Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/800eb6-868b-4a30-b402-4bce424723d9/1/1-nh-wIZbYRM-66D8NvIzY99bdjc.roa
File:                     1-nh-wIZbYRM-66D8NvIzY99bdjc.roa (raw, json)
Hash identifier:          jemes9VVp08HKRuLT5Tahcqefuga/fZeQJPFwphMPVk=
Subject key identifier:   FA:78:7E:C0:86:5B:61:13:3E:EB:A0:FC:36:F2:33:63:DF:5B:76:37
Certificate issuer:       /CN=b414b09beeab905ff41e6813256054b182294297
Certificate serial:       019D47C3A6A734C0D9B755E87E45EA62C7F6
Authority key identifier: B4:14:B0:9B:EE:AB:90:5F:F4:1E:68:13:25:60:54:B1:82:29:42:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tBSwm-6rkF_0HmgTJWBUsYIpQpc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/800eb6-868b-4a30-b402-4bce424723d9/1/1-nh-wIZbYRM-66D8NvIzY99bdjc.roa
Signing time:             Wed 01 Apr 2026 06:38:17 +0000
ROA not before:           Wed 01 Apr 2026 06:38:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205198
IP address blocks:        185.50.40.0/22 maxlen: 22
                          185.225.48.0/22 maxlen: 22
                          195.49.172.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/800eb6-868b-4a30-b402-4bce424723d9/1/tBSwm-6rkF_0HmgTJWBUsYIpQpc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/800eb6-868b-4a30-b402-4bce424723d9/1/tBSwm-6rkF_0HmgTJWBUsYIpQpc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tBSwm-6rkF_0HmgTJWBUsYIpQpc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:47:c3:a6:a7:34:c0:d9:b7:55:e8:7e:45:ea:62:c7:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b414b09beeab905ff41e6813256054b182294297
        Validity
            Not Before: Apr  1 06:38:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fa787ec0865b61133eeba0fc36f23363df5b7637
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:87:2b:b9:31:04:08:40:b9:7e:ab:77:27:5b:
                    12:2b:7d:81:c8:45:de:bf:bc:4b:3b:36:57:6b:46:
                    d5:ba:57:51:33:4c:5d:75:0b:d5:4d:c3:b3:74:5e:
                    e2:92:6e:04:5f:b9:6e:90:2a:e7:fe:76:78:0a:0b:
                    d0:0a:b9:a5:00:2b:1f:08:5f:0b:2f:5c:93:e1:e3:
                    d2:28:48:99:35:ff:c1:1d:fa:8b:df:bd:7e:10:5e:
                    63:b8:26:67:42:49:1c:64:af:49:9d:51:42:69:7d:
                    8e:32:80:89:b4:b2:98:72:e8:c9:05:13:0e:d8:09:
                    29:50:80:53:f1:c9:4c:e4:0e:e6:3e:bc:2c:ec:a3:
                    80:44:3e:d5:a7:9f:a3:4d:34:14:d8:45:df:f6:2b:
                    23:2c:0f:b2:e5:3c:7a:3c:ea:94:e6:21:8f:ab:54:
                    09:60:ab:e5:bd:fb:c1:5c:bc:06:14:4e:ed:a1:45:
                    7d:51:d5:4c:9a:3d:12:42:50:1d:4f:c6:a6:86:0d:
                    87:49:11:67:ed:22:6d:2a:b5:d2:77:9b:ac:e7:77:
                    61:d8:0e:db:8c:e5:51:d7:84:f0:ca:bd:c1:05:ec:
                    5b:a4:36:e4:07:06:5c:e9:d7:44:c6:44:3e:78:98:
                    f5:bf:87:78:80:e3:1b:63:a7:ba:9c:24:ab:d0:b2:
                    0f:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:78:7E:C0:86:5B:61:13:3E:EB:A0:FC:36:F2:33:63:DF:5B:76:37
            X509v3 Authority Key Identifier:
