Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/nhhkg_jIxt4rVXWEx9XQblCSEZ4.roa
File:                     nhhkg_jIxt4rVXWEx9XQblCSEZ4.roa (raw, json)
Hash identifier:          y1FUEKnJ06vvn88HA1FBYat4W4h49NECAE4Wk6psYL4=
Subject key identifier:   9E:18:64:83:F8:C8:C6:DE:2B:55:75:84:C7:D5:D0:6E:50:92:11:9E
Certificate issuer:       /CN=e9b1320fbc24d6f4366cb64fcf5ed2d7b1b6bdf7
Certificate serial:       019EABF6FF7861DCF294BA104A96195433C7
Authority key identifier: E9:B1:32:0F:BC:24:D6:F4:36:6C:B6:4F:CF:5E:D2:D7:B1:B6:BD:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6bEyD7wk1vQ2bLZPz17S17G2vfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/nhhkg_jIxt4rVXWEx9XQblCSEZ4.roa
Signing time:             Tue 09 Jun 2026 10:39:11 +0000
ROA not before:           Tue 09 Jun 2026 10:39:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200724
IP address blocks:        185.112.20.0/24 maxlen: 24
                          185.112.21.0/24 maxlen: 24
                          185.112.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/6bEyD7wk1vQ2bLZPz17S17G2vfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/6bEyD7wk1vQ2bLZPz17S17G2vfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6bEyD7wk1vQ2bLZPz17S17G2vfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ab:f6:ff:78:61:dc:f2:94:ba:10:4a:96:19:54:33:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9b1320fbc24d6f4366cb64fcf5ed2d7b1b6bdf7
        Validity
            Not Before: Jun  9 10:39:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9e186483f8c8c6de2b557584c7d5d06e5092119e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c1:f1:ca:c0:3c:23:e5:34:52:1a:64:ef:0a:
                    a6:a0:37:1d:2d:e3:c4:d6:58:b2:5d:52:68:a6:be:
                    75:85:c1:8b:29:e9:9a:4b:cb:ae:4b:7a:58:c7:fd:
                    0f:b7:ed:14:b1:74:64:61:71:27:bd:9e:25:48:04:
                    19:6b:20:15:9b:57:53:21:31:18:40:1b:2b:2c:a6:
                    9e:b9:76:75:8d:f5:57:40:2d:08:6c:bd:30:f1:b9:
                    91:4b:41:18:7c:e0:28:56:20:06:82:c4:15:f4:16:
                    d3:3b:61:b9:e5:54:d9:c7:c5:e3:c9:2a:a6:e3:99:
                    44:f9:9b:c6:a5:7c:e6:91:86:bd:03:88:fc:3a:83:
                    e1:56:ec:2b:54:94:4c:39:ea:a2:3f:c9:fa:1f:3f:
                    6c:ec:08:26:9a:f9:55:0b:e8:17:b6:4c:e9:d6:af:
                    cf:05:db:bc:2f:06:5e:39:c8:4e:87:d5:a0:88:a3:
                    93:32:96:b8:80:a9:41:f8:d6:31:7b:dc:0f:36:d9:
                    2c:67:dd:b4:70:a2:12:89:b6:a5:6d:29:8a:11:18:
                    ae:38:fe:9c:60:6a:e3:74:43:fb:e3:3c:67:e2:90:
                    63:38:ac:77:3b:60:97:01:17:8b:26:60:06:9d:97:
                    ec:24:87:a8:c3:83:3c:51:cc:62:fc:ab:e9:8a:a8:
                    a1:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:18:64:83:F8:C8:C6:DE:2B:55:75:84:C7:D5:D0:6E:50:92:11:9E
            X509v3 Authority Key Identifier:
                keyid:E9:B1:32:0F:BC:24:D6:F4:36:6C:B6:4F:CF:5E:D2:D7:B1:B6:BD:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6bEyD7wk1vQ2bLZPz17S17G2vfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/nhhkg_jIxt4rVXWEx9XQblCSEZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/6bEyD7wk1vQ2bLZPz17S17G2vfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.20.0-185.112.22.255

    Signature Algorithm: sha256WithRSAEncryption
         87:fd:9d:f4:e5:79:36:0a:28:5d:5c:95:7b:0e:d1:3b:74:c6:
         a4:dc:d6:98:d9:5c:7f:2b:7a:3e:05:14:7d:bf:76:c5:20:0f:
         e9:06:38:e4:ea:d6:5e:7f:01:e4:0d:a0:80:53:32:97:36:65:
         83:4c:40:c0:6f:dd:bc:73:53:4b:b1:a9:58:8c:16:b2:37:09:
         b4:74:da:ea:a0:ee:df:15:60:27:f8:19:3f:15:fc:d8:d4:8f:
         01:0e:71:50:35:b8:4d:fc:7a:12:cb:ab:fb:cf:3e:4b:0b:65:
         2d:6c:66:f6:11:bf:67:b9:5c:d5:18:cc:7d:05:f4:2d:d8:7b:
         c6:c3:6f:5d:00:98:d4:76:d7:e1:1f:ae:5c:88:0b:f8:da:4e:
         0b:e3:59:13:22:71:73:7e:7e:b7:dd:58:a8:59:49:d8:19:9c:
         a9:fa:58:fb:f0:67:7a:06:68:b0:61:55:fd:fd:63:ad:67:90:
         f4:c4:63:8a:39:0c:c9:a4:4c:1f:ce:9a:a6:66:16:01:ba:eb:
         2c:c4:8a:ee:bd:19:92:ef:40:c5:23:45:1d:94:c3:bb:f7:cc:
         88:1c:f5:1b:f5:69:78:c0:f2:43:0e:fc:a0:7c:08:ef:b5:09:
         34:e0:ce:a0:ad:ff:33:12:c0:90:7f:bc:65:d5:29:6e:ef:a0:
         a4:0f:de:de
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ6r9v94YdzylLoQSpYZVDPHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5YjEzMjBmYmMyNGQ2ZjQzNjZjYjY0ZmNmNWVkMmQ3YjFi
NmJkZjcwHhcNMjYwNjA5MTAzOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTE4NjQ4M2Y4YzhjNmRlMmI1NTc1ODRjN2Q1ZDA2ZTUwOTIxMTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncHxysA8I+U0Uhpk7wqmoDcdLePE
1liyXVJopr51hcGLKemaS8uuS3pYx/0Pt+0UsXRkYXEnvZ4lSAQZayAVm1dTITEY
QBsrLKaeuXZ1jfVXQC0IbL0w8bmRS0EYfOAoViAGgsQV9BbTO2G55VTZx8XjySqm
45lE+ZvGpXzmkYa9A4j8OoPhVuwrVJRMOeqiP8n6Hz9s7AgmmvlVC+gXtkzp1q/P
Bdu8LwZeOchOh9WgiKOTMpa4gKlB+NYxe9wPNtksZ920cKISibalbSmKERiuOP6c
YGrjdEP74zxn4pBjOKx3O2CXAReLJmAGnZfsJIeow4M8Ucxi/Kvpiqih6QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJ4YZIP4yMbeK1V1hMfV0G5QkhGeMB8GA1UdIwQY
MBaAFOmxMg+8JNb0Nmy2T89e0textr33MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmJFeUQ3d2sxdlEyYkxaUHoxN1MxN0cydmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9kZjFjYjUtNWY0OC00NmEwLWE3NmUt
ZDNlMjgwMGJkNjQwLzEvbmhoa2dfakl4dDRyVlhXRXg5WFFibENTRVo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9kZjFjYjUtNWY0OC00NmEwLWE3NmUtZDNlMjgwMGJkNjQw
LzEvNmJFeUQ3d2sxdlEyYkxaUHoxN1MxN0cydmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAK5cBQD
BAC5cBYwDQYJKoZIhvcNAQELBQADggEBAIf9nfTleTYKKF1clXsO0Tt0xqTc1pjZ
XH8rej4FFH2/dsUgD+kGOOTq1l5/AeQNoIBTMpc2ZYNMQMBv3bxzU0uxqViMFrI3
CbR02uqg7t8VYCf4GT8V/NjUjwEOcVA1uE38ehLLq/vPPksLZS1sZvYRv2e5XNUY
zH0F9C3Ye8bDb10AmNR21+EfrlyIC/jaTgvjWRMicXN+frfdWKhZSdgZnKn6WPvw
Z3oGaLBhVf39Y61nkPTEY4o5DMmkTB/OmqZmFgG66yzEiu69GZLvQMUjRR2Uw7v3
zIgc9Rv1aXjA8kMO/KB8CO+1CTTgzqCt/zMSwJB/vGXVKW7voKQP3t4=
-----END CERTIFICATE-----