Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/hghyc97Sy2diOyOgG-262iZpols.roa
File:                     hghyc97Sy2diOyOgG-262iZpols.roa (raw, json)
Hash identifier:          VL8wfcosa3T3usYRFGudjvGeLoBvlHt0J3TslPSQMSk=
Subject key identifier:   86:08:72:73:DE:D2:CB:67:62:3B:23:A0:1B:ED:BA:DA:26:69:A2:5B
Certificate issuer:       /CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
Certificate serial:       019D4A9AB5CF4C7FF9A391A2C735484B92DD
Authority key identifier: 55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/hghyc97Sy2diOyOgG-262iZpols.roa
Signing time:             Wed 01 Apr 2026 19:52:26 +0000
ROA not before:           Wed 01 Apr 2026 19:52:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200740
IP address blocks:        83.147.232.0/22 maxlen: 24
                          83.147.240.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 03:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:4a:9a:b5:cf:4c:7f:f9:a3:91:a2:c7:35:48:4b:92:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
        Validity
            Not Before: Apr  1 19:52:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=86087273ded2cb67623b23a01bedbada2669a25b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:9c:3f:b1:72:16:64:df:90:e9:28:ec:96:1d:
                    34:fc:07:ea:20:7a:4f:bb:dc:9b:3b:0e:12:78:62:
                    15:39:87:57:6c:87:9b:74:7d:44:4b:92:e4:0d:6d:
                    82:69:96:e2:f1:bf:5e:5b:d4:65:f9:e4:28:30:ba:
                    70:fa:41:dd:28:9b:06:71:91:7d:47:c4:b3:65:a4:
                    97:12:a9:d6:80:7d:d7:62:69:4e:32:93:7d:6d:a2:
                    05:9c:35:ef:11:11:88:f7:2a:37:4d:db:87:a2:9e:
                    df:60:78:d5:ba:8c:3f:3a:33:8b:15:4b:8f:6d:a8:
                    40:0a:3d:53:7b:1d:ed:f9:51:03:23:b7:e4:da:db:
                    f8:d7:50:49:25:bc:2c:d9:79:f2:c0:9d:e9:7d:e2:
                    66:28:cc:6d:f0:fa:a1:4a:6b:6b:bd:0c:63:1b:2c:
                    2b:0d:9e:bd:8d:26:45:1f:00:d4:e4:f6:94:a4:ca:
                    3f:37:1f:2d:3e:0e:b8:4b:b6:20:9a:b2:2f:6e:3b:
                    9d:18:fe:aa:65:70:48:7b:31:cf:94:c9:fd:89:dc:
                    92:c8:1b:b1:a0:09:3b:65:9b:7f:d6:99:53:eb:71:
                    7b:f3:da:a6:37:28:1e:9e:16:91:43:28:d9:e3:99:
                    e3:35:00:ec:d2:11:68:9b:07:65:6b:76:6e:5d:1e:
                    41:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:08:72:73:DE:D2:CB:67:62:3B:23:A0:1B:ED:BA:DA:26:69:A2:5B
            X509v3 Authority Key Identifier:
                keyid:55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/hghyc97Sy2diOyOgG-262iZpols.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.232.0/22
                  83.147.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         85:7c:08:1d:b5:3e:25:05:3b:b0:87:2b:51:66:7d:70:41:3a:
         af:0b:5c:2b:b8:02:1f:49:7d:64:a0:33:f8:ce:a8:ba:86:e1:
         c3:cf:73:93:59:5c:0b:af:7a:59:74:41:df:4b:c9:12:4d:96:
         54:68:4c:c3:d6:9e:c7:06:5c:01:58:d5:96:54:ff:82:57:27:
         e6:c9:90:00:1a:76:bf:d7:de:8f:68:aa:2b:60:8b:b6:cf:a4:
         5b:33:05:69:63:24:a3:d8:f3:6c:1a:26:75:29:05:bc:08:4d:
         52:85:09:40:dc:2f:89:bb:d4:60:7d:fa:c8:20:73:f3:3c:b4:
         a1:1a:7e:5e:99:9a:35:e0:6a:33:00:b3:f4:62:26:0b:04:ff:
         0f:7e:08:84:80:1a:36:6a:c1:53:0e:a4:11:f6:0c:9d:9c:82:
         27:a6:f1:74:df:7e:ab:7b:fe:b3:a8:b2:5f:c6:12:35:64:d8:
         d2:b5:06:65:76:d4:30:59:19:39:58:dd:4c:9b:34:b4:37:94:
         4c:5f:d2:6d:0d:7a:0b:93:62:a4:a6:96:8f:a0:10:97:4d:bc:
         f8:ff:e6:a3:3f:e8:23:04:cf:1c:31:1f:8d:b8:d3:1d:5d:43:
         28:4b:a2:85:bf:ab:73:49:95:fe:17:72:67:1b:c9:1f:6d:3b:
         4c:3e:f4:98
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1KmrXPTH/5o5GixzVIS5LdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YmFmMjY5Njc1MTBiM2M1MmU0NmQxZGM1OTM5NjdjZGYy
OWY5YzkwHhcNMjYwNDAxMTk1MjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjA4NzI3M2RlZDJjYjY3NjIzYjIzYTAxYmVkYmFkYTI2NjlhMjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAupw/sXIWZN+Q6Sjslh00/AfqIHpP
u9ybOw4SeGIVOYdXbIebdH1ES5LkDW2CaZbi8b9eW9Rl+eQoMLpw+kHdKJsGcZF9
R8SzZaSXEqnWgH3XYmlOMpN9baIFnDXvERGI9yo3TduHop7fYHjVuow/OjOLFUuP
bahACj1Tex3t+VEDI7fk2tv411BJJbws2XnywJ3pfeJmKMxt8PqhSmtrvQxjGywr
DZ69jSZFHwDU5PaUpMo/Nx8tPg64S7YgmrIvbjudGP6qZXBIezHPlMn9idySyBux
oAk7ZZt/1plT63F789qmNygenhaRQyjZ45njNQDs0hFomwdla3ZuXR5BYQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIYIcnPe0stnYjsjoBvtutomaaJbMB8GA1UdIwQY
MBaAFFW68mlnUQs8UuRtHcWTlnzfKfnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAt
NDlmOTgxZWU1OTgxLzEvaGdoeWM5N1N5MmRpT3lPZ0ctMjYyaVpwb2xzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAtNDlmOTgxZWU1OTgx
LzEvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCU5PoAwQB
U5PwMA0GCSqGSIb3DQEBCwUAA4IBAQCFfAgdtT4lBTuwhytRZn1wQTqvC1wruAIf
SX1koDP4zqi6huHDz3OTWVwLr3pZdEHfS8kSTZZUaEzD1p7HBlwBWNWWVP+CVyfm
yZAAGna/196PaKorYIu2z6RbMwVpYySj2PNsGiZ1KQW8CE1ShQlA3C+Ju9RgffrI
IHPzPLShGn5emZo14GozALP0YiYLBP8PfgiEgBo2asFTDqQR9gydnIInpvF0336r
e/6zqLJfxhI1ZNjStQZldtQwWRk5WN1MmzS0N5RMX9JtDXoLk2KkppaPoBCXTbz4
/+ajP+gjBM8cMR+NuNMdXUMoS6KFv6tzSZX+F3JnG8kfbTtMPvSY
-----END CERTIFICATE-----