Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/hclXVrOgaKEGMVxoxDXlTptZDpo.roa
File:                     hclXVrOgaKEGMVxoxDXlTptZDpo.roa (raw, json)
Hash identifier:          k80+89HqzBAly3n+5cA0GD5XxGHpzsm+fHkjuoV0yC8=
Subject key identifier:   85:C9:57:56:B3:A0:68:A1:06:31:5C:68:C4:35:E5:4E:9B:59:0E:9A
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       019D5E0E4400796A4A7F90CB66693CBE06C3
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/hclXVrOgaKEGMVxoxDXlTptZDpo.roa
Signing time:             Sun 05 Apr 2026 14:31:26 +0000
ROA not before:           Sun 05 Apr 2026 14:31:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199656
IP address blocks:        2a0c:9a40:8ea0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 06:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:5e:0e:44:00:79:6a:4a:7f:90:cb:66:69:3c:be:06:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Apr  5 14:31:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=85c95756b3a068a106315c68c435e54e9b590e9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:93:84:c7:4c:50:53:3a:7f:24:c3:ba:47:bf:
                    fa:6b:4d:83:32:e5:1d:44:7f:b3:f9:c3:fc:93:1f:
                    fe:ba:d7:52:2b:cc:6e:ba:13:22:2e:21:6e:33:33:
                    e1:22:1c:7f:6a:a8:fe:51:9e:42:b6:1e:cc:49:bb:
                    89:f7:c8:de:b6:51:f8:97:4a:42:ec:7f:e0:ab:3b:
                    2b:c1:5d:40:27:4b:9c:14:c5:c8:e8:ef:0d:57:a3:
                    21:91:13:98:b0:6e:23:f4:63:25:69:ab:06:4e:b1:
                    45:66:fb:89:1d:02:65:01:f0:45:ba:34:7b:a4:17:
                    6e:ce:84:45:25:75:03:d2:16:b3:4b:13:c6:23:df:
                    6d:1f:3e:14:77:a3:8b:6d:17:0a:96:e7:a7:df:07:
                    87:e9:eb:a3:57:99:58:d7:c7:51:2d:48:78:55:de:
                    5a:11:f4:dc:a5:6b:11:cc:89:24:9d:1b:9a:3f:36:
                    47:09:c6:e4:1b:82:77:e3:0c:a5:4f:0a:b8:72:9b:
                    62:7a:5d:4e:0f:87:8b:41:f4:e4:eb:87:67:bc:51:
                    b9:44:a1:8f:7d:90:94:af:3c:25:9a:7c:97:84:34:
                    2a:ff:e1:86:27:78:79:f7:88:b6:b7:5c:9d:b7:02:
                    4e:be:4f:ef:61:07:c6:c4:21:28:62:71:cb:a0:1f:
                    4d:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:C9:57:56:B3:A0:68:A1:06:31:5C:68:C4:35:E5:4E:9B:59:0E:9A
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/hclXVrOgaKEGMVxoxDXlTptZDpo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8ea0::/44

    Signature Algorithm: sha256WithRSAEncryption
         bb:bd:e3:72:ad:69:8a:55:8e:aa:f8:02:26:df:13:f9:bf:53:
         ee:98:36:dc:a6:ba:55:65:a7:e7:6e:4b:bd:49:33:51:a7:0a:
         3a:77:f7:45:48:1a:7f:49:df:f3:c2:d0:8d:30:09:29:1a:d4:
         f3:34:dc:89:79:87:fd:3c:c2:b0:82:d2:90:cb:97:e1:f5:78:
         ce:f7:bd:be:44:14:d3:f4:fa:00:bb:ce:7d:5c:2d:11:40:21:
         39:84:ef:66:74:4c:5e:7a:47:2b:ca:7a:44:0c:2c:93:a1:93:
         8f:26:6f:e4:05:3e:da:f9:c4:e7:70:d6:bf:b4:19:b7:0e:a6:
         48:03:9d:47:b4:99:b2:3d:0b:93:7b:70:ef:6f:93:68:8c:32:
         87:f3:3d:01:8a:75:f0:f1:aa:e4:41:62:7c:a2:99:47:59:32:
         3b:1e:92:0a:b9:94:da:01:8e:08:a3:87:cd:df:8c:60:93:b0:
         e4:c2:22:63:f1:01:3b:31:74:0a:36:f7:6b:ab:23:19:a9:81:
         f2:01:43:27:4f:0b:c5:58:4a:1f:3a:48:0f:2a:66:d5:98:a6:
         a2:12:ec:9c:a4:1b:2a:75:98:c1:e2:e4:1d:a1:94:c2:07:bc:
         0f:c3:ca:12:9f:b9:88:26:eb:95:f8:12:12:70:17:ed:41:da:
         3f:a9:ea:20
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ1eDkQAeWpKf5DLZmk8vgbDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjYwNDA1MTQzMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWM5NTc1NmIzYTA2OGExMDYzMTVjNjhjNDM1ZTU0ZTliNTkwZTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1JOEx0xQUzp/JMO6R7/6a02DMuUd
RH+z+cP8kx/+utdSK8xuuhMiLiFuMzPhIhx/aqj+UZ5Cth7MSbuJ98jetlH4l0pC
7H/gqzsrwV1AJ0ucFMXI6O8NV6MhkROYsG4j9GMlaasGTrFFZvuJHQJlAfBFujR7
pBduzoRFJXUD0hazSxPGI99tHz4Ud6OLbRcKluen3weH6eujV5lY18dRLUh4Vd5a
EfTcpWsRzIkknRuaPzZHCcbkG4J34wylTwq4cptiel1OD4eLQfTk64dnvFG5RKGP
fZCUrzwlmnyXhDQq/+GGJ3h594i2t1ydtwJOvk/vYQfGxCEoYnHLoB9NuwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIXJV1azoGihBjFcaMQ15U6bWQ6aMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvaGNsWFZyT2dhS0VHTVZ4b3hEWGxUcHRaRHBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgyaQI6g
MA0GCSqGSIb3DQEBCwUAA4IBAQC7veNyrWmKVY6q+AIm3xP5v1PumDbcprpVZafn
bku9STNRpwo6d/dFSBp/Sd/zwtCNMAkpGtTzNNyJeYf9PMKwgtKQy5fh9XjO972+
RBTT9PoAu859XC0RQCE5hO9mdExeekcrynpEDCyToZOPJm/kBT7a+cTncNa/tBm3
DqZIA51HtJmyPQuTe3Dvb5NojDKH8z0BinXw8arkQWJ8oplHWTI7HpIKuZTaAY4I
o4fN34xgk7DkwiJj8QE7MXQKNvdrqyMZqYHyAUMnTwvFWEofOkgPKmbVmKaiEuyc
pBsqdZjB4uQdoZTCB7wPw8oSn7mIJuuV+BIScBftQdo/qeog
-----END CERTIFICATE-----