Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/hcEiOVl0IV3IE4216hs1e5DZGR4.roa
File:                     hcEiOVl0IV3IE4216hs1e5DZGR4.roa (raw, json)
Hash identifier:          ZC5U5qcJYYjeF6N2SbLW1XrnWze6Jseft5QLvx76FJw=
Subject key identifier:   85:C1:22:39:59:74:21:5D:C8:13:8D:B5:EA:1B:35:7B:90:D9:19:1E
Certificate issuer:       /CN=63883a79789d9f65815292f18d4980ba9c5ed221
Certificate serial:       019E8B2AEE2845B4EF36441AC19EF0C2A9DA
Authority key identifier: 63:88:3A:79:78:9D:9F:65:81:52:92:F1:8D:49:80:BA:9C:5E:D2:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y4g6eXidn2WBUpLxjUmAupxe0iE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/hcEiOVl0IV3IE4216hs1e5DZGR4.roa
Signing time:             Wed 03 Jun 2026 01:48:26 +0000
ROA not before:           Wed 03 Jun 2026 01:48:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396356
IP address blocks:        152.236.0.0/18 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/Y4g6eXidn2WBUpLxjUmAupxe0iE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/Y4g6eXidn2WBUpLxjUmAupxe0iE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y4g6eXidn2WBUpLxjUmAupxe0iE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8b:2a:ee:28:45:b4:ef:36:44:1a:c1:9e:f0:c2:a9:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63883a79789d9f65815292f18d4980ba9c5ed221
        Validity
            Not Before: Jun  3 01:48:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=85c122395974215dc8138db5ea1b357b90d9191e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:cb:da:d1:22:dd:0b:7d:9d:d1:2d:57:67:cc:
                    f8:a3:8e:a3:21:8f:7b:fa:42:24:76:2f:44:bb:20:
                    8e:89:7e:73:23:8b:6a:cf:14:1f:27:82:f7:85:5b:
                    a9:10:e2:d4:a7:7c:72:97:ba:e3:56:55:85:10:b2:
                    19:1b:9a:e7:00:a8:37:dd:48:27:60:d0:01:6a:aa:
                    78:84:1f:df:99:c6:44:19:7b:a9:50:be:c6:c7:49:
                    94:ff:bb:99:84:78:5b:3b:b3:55:c6:b6:6b:1c:64:
                    b2:4d:dc:f4:4f:7a:2f:c9:d5:2b:8b:37:86:1c:53:
                    d8:6a:60:d5:69:66:94:e1:e8:00:13:e3:83:5e:c6:
                    49:63:a4:2e:94:e9:f6:31:1f:5f:1a:df:2e:a8:6c:
                    a0:bc:e1:c3:65:9b:2f:b1:41:11:30:89:1d:5b:eb:
                    b5:84:da:53:92:71:19:6b:fc:3e:ec:2f:5a:01:f5:
                    ff:75:4d:74:35:28:78:1d:aa:9e:52:65:da:6c:e9:
                    db:37:b6:a4:b3:f6:a6:e3:71:9a:fd:5a:69:03:81:
                    6c:93:5b:b6:ac:d9:db:9c:15:f5:58:2e:87:10:c7:
                    8f:58:a4:a6:31:1c:48:80:a7:51:e3:0c:28:63:2b:
                    73:e1:3f:fa:42:13:69:bb:5c:5e:e6:54:e6:b7:93:
                    74:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:C1:22:39:59:74:21:5D:C8:13:8D:B5:EA:1B:35:7B:90:D9:19:1E
            X509v3 Authority Key Identifier:
                keyid:63:88:3A:79:78:9D:9F:65:81:52:92:F1:8D:49:80:BA:9C:5E:D2:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y4g6eXidn2WBUpLxjUmAupxe0iE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/hcEiOVl0IV3IE4216hs1e5DZGR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/Y4g6eXidn2WBUpLxjUmAupxe0iE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.236.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         85:57:2b:43:2a:c1:4d:d6:c8:dc:c5:3d:dc:c0:4c:99:15:05:
         e7:c6:74:9c:c4:63:ac:65:0d:32:b5:c6:fa:b8:ff:46:ab:13:
         28:6e:d1:f1:e3:a4:c4:92:af:6e:79:97:b7:e0:4a:e4:3b:1a:
         96:1d:da:ea:f2:94:59:15:1f:ee:90:17:f2:2d:86:80:16:24:
         52:13:7b:d0:ec:09:6e:92:29:ad:8f:8d:ee:1a:76:de:aa:e1:
         68:60:2f:65:f9:ab:1d:74:c7:46:bf:87:32:e7:4a:c4:fe:dd:
         f1:f3:fd:f4:e4:10:81:d6:ed:20:cd:9b:2f:9a:c8:3a:4a:61:
         38:8a:d1:aa:b1:f5:11:8d:1e:d7:f7:62:8a:b0:f5:2c:cb:7e:
         65:f0:02:d8:eb:2d:2d:0e:c7:d4:4e:ce:c4:aa:82:82:2b:86:
         e5:f5:44:16:47:3a:55:c7:7b:70:0c:7d:8d:3a:07:78:c7:af:
         00:4d:7e:f1:ed:c6:04:eb:d8:49:26:97:18:8b:80:5b:f7:7f:
         ed:96:c4:8c:2d:f6:a7:aa:5b:07:26:0d:ab:c6:5b:12:1d:84:
         79:37:c2:c3:43:1d:81:44:6d:ec:1b:ec:0f:57:f7:31:15:6a:
         a7:a3:9a:2c:66:92:10:ae:2e:b1:19:4e:66:60:8a:25:8c:57:
         60:b4:25:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6LKu4oRbTvNkQawZ7wwqnaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzODgzYTc5Nzg5ZDlmNjU4MTUyOTJmMThkNDk4MGJhOWM1
ZWQyMjEwHhcNMjYwNjAzMDE0ODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWMxMjIzOTU5NzQyMTVkYzgxMzhkYjVlYTFiMzU3YjkwZDkxOTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcva0SLdC32d0S1XZ8z4o46jIY97
+kIkdi9EuyCOiX5zI4tqzxQfJ4L3hVupEOLUp3xyl7rjVlWFELIZG5rnAKg33Ugn
YNABaqp4hB/fmcZEGXupUL7Gx0mU/7uZhHhbO7NVxrZrHGSyTdz0T3ovydUrizeG
HFPYamDVaWaU4egAE+ODXsZJY6QulOn2MR9fGt8uqGygvOHDZZsvsUERMIkdW+u1
hNpTknEZa/w+7C9aAfX/dU10NSh4HaqeUmXabOnbN7aks/am43Ga/VppA4Fsk1u2
rNnbnBX1WC6HEMePWKSmMRxIgKdR4wwoYytz4T/6QhNpu1xe5lTmt5N03wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIXBIjlZdCFdyBONteobNXuQ2RkeMB8GA1UdIwQY
MBaAFGOIOnl4nZ9lgVKS8Y1JgLqcXtIhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTRnNmVYaWRuMldCVXBMeGpVbUF1cHhlMGlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9jYTAyMjgtNTdlZS00ZjY1LTk2MmYt
MzVkMDU5NWUxMmYwLzEvaGNFaU9WbDBJVjNJRTQyMTZoczFlNURaR1I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9jYTAyMjgtNTdlZS00ZjY1LTk2MmYtMzVkMDU5NWUxMmYw
LzEvWTRnNmVYaWRuMldCVXBMeGpVbUF1cHhlMGlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGmOwAMA0G
CSqGSIb3DQEBCwUAA4IBAQCFVytDKsFN1sjcxT3cwEyZFQXnxnScxGOsZQ0ytcb6
uP9GqxMobtHx46TEkq9ueZe34ErkOxqWHdrq8pRZFR/ukBfyLYaAFiRSE3vQ7Alu
kimtj43uGnbequFoYC9l+asddMdGv4cy50rE/t3x8/305BCB1u0gzZsvmsg6SmE4
itGqsfURjR7X92KKsPUsy35l8ALY6y0tDsfUTs7EqoKCK4bl9UQWRzpVx3twDH2N
Ogd4x68ATX7x7cYE69hJJpcYi4Bb93/tlsSMLfanqlsHJg2rxlsSHYR5N8LDQx2B
RG3sG+wPV/cxFWqno5osZpIQri6xGU5mYIoljFdgtCWp
-----END CERTIFICATE-----