Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/3d6590-c437-405d-a8d9-a882e43b318a/1/HBb1HdbTpkkZ4I4n2Q6fg9MiULg.roa
File:                     HBb1HdbTpkkZ4I4n2Q6fg9MiULg.roa (raw, json)
Hash identifier:          pkve3g53jmybFKOaGXzmIhJtmGYscgIQMcLuncFXZzg=
Subject key identifier:   1C:16:F5:1D:D6:D3:A6:49:19:E0:8E:27:D9:0E:9F:83:D3:22:50:B8
Certificate issuer:       /CN=a69e318ff237206931a1059b8d9586eba887f328
Certificate serial:       019ECCD6DCC538E3CB75A7C73EAAFD71D8A9
Authority key identifier: A6:9E:31:8F:F2:37:20:69:31:A1:05:9B:8D:95:86:EB:A8:87:F3:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pp4xj_I3IGkxoQWbjZWG66iH8yg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/3d6590-c437-405d-a8d9-a882e43b318a/1/HBb1HdbTpkkZ4I4n2Q6fg9MiULg.roa
Signing time:             Mon 15 Jun 2026 19:51:33 +0000
ROA not before:           Mon 15 Jun 2026 19:51:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57535
IP address blocks:        91.232.210.0/24 maxlen: 24
                          91.232.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/3d6590-c437-405d-a8d9-a882e43b318a/1/pp4xj_I3IGkxoQWbjZWG66iH8yg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/3d6590-c437-405d-a8d9-a882e43b318a/1/pp4xj_I3IGkxoQWbjZWG66iH8yg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pp4xj_I3IGkxoQWbjZWG66iH8yg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jun 2026 07:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:cc:d6:dc:c5:38:e3:cb:75:a7:c7:3e:aa:fd:71:d8:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a69e318ff237206931a1059b8d9586eba887f328
        Validity
            Not Before: Jun 15 19:51:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1c16f51dd6d3a64919e08e27d90e9f83d32250b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:9a:67:56:fd:a7:60:a9:3b:9c:bc:50:15:b2:
                    bb:89:4d:ce:ba:20:cd:6f:1b:42:2b:4c:95:59:95:
                    0b:b2:8c:e1:ff:e1:4e:16:42:c7:f4:ed:11:4a:33:
                    6d:6d:2f:be:08:71:3c:fd:b5:38:d1:bd:49:4f:41:
                    f0:26:92:c2:e6:46:80:a4:91:84:ae:15:95:da:0f:
                    5c:81:55:89:e5:e3:15:2f:8a:7a:f3:da:a5:b4:17:
                    0f:78:32:f0:d4:0a:b6:a6:f8:bd:b8:84:c3:96:bd:
                    5c:b7:fa:3b:17:c6:88:03:bb:7e:d7:4c:fb:4a:c8:
                    0e:ac:36:5a:ea:02:06:5e:bb:d5:10:42:c7:8d:0f:
                    eb:0d:f1:0e:62:58:f3:b7:94:98:f6:68:8b:b6:4a:
                    11:7a:93:c8:93:43:7b:57:95:6a:05:05:4c:2b:35:
                    bb:a7:c8:df:1e:21:39:85:8e:08:ce:d4:41:27:b0:
                    ee:b4:23:d6:6b:8b:d2:dd:0f:e5:f1:9c:d2:6d:3a:
                    b1:6e:57:0b:60:6e:de:5f:3d:5d:ef:7d:a0:0e:9e:
                    aa:8b:70:69:0d:43:a9:cf:de:4d:a8:80:dd:bc:ee:
                    a7:ee:57:6d:96:15:4a:3c:43:2f:38:23:64:41:7a:
                    ba:55:7b:ac:20:d8:99:e6:12:85:90:9d:e9:82:0a:
                    1e:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:16:F5:1D:D6:D3:A6:49:19:E0:8E:27:D9:0E:9F:83:D3:22:50:B8
