Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/hlHzGu-1coPDlRlRPnV2VtD8GfI.roa
File:                     hlHzGu-1coPDlRlRPnV2VtD8GfI.roa (raw, json)
Hash identifier:          UIuG64LjDokgzoMkxSgD3VjnoVC0PWXdDwhD4ieU5Sg=
Subject key identifier:   86:51:F3:1A:EF:B5:72:83:C3:95:19:51:3E:75:76:56:D0:FC:19:F2
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019CA8861CFF2382188C22D9FE96DF659569
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/hlHzGu-1coPDlRlRPnV2VtD8GfI.roa
Signing time:             Sun 01 Mar 2026 08:31:27 +0000
ROA not before:           Sun 01 Mar 2026 08:31:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34854
IP address blocks:        2a0c:b642:fc0::/43 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:a8:86:1c:ff:23:82:18:8c:22:d9:fe:96:df:65:95:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Mar  1 08:31:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8651f31aefb57283c39519513e757656d0fc19f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:18:a1:4f:df:5e:db:8d:ff:b1:ca:27:ed:15:
                    b5:a8:80:57:ee:8e:74:91:7b:4a:77:1c:4f:0f:37:
                    43:cd:a4:33:b6:ed:a9:d4:a0:6c:99:a5:a5:6e:2c:
                    ad:4c:20:ae:74:04:1c:13:a6:21:01:fa:cb:08:f2:
                    08:0e:6c:a1:f1:1e:69:0b:40:e4:de:b7:38:51:a6:
                    a5:31:68:05:89:39:83:25:54:21:29:e0:cd:ab:61:
                    68:fc:78:c6:e1:af:d8:e3:20:6c:b8:3f:f7:d6:67:
                    84:c9:32:2d:a0:2b:6e:84:82:e0:2f:17:07:f2:34:
                    e9:31:95:87:2f:b7:42:d4:d6:64:03:11:c4:dd:56:
                    1f:30:5e:46:36:d8:15:d5:92:12:df:e2:36:0e:20:
                    ce:4a:59:fd:2b:f5:d4:f4:61:73:36:f4:e5:28:bb:
                    e0:a2:d4:81:a8:30:3c:d5:d5:c6:92:54:49:63:19:
                    98:0f:6d:d7:19:39:0f:8a:14:5b:b2:1d:29:2f:15:
                    7d:1b:87:af:34:1b:69:45:bc:18:f3:19:a8:7b:b1:
                    d3:8f:30:70:6f:ac:10:4a:2e:d0:c3:d5:6b:4a:fc:
                    3f:55:ef:2a:fd:1a:c7:88:1b:4d:8e:b0:db:d3:e0:
                    63:34:d5:99:02:e5:31:41:b3:ab:ea:6b:aa:d2:98:
                    8e:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:51:F3:1A:EF:B5:72:83:C3:95:19:51:3E:75:76:56:D0:FC:19:F2
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/hlHzGu-1coPDlRlRPnV2VtD8GfI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b642:fc0::/43

    Signature Algorithm: sha256WithRSAEncryption
         61:35:24:a2:06:1c:29:97:ba:5e:1c:ad:4d:e4:99:75:08:2b:
         de:8d:e9:5d:ab:bc:6c:66:45:9e:b6:b7:88:0c:18:84:6b:6c:
         bc:4a:7b:aa:11:ea:c6:27:a2:23:1d:e3:21:a3:0a:09:b1:3a:
         a4:3e:5a:16:a5:00:98:f4:2b:67:d0:82:c4:54:7a:c6:34:20:
         8b:68:bd:ad:bd:35:eb:b5:00:6a:39:79:10:5f:f5:8f:09:50:
         43:ea:de:20:80:fe:27:ed:3f:e5:ee:1d:0e:ff:f4:54:73:f6:
         dd:be:24:9d:ff:fc:a7:5e:b1:79:5e:ac:1b:70:a1:85:f3:97:
         00:a3:e7:33:c7:0f:e2:ac:2a:78:87:d1:a5:ba:cd:44:2b:4b:
         1c:05:ac:b4:a9:1b:02:20:25:56:4e:cc:18:f5:56:47:26:44:
         c7:0e:1a:25:32:c9:f4:c9:1c:a4:01:03:ef:bf:47:49:8a:5e:
         46:de:b4:31:ec:02:06:5d:52:eb:8d:67:f0:15:fa:b2:65:53:
         c2:bf:15:a0:0a:5e:18:29:3a:2c:c5:f5:a2:57:9f:f4:8e:db:
         78:fa:fe:21:c9:15:0d:d7:63:d2:90:eb:cf:2a:61:8c:00:ad:
         59:f3:74:ad:d7:60:d1:56:79:90:1e:d7:87:29:ac:aa:2c:86:
         e5:19:fc:d6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZyohhz/I4IYjCLZ/pbfZZVpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwMzAxMDgzMTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjUxZjMxYWVmYjU3MjgzYzM5NTE5NTEzZTc1NzY1NmQwZmMxOWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzBihT99e243/scon7RW1qIBX7o50
kXtKdxxPDzdDzaQztu2p1KBsmaWlbiytTCCudAQcE6YhAfrLCPIIDmyh8R5pC0Dk
3rc4UaalMWgFiTmDJVQhKeDNq2Fo/HjG4a/Y4yBsuD/31meEyTItoCtuhILgLxcH
8jTpMZWHL7dC1NZkAxHE3VYfMF5GNtgV1ZIS3+I2DiDOSln9K/XU9GFzNvTlKLvg
otSBqDA81dXGklRJYxmYD23XGTkPihRbsh0pLxV9G4evNBtpRbwY8xmoe7HTjzBw
b6wQSi7Qw9VrSvw/Ve8q/RrHiBtNjrDb0+BjNNWZAuUxQbOr6muq0piOxQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIZR8xrvtXKDw5UZUT51dlbQ/BnyMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvaGxIekd1LTFjb1BEbFJsUlBuVjJWdEQ4R2ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcFKgy2Qg/A
MA0GCSqGSIb3DQEBCwUAA4IBAQBhNSSiBhwpl7peHK1N5Jl1CCvejeldq7xsZkWe
treIDBiEa2y8SnuqEerGJ6IjHeMhowoJsTqkPloWpQCY9Ctn0ILEVHrGNCCLaL2t
vTXrtQBqOXkQX/WPCVBD6t4ggP4n7T/l7h0O//RUc/bdviSd//ynXrF5XqwbcKGF
85cAo+czxw/irCp4h9Glus1EK0scBay0qRsCICVWTswY9VZHJkTHDholMsn0yRyk
AQPvv0dJil5G3rQx7AIGXVLrjWfwFfqyZVPCvxWgCl4YKTosxfWiV5/0jtt4+v4h
yRUN12PSkOvPKmGMAK1Z83St12DRVnmQHteHKayqLIblGfzW
-----END CERTIFICATE-----