Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/7fe015-5cd5-4429-8b7d-22d027197712/1/hRmKCS65M1LfLcuchwhBjvlwW_A.roa
File:                     hRmKCS65M1LfLcuchwhBjvlwW_A.roa (raw, json)
Hash identifier:          0x1CM5DuF66EJ7uVEqEuWYLR8xr4yA8KCKiMBJ1ko4U=
Subject key identifier:   85:19:8A:09:2E:B9:33:52:DF:2D:CB:9C:87:08:41:8E:F9:70:5B:F0
Certificate issuer:       /CN=26c672da72a34cc282adc40f282676de75117654
Certificate serial:       019DCFFB4F29985D1C1F69B10CB7442913F4
Authority key identifier: 26:C6:72:DA:72:A3:4C:C2:82:AD:C4:0F:28:26:76:DE:75:11:76:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JsZy2nKjTMKCrcQPKCZ23nURdlQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/7fe015-5cd5-4429-8b7d-22d027197712/1/hRmKCS65M1LfLcuchwhBjvlwW_A.roa
Signing time:             Mon 27 Apr 2026 17:27:26 +0000
ROA not before:           Mon 27 Apr 2026 17:27:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        31.88.0.0/15 maxlen: 24
                          218.254.0.0/16 maxlen: 24
                          2a14:f180::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/7fe015-5cd5-4429-8b7d-22d027197712/1/JsZy2nKjTMKCrcQPKCZ23nURdlQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/7fe015-5cd5-4429-8b7d-22d027197712/1/JsZy2nKjTMKCrcQPKCZ23nURdlQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JsZy2nKjTMKCrcQPKCZ23nURdlQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 May 2026 05:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:cf:fb:4f:29:98:5d:1c:1f:69:b1:0c:b7:44:29:13:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26c672da72a34cc282adc40f282676de75117654
        Validity
            Not Before: Apr 27 17:27:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=85198a092eb93352df2dcb9c8708418ef9705bf0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:c3:1e:17:03:ae:b2:ff:42:20:25:eb:a2:74:
                    4b:58:d7:aa:38:e9:4a:34:1f:ac:01:10:66:26:4b:
                    ec:a1:2a:d5:05:f4:40:5e:a1:69:79:b8:6d:93:82:
                    9c:85:26:3c:5c:31:71:ae:8b:a8:17:33:d9:f8:14:
                    3e:17:ab:04:eb:6c:80:85:0c:e6:34:db:ff:89:99:
                    b8:c5:1f:3f:51:54:b7:05:27:cf:ed:c3:2e:82:cc:
                    d9:12:ad:a2:bf:8f:a2:4d:76:f2:00:90:29:04:2d:
                    1c:35:a9:71:0d:9f:97:a2:3c:a9:a0:99:f5:35:15:
                    ce:34:e4:44:2a:84:38:6e:68:92:5d:bd:af:86:91:
                    03:57:fd:a3:b8:7e:c7:47:06:5a:07:5d:4b:25:96:
                    77:33:71:6a:e0:8b:79:df:4a:7f:f4:03:bc:30:60:
                    13:da:bd:28:43:96:89:91:69:25:a4:da:53:36:ba:
                    45:73:f3:97:5d:10:05:49:3a:29:00:15:a3:2e:a7:
                    c1:f1:23:41:db:4b:95:98:26:4f:c4:ce:b1:03:a0:
                    3c:d1:9d:54:60:d0:9f:26:a7:13:8a:19:2d:3c:a6:
                    67:2a:90:56:49:46:ec:50:f8:cd:39:0d:fd:67:87:
                    29:07:19:c7:d8:0f:fa:55:68:e5:e2:1c:28:f9:4e:
                    fe:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:19:8A:09:2E:B9:33:52:DF:2D:CB:9C:87:08:41:8E:F9:70:5B:F0
            X509v3 Authority Key Identifier:
                keyid:26:C6:72:DA:72:A3:4C:C2:82:AD:C4:0F:28:26:76:DE:75:11:76:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JsZy2nKjTMKCrcQPKCZ23nURdlQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/7fe015-5cd5-4429-8b7d-22d027197712/1/hRmKCS65M1LfLcuchwhBjvlwW_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/7fe015-5cd5-4429-8b7d-22d027197712/1/JsZy2nKjTMKCrcQPKCZ23nURdlQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.88.0.0/15
                  218.254.0.0/16
                IPv6:
                  2a14:f180::/29

    Signature Algorithm: sha256WithRSAEncryption
         5b:2f:f0:1a:db:f6:cb:d4:fd:91:a7:7e:44:8f:08:96:37:f8:
         e6:29:be:9c:0a:2e:4b:00:ca:43:ae:06:44:28:ec:b7:a6:21:
         87:67:0d:5b:9a:a0:be:cb:ce:22:c6:46:31:29:9f:f9:7d:da:
         f9:3e:96:33:77:85:40:ff:5c:d4:74:cc:a7:da:c5:6d:1d:9f:
         06:99:c3:f6:08:e9:4b:bc:ac:63:1b:ac:a1:2d:ba:f3:2f:0d:
         2e:6b:91:9c:a0:e7:76:30:89:9c:55:4d:93:70:a6:9a:dd:61:
         8d:7f:99:cc:96:32:be:13:90:1d:ed:bd:58:22:2a:e1:de:d5:
         a2:30:59:fe:87:6e:5b:24:7d:a3:d1:37:d3:04:71:3c:74:a5:
         19:70:dc:9a:5b:db:f1:30:92:79:9d:f3:63:e2:b3:10:30:77:
         60:c0:d8:81:2c:e9:34:ce:c0:49:13:02:43:27:c1:64:e4:46:
         5e:5d:b9:79:90:ff:a0:8e:90:3c:93:d4:cc:26:6f:a1:4a:af:
         3c:f2:3a:e6:11:c6:db:1e:11:bd:0a:83:d9:c5:53:4b:28:8e:
         3d:17:5e:f6:89:94:67:e3:9e:0a:df:c5:9b:12:0b:33:75:e0:
         c6:45:0a:5d:e9:39:48:f5:06:ec:e9:3d:2f:de:cd:b5:e2:e5:
         7f:06:53:05
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAZ3P+08pmF0cH2mxDLdEKRP0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2YzY3MmRhNzJhMzRjYzI4MmFkYzQwZjI4MjY3NmRlNzUx
MTc2NTQwHhcNMjYwNDI3MTcyNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTE5OGEwOTJlYjkzMzUyZGYyZGNiOWM4NzA4NDE4ZWY5NzA1YmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMMeFwOusv9CICXronRLWNeqOOlK
NB+sARBmJkvsoSrVBfRAXqFpebhtk4KchSY8XDFxrouoFzPZ+BQ+F6sE62yAhQzm
NNv/iZm4xR8/UVS3BSfP7cMugszZEq2iv4+iTXbyAJApBC0cNalxDZ+XojypoJn1
NRXONOREKoQ4bmiSXb2vhpEDV/2juH7HRwZaB11LJZZ3M3Fq4It530p/9AO8MGAT
2r0oQ5aJkWklpNpTNrpFc/OXXRAFSTopABWjLqfB8SNB20uVmCZPxM6xA6A80Z1U
YNCfJqcTihktPKZnKpBWSUbsUPjNOQ39Z4cpBxnH2A/6VWjl4hwo+U7+GwIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFIUZigkuuTNS3y3LnIcIQY75cFvwMB8GA1UdIwQY
MBaAFCbGctpyo0zCgq3EDygmdt51EXZUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnNaeTJuS2pUTUtDcmNRUEtDWjIzblVSZGxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni83ZmUwMTUtNWNkNS00NDI5LThiN2Qt
MjJkMDI3MTk3NzEyLzEvaFJtS0NTNjVNMUxmTGN1Y2h3aEJqdmx3V19BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni83ZmUwMTUtNWNkNS00NDI5LThiN2QtMjJkMDI3MTk3NzEy
LzEvSnNaeTJuS2pUTUtDcmNRUEtDWjIzblVSZGxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDIGCCsGAQUFBwEHAQH/BCMwITAQBAIAATAKAwMBH1gDAwDa
/jANBAIAAjAHAwUDKhTxgDANBgkqhkiG9w0BAQsFAAOCAQEAWy/wGtv2y9T9kad+
RI8Iljf45im+nAouSwDKQ64GRCjst6Yhh2cNW5qgvsvOIsZGMSmf+X3a+T6WM3eF
QP9c1HTMp9rFbR2fBpnD9gjpS7ysYxusoS268y8NLmuRnKDndjCJnFVNk3Cmmt1h
jX+ZzJYyvhOQHe29WCIq4d7VojBZ/oduWyR9o9E30wRxPHSlGXDcmlvb8TCSeZ3z
Y+KzEDB3YMDYgSzpNM7ASRMCQyfBZORGXl25eZD/oI6QPJPUzCZvoUqvPPI65hHG
2x4RvQqD2cVTSyiOPRde9omUZ+OeCt/FmxILM3XgxkUKXek5SPUG7Ok9L97NteLl
fwZTBQ==
-----END CERTIFICATE-----