            X509v3 Authority Key Identifier:
                keyid:A6:9E:31:8F:F2:37:20:69:31:A1:05:9B:8D:95:86:EB:A8:87:F3:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pp4xj_I3IGkxoQWbjZWG66iH8yg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/3d6590-c437-405d-a8d9-a882e43b318a/1/HBb1HdbTpkkZ4I4n2Q6fg9MiULg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/3d6590-c437-405d-a8d9-a882e43b318a/1/pp4xj_I3IGkxoQWbjZWG66iH8yg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0e:36:b4:64:74:be:fd:21:96:aa:ba:b1:81:2a:f8:f1:20:ba:
         ea:00:60:37:af:f0:84:c9:51:5e:b4:6c:f6:f2:7c:36:eb:9d:
         5c:c7:02:7c:c8:86:fe:6e:44:da:34:4c:1b:f3:51:97:85:44:
         3e:18:50:66:c6:43:dd:ae:89:5f:65:02:66:34:49:4c:06:75:
         25:ed:da:e0:e1:c2:6d:19:1a:b3:e9:5b:c7:3d:22:fc:7c:66:
         d0:a4:f8:e8:65:07:d7:01:96:47:20:5e:01:d3:b7:7d:e6:c7:
         c7:d0:f5:d9:0d:dc:70:ca:a0:12:f2:75:ee:d2:1e:af:0e:30:
         a6:cf:aa:f2:d8:be:b0:25:e1:d9:c3:ee:f2:55:cd:8d:f7:74:
         da:5b:46:50:5c:71:a2:63:5a:6e:90:5f:55:1d:ac:ff:24:cb:
         ec:16:b3:d4:65:38:75:1f:73:06:4d:dc:52:16:41:91:de:9f:
         51:a3:cf:de:43:8e:76:d1:c3:e8:52:cc:64:a0:01:64:24:f7:
         f9:d6:12:ef:a1:a2:ee:4e:8b:a5:24:da:50:19:fb:4f:ea:46:
         88:a3:ea:cd:3c:02:15:f0:c3:5a:90:9e:67:23:5b:2a:a9:4d:
         f5:9c:c5:7b:1a:c9:8e:01:b3:48:d1:73:4b:09:92:f2:ff:a9:
         ea:d3:2c:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7M1tzFOOPLdafHPqr9cdipMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2OWUzMThmZjIzNzIwNjkzMWExMDU5YjhkOTU4NmViYTg4
N2YzMjgwHhcNMjYwNjE1MTk1MTMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzE2ZjUxZGQ2ZDNhNjQ5MTllMDhlMjdkOTBlOWY4M2QzMjI1MGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm5pnVv2nYKk7nLxQFbK7iU3OuiDN
bxtCK0yVWZULsozh/+FOFkLH9O0RSjNtbS++CHE8/bU40b1JT0HwJpLC5kaApJGE
rhWV2g9cgVWJ5eMVL4p689qltBcPeDLw1Aq2pvi9uITDlr1ct/o7F8aIA7t+10z7
SsgOrDZa6gIGXrvVEELHjQ/rDfEOYljzt5SY9miLtkoRepPIk0N7V5VqBQVMKzW7
p8jfHiE5hY4IztRBJ7DutCPWa4vS3Q/l8ZzSbTqxblcLYG7eXz1d732gDp6qi3Bp
DUOpz95NqIDdvO6n7ldtlhVKPEMvOCNkQXq6VXusINiZ5hKFkJ3pggoeyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBwW9R3W06ZJGeCOJ9kOn4PTIlC4MB8GA1UdIwQY
MBaAFKaeMY/yNyBpMaEFm42Vhuuoh/MoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHA0eGpfSTNJR2t4b1FXYmpaV0c2NmlIOHlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi8zZDY1OTAtYzQzNy00MDVkLWE4ZDkt
YTg4MmU0M2IzMThhLzEvSEJiMUhkYlRwa2taNEk0bjJRNmZnOU1pVUxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi8zZDY1OTAtYzQzNy00MDVkLWE4ZDktYTg4MmU0M2IzMThh
LzEvcHA0eGpfSTNJR2t4b1FXYmpaV0c2NmlIOHlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+jSMA0G
CSqGSIb3DQEBCwUAA4IBAQAONrRkdL79IZaqurGBKvjxILrqAGA3r/CEyVFetGz2
8nw2651cxwJ8yIb+bkTaNEwb81GXhUQ+GFBmxkPdrolfZQJmNElMBnUl7drg4cJt
GRqz6VvHPSL8fGbQpPjoZQfXAZZHIF4B07d95sfH0PXZDdxwyqAS8nXu0h6vDjCm
z6ry2L6wJeHZw+7yVc2N93TaW0ZQXHGiY1pukF9VHaz/JMvsFrPUZTh1H3MGTdxS
FkGR3p9Ro8/eQ4520cPoUsxkoAFkJPf51hLvoaLuToulJNpQGftP6kaIo+rNPAIV
8MNakJ5nI1sqqU31nMV7GsmOAbNI0XNLCZLy/6nq0yxX
-----END CERTIFICATE-----