Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/hvip2EW-cZQxkyPHRM__4uDEMmU.roa
File:                     hvip2EW-cZQxkyPHRM__4uDEMmU.roa (raw, json)
Hash identifier:          sE1oBDpGNGoQRcHsD7bpl06zjsSmT1XA8d+R+Q76XT8=
Subject key identifier:   86:F8:A9:D8:45:BE:71:94:31:93:23:C7:44:CF:FF:E2:E0:C4:32:65
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019DCD4FB215A4ABD498CB91B42C8AA59108
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/hvip2EW-cZQxkyPHRM__4uDEMmU.roa
Signing time:             Mon 27 Apr 2026 05:00:45 +0000
ROA not before:           Mon 27 Apr 2026 05:00:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56755
IP address blocks:        45.148.118.0/23 maxlen: 24
                          139.28.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 Apr 2026 07:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:cd:4f:b2:15:a4:ab:d4:98:cb:91:b4:2c:8a:a5:91:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Apr 27 05:00:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=86f8a9d845be7194319323c744cfffe2e0c43265
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:df:4f:d0:15:45:e4:bd:b3:b1:65:35:7f:f0:
                    2e:69:eb:aa:49:7d:42:33:51:b7:26:14:ff:79:9e:
                    ef:33:4a:23:c7:4b:59:10:ae:c7:ad:42:9f:d4:93:
                    fa:8c:5b:80:3b:e7:3c:7f:af:46:c1:ce:f1:c1:2c:
                    15:c3:e0:6b:f5:e9:f3:f0:82:ed:f5:c3:56:55:2d:
                    ca:30:9c:4f:97:e4:8a:bc:44:b0:21:53:85:a6:9f:
                    1b:62:b0:eb:20:cd:b7:ac:56:f9:7a:ca:f7:3d:a6:
                    39:88:54:4e:0b:0d:af:1b:da:3b:31:17:bf:2c:d2:
                    4f:08:f3:eb:62:75:8a:73:40:60:de:87:72:66:63:
                    ec:2b:4f:53:8c:ea:7c:23:57:2d:b3:11:ee:48:6a:
                    f9:a8:58:ea:d8:c8:7b:a0:41:59:a1:60:54:54:66:
                    ee:b8:e0:e9:a1:03:12:da:50:cd:30:bf:22:10:44:
                    ff:83:d7:68:fa:07:9e:5e:bd:1c:92:45:16:1c:6e:
                    69:bc:9a:96:7d:3c:16:95:19:08:bb:13:72:c8:98:
                    c5:f3:84:fd:7a:f8:41:fa:e7:26:cf:c8:dd:ed:a5:
                    04:26:c2:8c:f6:8c:bf:70:ed:a6:f0:3f:c6:78:93:
                    e2:e5:26:dd:a5:19:3d:9d:df:65:fc:b3:47:1a:c9:
                    c5:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:F8:A9:D8:45:BE:71:94:31:93:23:C7:44:CF:FF:E2:E0:C4:32:65
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/hvip2EW-cZQxkyPHRM__4uDEMmU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.118.0/23
                  139.28.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:6f:fa:72:2f:3f:7f:91:cf:f6:04:7e:b6:43:7f:99:c8:9e:
         98:ee:c1:35:59:6e:53:d4:86:fb:c2:92:7b:9b:3c:d1:2e:59:
         c5:42:3c:c1:f3:1a:cf:c7:46:b2:4a:cf:5e:37:43:36:d4:2b:
         7b:3f:4e:0c:01:81:1a:fe:9d:99:40:23:80:50:08:5c:41:70:
         c2:69:39:6c:34:cd:ec:d5:22:f6:4f:e5:63:2b:37:b7:01:43:
         ed:3e:41:16:0f:e5:7c:ec:4c:ce:88:4f:15:3b:f7:a1:4b:eb:
         83:85:84:0b:f0:88:d5:a1:6f:5f:e4:15:bf:89:7e:2e:4c:e7:
         e8:c5:d2:eb:15:44:3f:9d:86:5d:e5:88:db:08:d8:71:f6:f7:
         7d:f1:c1:d5:df:f7:7d:fa:3d:1e:7e:d8:41:d1:5e:cb:51:5b:
         c2:26:66:65:63:d2:59:70:58:2b:bc:8e:8f:a1:8e:74:9a:e8:
         eb:78:40:3d:42:ad:ad:f7:04:17:99:1a:42:51:f9:17:ef:ac:
         34:0c:2a:4b:76:4d:13:86:25:86:07:dd:28:71:f4:54:7b:66:
         07:1f:59:57:22:32:49:3d:36:61:78:7d:ac:38:4e:4a:b5:db:
         64:24:95:ff:a2:9c:9a:9f:82:c4:be:a1:64:ea:1f:de:76:4a:
         e6:68:d9:ab
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3NT7IVpKvUmMuRtCyKpZEIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjYwNDI3MDUwMDQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmY4YTlkODQ1YmU3MTk0MzE5MzIzYzc0NGNmZmZlMmUwYzQzMjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtd9P0BVF5L2zsWU1f/AuaeuqSX1C
M1G3JhT/eZ7vM0ojx0tZEK7HrUKf1JP6jFuAO+c8f69Gwc7xwSwVw+Br9enz8ILt
9cNWVS3KMJxPl+SKvESwIVOFpp8bYrDrIM23rFb5esr3PaY5iFROCw2vG9o7MRe/
LNJPCPPrYnWKc0Bg3odyZmPsK09TjOp8I1ctsxHuSGr5qFjq2Mh7oEFZoWBUVGbu
uODpoQMS2lDNML8iEET/g9do+geeXr0ckkUWHG5pvJqWfTwWlRkIuxNyyJjF84T9
evhB+ucmz8jd7aUEJsKM9oy/cO2m8D/GeJPi5SbdpRk9nd9l/LNHGsnFUQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIb4qdhFvnGUMZMjx0TP/+LgxDJlMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvaHZpcDJFVy1jWlF4a3lQSFJNX180dURFTW1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLZR2AwQA
ixxjMA0GCSqGSIb3DQEBCwUAA4IBAQA1b/pyLz9/kc/2BH62Q3+ZyJ6Y7sE1WW5T
1Ib7wpJ7mzzRLlnFQjzB8xrPx0aySs9eN0M21Ct7P04MAYEa/p2ZQCOAUAhcQXDC
aTlsNM3s1SL2T+VjKze3AUPtPkEWD+V87EzOiE8VO/ehS+uDhYQL8IjVoW9f5BW/
iX4uTOfoxdLrFUQ/nYZd5YjbCNhx9vd98cHV3/d9+j0efthB0V7LUVvCJmZlY9JZ
cFgrvI6PoY50mujreEA9Qq2t9wQXmRpCUfkX76w0DCpLdk0ThiWGB90ocfRUe2YH
H1lXIjJJPTZheH2sOE5KtdtkJJX/opyan4LEvqFk6h/edkrmaNmr
-----END CERTIFICATE-----