Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/1491f9-dc76-4777-b5be-83f9a8d1d4d6/1/hHJ87o4bLWZr5Obd9ma4VbvzSD0.roa
File:                     hHJ87o4bLWZr5Obd9ma4VbvzSD0.roa (raw, json)
Hash identifier:          HHYqHL1PR6NZvqmrvZRC/xJgU4FJLjO/lta48BDUKJI=
Subject key identifier:   84:72:7C:EE:8E:1B:2D:66:6B:E4:E6:DD:F6:66:B8:55:BB:F3:48:3D
Certificate issuer:       /CN=9e6d1dc6caa41d3beffe8d1da2671a50e7f79a30
Certificate serial:       019E73E104C2C83170A8696FF330CE6FC4DC
Authority key identifier: 9E:6D:1D:C6:CA:A4:1D:3B:EF:FE:8D:1D:A2:67:1A:50:E7:F7:9A:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nm0dxsqkHTvv_o0domcaUOf3mjA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/1491f9-dc76-4777-b5be-83f9a8d1d4d6/1/hHJ87o4bLWZr5Obd9ma4VbvzSD0.roa
Signing time:             Fri 29 May 2026 13:16:27 +0000
ROA not before:           Fri 29 May 2026 13:16:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197148
IP address blocks:        2a0c:6500:5::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/1491f9-dc76-4777-b5be-83f9a8d1d4d6/1/nm0dxsqkHTvv_o0domcaUOf3mjA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/1491f9-dc76-4777-b5be-83f9a8d1d4d6/1/nm0dxsqkHTvv_o0domcaUOf3mjA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nm0dxsqkHTvv_o0domcaUOf3mjA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 04:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:73:e1:04:c2:c8:31:70:a8:69:6f:f3:30:ce:6f:c4:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e6d1dc6caa41d3beffe8d1da2671a50e7f79a30
        Validity
            Not Before: May 29 13:16:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=84727cee8e1b2d666be4e6ddf666b855bbf3483d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:14:56:83:61:09:d6:31:8c:9b:db:68:ad:2c:
                    7f:3e:19:b8:55:51:75:c3:72:bb:30:d3:d7:f3:4a:
                    b6:8b:e9:32:40:8c:df:b6:b5:d3:a1:dd:82:d3:90:
                    92:13:0b:c6:07:4a:51:3f:ab:1c:aa:8b:ea:0b:4e:
                    d5:38:48:af:d7:6b:4e:bf:03:1a:60:05:28:a3:f8:
                    b4:a7:15:7e:d3:c0:12:70:79:2e:47:0b:ee:53:d9:
                    00:ad:36:38:43:17:8b:a2:14:58:4b:fd:e1:b0:4c:
                    ac:99:1f:3b:36:28:e7:4f:4b:a7:21:b3:82:4a:93:
                    19:87:fd:58:5c:7f:c6:2d:27:15:6f:51:38:2f:fe:
                    11:06:06:6c:f9:91:04:88:34:67:27:eb:47:d0:2b:
                    66:da:7a:6c:ee:d3:72:4d:76:63:07:c3:d1:3a:67:
                    11:4c:2f:4f:d8:6c:41:ff:f4:fc:e7:7f:bd:14:76:
                    8b:b4:4c:56:58:91:0b:33:4c:d3:e4:49:1c:80:6b:
                    87:ee:56:a9:11:b3:16:b5:66:0f:8f:bf:e6:e7:4e:
                    a5:c8:37:e9:de:e8:32:58:cd:42:13:56:30:81:5e:
                    10:84:ef:dc:58:18:9b:38:af:53:4d:1c:b8:97:d7:
                    4f:56:47:17:fa:25:97:55:a0:c4:42:95:6e:ec:d8:
                    73:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:72:7C:EE:8E:1B:2D:66:6B:E4:E6:DD:F6:66:B8:55:BB:F3:48:3D
            X509v3 Authority Key Identifier:
