Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/hPK5E2QgxTq3IvO7yqCCdCqsqIg.roa
File:                     hPK5E2QgxTq3IvO7yqCCdCqsqIg.roa (raw, json)
Hash identifier:          VtqQEqWm6S8By+li47K10xRJDByp9uVkm0q29w81lmw=
Subject key identifier:   84:F2:B9:13:64:20:C5:3A:B7:22:F3:BB:CA:A0:82:74:2A:AC:A8:88
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       019D6C97CA338CA2751D84AC64094A1DA8FB
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/hPK5E2QgxTq3IvO7yqCCdCqsqIg.roa
Signing time:             Wed 08 Apr 2026 10:16:20 +0000
ROA not before:           Wed 08 Apr 2026 10:16:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     397423
IP address blocks:        194.62.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 Apr 2026 09:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:6c:97:ca:33:8c:a2:75:1d:84:ac:64:09:4a:1d:a8:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Apr  8 10:16:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=84f2b9136420c53ab722f3bbcaa082742aaca888
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:9f:17:89:81:66:f3:58:60:0e:12:0f:07:9b:
                    be:e3:cd:ef:ee:27:66:21:42:2e:a8:55:cf:a5:8a:
                    80:98:d3:d0:4f:c5:f0:30:6e:cb:cb:d8:e3:79:68:
                    69:27:cd:b6:fe:7f:50:41:9e:b4:50:69:1a:22:dc:
                    10:3a:d7:04:e9:75:5a:50:0b:9b:02:fb:92:29:8f:
                    fa:dd:7a:95:68:47:27:40:c1:6d:dd:4d:e9:41:da:
                    c7:8d:e2:3f:0c:b3:b8:16:61:81:82:1f:f5:44:25:
                    32:37:e1:83:91:b8:90:5f:05:cd:59:6c:0a:e6:10:
                    57:f9:6d:20:45:03:c9:1c:28:32:7f:bc:d8:35:68:
                    7b:b4:47:c5:57:e9:97:2f:73:81:82:27:75:a3:03:
                    eb:56:b9:a5:91:ac:e6:a8:a0:4d:54:a0:52:73:17:
                    32:2e:be:af:2a:41:34:90:2f:c3:4b:b5:92:59:ef:
                    cf:3e:bd:f4:5f:8d:15:fa:15:71:21:ad:27:93:d0:
                    f2:de:3e:e6:19:d3:78:29:8e:1d:69:e8:9b:88:cc:
                    5c:07:c0:1e:fc:98:60:36:f2:8d:d0:55:14:8e:e0:
                    99:ea:28:5c:6e:88:1b:5e:0f:13:a4:f9:ac:1d:7c:
                    33:48:cc:13:ec:df:8c:f6:a3:ef:4d:ba:9f:5b:fc:
                    cc:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:F2:B9:13:64:20:C5:3A:B7:22:F3:BB:CA:A0:82:74:2A:AC:A8:88
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/hPK5E2QgxTq3IvO7yqCCdCqsqIg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.62.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:09:b3:5f:10:57:46:74:42:f3:7c:ca:69:30:f8:92:f6:59:
         08:e6:b7:05:58:f1:f1:0b:87:2a:45:68:bc:ff:fe:be:70:77:
         ef:c6:3c:5b:99:a7:b4:eb:66:4a:09:28:31:c8:c4:83:dd:9d:
         bd:ce:12:1d:4d:08:eb:ea:ab:dd:56:69:9f:18:28:cc:a7:6f:
         cf:1a:18:29:df:e1:33:91:96:e6:0b:a7:c1:c3:16:7b:8e:8d:
         16:c3:dc:73:f8:1c:54:71:22:41:c5:6a:64:f8:42:c1:e7:85:
         94:4e:92:24:28:71:0b:2f:db:43:2e:de:ee:48:c2:c9:07:ff:
         16:ac:14:9d:51:eb:54:3d:27:33:75:26:93:12:1e:64:90:ed:
         70:39:cc:5e:15:09:a8:60:fe:ea:89:d5:06:be:84:84:98:15:
         1f:8e:34:4a:37:49:0a:62:ad:a9:ad:f4:a3:eb:ec:d0:75:6a:
         4a:5e:2e:91:a8:94:a1:05:37:a2:ac:89:b1:9a:7e:2f:b6:6d:
         5a:8b:23:16:75:30:c9:15:ea:6f:95:d1:e6:09:90:7e:f3:ec:
         ee:ac:cc:ba:26:e7:a1:8c:f8:d1:42:a7:cb:e5:50:93:6b:3c:
         85:da:13:5c:a1:c8:d5:dd:53:b1:e2:16:dd:f2:b4:03:26:d8:
         0a:12:65:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1sl8ozjKJ1HYSsZAlKHaj7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjYwNDA4MTAxNjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGYyYjkxMzY0MjBjNTNhYjcyMmYzYmJjYWEwODI3NDJhYWNhODg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjZ8XiYFm81hgDhIPB5u+483v7idm
IUIuqFXPpYqAmNPQT8XwMG7Ly9jjeWhpJ822/n9QQZ60UGkaItwQOtcE6XVaUAub
AvuSKY/63XqVaEcnQMFt3U3pQdrHjeI/DLO4FmGBgh/1RCUyN+GDkbiQXwXNWWwK
5hBX+W0gRQPJHCgyf7zYNWh7tEfFV+mXL3OBgid1owPrVrmlkazmqKBNVKBScxcy
Lr6vKkE0kC/DS7WSWe/PPr30X40V+hVxIa0nk9Dy3j7mGdN4KY4daeibiMxcB8Ae
/JhgNvKN0FUUjuCZ6ihcbogbXg8TpPmsHXwzSMwT7N+M9qPvTbqfW/zMQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFITyuRNkIMU6tyLzu8qggnQqrKiIMB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvaFBLNUUyUWd4VHEzSXZPN3lxQ0NkQ3FzcUlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwj53MA0G
CSqGSIb3DQEBCwUAA4IBAQCrCbNfEFdGdELzfMppMPiS9lkI5rcFWPHxC4cqRWi8
//6+cHfvxjxbmae062ZKCSgxyMSD3Z29zhIdTQjr6qvdVmmfGCjMp2/PGhgp3+Ez
kZbmC6fBwxZ7jo0Ww9xz+BxUcSJBxWpk+ELB54WUTpIkKHELL9tDLt7uSMLJB/8W
rBSdUetUPSczdSaTEh5kkO1wOcxeFQmoYP7qidUGvoSEmBUfjjRKN0kKYq2prfSj
6+zQdWpKXi6RqJShBTeirImxmn4vtm1aiyMWdTDJFepvldHmCZB+8+zurMy6Jueh
jPjRQqfL5VCTazyF2hNcocjV3VOx4hbd8rQDJtgKEmXf
-----END CERTIFICATE-----