Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/cffff8-3530-4e5b-a5e2-c77905fbba7b/1/hLiW33dYFtk93njm1Q1HKa7zbas.roa
File:                     hLiW33dYFtk93njm1Q1HKa7zbas.roa (raw, json)
Hash identifier:          tK/30Ejl4gGabl5/3tryRax+Y14BBBbKwIaeKOFx3Oo=
Subject key identifier:   84:B8:96:DF:77:58:16:D9:3D:DE:78:E6:D5:0D:47:29:AE:F3:6D:AB
Certificate issuer:       /CN=45bbd2193642530a017f4f1cbe562e2170b3dfbd
Certificate serial:       019EB53FB485C9621455AE2AAA9C8423264D
Authority key identifier: 45:BB:D2:19:36:42:53:0A:01:7F:4F:1C:BE:56:2E:21:70:B3:DF:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RbvSGTZCUwoBf08cvlYuIXCz370.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/cffff8-3530-4e5b-a5e2-c77905fbba7b/1/hLiW33dYFtk93njm1Q1HKa7zbas.roa
Signing time:             Thu 11 Jun 2026 05:55:11 +0000
ROA not before:           Thu 11 Jun 2026 05:55:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206092
IP address blocks:        193.56.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/cffff8-3530-4e5b-a5e2-c77905fbba7b/1/RbvSGTZCUwoBf08cvlYuIXCz370.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/cffff8-3530-4e5b-a5e2-c77905fbba7b/1/RbvSGTZCUwoBf08cvlYuIXCz370.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RbvSGTZCUwoBf08cvlYuIXCz370.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b5:3f:b4:85:c9:62:14:55:ae:2a:aa:9c:84:23:26:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45bbd2193642530a017f4f1cbe562e2170b3dfbd
        Validity
            Not Before: Jun 11 05:55:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=84b896df775816d93dde78e6d50d4729aef36dab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:c5:1c:40:80:c7:5a:43:32:72:9e:e9:30:fa:
                    14:1c:67:92:2c:7c:bf:2e:54:40:ab:5c:f5:be:b6:
                    b5:1b:78:4d:80:3c:19:38:ae:e5:29:33:a2:f2:5d:
                    15:e1:de:dd:37:bd:3a:b7:02:85:ec:5f:4e:f8:47:
                    02:7f:78:9f:26:08:48:c0:cf:18:69:08:a3:a3:5b:
                    80:99:98:ab:93:8f:0b:37:2a:69:a0:21:2f:75:f0:
                    4b:9f:6a:41:d0:b9:e6:a0:56:63:d5:11:bc:56:c6:
                    b7:a7:71:84:42:1e:2d:e1:67:1d:f0:e6:60:90:4b:
                    04:e3:01:2c:53:d8:e3:6f:dd:90:5a:37:03:45:6c:
                    d7:42:d7:2a:5f:ab:7b:20:9f:4c:14:24:b3:97:79:
                    25:7b:3e:57:45:6e:89:af:82:c8:2d:c3:e0:1c:f4:
                    f6:43:22:71:41:b7:73:bf:b6:63:0a:87:b2:5a:ed:
                    55:30:2e:97:d1:f6:e3:41:51:53:ae:2f:15:4b:2e:
                    a9:7f:b0:c8:9d:bc:fd:d4:82:e7:54:4e:98:bf:10:
                    fd:dd:49:7a:38:22:30:29:35:24:e7:f7:39:40:98:
                    e6:61:6b:0e:b0:f4:61:c7:4c:e6:9e:9c:c4:24:7e:
                    0d:d3:26:4b:51:5c:d7:4d:3c:4c:bd:86:37:d1:58:
                    39:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:B8:96:DF:77:58:16:D9:3D:DE:78:E6:D5:0D:47:29:AE:F3:6D:AB
            X509v3 Authority Key Identifier:
                keyid:45:BB:D2:19:36:42:53:0A:01:7F:4F:1C:BE:56:2E:21:70:B3:DF:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RbvSGTZCUwoBf08cvlYuIXCz370.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/cffff8-3530-4e5b-a5e2-c77905fbba7b/1/hLiW33dYFtk93njm1Q1HKa7zbas.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/cffff8-3530-4e5b-a5e2-c77905fbba7b/1/RbvSGTZCUwoBf08cvlYuIXCz370.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:d6:0e:02:78:b4:06:96:34:21:2e:3e:90:92:dd:bc:de:1e:
         c7:6d:70:8c:46:81:43:0c:7d:58:e7:a7:bf:8e:3a:e5:c9:67:
         24:01:4a:98:da:ec:ee:10:c7:cb:a0:94:70:a2:ec:34:76:a3:
         d4:35:36:33:1f:d5:11:71:ae:4e:e1:b1:91:30:c5:39:0b:13:
         d2:11:80:a7:5f:00:a4:7c:35:51:8c:9c:22:23:ca:f6:3d:bc:
         17:49:72:8e:67:d2:3d:d3:63:f3:8b:da:22:42:59:60:d3:a5:
         52:db:fc:1a:b7:21:5d:8e:dc:91:fa:c3:ba:bd:fa:24:57:d9:
         e1:15:34:29:8e:90:57:ab:4b:89:32:da:47:c1:11:07:75:4e:
         01:fe:fa:ce:1d:30:63:e2:49:e8:a8:29:0d:80:fb:ec:07:56:
         13:13:8f:28:88:93:f5:06:c7:f9:0b:36:52:7e:74:4e:02:25:
         28:d6:d8:d4:8b:d2:ce:2d:96:39:12:6a:d3:75:7d:52:c1:c3:
         44:66:b2:eb:dc:a4:b0:31:c1:e6:88:e6:1a:7e:6f:bb:f7:89:
         6c:51:87:04:a2:f3:03:39:a7:12:c0:0c:0e:f7:37:11:bf:6a:
         94:d3:95:d4:73:4f:e4:24:42:b3:ef:91:65:90:19:ae:86:a4:
         a6:44:eb:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ61P7SFyWIUVa4qqpyEIyZNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1YmJkMjE5MzY0MjUzMGEwMTdmNGYxY2JlNTYyZTIxNzBi
M2RmYmQwHhcNMjYwNjExMDU1NTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGI4OTZkZjc3NTgxNmQ5M2RkZTc4ZTZkNTBkNDcyOWFlZjM2ZGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7cUcQIDHWkMycp7pMPoUHGeSLHy/
LlRAq1z1vra1G3hNgDwZOK7lKTOi8l0V4d7dN706twKF7F9O+EcCf3ifJghIwM8Y
aQijo1uAmZirk48LNyppoCEvdfBLn2pB0LnmoFZj1RG8Vsa3p3GEQh4t4Wcd8OZg
kEsE4wEsU9jjb92QWjcDRWzXQtcqX6t7IJ9MFCSzl3klez5XRW6Jr4LILcPgHPT2
QyJxQbdzv7ZjCoeyWu1VMC6X0fbjQVFTri8VSy6pf7DInbz91ILnVE6YvxD93Ul6
OCIwKTUk5/c5QJjmYWsOsPRhx0zmnpzEJH4N0yZLUVzXTTxMvYY30Vg51QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIS4lt93WBbZPd545tUNRymu822rMB8GA1UdIwQY
MBaAFEW70hk2QlMKAX9PHL5WLiFws9+9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmJ2U0dUWkNVd29CZjA4Y3ZsWXVJWEN6MzcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9jZmZmZjgtMzUzMC00ZTViLWE1ZTIt
Yzc3OTA1ZmJiYTdiLzEvaExpVzMzZFlGdGs5M25qbTFRMUhLYTd6YmFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9jZmZmZjgtMzUzMC00ZTViLWE1ZTItYzc3OTA1ZmJiYTdi
LzEvUmJ2U0dUWkNVd29CZjA4Y3ZsWXVJWEN6MzcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTh1MA0G
CSqGSIb3DQEBCwUAA4IBAQBR1g4CeLQGljQhLj6Qkt283h7HbXCMRoFDDH1Y56e/
jjrlyWckAUqY2uzuEMfLoJRwouw0dqPUNTYzH9URca5O4bGRMMU5CxPSEYCnXwCk
fDVRjJwiI8r2PbwXSXKOZ9I902Pzi9oiQllg06VS2/watyFdjtyR+sO6vfokV9nh
FTQpjpBXq0uJMtpHwREHdU4B/vrOHTBj4knoqCkNgPvsB1YTE48oiJP1Bsf5CzZS
fnROAiUo1tjUi9LOLZY5EmrTdX1SwcNEZrLr3KSwMcHmiOYafm+794lsUYcEovMD
OacSwAwO9zcRv2qU05XUc0/kJEKz75FlkBmuhqSmROt4
-----END CERTIFICATE-----