                keyid:B4:14:B0:9B:EE:AB:90:5F:F4:1E:68:13:25:60:54:B1:82:29:42:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tBSwm-6rkF_0HmgTJWBUsYIpQpc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/800eb6-868b-4a30-b402-4bce424723d9/1/1-nh-wIZbYRM-66D8NvIzY99bdjc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/800eb6-868b-4a30-b402-4bce424723d9/1/tBSwm-6rkF_0HmgTJWBUsYIpQpc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.50.40.0/22
                  185.225.48.0/22
                  195.49.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         16:89:0d:38:87:a9:7c:9a:6e:61:e6:a0:87:61:a3:8d:24:85:
         0d:15:d1:28:3a:3e:3c:dd:ff:62:72:ef:33:4b:63:bf:54:2a:
         c4:4c:9d:27:c3:b2:d1:9b:d0:c3:d9:5b:8b:65:90:0e:dd:7e:
         cc:e8:14:86:32:17:a2:52:37:0a:be:f1:67:7c:fa:6d:26:88:
         35:04:94:6c:70:d9:58:8d:30:ba:03:3b:d3:c1:8a:3d:fa:a5:
         18:56:3d:e0:7e:8c:4e:af:d5:2a:17:74:52:d5:22:6f:d3:e4:
         6e:2c:10:f9:24:95:01:0f:98:ba:74:98:78:8d:97:b1:e9:37:
         71:0c:4e:cd:50:00:8c:78:76:75:86:82:7b:78:c7:c1:e2:fb:
         00:c9:7d:a3:16:3a:bb:4b:44:9a:ed:9e:a2:2c:db:1d:78:2e:
         70:9e:d8:ac:53:0d:eb:3e:7c:74:ee:af:12:fc:22:54:dd:1b:
         a8:f6:cb:94:5c:1a:bb:8b:2b:49:ee:15:b9:8b:bb:f9:05:99:
         58:0e:c3:d9:17:2a:bd:9a:4c:eb:aa:56:4f:96:12:b3:e4:39:
         f7:57:49:31:39:17:5f:80:d7:2a:9f:bd:0f:c5:b3:b8:2d:29:
         25:1e:c1:16:6b:73:0a:62:d9:04:fe:52:8d:d4:d1:d0:f8:6a:
         9f:53:c3:05
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAZ1Hw6anNMDZt1XofkXqYsf2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MTRiMDliZWVhYjkwNWZmNDFlNjgxMzI1NjA1NGIxODIy
OTQyOTcwHhcNMjYwNDAxMDYzODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTc4N2VjMDg2NWI2MTEzM2VlYmEwZmMzNmYyMzM2M2RmNWI3NjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYcruTEECEC5fqt3J1sSK32ByEXe
v7xLOzZXa0bVuldRM0xddQvVTcOzdF7ikm4EX7lukCrn/nZ4CgvQCrmlACsfCF8L
L1yT4ePSKEiZNf/BHfqL371+EF5juCZnQkkcZK9JnVFCaX2OMoCJtLKYcujJBRMO
2AkpUIBT8clM5A7mPrws7KOARD7Vp5+jTTQU2EXf9isjLA+y5Tx6POqU5iGPq1QJ
YKvlvfvBXLwGFE7toUV9UdVMmj0SQlAdT8amhg2HSRFn7SJtKrXSd5us53dh2A7b
jOVR14Twyr3BBexbpDbkBwZc6ddExkQ+eJj1v4d4gOMbY6e6nCSr0LIPXwIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFPp4fsCGW2ETPuug/DbyM2PfW3Y3MB8GA1UdIwQY
MBaAFLQUsJvuq5Bf9B5oEyVgVLGCKUKXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEJTd20tNnJrRl8wSG1nVEpXQlVzWUlwUXBjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84MDBlYjYtODY4Yi00YTMwLWI0MDIt
NGJjZTQyNDcyM2Q5LzEvMS1uaC13SVpiWVJNLTY2RDhOdkl6WTk5YmRqYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMmEvODAwZWI2LTg2OGItNGEzMC1iNDAyLTRiY2U0MjQ3MjNk
OS8xL3RCU3dtLTZya0ZfMEhtZ1RKV0JVc1lJcFFwYy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEArkyKAME
ArnhMAMEAsMxrDANBgkqhkiG9w0BAQsFAAOCAQEAFokNOIepfJpuYeagh2GjjSSF
DRXRKDo+PN3/YnLvM0tjv1QqxEydJ8Oy0ZvQw9lbi2WQDt1+zOgUhjIXolI3Cr7x
Z3z6bSaINQSUbHDZWI0wugM708GKPfqlGFY94H6MTq/VKhd0UtUib9PkbiwQ+SSV
AQ+YunSYeI2Xsek3cQxOzVAAjHh2dYaCe3jHweL7AMl9oxY6u0tEmu2eoizbHXgu
cJ7YrFMN6z58dO6vEvwiVN0bqPbLlFwau4srSe4VuYu7+QWZWA7D2RcqvZpM66pW
T5YSs+Q591dJMTkXX4DXKp+9D8WzuC0pJR7BFmtzCmLZBP5SjdTR0Phqn1PDBQ==
-----END CERTIFICATE-----