Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/23bdd0-5bf1-4d44-b4aa-a06136b2dc72/1/HWRDZohiGFE-KL7arNIUmyOXGnE.roa
File:                     HWRDZohiGFE-KL7arNIUmyOXGnE.roa (raw, json)
Hash identifier:          jfQXsNULzuLDLljy4yMpYSp5u+k5kfSY92RZrU+SYas=
Subject key identifier:   1D:64:43:66:88:62:18:51:3E:28:BE:DA:AC:D2:14:9B:23:97:1A:71
Certificate issuer:       /CN=7aa606117bb5f7e4160ef268f9f4aa0457380441
Certificate serial:       019B7CECC27B74344AFF2BB8611936C7B944
Authority key identifier: 7A:A6:06:11:7B:B5:F7:E4:16:0E:F2:68:F9:F4:AA:04:57:38:04:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eqYGEXu19-QWDvJo-fSqBFc4BEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/23bdd0-5bf1-4d44-b4aa-a06136b2dc72/1/HWRDZohiGFE-KL7arNIUmyOXGnE.roa
Signing time:             Fri 02 Jan 2026 04:17:29 +0000
ROA not before:           Fri 02 Jan 2026 04:17:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43228
IP address blocks:        185.190.104.0/22 maxlen: 22
                          185.190.104.0/23 maxlen: 23
                          185.190.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/23bdd0-5bf1-4d44-b4aa-a06136b2dc72/1/eqYGEXu19-QWDvJo-fSqBFc4BEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/23bdd0-5bf1-4d44-b4aa-a06136b2dc72/1/eqYGEXu19-QWDvJo-fSqBFc4BEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eqYGEXu19-QWDvJo-fSqBFc4BEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ec:c2:7b:74:34:4a:ff:2b:b8:61:19:36:c7:b9:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aa606117bb5f7e4160ef268f9f4aa0457380441
        Validity
            Not Before: Jan  2 04:17:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1d644366886218513e28bedaacd2149b23971a71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:3b:df:7c:b3:58:05:77:3a:e8:15:e1:24:05:
                    0f:2f:2d:e5:1e:7d:a0:5d:9b:bf:db:ce:53:56:c0:
                    06:a4:f9:37:02:0c:78:37:93:29:07:55:44:79:ea:
                    c4:ce:39:af:e0:31:7d:2b:7a:5e:79:63:34:d0:ae:
                    f6:7c:11:10:e9:77:9f:cf:e8:20:32:f0:61:2e:ef:
                    62:66:61:0f:e4:c5:a0:67:27:9e:27:f8:72:ae:3f:
                    16:d1:5e:95:bc:93:22:f4:ab:21:33:60:1b:cc:df:
                    aa:d6:2a:0e:06:58:0f:c6:4c:85:ad:44:ed:a4:13:
                    ac:08:d9:09:22:1c:08:8e:bb:f4:4e:bf:f2:bf:cb:
                    ce:90:e6:d2:54:02:f4:b8:16:e9:2a:11:c6:a2:e0:
                    b9:9e:c3:d5:26:31:57:91:94:67:df:dd:e7:8b:a7:
                    cc:0f:2c:e2:42:18:ef:73:ed:38:56:c1:b5:8a:79:
                    21:4b:f2:67:6e:e7:a0:bf:f9:f5:bc:00:ee:67:0f:
                    0f:b2:bd:58:c3:42:c1:a3:a5:da:96:eb:c3:aa:3a:
                    6b:48:e9:bb:b6:db:24:d6:ed:f4:e2:7a:29:32:69:
                    6b:ba:c2:b9:00:f6:85:e0:36:82:96:e5:3e:4d:29:
                    91:f0:02:bb:2d:e2:25:4e:5f:bb:77:ff:a3:71:79:
                    5c:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:64:43:66:88:62:18:51:3E:28:BE:DA:AC:D2:14:9B:23:97:1A:71
            X509v3 Authority Key Identifier:
                keyid:7A:A6:06:11:7B:B5:F7:E4:16:0E:F2:68:F9:F4:AA:04:57:38:04:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eqYGEXu19-QWDvJo-fSqBFc4BEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/23bdd0-5bf1-4d44-b4aa-a06136b2dc72/1/HWRDZohiGFE-KL7arNIUmyOXGnE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/23bdd0-5bf1-4d44-b4aa-a06136b2dc72/1/eqYGEXu19-QWDvJo-fSqBFc4BEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.190.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:98:2d:50:fc:66:cc:57:6c:4b:91:4f:3c:20:7f:50:ff:8c:
         e4:33:cf:41:54:60:68:2d:92:ad:64:43:8e:76:70:c9:5a:50:
         da:cb:fb:59:dc:2a:4b:c9:7a:d6:7d:7f:4c:82:ea:04:4a:9a:
         dc:79:2a:9d:e8:2c:06:24:6d:01:c9:88:d3:13:6b:b8:c5:9d:
         65:9f:b8:1e:3e:15:fb:40:2c:87:b9:20:53:b2:e4:46:36:1f:
         54:1a:ff:39:e7:6a:91:33:87:f3:c8:37:01:ce:3a:71:5e:9d:
         56:ea:3d:1b:2a:bb:ae:52:71:b4:ed:1c:36:ae:bc:96:96:1b:
         90:9b:b4:ce:7c:49:8f:f8:db:05:9f:66:1a:0f:80:64:8d:2d:
         54:2e:07:9d:b2:21:94:87:fc:82:a1:cd:ed:04:d8:ef:9e:81:
         a4:72:5e:7d:91:dd:a1:aa:7f:9f:04:30:21:a2:54:d6:c2:41:
         53:20:af:09:8f:2d:39:7a:e2:0b:de:59:ec:e7:74:d2:86:8d:
         01:b2:8f:e7:ce:47:38:11:34:6f:d4:c1:81:f5:e8:1a:5a:db:
         2c:ce:f5:64:fe:22:7e:c2:7d:c6:0f:54:4b:f9:28:b1:54:1d:
         f2:70:05:e2:66:58:e3:e0:03:73:52:53:43:ee:8f:59:a4:92:
         66:56:49:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87MJ7dDRK/yu4YRk2x7lEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhYTYwNjExN2JiNWY3ZTQxNjBlZjI2OGY5ZjRhYTA0NTcz
ODA0NDEwHhcNMjYwMTAyMDQxNzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDY0NDM2Njg4NjIxODUxM2UyOGJlZGFhY2QyMTQ5YjIzOTcxYTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjvffLNYBXc66BXhJAUPLy3lHn2g
XZu/285TVsAGpPk3Agx4N5MpB1VEeerEzjmv4DF9K3peeWM00K72fBEQ6Xefz+gg
MvBhLu9iZmEP5MWgZyeeJ/hyrj8W0V6VvJMi9KshM2AbzN+q1ioOBlgPxkyFrUTt
pBOsCNkJIhwIjrv0Tr/yv8vOkObSVAL0uBbpKhHGouC5nsPVJjFXkZRn393ni6fM
DyziQhjvc+04VsG1inkhS/Jnbuegv/n1vADuZw8Psr1Yw0LBo6XaluvDqjprSOm7
ttsk1u304nopMmlrusK5APaF4DaCluU+TSmR8AK7LeIlTl+7d/+jcXlcuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB1kQ2aIYhhRPii+2qzSFJsjlxpxMB8GA1UdIwQY
MBaAFHqmBhF7tffkFg7yaPn0qgRXOARBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXFZR0VYdTE5LVFXRHZKby1mU3FCRmM0QkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8yM2JkZDAtNWJmMS00ZDQ0LWI0YWEt
YTA2MTM2YjJkYzcyLzEvSFdSRFpvaGlHRkUtS0w3YXJOSVVteU9YR25FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8yM2JkZDAtNWJmMS00ZDQ0LWI0YWEtYTA2MTM2YjJkYzcy
LzEvZXFZR0VYdTE5LVFXRHZKby1mU3FCRmM0QkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCub5oMA0G
CSqGSIb3DQEBCwUAA4IBAQAImC1Q/GbMV2xLkU88IH9Q/4zkM89BVGBoLZKtZEOO
dnDJWlDay/tZ3CpLyXrWfX9MguoESprceSqd6CwGJG0ByYjTE2u4xZ1ln7gePhX7
QCyHuSBTsuRGNh9UGv8552qRM4fzyDcBzjpxXp1W6j0bKruuUnG07Rw2rryWlhuQ
m7TOfEmP+NsFn2YaD4BkjS1ULgedsiGUh/yCoc3tBNjvnoGkcl59kd2hqn+fBDAh
olTWwkFTIK8Jjy05euIL3lns53TSho0Bso/nzkc4ETRv1MGB9egaWtsszvVk/iJ+
wn3GD1RL+SixVB3ycAXiZljj4ANzUlND7o9ZpJJmVklD
-----END CERTIFICATE-----