Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/HWUcvkLmGASdhSYwC9AP_DWAGsE.roa
File:                     HWUcvkLmGASdhSYwC9AP_DWAGsE.roa (raw, json)
Hash identifier:          xz26m/XdZaiAuUnY/3mFY/BnQNYa0NzUclmOKktyTEI=
Subject key identifier:   1D:65:1C:BE:42:E6:18:04:9D:85:26:30:0B:D0:0F:FC:35:80:1A:C1
Certificate issuer:       /CN=a7e2ce3109480aee7b3fd2846ec8f8646885cdba
Certificate serial:       019E3A6FD18F98A84B495999BF5E2E377740
Authority key identifier: A7:E2:CE:31:09:48:0A:EE:7B:3F:D2:84:6E:C8:F8:64:68:85:CD:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p-LOMQlICu57P9KEbsj4ZGiFzbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/HWUcvkLmGASdhSYwC9AP_DWAGsE.roa
Signing time:             Mon 18 May 2026 09:34:27 +0000
ROA not before:           Mon 18 May 2026 09:34:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201084
IP address blocks:        185.43.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/p-LOMQlICu57P9KEbsj4ZGiFzbo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/p-LOMQlICu57P9KEbsj4ZGiFzbo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p-LOMQlICu57P9KEbsj4ZGiFzbo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 15:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3a:6f:d1:8f:98:a8:4b:49:59:99:bf:5e:2e:37:77:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7e2ce3109480aee7b3fd2846ec8f8646885cdba
        Validity
            Not Before: May 18 09:34:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1d651cbe42e618049d8526300bd00ffc35801ac1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:1b:7e:b2:9c:90:d0:89:9f:b2:79:56:79:0f:
                    b1:7f:5a:c6:49:a2:c1:da:41:8c:c6:c4:79:0f:fe:
                    f0:7a:35:08:ca:5a:aa:43:2c:7d:bd:ea:bb:bb:59:
                    1c:59:c2:1d:6d:3e:33:70:40:79:e6:53:af:b7:77:
                    97:12:66:7f:db:63:77:b3:b6:3a:58:a7:7d:5e:64:
                    d9:57:e0:2c:06:d1:d0:2b:05:70:5c:a9:84:c2:11:
                    0a:2b:bf:f8:24:36:15:25:e0:dd:11:23:d4:dd:d6:
                    af:8b:b9:b5:d9:bc:5b:32:fc:40:c6:fe:cb:e4:8f:
                    d7:d3:b3:7f:6b:b9:bb:7b:37:34:37:4c:96:d1:25:
                    bf:4b:f2:7e:c5:81:e3:3e:0e:24:88:ff:d9:0c:48:
                    c4:31:46:b8:b1:bf:95:72:e4:ae:4e:9a:0f:56:d1:
                    96:34:6c:99:43:9c:8c:14:18:4e:ce:ed:41:c6:04:
                    c1:b5:0c:39:d3:2e:80:0e:e4:d4:b8:d2:a6:b5:c4:
                    44:51:16:b9:2d:a3:10:9b:8a:5b:37:ca:01:2a:d4:
                    34:19:ef:54:8e:1d:7b:36:29:0a:ab:aa:59:c6:03:
                    27:fa:c6:02:fc:a1:f2:da:3a:13:34:5c:1b:88:7d:
                    74:43:9e:d0:ca:4d:08:41:3e:ad:38:bc:f5:f9:37:
                    ed:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:65:1C:BE:42:E6:18:04:9D:85:26:30:0B:D0:0F:FC:35:80:1A:C1
            X509v3 Authority Key Identifier:
