May 2026 06:31:49 +0000
ROA not before:           Fri 01 May 2026 06:31:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209242
IP address blocks:        144.124.210.0/24 maxlen: 24
                          144.124.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/05b0d2-16ba-4d71-a218-43e6bff9a25e/1/RZO5rApIawA3dl1gXIscgQQEbwo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/05b0d2-16ba-4d71-a218-43e6bff9a25e/1/RZO5rApIawA3dl1gXIscgQQEbwo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RZO5rApIawA3dl1gXIscgQQEbwo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 May 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e2:3c:80:80:b9:de:6e:9d:9c:38:d7:bd:cf:90:37:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4593b9ac0a486b0037765d605c8b1c8104046f0a
        Validity
            Not Before: May  1 06:31:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=85117d9a5f2ffd476e32f5f35a7a3caafb541c96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:fe:b7:c4:3a:a1:41:f6:17:39:36:c9:b1:0a:
                    42:59:fe:41:3c:86:07:97:ce:9a:ff:68:c1:78:16:
                    ba:cb:35:86:f2:99:7a:99:3f:8b:87:d8:8d:65:c4:
                    99:80:bd:91:a6:b3:39:2b:99:ab:cf:2d:28:ed:d9:
                    02:89:90:a6:93:f3:4b:59:87:22:b2:cc:a7:a5:74:
                    de:3e:7a:e1:3a:38:1b:57:b0:6f:14:86:96:36:47:
                    37:68:9c:89:5a:83:00:6e:73:d5:47:2a:7c:dd:5d:
                    1f:ff:c1:f0:57:b7:91:4f:94:94:20:05:48:cc:8e:
                    93:89:d6:50:1e:1d:02:1e:7f:1b:d6:ba:74:46:6d:
                    85:6b:d5:39:8d:18:37:ae:31:c0:fc:08:e4:7f:4c:
                    24:eb:19:bd:ad:de:fe:c6:81:9a:9a:91:61:b4:66:
                    2a:9e:f8:28:d1:1a:2e:58:58:19:a9:99:52:b7:ef:
                    4b:a7:83:8d:59:bb:08:75:7c:ab:21:be:b0:38:10:
                    c7:41:98:68:55:b9:31:e4:81:c6:bd:33:62:f9:36:
                    8e:71:7d:0b:ca:95:68:f0:7f:f0:c3:ea:55:cc:d0:
                    5d:3d:d1:de:07:3a:64:43:f1:f9:5d:32:ee:02:55:
                    87:ab:d0:e0:fe:f8:55:bb:ee:91:8b:4f:90:06:d6:
                    1e:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:11:7D:9A:5F:2F:FD:47:6E:32:F5:F3:5A:7A:3C:AA:FB:54:1C:96
            X509v3 Authority Key Identifier:
                keyid:45:93:B9:AC:0A:48:6B:00:37:76:5D:60:5C:8B:1C:81:04:04:6F:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RZO5rApIawA3dl1gXIscgQQEbwo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/05b0d2-16ba-4d71-a218-43e6bff9a25e/1/hRF9ml8v_UduMvXzWno8qvtUHJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/05b0d2-16ba-4d71-a218-43e6bff9a25e/1/RZO5rApIawA3dl1gXIscgQQEbwo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.124.210.0/24