                keyid:9E:6D:1D:C6:CA:A4:1D:3B:EF:FE:8D:1D:A2:67:1A:50:E7:F7:9A:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nm0dxsqkHTvv_o0domcaUOf3mjA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/1491f9-dc76-4777-b5be-83f9a8d1d4d6/1/hHJ87o4bLWZr5Obd9ma4VbvzSD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/1491f9-dc76-4777-b5be-83f9a8d1d4d6/1/nm0dxsqkHTvv_o0domcaUOf3mjA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:6500:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         6e:68:e3:6b:19:68:7a:d2:5a:79:53:8a:54:2c:b3:e2:9e:cd:
         44:d7:3f:dc:20:a3:3c:58:e4:8e:16:b9:3b:82:f9:d3:e8:be:
         c4:df:54:03:d8:95:a6:6b:0a:a1:90:51:ef:0b:a2:56:1b:41:
         f3:32:c8:54:1a:85:df:64:0e:20:f3:bf:87:fe:06:c3:04:d3:
         61:8c:c6:ee:e9:14:93:da:42:41:c1:f2:db:98:6f:84:9a:ac:
         85:27:4a:02:91:d2:ca:8b:ce:d6:0b:db:ac:86:a6:23:19:91:
         1d:5f:82:af:d2:e2:1d:cb:ed:3b:62:b3:e1:75:12:82:2c:e5:
         ec:9d:f4:de:9a:d2:58:53:89:b2:81:4f:66:f6:95:cd:9e:9a:
         8e:61:0c:4b:51:c0:04:87:60:3c:84:9d:da:f4:5e:40:79:72:
         2e:55:cd:d7:66:c0:d0:6b:3c:8a:40:5e:50:a6:9a:d4:92:10:
         5d:ec:b8:18:59:46:b0:1b:d0:fc:fe:eb:a0:51:a9:c2:a4:96:
         26:22:d2:79:8c:97:43:e9:f8:92:76:0f:14:0c:70:8d:63:a8:
         4e:2d:27:d2:58:8d:e3:a3:fa:8a:52:83:c5:c9:44:a8:9e:10:
         8c:fe:f1:f4:0e:60:2f:ab:9e:5d:99:1a:84:62:90:65:61:b3:
         d0:7a:be:a4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ5z4QTCyDFwqGlv8zDOb8TcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNmQxZGM2Y2FhNDFkM2JlZmZlOGQxZGEyNjcxYTUwZTdm
NzlhMzAwHhcNMjYwNTI5MTMxNjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDcyN2NlZThlMWIyZDY2NmJlNGU2ZGRmNjY2Yjg1NWJiZjM0ODNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRRWg2EJ1jGMm9torSx/Phm4VVF1
w3K7MNPX80q2i+kyQIzftrXTod2C05CSEwvGB0pRP6scqovqC07VOEiv12tOvwMa
YAUoo/i0pxV+08AScHkuRwvuU9kArTY4QxeLohRYS/3hsEysmR87NijnT0unIbOC
SpMZh/1YXH/GLScVb1E4L/4RBgZs+ZEEiDRnJ+tH0Ctm2nps7tNyTXZjB8PROmcR
TC9P2GxB//T853+9FHaLtExWWJELM0zT5EkcgGuH7lapEbMWtWYPj7/m506lyDfp
3ugyWM1CE1YwgV4QhO/cWBibOK9TTRy4l9dPVkcX+iWXVaDEQpVu7NhzJQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIRyfO6OGy1ma+Tm3fZmuFW780g9MB8GA1UdIwQY
MBaAFJ5tHcbKpB077/6NHaJnGlDn95owMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbm0wZHhzcWtIVHZ2X28wZG9tY2FVT2YzbWpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC8xNDkxZjktZGM3Ni00Nzc3LWI1YmUt
ODNmOWE4ZDFkNGQ2LzEvaEhKODdvNGJMV1pyNU9iZDltYTRWYnZ6U0QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC8xNDkxZjktZGM3Ni00Nzc3LWI1YmUtODNmOWE4ZDFkNGQ2
LzEvbm0wZHhzcWtIVHZ2X28wZG9tY2FVT2YzbWpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgxlAAAF
MA0GCSqGSIb3DQEBCwUAA4IBAQBuaONrGWh60lp5U4pULLPins1E1z/cIKM8WOSO
Frk7gvnT6L7E31QD2JWmawqhkFHvC6JWG0HzMshUGoXfZA4g87+H/gbDBNNhjMbu
6RST2kJBwfLbmG+EmqyFJ0oCkdLKi87WC9ushqYjGZEdX4Kv0uIdy+07YrPhdRKC
LOXsnfTemtJYU4mygU9m9pXNnpqOYQxLUcAEh2A8hJ3a9F5AeXIuVc3XZsDQazyK
QF5QpprUkhBd7LgYWUawG9D8/uugUanCpJYmItJ5jJdD6fiSdg8UDHCNY6hOLSfS
WI3jo/qKUoPFyUSonhCM/vH0DmAvq55dmRqEYpBlYbPQer6k
-----END CERTIFICATE-----