Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/976925-2551-4b2b-900a-e111f322636a/1/HfBJ2Nut_YAQuWjhDmP8H2eMvJ8.roa
File:                     HfBJ2Nut_YAQuWjhDmP8H2eMvJ8.roa (raw, json)
Hash identifier:          qlvHpaLVzXcUtxyLFD8U+1k01vVLX6TwfsOJYC4Ocds=
Subject key identifier:   1D:F0:49:D8:DB:AD:FD:80:10:B9:68:E1:0E:63:FC:1F:67:8C:BC:9F
Certificate issuer:       /CN=cfc4c2ae338845efe7802deec234eae3f7b95f31
Certificate serial:       019D2F2353D3D3919AF71F0F081B8DBA0F71
Authority key identifier: CF:C4:C2:AE:33:88:45:EF:E7:80:2D:EE:C2:34:EA:E3:F7:B9:5F:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z8TCrjOIRe_ngC3uwjTq4_e5XzE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/976925-2551-4b2b-900a-e111f322636a/1/HfBJ2Nut_YAQuWjhDmP8H2eMvJ8.roa
Signing time:             Fri 27 Mar 2026 11:52:17 +0000
ROA not before:           Fri 27 Mar 2026 11:52:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57043
IP address blocks:        85.137.251.0/24 maxlen: 24
                          185.244.40.0/24 maxlen: 24
                          185.247.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/976925-2551-4b2b-900a-e111f322636a/1/z8TCrjOIRe_ngC3uwjTq4_e5XzE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/976925-2551-4b2b-900a-e111f322636a/1/z8TCrjOIRe_ngC3uwjTq4_e5XzE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z8TCrjOIRe_ngC3uwjTq4_e5XzE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2f:23:53:d3:d3:91:9a:f7:1f:0f:08:1b:8d:ba:0f:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfc4c2ae338845efe7802deec234eae3f7b95f31
        Validity
            Not Before: Mar 27 11:52:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1df049d8dbadfd8010b968e10e63fc1f678cbc9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:96:78:78:8e:37:04:3a:e2:89:0d:7d:79:b0:
                    a2:47:1f:5c:82:45:98:70:0b:63:71:81:45:8b:c9:
                    74:51:d2:3e:c1:d8:d2:ed:91:05:e1:b4:33:b8:05:
                    8f:c0:f6:4c:29:da:f2:2d:6e:b4:f6:24:9c:58:31:
                    8e:6a:ae:a4:06:8e:bc:55:a9:cf:93:01:e0:19:8a:
                    80:ff:94:2f:64:52:f4:ba:38:78:45:86:4e:d2:a5:
                    28:ee:08:cc:48:65:e0:c3:69:c5:eb:5e:e4:0f:c1:
                    fc:c9:ec:bc:83:2f:a0:80:73:3f:77:0c:ec:34:5f:
                    33:f0:15:2e:78:50:a4:3e:9d:48:aa:76:57:a5:44:
                    24:7d:a2:53:f8:09:3e:5c:ba:b6:00:71:04:8a:83:
                    08:53:5b:49:db:5f:df:44:1f:12:71:91:1e:c8:9d:
                    af:8c:5a:63:bb:df:cb:09:dd:4e:9d:fe:16:47:14:
                    95:6e:44:55:df:f8:24:db:55:24:82:8a:1e:fe:3d:
                    d8:f8:e0:7d:28:84:c1:70:20:2a:64:ed:6f:d9:82:
                    d4:b9:c4:15:49:85:d8:ac:84:bf:56:1e:42:76:d6:
                    b4:81:2f:25:2d:8a:b6:90:75:53:8b:6b:34:f7:2c:
                    76:c5:cf:a1:c8:fd:94:18:3e:72:f2:33:f8:12:a4:
                    e9:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:F0:49:D8:DB:AD:FD:80:10:B9:68:E1:0E:63:FC:1F:67:8C:BC:9F
            X509v3 Authority Key Identifier:
                keyid:CF:C4:C2:AE:33:88:45:EF:E7:80:2D:EE:C2:34:EA:E3:F7:B9:5F:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z8TCrjOIRe_ngC3uwjTq4_e5XzE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/976925-2551-4b2b-900a-e111f322636a/1/HfBJ2Nut_YAQuWjhDmP8H2eMvJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/976925-2551-4b2b-900a-e111f322636a/1/z8TCrjOIRe_ngC3uwjTq4_e5XzE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.137.251.0/24
                  185.244.40.0/24
                  185.247.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:49:e2:8a:3f:bc:8f:98:0a:a0:15:9f:70:d7:8f:27:01:a1:
         cc:15:15:95:83:9f:ee:00:a4:79:76:5c:ec:7e:ae:d1:17:7b:
         b1:f0:e3:ae:19:e8:cd:77:44:31:47:a5:af:8b:33:b4:db:f2:
         73:f7:34:84:57:85:c0:54:b8:35:1f:6a:bb:03:20:6a:22:ea:
         9b:8c:93:ec:59:b8:38:a2:a3:0f:7d:e0:fc:3e:02:d8:12:1e:
         95:35:01:7d:e6:71:39:17:27:ac:7e:7a:b3:73:8d:35:fb:ef:
         65:13:68:6f:9f:ac:63:80:08:37:89:fd:08:77:04:a4:b8:2e:
         dd:03:63:ef:b7:bc:4e:e8:31:e5:ed:33:28:3d:43:28:d6:f7:
         cc:9d:b4:41:29:27:b5:7b:10:bd:4c:9c:9a:98:7c:f5:9e:bf:
         02:64:8d:55:59:c8:0a:86:16:09:bb:dd:16:79:e2:e5:69:14:
         80:26:35:df:75:aa:82:ce:ee:fa:07:ef:64:0a:0d:78:67:31:
         46:eb:87:bc:7e:bb:72:d3:4a:4d:43:08:5c:a7:98:d9:25:3b:
         ec:4c:4b:ac:74:22:c4:d7:e2:02:21:b2:b5:fb:c1:5c:d9:17:
         29:30:3d:0b:3b:bb:d4:5f:a4:33:9e:fc:1c:21:5f:38:65:3d:
         7f:a5:28:f1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ0vI1PT05Ga9x8PCBuNug9xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmYzRjMmFlMzM4ODQ1ZWZlNzgwMmRlZWMyMzRlYWUzZjdi
OTVmMzEwHhcNMjYwMzI3MTE1MjE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGYwNDlkOGRiYWRmZDgwMTBiOTY4ZTEwZTYzZmMxZjY3OGNiYzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZZ4eI43BDriiQ19ebCiRx9cgkWY
cAtjcYFFi8l0UdI+wdjS7ZEF4bQzuAWPwPZMKdryLW609iScWDGOaq6kBo68VanP
kwHgGYqA/5QvZFL0ujh4RYZO0qUo7gjMSGXgw2nF617kD8H8yey8gy+ggHM/dwzs
NF8z8BUueFCkPp1IqnZXpUQkfaJT+Ak+XLq2AHEEioMIU1tJ21/fRB8ScZEeyJ2v
jFpju9/LCd1Onf4WRxSVbkRV3/gk21Ukgooe/j3Y+OB9KITBcCAqZO1v2YLUucQV
SYXYrIS/Vh5Cdta0gS8lLYq2kHVTi2s09yx2xc+hyP2UGD5y8jP4EqTpfwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFB3wSdjbrf2AELlo4Q5j/B9njLyfMB8GA1UdIwQY
MBaAFM/Ewq4ziEXv54At7sI06uP3uV8xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejhUQ3JqT0lSZV9uZ0MzdXdqVHE0X2U1WHpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS85NzY5MjUtMjU1MS00YjJiLTkwMGEt
ZTExMWYzMjI2MzZhLzEvSGZCSjJOdXRfWUFRdVdqaERtUDhIMmVNdko4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS85NzY5MjUtMjU1MS00YjJiLTkwMGEtZTExMWYzMjI2MzZh
LzEvejhUQ3JqT0lSZV9uZ0MzdXdqVHE0X2U1WHpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVYn7AwQA
ufQoAwQAufePMA0GCSqGSIb3DQEBCwUAA4IBAQCiSeKKP7yPmAqgFZ9w148nAaHM
FRWVg5/uAKR5dlzsfq7RF3ux8OOuGejNd0QxR6WvizO02/Jz9zSEV4XAVLg1H2q7
AyBqIuqbjJPsWbg4oqMPfeD8PgLYEh6VNQF95nE5Fyesfnqzc401++9lE2hvn6xj
gAg3if0IdwSkuC7dA2Pvt7xO6DHl7TMoPUMo1vfMnbRBKSe1exC9TJyamHz1nr8C
ZI1VWcgKhhYJu90WeeLlaRSAJjXfdaqCzu76B+9kCg14ZzFG64e8frty00pNQwhc
p5jZJTvsTEusdCLE1+ICIbK1+8Fc2RcpMD0LO7vUX6QznvwcIV84ZT1/pSjx
-----END CERTIFICATE-----