                keyid:A7:E2:CE:31:09:48:0A:EE:7B:3F:D2:84:6E:C8:F8:64:68:85:CD:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p-LOMQlICu57P9KEbsj4ZGiFzbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/HWUcvkLmGASdhSYwC9AP_DWAGsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/p-LOMQlICu57P9KEbsj4ZGiFzbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.43.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:ae:4e:b4:38:3e:f7:f8:8a:30:b2:23:99:90:18:c5:e9:e6:
         eb:31:48:5c:d8:db:75:33:d0:d1:a3:da:a6:5c:00:de:b3:d8:
         fc:b2:22:ad:a4:88:4d:96:c4:b5:8a:07:a5:b5:7e:ed:68:0e:
         4d:76:50:a8:30:a0:a0:c7:16:6b:5a:c2:ae:b6:98:c8:11:b1:
         ad:fc:b9:8f:58:37:34:4a:db:9b:f8:16:a2:12:4a:94:67:31:
         49:5d:c1:37:4c:4d:07:8f:e4:0a:91:08:7d:d8:03:74:01:ea:
         d9:ca:50:4b:fb:00:10:3b:95:48:98:b8:97:7d:7b:8f:e8:23:
         93:85:80:36:2b:1a:92:ad:99:fe:ea:b0:d9:62:7a:e1:4e:f8:
         9f:a3:d8:df:d9:b3:00:00:fc:d6:fd:c2:48:62:7c:3c:a9:d2:
         dd:17:be:cf:02:24:f5:cf:2e:39:16:8c:aa:cf:c3:08:6d:44:
         44:eb:fc:77:41:88:7b:6a:6c:a7:8d:b6:f7:3c:ee:55:59:9f:
         37:de:6e:dd:12:6d:b3:bf:b8:8f:96:b9:d6:fe:ef:71:57:a9:
         1b:f2:27:9c:91:58:30:ce:eb:2b:0b:0c:a9:fd:e6:41:e9:7f:
         59:58:92:6b:67:27:2e:ab:04:fe:aa:84:7c:fb:01:5f:8f:f5:
         09:f4:5e:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ46b9GPmKhLSVmZv14uN3dAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZTJjZTMxMDk0ODBhZWU3YjNmZDI4NDZlYzhmODY0Njg4
NWNkYmEwHhcNMjYwNTE4MDkzNDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDY1MWNiZTQyZTYxODA0OWQ4NTI2MzAwYmQwMGZmYzM1ODAxYWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Rt+spyQ0ImfsnlWeQ+xf1rGSaLB
2kGMxsR5D/7wejUIylqqQyx9veq7u1kcWcIdbT4zcEB55lOvt3eXEmZ/22N3s7Y6
WKd9XmTZV+AsBtHQKwVwXKmEwhEKK7/4JDYVJeDdESPU3davi7m12bxbMvxAxv7L
5I/X07N/a7m7ezc0N0yW0SW/S/J+xYHjPg4kiP/ZDEjEMUa4sb+VcuSuTpoPVtGW
NGyZQ5yMFBhOzu1BxgTBtQw50y6ADuTUuNKmtcREURa5LaMQm4pbN8oBKtQ0Ge9U
jh17NikKq6pZxgMn+sYC/KHy2joTNFwbiH10Q57Qyk0IQT6tOLz1+TftPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB1lHL5C5hgEnYUmMAvQD/w1gBrBMB8GA1UdIwQY
MBaAFKfizjEJSAruez/ShG7I+GRohc26MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcC1MT01RbElDdTU3UDlLRWJzajRaR2lGemJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi9iNjFhZGQtMzJmMC00MmY0LWEzMDEt
NzgxOGE4OTQ1NmNiLzEvSFdVY3ZrTG1HQVNkaFNZd0M5QVBfRFdBR3NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi9iNjFhZGQtMzJmMC00MmY0LWEzMDEtNzgxOGE4OTQ1NmNi
LzEvcC1MT01RbElDdTU3UDlLRWJzajRaR2lGemJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuStEMA0G
CSqGSIb3DQEBCwUAA4IBAQBIrk60OD73+IowsiOZkBjF6ebrMUhc2Nt1M9DRo9qm
XADes9j8siKtpIhNlsS1igeltX7taA5NdlCoMKCgxxZrWsKutpjIEbGt/LmPWDc0
Stub+BaiEkqUZzFJXcE3TE0Hj+QKkQh92AN0AerZylBL+wAQO5VImLiXfXuP6COT
hYA2KxqSrZn+6rDZYnrhTvifo9jf2bMAAPzW/cJIYnw8qdLdF77PAiT1zy45Foyq
z8MIbURE6/x3QYh7amynjbb3PO5VWZ833m7dEm2zv7iPlrnW/u9xV6kb8ieckVgw
zusrCwyp/eZB6X9ZWJJrZycuqwT+qoR8+wFfj/UJ9F5i
-----END CERTIFICATE-----