Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/Hb3cNitO5I8j25LYLRmMVg_6uLo.roa
File:                     Hb3cNitO5I8j25LYLRmMVg_6uLo.roa (raw, json)
Hash identifier:          qyeEPBxAXZ/xwFAjowD04S3ru9Adwv2WYqD36byptrs=
Subject key identifier:   1D:BD:DC:36:2B:4E:E4:8F:23:DB:92:D8:2D:19:8C:56:0F:FA:B8:BA
Certificate issuer:       /CN=42239fb9af128428f84fed9f358686717ed97601
Certificate serial:       019F1F5491E51A236D3DA60947DA8ACA3DA9
Authority key identifier: 42:23:9F:B9:AF:12:84:28:F8:4F:ED:9F:35:86:86:71:7E:D9:76:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QiOfua8ShCj4T-2fNYaGcX7ZdgE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/Hb3cNitO5I8j25LYLRmMVg_6uLo.roa
Signing time:             Wed 01 Jul 2026 20:17:43 +0000
ROA not before:           Wed 01 Jul 2026 20:17:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15731
IP address blocks:        153.52.81.0/24 maxlen: 24
                          153.52.118.0/24 maxlen: 24
                          153.52.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/QiOfua8ShCj4T-2fNYaGcX7ZdgE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/QiOfua8ShCj4T-2fNYaGcX7ZdgE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QiOfua8ShCj4T-2fNYaGcX7ZdgE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 Jul 2026 05:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:1f:54:91:e5:1a:23:6d:3d:a6:09:47:da:8a:ca:3d:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42239fb9af128428f84fed9f358686717ed97601
        Validity
            Not Before: Jul  1 20:17:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1dbddc362b4ee48f23db92d82d198c560ffab8ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:c1:4a:dc:e8:ab:da:48:c6:3e:1f:08:c4:25:
                    2f:8d:bb:33:cd:b0:67:35:b8:47:ac:4f:9c:bc:3a:
                    6c:be:54:12:73:22:70:79:10:df:7f:41:00:98:16:
                    bc:eb:0c:97:bb:b8:d9:4b:46:b3:ac:96:20:ef:c2:
                    89:cf:6b:a7:ca:0b:c2:54:78:6a:ad:bd:34:82:da:
                    88:fa:e5:62:48:2b:61:b7:df:88:88:d4:57:99:96:
                    1e:e1:b5:5f:87:f0:a9:ff:88:d4:a8:6c:4c:de:46:
                    9c:d4:38:ce:60:7b:0e:dd:90:a9:35:aa:e2:71:12:
                    94:ea:e0:25:e5:58:ef:41:93:5c:ca:cf:05:7d:2f:
                    1c:a3:bd:bd:d6:96:f7:36:aa:37:03:61:2e:03:d4:
                    6b:af:ea:38:e7:29:8d:f6:55:23:32:16:24:81:39:
                    ae:fe:d7:37:0b:87:bc:34:51:45:05:6b:5a:0e:00:
                    5d:42:e1:4a:ab:f6:35:ed:d3:61:b2:11:1c:ca:64:
                    e8:2c:14:5c:12:fc:3a:2f:14:9b:43:cc:3c:7b:ec:
                    89:3c:52:1b:e0:29:f2:3c:0e:96:25:46:7a:72:1d:
                    4f:3d:f2:49:8c:cf:5d:93:88:7e:ee:a5:67:73:57:
                    11:73:88:b6:45:84:ef:64:76:26:99:6d:83:79:3f:
                    a2:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:BD:DC:36:2B:4E:E4:8F:23:DB:92:D8:2D:19:8C:56:0F:FA:B8:BA
            X509v3 Authority Key Identifier:
