Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/sHeANTvmmpmDSDWLLt3HLOThsf4.roa
File:                     sHeANTvmmpmDSDWLLt3HLOThsf4.roa (raw, json)
Hash identifier:          Oht33H8mwYmQ6e4RlFUdrL12Af5sAsO7xBwel8FTpkY=
Subject key identifier:   B0:77:80:35:3B:E6:9A:99:83:48:35:8B:2E:DD:C7:2C:E4:E1:B1:FE
Certificate issuer:       /CN=583d76051017d0afa915fcfb790a00f4667b0a88
Certificate serial:       019CA3BFE0D34ADEAC7EC4723BB1905E722C
Authority key identifier: 58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/sHeANTvmmpmDSDWLLt3HLOThsf4.roa
Signing time:             Sat 28 Feb 2026 10:16:26 +0000
ROA not before:           Sat 28 Feb 2026 10:16:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212607
IP address blocks:        94.184.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:a3:bf:e0:d3:4a:de:ac:7e:c4:72:3b:b1:90:5e:72:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=583d76051017d0afa915fcfb790a00f4667b0a88
        Validity
            Not Before: Feb 28 10:16:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b07780353be69a998348358b2eddc72ce4e1b1fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:36:d3:c5:60:20:83:d2:0f:7b:7d:64:8a:25:
                    80:60:57:5d:6d:11:bb:f4:b2:ee:d2:aa:54:9f:18:
                    d3:d1:5e:45:fd:30:7b:b8:91:10:26:1b:dc:3f:74:
                    5a:18:e4:7b:f0:09:70:1b:c4:9b:46:f5:b4:a1:77:
                    92:04:16:fb:f9:24:07:b8:c9:5b:03:0d:b2:98:95:
                    fb:5f:0a:84:df:54:c7:f3:20:e0:79:ec:b2:55:54:
                    6c:5a:b6:c8:86:0e:40:91:05:c5:b5:45:bc:09:1e:
                    78:33:55:bd:89:a8:d9:88:03:0a:eb:fa:48:5a:4c:
                    dd:a4:0f:66:75:fc:00:d1:40:62:85:cd:e4:87:66:
                    ab:d2:e0:68:a3:3e:1b:b7:15:7e:4e:e7:0a:8b:04:
                    45:72:e9:d4:ec:6d:6b:dd:06:45:10:e4:91:b5:c8:
                    7f:cb:f7:a7:1c:1d:2e:5d:6a:41:ac:fe:8a:92:0e:
                    17:38:1b:7e:9a:67:f8:28:b1:56:ba:39:96:1a:5f:
                    b1:e8:b5:2c:8c:fb:da:77:1d:36:8e:d5:5d:94:bf:
                    2e:88:2d:5e:28:51:3f:61:58:96:5b:8d:2d:f1:68:
                    d7:e1:c1:c9:08:0f:07:1b:63:80:96:19:b8:c2:17:
                    03:4c:79:f3:1b:3e:b8:c2:bb:11:88:f0:5b:b7:c8:
                    44:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:77:80:35:3B:E6:9A:99:83:48:35:8B:2E:DD:C7:2C:E4:E1:B1:FE
            X509v3 Authority Key Identifier:
                keyid:58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/sHeANTvmmpmDSDWLLt3HLOThsf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.184.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:3b:f8:da:32:82:db:86:8b:cc:fb:ea:3f:9e:96:1e:e4:3f:
         cc:6b:fa:a9:b9:46:23:09:48:da:f4:7a:21:ab:39:c3:76:40:
         d1:71:82:3e:ec:f5:37:0a:24:ff:ee:4a:d5:97:e3:76:50:fa:
         42:1b:ee:92:76:9a:b8:a6:1a:db:99:76:b3:ea:11:30:bd:fd:
         8c:65:49:35:95:de:77:b4:dc:d0:f5:04:6b:17:32:65:e1:60:
         cc:0a:9a:28:4f:cc:2c:34:e2:1b:da:fc:fe:75:55:55:af:c4:
         fb:0d:65:dd:80:15:f7:1b:2e:10:d2:37:d4:e7:88:0d:0d:de:
         25:9d:9e:8a:d2:58:2f:05:b6:1b:38:31:8a:b1:68:24:4d:f3:
         88:14:08:a2:4e:b5:6f:f2:1f:e9:9b:8f:bd:56:7f:de:b7:35:
         15:32:8e:71:f9:34:4a:c5:cf:8e:39:e3:ed:e0:25:25:99:4d:
         44:88:90:3e:7e:49:fc:2e:15:14:37:8f:ba:64:76:09:f1:62:
         63:a1:2e:45:d4:e0:7e:00:57:a1:d3:22:57:08:43:18:61:ca:
         08:92:bf:ce:c9:1c:87:39:d5:82:0a:51:ea:a9:58:ab:cc:d6:
         da:f9:d5:1b:25:67:f3:3a:f9:5b:b1:6c:3c:6d:1c:bc:ae:0c:
         4e:71:54:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyjv+DTSt6sfsRyO7GQXnIsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4M2Q3NjA1MTAxN2QwYWZhOTE1ZmNmYjc5MGEwMGY0NjY3
YjBhODgwHhcNMjYwMjI4MTAxNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDc3ODAzNTNiZTY5YTk5ODM0ODM1OGIyZWRkYzcyY2U0ZTFiMWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoTbTxWAgg9IPe31kiiWAYFddbRG7
9LLu0qpUnxjT0V5F/TB7uJEQJhvcP3RaGOR78AlwG8SbRvW0oXeSBBb7+SQHuMlb
Aw2ymJX7XwqE31TH8yDgeeyyVVRsWrbIhg5AkQXFtUW8CR54M1W9iajZiAMK6/pI
WkzdpA9mdfwA0UBihc3kh2ar0uBooz4btxV+TucKiwRFcunU7G1r3QZFEOSRtch/
y/enHB0uXWpBrP6Kkg4XOBt+mmf4KLFWujmWGl+x6LUsjPvadx02jtVdlL8uiC1e
KFE/YViWW40t8WjX4cHJCA8HG2OAlhm4whcDTHnzGz64wrsRiPBbt8hEtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLB3gDU75pqZg0g1iy7dxyzk4bH+MB8GA1UdIwQY
MBaAFFg9dgUQF9CvqRX8+3kKAPRmewqIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGIt
ZGE2MTUzODg1ZjNiLzEvc0hlQU5Udm1tcG1EU0RXTEx0M0hMT1Roc2Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGItZGE2MTUzODg1ZjNi
LzEvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXrgdMA0G
CSqGSIb3DQEBCwUAA4IBAQC5O/jaMoLbhovM++o/npYe5D/Ma/qpuUYjCUja9Hoh
qznDdkDRcYI+7PU3CiT/7krVl+N2UPpCG+6Sdpq4phrbmXaz6hEwvf2MZUk1ld53
tNzQ9QRrFzJl4WDMCpooT8wsNOIb2vz+dVVVr8T7DWXdgBX3Gy4Q0jfU54gNDd4l
nZ6K0lgvBbYbODGKsWgkTfOIFAiiTrVv8h/pm4+9Vn/etzUVMo5x+TRKxc+OOePt
4CUlmU1EiJA+fkn8LhUUN4+6ZHYJ8WJjoS5F1OB+AFeh0yJXCEMYYcoIkr/OyRyH
OdWCClHqqVirzNba+dUbJWfzOvlbsWw8bRy8rgxOcVTY
-----END CERTIFICATE-----