Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/ha3zk2AEBfCvAviC4-w3AcHO5TM.roa
File:                     ha3zk2AEBfCvAviC4-w3AcHO5TM.roa (raw, json)
Hash identifier:          XoxIQt3+qS+VXy9ilQBf9mwnXWOeXGBHptx4vaLLJI0=
Subject key identifier:   85:AD:F3:93:60:04:05:F0:AF:02:F8:82:E3:EC:37:01:C1:CE:E5:33
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       019E736CBF37D9F7B79FF9215582042F6100
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/ha3zk2AEBfCvAviC4-w3AcHO5TM.roa
Signing time:             Fri 29 May 2026 11:09:27 +0000
ROA not before:           Fri 29 May 2026 11:09:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     262287
IP address blocks:        45.84.213.0/24 maxlen: 24
                          45.128.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:73:6c:bf:37:d9:f7:b7:9f:f9:21:55:82:04:2f:61:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: May 29 11:09:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=85adf393600405f0af02f882e3ec3701c1cee533
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d3:b3:98:72:a3:70:4a:d8:18:c5:a1:c3:2a:
                    74:56:b2:35:f8:45:a0:e9:4d:0a:ae:73:bd:16:5b:
                    55:6d:83:53:45:c9:e0:c6:f2:d7:f3:ee:96:48:74:
                    a9:79:36:d7:bd:9e:ac:c9:1e:6d:37:65:c8:01:34:
                    2b:47:9b:5a:8b:1e:86:64:6c:7d:c8:92:40:ec:95:
                    cf:c2:c6:69:a4:f9:43:9c:2f:94:fa:ae:f1:bd:2b:
                    e0:41:0e:f5:ee:2f:ef:55:6e:c9:46:f8:d7:70:4b:
                    48:ca:dc:0a:48:b2:7f:40:8c:25:6f:a8:8f:56:48:
                    f7:59:56:39:f1:35:3e:09:9c:7a:4c:b0:a2:5d:ec:
                    61:c2:93:9e:73:c0:cb:ce:c7:c2:87:b9:a9:3b:b2:
                    f8:1d:3d:15:d4:e2:2b:1a:b6:83:85:45:d3:72:7c:
                    96:d3:6b:96:c1:a9:36:f0:df:09:32:76:21:c7:fb:
                    00:e1:72:11:71:3f:46:0f:80:ea:7c:81:30:64:41:
                    2e:61:dd:e9:37:b2:bd:7f:95:3f:3f:1b:ce:b4:42:
                    22:8d:c6:00:b0:0b:e2:a7:7e:8b:bc:08:b9:fc:13:
                    45:57:22:a2:f8:ea:fb:9d:4f:50:da:db:9f:48:91:
                    58:7a:6d:18:ad:9b:5c:96:b7:ec:91:f4:74:27:fa:
                    51:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:AD:F3:93:60:04:05:F0:AF:02:F8:82:E3:EC:37:01:C1:CE:E5:33
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/ha3zk2AEBfCvAviC4-w3AcHO5TM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.213.0/24
                  45.128.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:26:48:fc:23:22:12:3e:62:eb:d1:36:32:d8:cd:89:28:eb:
         8f:93:3d:0b:d5:68:d5:d6:0a:5e:fe:cb:0c:dc:c6:ea:7d:0c:
         56:fe:e7:55:e0:29:51:56:19:f6:64:87:03:4d:5e:f5:90:62:
         63:3b:b1:2e:0b:f9:cd:89:df:f6:2e:e5:1d:e5:3f:0b:c6:09:
         7a:f0:b1:18:fc:74:54:da:e3:e7:ec:61:35:5f:5b:c7:bb:05:
         8c:1f:51:d5:ca:ed:76:ad:52:9b:d8:89:48:56:57:3a:27:9b:
         9b:4f:a1:a9:09:8a:75:f3:db:98:e9:d4:a5:5e:61:27:a8:29:
         0f:cb:9d:53:25:db:f5:bc:9a:39:da:ca:06:36:b5:cf:40:f8:
         c4:80:b3:c6:fe:f1:39:cb:7e:1d:33:fb:af:aa:57:36:cf:7d:
         43:67:53:21:fe:71:28:c6:57:e8:bc:86:82:43:1c:39:0d:f3:
         29:19:2f:41:8e:c9:22:6f:1b:ad:b6:48:d9:2c:c8:03:02:44:
         7f:1a:6a:79:a8:ee:d0:14:8d:de:0f:91:08:0a:99:53:7c:5a:
         63:01:4c:35:69:51:ac:2c:f0:5b:9c:11:16:1f:5f:f0:3a:50:
         c9:a4:e3:cb:71:50:5c:41:58:13:c9:be:f6:ed:88:c8:33:7f:
         0e:3c:ed:c8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5zbL832fe3n/khVYIEL2EAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjYwNTI5MTEwOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWFkZjM5MzYwMDQwNWYwYWYwMmY4ODJlM2VjMzcwMWMxY2VlNTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNOzmHKjcErYGMWhwyp0VrI1+EWg
6U0KrnO9FltVbYNTRcngxvLX8+6WSHSpeTbXvZ6syR5tN2XIATQrR5taix6GZGx9
yJJA7JXPwsZppPlDnC+U+q7xvSvgQQ717i/vVW7JRvjXcEtIytwKSLJ/QIwlb6iP
Vkj3WVY58TU+CZx6TLCiXexhwpOec8DLzsfCh7mpO7L4HT0V1OIrGraDhUXTcnyW
02uWwak28N8JMnYhx/sA4XIRcT9GD4DqfIEwZEEuYd3pN7K9f5U/PxvOtEIijcYA
sAvip36LvAi5/BNFVyKi+Or7nU9Q2tufSJFYem0YrZtclrfskfR0J/pRqQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIWt85NgBAXwrwL4guPsNwHBzuUzMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvaGEzemsyQUVCZkN2QXZpQzQtdzNBY0hPNVRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVTVAwQA
LYDEMA0GCSqGSIb3DQEBCwUAA4IBAQAHJkj8IyISPmLr0TYy2M2JKOuPkz0L1WjV
1gpe/ssM3MbqfQxW/udV4ClRVhn2ZIcDTV71kGJjO7EuC/nNid/2LuUd5T8Lxgl6
8LEY/HRU2uPn7GE1X1vHuwWMH1HVyu12rVKb2IlIVlc6J5ubT6GpCYp189uY6dSl
XmEnqCkPy51TJdv1vJo52soGNrXPQPjEgLPG/vE5y34dM/uvqlc2z31DZ1Mh/nEo
xlfovIaCQxw5DfMpGS9BjskibxuttkjZLMgDAkR/Gmp5qO7QFI3eD5EICplTfFpj
AUw1aVGsLPBbnBEWH1/wOlDJpOPLcVBcQVgTyb727YjIM38OPO3I
-----END CERTIFICATE-----