                keyid:42:23:9F:B9:AF:12:84:28:F8:4F:ED:9F:35:86:86:71:7E:D9:76:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QiOfua8ShCj4T-2fNYaGcX7ZdgE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/Hb3cNitO5I8j25LYLRmMVg_6uLo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/QiOfua8ShCj4T-2fNYaGcX7ZdgE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.52.81.0/24
                  153.52.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         95:7b:84:3b:ba:15:95:cb:d6:71:f8:34:82:a7:7b:fd:0f:a9:
         43:d5:99:9b:9b:e1:ad:22:a8:00:e7:54:95:11:72:6f:94:aa:
         39:1b:ec:9b:4e:ac:90:8f:b8:e9:3e:51:96:22:39:4a:dc:37:
         b3:dc:17:3e:7f:54:33:57:ad:f0:91:dd:4d:bd:70:7e:11:24:
         5e:d7:8b:92:e7:75:2b:28:8a:85:6f:1f:e1:6d:88:2e:6d:e6:
         db:d4:c0:52:11:2d:52:e9:95:d9:75:ed:bc:81:30:4e:db:74:
         de:85:10:77:3e:21:a3:c8:79:eb:59:ac:a3:46:8a:67:19:4f:
         f7:c3:01:49:63:38:56:33:ec:5d:fb:a6:84:6c:74:78:ce:81:
         b2:bd:50:14:95:0c:35:c2:46:62:97:8d:f8:9f:57:7f:75:ef:
         f9:49:55:fe:bf:79:ce:c1:4d:7f:5d:af:a9:cb:25:df:ce:90:
         76:ba:3d:9c:ad:e1:83:e2:f3:02:c9:7b:36:28:e7:bc:97:e5:
         96:f6:a4:86:1f:30:22:11:46:b5:16:49:08:a9:aa:6b:30:07:
         b5:6d:b1:d6:e4:ba:3c:3d:d7:c0:48:a1:f1:54:ce:8a:e9:38:
         eb:69:e5:dc:43:ae:93:e6:27:82:d0:c8:fc:d2:ef:f1:22:c7:
         e5:45:cf:94
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ8fVJHlGiNtPaYJR9qKyj2pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyMjM5ZmI5YWYxMjg0MjhmODRmZWQ5ZjM1ODY4NjcxN2Vk
OTc2MDEwHhcNMjYwNzAxMjAxNzQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGJkZGMzNjJiNGVlNDhmMjNkYjkyZDgyZDE5OGM1NjBmZmFiOGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhcFK3Oir2kjGPh8IxCUvjbszzbBn
NbhHrE+cvDpsvlQScyJweRDff0EAmBa86wyXu7jZS0azrJYg78KJz2unygvCVHhq
rb00gtqI+uViSCtht9+IiNRXmZYe4bVfh/Cp/4jUqGxM3kac1DjOYHsO3ZCpNari
cRKU6uAl5VjvQZNcys8FfS8co7291pb3Nqo3A2EuA9Rrr+o45ymN9lUjMhYkgTmu
/tc3C4e8NFFFBWtaDgBdQuFKq/Y17dNhshEcymToLBRcEvw6LxSbQ8w8e+yJPFIb
4CnyPA6WJUZ6ch1PPfJJjM9dk4h+7qVnc1cRc4i2RYTvZHYmmW2DeT+iCQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB293DYrTuSPI9uS2C0ZjFYP+ri6MB8GA1UdIwQY
MBaAFEIjn7mvEoQo+E/tnzWGhnF+2XYBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWlPZnVhOFNoQ2o0VC0yZk5ZYUdjWDdaZGdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8zZTNkNDAtMmFlNC00M2YzLWFlN2Mt
YmM1NDAzYWMyYTk1LzEvSGIzY05pdE81SThqMjVMWUxSbU1WZ182dUxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8zZTNkNDAtMmFlNC00M2YzLWFlN2MtYmM1NDAzYWMyYTk1
LzEvUWlPZnVhOFNoQ2o0VC0yZk5ZYUdjWDdaZGdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAmTRRAwQB
mTR2MA0GCSqGSIb3DQEBCwUAA4IBAQCVe4Q7uhWVy9Zx+DSCp3v9D6lD1Zmbm+Gt
IqgA51SVEXJvlKo5G+ybTqyQj7jpPlGWIjlK3Dez3Bc+f1QzV63wkd1NvXB+ESRe
14uS53UrKIqFbx/hbYgubebb1MBSES1S6ZXZde28gTBO23TehRB3PiGjyHnrWayj
RopnGU/3wwFJYzhWM+xd+6aEbHR4zoGyvVAUlQw1wkZil434n1d/de/5SVX+v3nO
wU1/Xa+pyyXfzpB2uj2creGD4vMCyXs2KOe8l+WW9qSGHzAiEUa1FkkIqaprMAe1
bbHW5Lo8PdfASKHxVM6K6TjraeXcQ66T5ieC0Mj80u/xIsflRc+U
-----END CERTIFICATE-----
Generated at Sat Jul 4 13:24:56 2026 by rpki-client