Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/H_ZbE32xD4Jhfd7d_Lm5fnPovzM.roa
File:                     H_ZbE32xD4Jhfd7d_Lm5fnPovzM.roa (raw, json)
Hash identifier:          aZ9uNmSOhcQkLqZFW9owTasfsuaMVCH5Cmg+PDELd3k=
Subject key identifier:   1F:F6:5B:13:7D:B1:0F:82:61:7D:DE:DD:FC:B9:B9:7E:73:E8:BF:33
Certificate issuer:       /CN=e58024b729d99f05133ec6d14390c73eb36db99e
Certificate serial:       019CB092F57F1B567BB74507F5BF10367EE7
Authority key identifier: E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/H_ZbE32xD4Jhfd7d_Lm5fnPovzM.roa
Signing time:             Mon 02 Mar 2026 22:02:26 +0000
ROA not before:           Mon 02 Mar 2026 22:02:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7346
IP address blocks:        80.245.44.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Mar 2026 22:42:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b0:92:f5:7f:1b:56:7b:b7:45:07:f5:bf:10:36:7e:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e58024b729d99f05133ec6d14390c73eb36db99e
        Validity
            Not Before: Mar  2 22:02:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1ff65b137db10f82617ddeddfcb9b97e73e8bf33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:68:fa:73:9d:0a:0c:7d:ad:cb:db:a4:da:40:
                    e8:69:5c:c3:07:3e:8d:76:76:a8:8e:ab:93:ed:7e:
                    e2:6c:47:c0:47:34:57:7a:60:42:ab:59:45:e9:54:
                    81:7a:e8:1f:99:67:48:59:58:a6:8a:ff:c8:bd:41:
                    46:1e:de:e4:08:38:6e:7d:72:12:b8:fa:9e:37:5f:
                    20:3e:d5:13:a6:97:e1:e0:a5:57:aa:54:0a:f6:24:
                    ff:15:52:ba:e6:2c:6f:d4:9e:cc:89:f8:db:05:3e:
                    22:18:5b:32:00:f5:3c:e7:61:5f:68:c5:8c:da:d1:
                    6b:a9:ee:bf:01:bf:19:d5:dd:d4:1e:a1:f6:cd:14:
                    97:55:e1:35:6f:2b:84:2a:a8:de:d7:6b:01:29:e7:
                    06:27:06:30:b3:2f:a3:05:a7:5c:58:7d:c6:75:55:
                    8c:3c:15:57:e8:bf:e5:47:93:f6:ca:46:08:68:a7:
                    00:81:fd:bc:b5:8f:b7:e8:9b:f8:82:35:1e:08:db:
                    29:8a:f5:c1:7b:05:98:e0:c4:c6:fd:6c:8a:a9:6f:
                    bd:8e:e8:10:7b:23:b1:fd:11:ca:b1:d7:c4:7a:51:
                    a5:e6:45:3f:1a:de:5e:d8:02:66:8e:07:f5:32:af:
                    87:d1:a5:c8:96:5a:c1:94:e2:a1:a4:b5:05:93:8f:
                    4e:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:F6:5B:13:7D:B1:0F:82:61:7D:DE:DD:FC:B9:B9:7E:73:E8:BF:33
            X509v3 Authority Key Identifier:
                keyid:E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/H_ZbE32xD4Jhfd7d_Lm5fnPovzM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.245.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         94:5a:c9:6d:c6:ea:72:ff:5d:28:73:45:fb:4e:54:fa:71:8e:
         58:7f:63:44:6b:f3:f5:a0:48:46:50:5a:f1:4c:95:96:48:60:
         e1:20:2f:76:94:9b:05:27:e8:b4:3b:fa:6d:81:45:4e:db:44:
         d7:8f:15:4d:76:cb:63:f5:10:21:6d:56:0a:a9:ce:6b:2d:b5:
         63:2e:c0:f5:c8:0c:aa:18:8e:d6:9f:22:53:ad:c5:75:45:e1:
         94:75:95:ce:7a:b7:0f:a5:a7:55:db:d3:00:ca:5e:aa:6c:cf:
         0d:d1:a2:ba:6f:28:0a:de:7e:74:71:e8:69:10:b2:3f:e5:20:
         07:83:f3:03:80:11:f9:0d:59:b3:fc:5f:c9:72:75:4d:30:34:
         1b:ff:79:8d:7d:15:a0:d6:fd:7d:dd:58:0d:ae:51:6b:28:48:
         df:cb:77:13:e9:d9:4f:88:f3:83:b9:09:12:fd:e2:70:1c:db:
         a7:02:84:42:1e:48:cb:0d:c1:8a:a5:59:b2:41:73:59:ec:24:
         9e:78:c3:da:f6:63:c5:ab:9e:01:4d:e6:5d:a9:e3:3d:17:04:
         4b:26:33:0c:4d:f3:36:dc:47:aa:f1:41:3c:a2:ec:62:4d:1d:
         0a:17:7a:c0:ad:c0:75:3f:03:6c:41:6d:35:32:cb:15:a5:a5:
         a7:6c:10:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZywkvV/G1Z7t0UH9b8QNn7nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ODAyNGI3MjlkOTlmMDUxMzNlYzZkMTQzOTBjNzNlYjM2
ZGI5OWUwHhcNMjYwMzAyMjIwMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmY2NWIxMzdkYjEwZjgyNjE3ZGRlZGRmY2I5Yjk3ZTczZThiZjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmj6c50KDH2ty9uk2kDoaVzDBz6N
dnaojquT7X7ibEfARzRXemBCq1lF6VSBeugfmWdIWVimiv/IvUFGHt7kCDhufXIS
uPqeN18gPtUTppfh4KVXqlQK9iT/FVK65ixv1J7MifjbBT4iGFsyAPU852FfaMWM
2tFrqe6/Ab8Z1d3UHqH2zRSXVeE1byuEKqje12sBKecGJwYwsy+jBadcWH3GdVWM
PBVX6L/lR5P2ykYIaKcAgf28tY+36Jv4gjUeCNspivXBewWY4MTG/WyKqW+9jugQ
eyOx/RHKsdfEelGl5kU/Gt5e2AJmjgf1Mq+H0aXIllrBlOKhpLUFk49OEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB/2WxN9sQ+CYX3e3fy5uX5z6L8zMB8GA1UdIwQY
MBaAFOWAJLcp2Z8FEz7G0UOQxz6zbbmeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQt
OTU2ZjZiNWM2MTcwLzEvSF9aYkUzMnhENEpoZmQ3ZF9MbTVmblBvdnpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQtOTU2ZjZiNWM2MTcw
LzEvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUPUsMA0G
CSqGSIb3DQEBCwUAA4IBAQCUWsltxupy/10oc0X7TlT6cY5Yf2NEa/P1oEhGUFrx
TJWWSGDhIC92lJsFJ+i0O/ptgUVO20TXjxVNdstj9RAhbVYKqc5rLbVjLsD1yAyq
GI7WnyJTrcV1ReGUdZXOercPpadV29MAyl6qbM8N0aK6bygK3n50cehpELI/5SAH
g/MDgBH5DVmz/F/JcnVNMDQb/3mNfRWg1v193VgNrlFrKEjfy3cT6dlPiPODuQkS
/eJwHNunAoRCHkjLDcGKpVmyQXNZ7CSeeMPa9mPFq54BTeZdqeM9FwRLJjMMTfM2
3Eeq8UE8ouxiTR0KF3rArcB1PwNsQW01MssVpaWnbBDT
-----END CERTIFICATE-----