Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/hs3h7Dj-b8z6Uxhv8HYqs7iBXD0.roa
File:                     hs3h7Dj-b8z6Uxhv8HYqs7iBXD0.roa (raw, json)
Hash identifier:          5W1nhov/uvHu69XlxjaNWq1KRUFRi0VVoqIxSY+t7js=
Subject key identifier:   86:CD:E1:EC:38:FE:6F:CC:FA:53:18:6F:F0:76:2A:B3:B8:81:5C:3D
Certificate issuer:       /CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
Certificate serial:       019E40FF0C783841F262448E694B1FF94212
Authority key identifier: 55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/hs3h7Dj-b8z6Uxhv8HYqs7iBXD0.roa
Signing time:             Tue 19 May 2026 16:08:37 +0000
ROA not before:           Tue 19 May 2026 16:08:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199685
IP address blocks:        83.147.242.0/23 maxlen: 24
                          91.186.214.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 06:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:40:ff:0c:78:38:41:f2:62:44:8e:69:4b:1f:f9:42:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
        Validity
            Not Before: May 19 16:08:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=86cde1ec38fe6fccfa53186ff0762ab3b8815c3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:a9:7c:30:7a:3c:d4:64:4b:1d:36:6d:e4:6b:
                    1c:bc:51:0c:22:41:91:90:28:99:88:50:f7:5b:46:
                    05:35:4e:db:7d:70:e6:24:93:01:7d:6d:77:ca:7c:
                    44:a1:fa:2d:1a:a0:be:c6:08:8f:2f:f2:b5:c7:30:
                    35:24:c1:12:05:15:b8:37:93:67:92:f7:72:71:2d:
                    77:50:2a:20:cc:67:c0:ff:b0:4d:bc:f7:07:a9:7c:
                    3f:41:45:63:15:f8:86:93:7b:f5:0c:d2:17:62:95:
                    2e:4d:b8:36:ad:32:90:48:1e:81:b6:fc:49:d0:aa:
                    78:d6:e0:0f:82:b5:fd:c5:1d:6b:8d:e3:8d:7e:6a:
                    9c:ed:86:ba:83:69:5c:b8:ac:71:b1:96:87:2a:96:
                    0e:7d:15:a9:0a:ab:45:2e:15:4f:3b:76:8a:7e:bf:
                    cf:06:62:30:01:a7:df:c8:c2:33:51:9a:17:ad:3b:
                    1c:1a:af:fb:64:1a:07:b8:3d:d6:9d:19:54:c0:23:
                    1e:a3:e5:51:1a:6d:cc:e8:dd:ca:09:cb:72:20:3f:
                    41:59:3a:ad:7f:bb:23:2f:72:74:b3:dc:05:a2:17:
                    10:1f:e4:78:37:85:b5:f0:93:08:25:9f:cf:f6:dd:
                    61:f9:30:55:fb:26:2b:77:44:b8:7d:68:a9:cc:e2:
                    5d:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:CD:E1:EC:38:FE:6F:CC:FA:53:18:6F:F0:76:2A:B3:B8:81:5C:3D
            X509v3 Authority Key Identifier:
                keyid:55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/hs3h7Dj-b8z6Uxhv8HYqs7iBXD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.242.0/23
                  91.186.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         04:47:d0:d0:3e:dd:e2:e0:12:48:28:5f:84:9b:ff:47:70:00:
         41:dd:e8:7d:40:d7:5e:ff:5b:08:7e:09:46:e4:33:22:08:56:
         ff:68:ac:d8:81:06:5b:b4:6d:94:f6:e5:4e:95:b1:0e:ca:cb:
         47:48:ed:fd:cb:ed:af:76:7c:df:c0:e3:58:da:4f:39:d9:16:
         38:e2:60:67:35:91:2c:53:a7:0e:c5:87:c6:27:78:1f:70:9c:
         fc:46:26:26:85:39:8f:6b:37:3d:bd:c6:73:b3:6c:6f:95:a2:
         2e:aa:64:74:0c:15:67:ad:f1:35:2d:6b:91:f9:46:87:b7:5a:
         9e:b0:2a:c9:9e:2d:da:92:0d:35:2a:10:08:db:02:1d:22:56:
         02:7e:1f:4e:e2:a8:6d:00:a7:25:4c:a1:b5:a8:1b:be:d6:73:
         1b:45:9d:94:08:89:5a:d9:3d:1a:67:2d:56:4d:39:2f:2f:2d:
         fa:c6:9c:09:82:2d:5b:84:64:1f:f3:b9:ec:fe:3b:31:22:e4:
         03:fb:46:4d:8b:02:d4:f0:fc:7f:7d:fd:ab:ce:43:c8:c9:63:
         c5:c8:c1:9f:43:1a:3b:a7:82:ac:06:68:d7:44:a4:15:cf:c3:
         cd:cb:39:ac:9b:e2:f6:cf:34:27:5e:fa:f7:5d:3a:d5:49:7b:
         8b:69:96:88
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5A/wx4OEHyYkSOaUsf+UISMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YmFmMjY5Njc1MTBiM2M1MmU0NmQxZGM1OTM5NjdjZGYy
OWY5YzkwHhcNMjYwNTE5MTYwODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmNkZTFlYzM4ZmU2ZmNjZmE1MzE4NmZmMDc2MmFiM2I4ODE1YzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyql8MHo81GRLHTZt5GscvFEMIkGR
kCiZiFD3W0YFNU7bfXDmJJMBfW13ynxEofotGqC+xgiPL/K1xzA1JMESBRW4N5Nn
kvdycS13UCogzGfA/7BNvPcHqXw/QUVjFfiGk3v1DNIXYpUuTbg2rTKQSB6BtvxJ
0Kp41uAPgrX9xR1rjeONfmqc7Ya6g2lcuKxxsZaHKpYOfRWpCqtFLhVPO3aKfr/P
BmIwAaffyMIzUZoXrTscGq/7ZBoHuD3WnRlUwCMeo+VRGm3M6N3KCctyID9BWTqt
f7sjL3J0s9wFohcQH+R4N4W18JMIJZ/P9t1h+TBV+yYrd0S4fWipzOJdhQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIbN4ew4/m/M+lMYb/B2KrO4gVw9MB8GA1UdIwQY
MBaAFFW68mlnUQs8UuRtHcWTlnzfKfnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAt
NDlmOTgxZWU1OTgxLzEvaHMzaDdEai1iOHo2VXhodjhIWXFzN2lCWEQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAtNDlmOTgxZWU1OTgx
LzEvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBU5PyAwQB
W7rWMA0GCSqGSIb3DQEBCwUAA4IBAQAER9DQPt3i4BJIKF+Em/9HcABB3eh9QNde
/1sIfglG5DMiCFb/aKzYgQZbtG2U9uVOlbEOystHSO39y+2vdnzfwONY2k852RY4
4mBnNZEsU6cOxYfGJ3gfcJz8RiYmhTmPazc9vcZzs2xvlaIuqmR0DBVnrfE1LWuR
+UaHt1qesCrJni3akg01KhAI2wIdIlYCfh9O4qhtAKclTKG1qBu+1nMbRZ2UCIla
2T0aZy1WTTkvLy36xpwJgi1bhGQf87ns/jsxIuQD+0ZNiwLU8Px/ff2rzkPIyWPF
yMGfQxo7p4KsBmjXRKQVz8PNyzmsm+L2zzQnXvr3XTrVSXuLaZaI
-----END CERTIFICATE-----