Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/HUopsKaA859jEHBOSipzmvMCH4I.roa
File:                     HUopsKaA859jEHBOSipzmvMCH4I.roa (raw, json)
Hash identifier:          nIqo2C9scGMLCd/sbHIQcxvWDyYCtZsUMH+8GarGZE0=
Subject key identifier:   1D:4A:29:B0:A6:80:F3:9F:63:10:70:4E:4A:2A:73:9A:F3:02:1F:82
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019EA61A742FBCE4C44FBDE713665AA4B7F1
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/HUopsKaA859jEHBOSipzmvMCH4I.roa
Signing time:             Mon 08 Jun 2026 07:20:11 +0000
ROA not before:           Mon 08 Jun 2026 07:20:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     152672
IP address blocks:        82.152.129.0/24 maxlen: 24
                          82.153.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a6:1a:74:2f:bc:e4:c4:4f:bd:e7:13:66:5a:a4:b7:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun  8 07:20:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1d4a29b0a680f39f6310704e4a2a739af3021f82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:75:fe:9e:91:b0:7f:a0:2f:10:d6:77:80:e0:
                    63:55:e6:b5:07:4f:05:30:92:44:0b:5a:1a:5e:86:
                    4a:7f:b1:ce:e2:0d:fe:a0:32:1f:39:82:3b:d3:d5:
                    4f:cf:e1:28:11:86:74:6c:31:23:c1:0a:53:3c:3d:
                    a7:fc:69:f3:4b:1b:58:2b:46:30:dd:42:00:26:4b:
                    6b:e4:d8:f1:62:2c:9c:18:b3:03:bb:82:10:05:66:
                    28:af:cf:68:8e:a5:d5:94:6c:14:f0:67:bf:50:f2:
                    82:07:fc:f1:af:80:d9:7d:09:cb:01:a0:ca:47:47:
                    3c:94:5e:37:42:c9:63:02:be:30:0d:22:11:1a:1d:
                    83:3f:8e:ed:db:f4:dc:9e:8c:49:e8:32:18:c3:21:
                    e3:37:5c:52:17:04:18:b8:3f:c6:ce:e3:c9:62:27:
                    b7:bc:a7:7c:dc:64:d9:bc:bb:cd:c8:ab:6d:71:f4:
                    55:b6:ff:ea:61:83:15:17:3a:13:41:ec:54:f8:64:
                    ad:db:10:90:50:0f:ff:cb:74:04:7c:bb:67:6f:68:
                    95:c0:57:64:97:18:d8:89:30:33:a9:90:e1:f9:9f:
                    7d:66:71:6f:58:03:52:66:e6:25:d4:89:9e:4d:c8:
                    79:39:24:d9:7b:8a:92:e8:0f:85:b0:f0:5d:e0:a3:
                    a9:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:4A:29:B0:A6:80:F3:9F:63:10:70:4E:4A:2A:73:9A:F3:02:1F:82
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/HUopsKaA859jEHBOSipzmvMCH4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.129.0/24
                  82.153.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:33:fd:4a:bc:7a:47:9d:07:48:cf:f7:aa:d3:be:20:55:96:
         26:8e:61:8e:51:ab:c3:a1:22:14:c5:65:4f:4b:c7:30:04:62:
         1a:6b:01:79:be:1d:3e:5b:96:08:9e:11:0d:43:fc:15:ed:6a:
         e3:e4:d6:db:55:58:70:b8:4c:62:34:09:b7:4a:34:7a:77:eb:
         f4:45:58:de:28:19:ff:3f:bc:fa:cb:7f:51:f7:2f:e9:1c:3d:
         95:fd:d4:c0:14:5c:ee:4f:8e:c4:af:b1:13:01:d0:b2:43:ea:
         0e:57:d5:ce:9a:3c:ea:57:0f:ba:20:8c:07:af:84:77:c7:41:
         5c:00:d1:c1:2f:ab:45:e1:17:07:c3:42:5d:41:b2:30:e4:89:
         0d:7c:5c:64:3a:57:c9:5e:35:2b:11:a9:8a:85:e1:1c:80:8f:
         62:6b:22:72:4c:12:09:af:c8:75:a6:70:a2:34:21:b9:8b:be:
         d0:4c:0b:b6:87:00:90:fe:fd:33:21:c0:b1:b7:a2:22:01:45:
         f9:0f:11:fc:80:b4:8c:e1:f8:e5:84:4b:e4:22:ef:ad:a6:9e:
         16:39:30:80:50:b3:48:a3:e3:a8:c7:a5:c0:43:12:31:7c:ea:
         08:20:0b:83:55:f1:a9:66:5e:41:4b:eb:1a:f2:fe:53:91:4e:
         47:11:b2:3e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6mGnQvvOTET73nE2ZapLfxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNjA4MDcyMDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDRhMjliMGE2ODBmMzlmNjMxMDcwNGU0YTJhNzM5YWYzMDIxZjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHX+npGwf6AvENZ3gOBjVea1B08F
MJJEC1oaXoZKf7HO4g3+oDIfOYI709VPz+EoEYZ0bDEjwQpTPD2n/GnzSxtYK0Yw
3UIAJktr5NjxYiycGLMDu4IQBWYor89ojqXVlGwU8Ge/UPKCB/zxr4DZfQnLAaDK
R0c8lF43QsljAr4wDSIRGh2DP47t2/TcnoxJ6DIYwyHjN1xSFwQYuD/GzuPJYie3
vKd83GTZvLvNyKttcfRVtv/qYYMVFzoTQexU+GSt2xCQUA//y3QEfLtnb2iVwFdk
lxjYiTAzqZDh+Z99ZnFvWANSZuYl1ImeTch5OSTZe4qS6A+FsPBd4KOpOQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB1KKbCmgPOfYxBwTkoqc5rzAh+CMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSFVvcHNLYUE4NTlqRUhCT1NpcHptdk1DSDRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUpiBAwQA
UpnYMA0GCSqGSIb3DQEBCwUAA4IBAQB6M/1KvHpHnQdIz/eq074gVZYmjmGOUavD
oSIUxWVPS8cwBGIaawF5vh0+W5YInhENQ/wV7Wrj5NbbVVhwuExiNAm3SjR6d+v0
RVjeKBn/P7z6y39R9y/pHD2V/dTAFFzuT47Er7ETAdCyQ+oOV9XOmjzqVw+6IIwH
r4R3x0FcANHBL6tF4RcHw0JdQbIw5IkNfFxkOlfJXjUrEamKheEcgI9iayJyTBIJ
r8h1pnCiNCG5i77QTAu2hwCQ/v0zIcCxt6IiAUX5DxH8gLSM4fjlhEvkIu+tpp4W
OTCAULNIo+Oox6XAQxIxfOoIIAuDVfGpZl5BS+sa8v5TkU5HEbI+
-----END CERTIFICATE-----