Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/HIBZUp_Pj3rFWjGjHNADnWcf-q8.roa
File:                     HIBZUp_Pj3rFWjGjHNADnWcf-q8.roa (raw, json)
Hash identifier:          LRNtd78tsNSKDjEm3gr6oo5edVKgxKnQGfmU2RjZZ30=
Subject key identifier:   1C:80:59:52:9F:CF:8F:7A:C5:5A:31:A3:1C:D0:03:9D:67:1F:FA:AF
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       0196E8BEA59F10C0DC709A167207578015C5
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/HIBZUp_Pj3rFWjGjHNADnWcf-q8.roa
Signing time:             Mon 19 May 2025 13:32:10 +0000
ROA not before:           Mon 19 May 2025 13:32:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208487
IP address blocks:        2a0e:8f02:f075::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 06:40:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e8:be:a5:9f:10:c0:dc:70:9a:16:72:07:57:80:15:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: May 19 13:32:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c8059529fcf8f7ac55a31a31cd0039d671ffaaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:16:2d:8f:1d:df:7e:05:76:7a:fb:b3:37:6b:
                    5d:b9:8c:d1:43:4e:a5:cc:5a:ac:da:a8:23:0d:b3:
                    a1:1f:25:28:74:05:3d:14:ab:68:a5:57:23:08:7f:
                    2a:60:96:a3:b5:6f:22:a2:6e:09:1b:d6:9c:61:2e:
                    15:f0:95:8c:5a:93:75:f0:5c:ee:b1:42:ac:e4:a9:
                    46:e7:2b:7d:10:a2:35:8f:72:cd:e5:92:5f:d4:cd:
                    66:23:a5:b1:5e:b8:ff:6a:56:e9:0c:d8:b4:88:8e:
                    e7:ba:bd:b5:81:91:d2:33:2c:38:ed:50:ee:28:c7:
                    bb:cb:87:e7:7c:0c:f0:40:c3:bd:f3:bb:fc:99:68:
                    7a:f2:1f:95:42:3b:28:a3:aa:a6:c4:55:f5:0a:c8:
                    29:cd:0a:5b:ff:81:bd:92:aa:fb:6d:54:da:0e:07:
                    af:a0:9e:e6:e4:df:b8:d3:24:65:ff:8c:31:67:61:
                    cf:cd:bb:46:bd:40:66:a1:4f:ac:57:48:fd:58:c0:
                    55:5c:be:10:ef:e1:88:b6:98:d2:38:a9:25:13:33:
                    76:5e:5e:a3:85:f1:f2:c1:94:22:4a:15:af:86:93:
                    39:01:a7:0e:cb:66:b9:c1:99:9f:f9:25:af:4f:f9:
                    32:db:05:0c:5e:c2:7b:54:7d:f1:0c:79:e4:69:31:
                    63:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:80:59:52:9F:CF:8F:7A:C5:5A:31:A3:1C:D0:03:9D:67:1F:FA:AF
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/HIBZUp_Pj3rFWjGjHNADnWcf-q8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f075::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:21:c0:14:c3:66:f4:bc:85:b9:dd:02:e1:b0:6d:31:d9:97:
         9b:0b:bc:f6:cb:ab:de:6d:fe:7a:57:ea:25:53:ec:ae:e4:18:
         a8:ea:b0:d4:dd:30:c0:0d:c9:98:49:43:89:ef:e5:71:26:34:
         4c:ad:5a:ea:71:62:0c:59:45:c5:05:a8:6e:35:50:cf:b8:60:
         77:3a:2e:80:a4:ff:9d:c9:c5:0d:0e:0c:04:68:e5:ee:a4:16:
         92:84:41:45:ce:7f:e7:46:39:cd:79:37:95:16:f2:15:db:59:
         8d:ea:6a:06:b2:73:15:64:ce:0e:d0:e2:de:81:b9:f4:00:1e:
         83:db:23:78:a4:40:59:a6:d1:f7:b1:30:99:6e:e6:49:cf:87:
         01:8b:c9:6c:4c:3f:41:54:5a:15:a7:10:9e:49:cd:91:34:ef:
         52:91:72:bf:1d:f2:27:ef:c4:d4:fc:8f:47:ed:80:5b:6a:c5:
         b4:60:9a:0c:43:1d:0a:c1:70:b1:8d:58:ca:c8:a6:2e:4a:45:
         88:9a:7d:00:a5:64:9f:00:af:da:0d:8c:b6:de:71:13:f4:41:
         d0:fc:54:ff:f0:5c:96:5e:e8:57:6f:48:25:a8:e0:fe:ea:cb:
         fe:2d:66:10:12:21:3f:03:34:0f:76:40:9f:cf:f8:7c:f5:11:
         95:71:60:2e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZbovqWfEMDccJoWcgdXgBXFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjUwNTE5MTMzMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzgwNTk1MjlmY2Y4ZjdhYzU1YTMxYTMxY2QwMDM5ZDY3MWZmYWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxYtjx3ffgV2evuzN2tduYzRQ06l
zFqs2qgjDbOhHyUodAU9FKtopVcjCH8qYJajtW8iom4JG9acYS4V8JWMWpN18Fzu
sUKs5KlG5yt9EKI1j3LN5ZJf1M1mI6WxXrj/albpDNi0iI7nur21gZHSMyw47VDu
KMe7y4fnfAzwQMO987v8mWh68h+VQjsoo6qmxFX1CsgpzQpb/4G9kqr7bVTaDgev
oJ7m5N+40yRl/4wxZ2HPzbtGvUBmoU+sV0j9WMBVXL4Q7+GItpjSOKklEzN2Xl6j
hfHywZQiShWvhpM5AacOy2a5wZmf+SWvT/ky2wUMXsJ7VH3xDHnkaTFjKQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFByAWVKfz496xVoxoxzQA51nH/qvMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvSElCWlVwX1BqM3JGV2pHakhOQURuV2NmLXE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvB1
MA0GCSqGSIb3DQEBCwUAA4IBAQBHIcAUw2b0vIW53QLhsG0x2ZebC7z2y6vebf56
V+olU+yu5Bio6rDU3TDADcmYSUOJ7+VxJjRMrVrqcWIMWUXFBahuNVDPuGB3Oi6A
pP+dycUNDgwEaOXupBaShEFFzn/nRjnNeTeVFvIV21mN6moGsnMVZM4O0OLegbn0
AB6D2yN4pEBZptH3sTCZbuZJz4cBi8lsTD9BVFoVpxCeSc2RNO9SkXK/HfIn78TU
/I9H7YBbasW0YJoMQx0KwXCxjVjKyKYuSkWImn0ApWSfAK/aDYy23nET9EHQ/FT/
8FyWXuhXb0glqOD+6sv+LWYQEiE/AzQPdkCfz/h89RGVcWAu
-----END CERTIFICATE-----