Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/fa8c59-daf6-4e6a-b366-e546c2a1d229/1/HGJATmPx_lb-up56PA9sws4LXzM.roa
File:                     HGJATmPx_lb-up56PA9sws4LXzM.roa (raw, json)
Hash identifier:          rP4ippAFPKo3N/gSznr5pBHOOcDkPGB3VJz0DMBiGGk=
Subject key identifier:   1C:62:40:4E:63:F1:FE:56:FE:BA:9E:7A:3C:0F:6C:C2:CE:0B:5F:33
Certificate issuer:       /CN=e1c85b3df191bbb4874f212563f536f823ea4332
Certificate serial:       019D66C2A610171BDE62EEAACF5F4A28622D
Authority key identifier: E1:C8:5B:3D:F1:91:BB:B4:87:4F:21:25:63:F5:36:F8:23:EA:43:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4chbPfGRu7SHTyElY_U2-CPqQzI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/fa8c59-daf6-4e6a-b366-e546c2a1d229/1/HGJATmPx_lb-up56PA9sws4LXzM.roa
Signing time:             Tue 07 Apr 2026 07:05:25 +0000
ROA not before:           Tue 07 Apr 2026 07:05:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47292
IP address blocks:        89.186.176.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/fa8c59-daf6-4e6a-b366-e546c2a1d229/1/4chbPfGRu7SHTyElY_U2-CPqQzI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/fa8c59-daf6-4e6a-b366-e546c2a1d229/1/4chbPfGRu7SHTyElY_U2-CPqQzI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4chbPfGRu7SHTyElY_U2-CPqQzI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:66:c2:a6:10:17:1b:de:62:ee:aa:cf:5f:4a:28:62:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1c85b3df191bbb4874f212563f536f823ea4332
        Validity
            Not Before: Apr  7 07:05:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1c62404e63f1fe56feba9e7a3c0f6cc2ce0b5f33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ca:62:fb:1f:4a:62:38:f8:c5:d8:56:fc:4b:
                    ac:15:ca:b7:88:e5:20:c0:8c:62:65:f7:35:f9:d5:
                    39:bf:64:67:36:bf:40:2d:7b:73:20:22:11:ca:42:
                    84:c1:70:64:bc:48:8b:ce:ae:c1:71:43:34:44:a7:
                    44:df:f6:b2:0e:eb:56:16:03:0d:e7:b1:9c:49:4c:
                    00:d6:a6:a7:67:b5:39:74:5d:d5:49:9b:a1:2e:4c:
                    44:ad:09:49:f2:18:4f:a1:33:d1:30:d2:4b:18:d1:
                    57:2c:62:de:05:c0:51:14:af:a0:8f:59:c3:59:ef:
                    b9:d5:3b:20:84:13:5d:2b:d5:bf:73:b4:ef:90:00:
                    1a:d6:8c:fb:d0:3a:ac:96:e3:91:7d:72:f1:14:51:
                    c7:95:dd:cb:f0:fc:9a:40:fc:04:eb:28:5b:0b:57:
                    e1:2e:1e:c3:f9:6b:e8:8c:00:99:04:a1:0f:a0:39:
                    89:80:6c:70:69:23:f7:8b:ce:53:19:9f:41:cd:20:
                    14:23:b5:86:a9:77:a6:a0:33:42:5a:87:f9:2a:0c:
                    75:98:20:57:33:e7:eb:6a:67:1a:af:22:82:4e:12:
                    56:b8:22:be:72:9a:f1:31:e6:9d:3f:e7:8b:2a:da:
                    df:1f:c8:45:03:c2:3d:55:4f:c4:04:65:56:63:2a:
                    99:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:62:40:4E:63:F1:FE:56:FE:BA:9E:7A:3C:0F:6C:C2:CE:0B:5F:33
            X509v3 Authority Key Identifier:
                keyid:E1:C8:5B:3D:F1:91:BB:B4:87:4F:21:25:63:F5:36:F8:23:EA:43:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4chbPfGRu7SHTyElY_U2-CPqQzI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/fa8c59-daf6-4e6a-b366-e546c2a1d229/1/HGJATmPx_lb-up56PA9sws4LXzM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/fa8c59-daf6-4e6a-b366-e546c2a1d229/1/4chbPfGRu7SHTyElY_U2-CPqQzI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.186.176.0/20

    Signature Algorithm: sha256WithRSAEncryption
         a1:df:d7:a5:bd:99:11:30:8d:84:f8:80:76:71:2c:83:a1:c8:
         4e:8f:d4:e7:38:69:21:74:68:55:f9:8d:b3:b0:93:b0:9f:34:
         68:78:c8:9a:c9:4f:cf:15:c5:65:3d:e9:04:ab:b4:25:56:d0:
         18:4d:e9:4b:c6:07:bf:71:55:a1:93:d4:72:ce:b3:2b:e1:ed:
         83:76:f8:36:d6:c2:3f:e9:ca:d0:45:3a:50:a9:26:0a:c7:0a:
         6c:67:60:13:21:63:1d:a0:e9:7b:1b:62:cc:03:46:dc:cf:11:
         15:16:1a:f7:ae:39:f3:62:3f:28:d8:a9:d1:11:1d:6b:3d:74:
         dd:06:53:1c:f4:4e:3f:14:d7:80:ae:67:98:fd:fc:87:5b:b6:
         82:8e:7f:54:47:61:c4:9f:18:0d:56:df:2b:4c:33:6a:73:bc:
         36:63:9b:78:b9:3f:19:0c:06:d8:2a:15:44:f0:d7:87:42:94:
         9e:b2:81:a3:cb:13:17:49:f1:74:57:cb:68:1e:87:d3:db:1b:
         fa:54:9d:49:42:1c:65:02:8e:5e:44:b6:32:cd:7a:c4:be:d8:
         b7:33:17:f8:4c:fa:cd:92:d2:fd:33:7e:16:a1:bf:8b:27:29:
         de:1c:14:ec:0d:69:45:34:cd:b0:2d:fd:ae:0c:5a:fb:e3:84:
         42:3d:82:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1mwqYQFxveYu6qz19KKGItMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxYzg1YjNkZjE5MWJiYjQ4NzRmMjEyNTYzZjUzNmY4MjNl
YTQzMzIwHhcNMjYwNDA3MDcwNTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzYyNDA0ZTYzZjFmZTU2ZmViYTllN2EzYzBmNmNjMmNlMGI1ZjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmcpi+x9KYjj4xdhW/EusFcq3iOUg
wIxiZfc1+dU5v2RnNr9ALXtzICIRykKEwXBkvEiLzq7BcUM0RKdE3/ayDutWFgMN
57GcSUwA1qanZ7U5dF3VSZuhLkxErQlJ8hhPoTPRMNJLGNFXLGLeBcBRFK+gj1nD
We+51TsghBNdK9W/c7TvkAAa1oz70DqsluORfXLxFFHHld3L8PyaQPwE6yhbC1fh
Lh7D+WvojACZBKEPoDmJgGxwaSP3i85TGZ9BzSAUI7WGqXemoDNCWof5Kgx1mCBX
M+framcaryKCThJWuCK+cprxMeadP+eLKtrfH8hFA8I9VU/EBGVWYyqZ/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBxiQE5j8f5W/rqeejwPbMLOC18zMB8GA1UdIwQY
MBaAFOHIWz3xkbu0h08hJWP1Nvgj6kMyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGNoYlBmR1J1N1NIVHlFbFlfVTItQ1BxUXpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9mYThjNTktZGFmNi00ZTZhLWIzNjYt
ZTU0NmMyYTFkMjI5LzEvSEdKQVRtUHhfbGItdXA1NlBBOXN3czRMWHpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9mYThjNTktZGFmNi00ZTZhLWIzNjYtZTU0NmMyYTFkMjI5
LzEvNGNoYlBmR1J1N1NIVHlFbFlfVTItQ1BxUXpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEWbqwMA0G
CSqGSIb3DQEBCwUAA4IBAQCh39elvZkRMI2E+IB2cSyDochOj9TnOGkhdGhV+Y2z
sJOwnzRoeMiayU/PFcVlPekEq7QlVtAYTelLxge/cVWhk9RyzrMr4e2Ddvg21sI/
6crQRTpQqSYKxwpsZ2ATIWMdoOl7G2LMA0bczxEVFhr3rjnzYj8o2KnRER1rPXTd
BlMc9E4/FNeArmeY/fyHW7aCjn9UR2HEnxgNVt8rTDNqc7w2Y5t4uT8ZDAbYKhVE
8NeHQpSesoGjyxMXSfF0V8toHofT2xv6VJ1JQhxlAo5eRLYyzXrEvti3Mxf4TPrN
ktL9M34Wob+LJyneHBTsDWlFNM2wLf2uDFr744RCPYIV
-----END CERTIFICATE-----