Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/c46278-e1d0-4dc7-98c7-443e4bab7de6/1/H510yEFRKjhAMX9xqYkOVz49JL4.roa
File:                     H510yEFRKjhAMX9xqYkOVz49JL4.roa (raw, json)
Hash identifier:          AmB1KCKVgSscsnhvP9zjKQis/qK/dZ4hFTs+YWDJsXs=
Subject key identifier:   1F:9D:74:C8:41:51:2A:38:40:31:7F:71:A9:89:0E:57:3E:3D:24:BE
Certificate issuer:       /CN=b0225fd035a7ce64a7c88bde71aeb560f3483974
Certificate serial:       019DC103D536ECD47BCAA285C5BC9EBF4569
Authority key identifier: B0:22:5F:D0:35:A7:CE:64:A7:C8:8B:DE:71:AE:B5:60:F3:48:39:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sCJf0DWnzmSnyIveca61YPNIOXQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/c46278-e1d0-4dc7-98c7-443e4bab7de6/1/H510yEFRKjhAMX9xqYkOVz49JL4.roa
Signing time:             Fri 24 Apr 2026 19:42:27 +0000
ROA not before:           Fri 24 Apr 2026 19:42:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210528
IP address blocks:        85.208.212.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/c46278-e1d0-4dc7-98c7-443e4bab7de6/1/sCJf0DWnzmSnyIveca61YPNIOXQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/c46278-e1d0-4dc7-98c7-443e4bab7de6/1/sCJf0DWnzmSnyIveca61YPNIOXQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sCJf0DWnzmSnyIveca61YPNIOXQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 01:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c1:03:d5:36:ec:d4:7b:ca:a2:85:c5:bc:9e:bf:45:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0225fd035a7ce64a7c88bde71aeb560f3483974
        Validity
            Not Before: Apr 24 19:42:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1f9d74c841512a3840317f71a9890e573e3d24be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:6c:11:50:70:ce:d1:1f:a0:c9:6a:5b:6e:06:
                    a6:03:06:48:16:79:ec:00:df:9d:05:94:15:2b:35:
                    93:c0:94:98:93:0e:e9:3a:30:c0:71:b1:06:72:91:
                    2a:88:ae:4f:2c:e5:76:b3:4d:c2:87:17:48:df:d8:
                    28:ae:1a:be:b3:74:9f:cb:53:ba:8e:6c:bc:85:57:
                    05:bc:30:20:42:33:27:e6:cb:5a:89:5f:13:4c:6d:
                    cd:4d:aa:52:09:70:2f:cb:5e:40:f9:dd:f3:56:56:
                    22:46:85:a2:8f:46:f7:18:8c:ce:f2:e2:28:f2:1a:
                    28:03:ae:73:94:ce:d9:2f:a3:2b:73:57:ee:69:7f:
                    8e:77:9c:2b:fc:cb:f6:ad:a2:8a:db:61:e8:06:16:
                    78:3f:f5:c8:91:29:ab:44:ab:c2:2f:9d:63:a7:97:
                    15:92:d1:eb:ac:04:f8:8e:6b:bd:56:d2:54:15:62:
                    cf:f8:e8:23:7e:21:f5:e7:39:fb:37:46:0d:3c:4d:
                    29:66:ed:81:7b:68:10:08:3f:03:e9:f1:8f:d0:7a:
                    0e:3d:5c:55:05:55:91:86:6e:24:d1:68:76:aa:5b:
                    94:d9:d6:54:af:a2:5b:5e:c3:02:96:b6:3c:0b:ea:
                    89:f7:c6:ee:22:29:44:fc:7f:85:21:9e:8b:85:a0:
                    4f:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:9D:74:C8:41:51:2A:38:40:31:7F:71:A9:89:0E:57:3E:3D:24:BE
            X509v3 Authority Key Identifier:
                keyid:B0:22:5F:D0:35:A7:CE:64:A7:C8:8B:DE:71:AE:B5:60:F3:48:39:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sCJf0DWnzmSnyIveca61YPNIOXQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/c46278-e1d0-4dc7-98c7-443e4bab7de6/1/H510yEFRKjhAMX9xqYkOVz49JL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/c46278-e1d0-4dc7-98c7-443e4bab7de6/1/sCJf0DWnzmSnyIveca61YPNIOXQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:e9:9b:05:8b:3b:17:5c:ff:47:ab:4f:e3:5a:12:c3:bc:70:
         d2:8e:e0:40:4d:53:10:c1:5f:3b:5d:9d:2b:4a:22:43:fa:1b:
         b5:71:f2:b7:45:a3:31:4e:e0:95:1e:d0:76:09:2f:24:ca:31:
         7d:a0:3b:08:b0:1e:b3:4d:bd:7b:97:79:c8:b4:f6:2b:80:23:
         cc:2f:0b:ff:2f:c8:9f:d5:89:7c:de:71:89:49:df:06:eb:33:
         e6:1b:7d:9d:8e:e2:5b:77:f0:e7:b4:15:32:02:3f:23:3c:62:
         98:9f:b7:3b:11:20:10:e7:6a:ed:c6:e7:1f:27:94:72:6f:a9:
         ee:d1:db:68:29:c4:4c:7b:d9:a5:c4:ce:12:6d:48:2a:1c:a5:
         48:1d:ef:93:d0:07:be:e3:a8:04:7e:8a:a4:48:4c:36:60:5e:
         21:44:e6:ca:a6:e7:2b:d2:7e:c7:11:cd:8c:20:e1:e8:fa:6e:
         8a:09:be:12:b1:49:47:ac:4d:cf:2b:b3:fb:e3:18:7d:02:6b:
         f2:90:52:9b:79:77:b4:65:e3:42:26:c1:42:50:f5:a4:90:0a:
         7c:01:92:3d:ae:bc:5c:a9:51:e7:4e:e9:b7:14:96:2d:39:a6:
         a7:65:a9:91:7b:16:47:5c:fe:48:5e:c7:8e:ef:ce:05:d5:67:
         a9:d9:de:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3BA9U27NR7yqKFxbyev0VpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwMjI1ZmQwMzVhN2NlNjRhN2M4OGJkZTcxYWViNTYwZjM0
ODM5NzQwHhcNMjYwNDI0MTk0MjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjlkNzRjODQxNTEyYTM4NDAzMTdmNzFhOTg5MGU1NzNlM2QyNGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumwRUHDO0R+gyWpbbgamAwZIFnns
AN+dBZQVKzWTwJSYkw7pOjDAcbEGcpEqiK5PLOV2s03ChxdI39gorhq+s3Sfy1O6
jmy8hVcFvDAgQjMn5staiV8TTG3NTapSCXAvy15A+d3zVlYiRoWij0b3GIzO8uIo
8hooA65zlM7ZL6Mrc1fuaX+Od5wr/Mv2raKK22HoBhZ4P/XIkSmrRKvCL51jp5cV
ktHrrAT4jmu9VtJUFWLP+OgjfiH15zn7N0YNPE0pZu2Be2gQCD8D6fGP0HoOPVxV
BVWRhm4k0Wh2qluU2dZUr6JbXsMClrY8C+qJ98buIilE/H+FIZ6LhaBP3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+ddMhBUSo4QDF/camJDlc+PSS+MB8GA1UdIwQY
MBaAFLAiX9A1p85kp8iL3nGutWDzSDl0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0NKZjBEV256bVNueUl2ZWNhNjFZUE5JT1hRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9jNDYyNzgtZTFkMC00ZGM3LTk4Yzct
NDQzZTRiYWI3ZGU2LzEvSDUxMHlFRlJLamhBTVg5eHFZa09WejQ5Skw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9jNDYyNzgtZTFkMC00ZGM3LTk4YzctNDQzZTRiYWI3ZGU2
LzEvc0NKZjBEV256bVNueUl2ZWNhNjFZUE5JT1hRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVdDUMA0G
CSqGSIb3DQEBCwUAA4IBAQCO6ZsFizsXXP9Hq0/jWhLDvHDSjuBATVMQwV87XZ0r
SiJD+hu1cfK3RaMxTuCVHtB2CS8kyjF9oDsIsB6zTb17l3nItPYrgCPMLwv/L8if
1Yl83nGJSd8G6zPmG32djuJbd/DntBUyAj8jPGKYn7c7ESAQ52rtxucfJ5Ryb6nu
0dtoKcRMe9mlxM4SbUgqHKVIHe+T0Ae+46gEfoqkSEw2YF4hRObKpucr0n7HEc2M
IOHo+m6KCb4SsUlHrE3PK7P74xh9AmvykFKbeXe0ZeNCJsFCUPWkkAp8AZI9rrxc
qVHnTum3FJYtOaanZamRexZHXP5IXseO784F1Wep2d5j
-----END CERTIFICATE-----