                  144.124.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:ae:e4:1a:f0:c0:c7:3b:38:e3:c1:f4:1c:41:e4:4a:81:c2:
         47:ac:91:54:03:c1:91:ba:92:40:b6:72:7f:a5:a0:ae:bf:0f:
         fe:9d:49:ca:81:ea:7c:0a:c0:5d:6f:be:69:ae:bb:be:1a:a1:
         a1:b5:21:8d:0b:8d:0a:27:ef:31:6e:38:23:41:04:e3:a8:2d:
         2a:8f:03:71:f1:95:34:ef:f1:f3:d6:52:13:df:54:d4:3b:58:
         be:d3:48:5c:14:82:c9:39:7b:90:56:df:56:5a:4f:68:34:a0:
         4b:cf:97:1f:53:ea:88:cc:e0:3b:ce:5e:a2:f6:66:52:d9:70:
         b8:e8:bd:42:b4:a1:96:32:9a:a7:75:c6:c2:2c:b8:71:d4:c1:
         ca:e9:61:74:48:75:07:fe:05:0b:e4:5f:0b:fc:95:1a:d5:e8:
         ba:8b:b5:cc:9a:25:47:64:ad:1c:f0:bc:df:84:de:01:c2:8b:
         66:b7:61:3d:de:59:bd:ac:b6:2f:b5:1e:80:c1:68:d3:da:d8:
         4b:78:d6:1c:1e:8e:01:d0:35:bd:8d:14:66:26:5b:b8:83:19:
         11:3f:4a:24:d1:9a:c9:29:e7:d6:9a:28:69:55:10:1f:f9:b8:
         43:81:7f:c8:5e:2b:30:0a:dc:13:e2:e3:68:07:e2:3f:e3:80:
         a0:84:86:2a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3iPICAud5unZw4173PkDf1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1OTNiOWFjMGE0ODZiMDAzNzc2NWQ2MDVjOGIxYzgxMDQw
NDZmMGEwHhcNMjYwNTAxMDYzMTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTExN2Q5YTVmMmZmZDQ3NmUzMmY1ZjM1YTdhM2NhYWZiNTQxYzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwf63xDqhQfYXOTbJsQpCWf5BPIYH
l86a/2jBeBa6yzWG8pl6mT+Lh9iNZcSZgL2RprM5K5mrzy0o7dkCiZCmk/NLWYci
ssynpXTePnrhOjgbV7BvFIaWNkc3aJyJWoMAbnPVRyp83V0f/8HwV7eRT5SUIAVI
zI6TidZQHh0CHn8b1rp0Rm2Fa9U5jRg3rjHA/Ajkf0wk6xm9rd7+xoGampFhtGYq
nvgo0RouWFgZqZlSt+9Lp4ONWbsIdXyrIb6wOBDHQZhoVbkx5IHGvTNi+TaOcX0L
ypVo8H/ww+pVzNBdPdHeBzpkQ/H5XTLuAlWHq9Dg/vhVu+6Ri0+QBtYe/QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIURfZpfL/1HbjL181p6PKr7VByWMB8GA1UdIwQY
MBaAFEWTuawKSGsAN3ZdYFyLHIEEBG8KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlpPNXJBcElhd0EzZGwxZ1hJc2NnUVFFYndvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS8wNWIwZDItMTZiYS00ZDcxLWEyMTgt
NDNlNmJmZjlhMjVlLzEvaFJGOW1sOHZfVWR1TXZYeldubzhxdnRVSEpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS8wNWIwZDItMTZiYS00ZDcxLWEyMTgtNDNlNmJmZjlhMjVl
LzEvUlpPNXJBcElhd0EzZGwxZ1hJc2NnUVFFYndvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAkHzSAwQA
kHzVMA0GCSqGSIb3DQEBCwUAA4IBAQBzruQa8MDHOzjjwfQcQeRKgcJHrJFUA8GR
upJAtnJ/paCuvw/+nUnKgep8CsBdb75prru+GqGhtSGNC40KJ+8xbjgjQQTjqC0q
jwNx8ZU07/Hz1lIT31TUO1i+00hcFILJOXuQVt9WWk9oNKBLz5cfU+qIzOA7zl6i
9mZS2XC46L1CtKGWMpqndcbCLLhx1MHK6WF0SHUH/gUL5F8L/JUa1ei6i7XMmiVH
ZK0c8LzfhN4Bwotmt2E93lm9rLYvtR6AwWjT2thLeNYcHo4B0DW9jRRmJlu4gxkR
P0ok0ZrJKefWmihpVRAf+bhDgX/IXiswCtwT4uNoB+I/44CghIYq
-----END CERTIFICATE-----