Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/HATKOFsQ_pSv8m6jASoFbCbhUVA.roa
File:                     HATKOFsQ_pSv8m6jASoFbCbhUVA.roa (raw, json)
Hash identifier:          yBZhOAj5rBFSUIFW7AEyDT2ZEUp9H0sAL4UPm+LeszM=
Subject key identifier:   1C:04:CA:38:5B:10:FE:94:AF:F2:6E:A3:01:2A:05:6C:26:E1:51:50
Certificate issuer:       /CN=e5e03354666c4cb2abfd51411eca5d524b0d5be5
Certificate serial:       019EB87E165BD465EE2A715DC7E883008192
Authority key identifier: E5:E0:33:54:66:6C:4C:B2:AB:FD:51:41:1E:CA:5D:52:4B:0D:5B:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5eAzVGZsTLKr_VFBHspdUksNW-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/HATKOFsQ_pSv8m6jASoFbCbhUVA.roa
Signing time:             Thu 11 Jun 2026 21:02:11 +0000
ROA not before:           Thu 11 Jun 2026 21:02:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50049
IP address blocks:        87.232.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/5eAzVGZsTLKr_VFBHspdUksNW-U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/5eAzVGZsTLKr_VFBHspdUksNW-U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5eAzVGZsTLKr_VFBHspdUksNW-U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b8:7e:16:5b:d4:65:ee:2a:71:5d:c7:e8:83:00:81:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5e03354666c4cb2abfd51411eca5d524b0d5be5
        Validity
            Not Before: Jun 11 21:02:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1c04ca385b10fe94aff26ea3012a056c26e15150
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:8e:9c:d2:c9:9f:fd:9e:6d:3e:c2:16:d8:7a:
                    3a:db:cb:a4:eb:97:86:7b:4d:71:ea:c9:65:16:f4:
                    e1:d8:9f:98:74:5e:23:bd:ad:0c:cf:84:87:da:26:
                    af:32:10:bb:cf:7a:8f:67:80:b1:a6:e0:df:ed:29:
                    71:d9:cc:7e:d4:c0:ec:b4:9f:e2:4d:fc:e6:7c:57:
                    46:4c:4f:90:32:d2:4b:33:c2:24:d3:56:93:99:fe:
                    8e:e6:7c:64:82:93:a0:f8:37:5d:07:36:f4:a7:33:
                    9e:19:13:e2:a1:eb:ae:25:c2:e7:8d:8f:a0:e7:73:
                    fc:60:c0:ad:ab:20:7b:10:fc:c5:b8:de:ba:d3:9d:
                    c0:58:ac:e4:bf:fc:ba:b3:ac:74:39:15:15:f5:0d:
                    d8:ab:f6:5a:8e:85:18:6d:36:c3:59:69:81:fb:74:
                    63:14:ee:c5:04:f3:3e:ae:86:5b:45:ec:b2:85:c9:
                    f1:74:8d:1f:0d:4a:a7:8e:6d:37:f5:f6:39:47:b7:
                    30:29:9e:c5:fa:fb:23:38:0e:2e:ba:42:c2:70:b3:
                    c4:4f:44:2a:d6:4f:8f:cc:86:19:e9:63:63:53:74:
                    e4:c8:6f:c0:31:ed:d9:cd:a5:7c:f6:3c:f9:ca:f6:
                    11:23:11:7d:d7:8f:cf:8c:22:1c:ac:c9:3c:9e:06:
                    4c:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:04:CA:38:5B:10:FE:94:AF:F2:6E:A3:01:2A:05:6C:26:E1:51:50
            X509v3 Authority Key Identifier:
                keyid:E5:E0:33:54:66:6C:4C:B2:AB:FD:51:41:1E:CA:5D:52:4B:0D:5B:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5eAzVGZsTLKr_VFBHspdUksNW-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/HATKOFsQ_pSv8m6jASoFbCbhUVA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9b625d-0b62-45d9-99ef-60fb0f91997e/1/5eAzVGZsTLKr_VFBHspdUksNW-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ca:93:ff:16:30:f3:01:22:2f:02:b5:de:6e:a6:86:02:37:1f:
         29:28:c2:45:f2:7e:41:0e:cd:a4:de:fc:c4:af:ee:90:db:14:
         04:80:d1:54:37:50:2d:63:91:56:51:d5:e1:9c:0a:ba:c0:d9:
         3b:04:47:38:87:cb:cc:83:fe:7f:be:7c:80:a2:24:71:7b:b9:
         08:c5:77:70:7c:79:b1:a6:d0:6c:da:8d:3b:13:0f:b5:b6:ff:
         f5:fa:fb:fa:5f:29:ec:61:af:93:5a:bd:8f:ec:ff:e4:86:a8:
         6b:48:05:e1:ee:56:61:7f:34:c3:40:34:94:92:ed:a3:82:5b:
         11:48:f3:32:fa:2f:0f:8b:6f:6f:74:88:7b:a9:52:8a:54:21:
         97:bb:b8:d2:bc:f9:89:66:83:9b:35:d8:6d:4d:3b:93:97:a7:
         ba:b5:10:36:9e:0d:e3:a9:2e:63:ef:d7:e6:75:5a:fc:43:4a:
         9d:7f:5a:52:a6:18:85:d1:91:21:01:3a:a8:51:27:8e:62:1d:
         5f:82:16:d2:09:0d:13:fd:08:ba:35:f4:46:37:d4:79:72:c6:
         78:98:3b:14:24:95:8f:a6:b5:c3:94:b2:e5:7b:fb:ac:3b:0e:
         0f:fa:a4:9b:67:2e:3b:f3:cb:f0:59:c8:d8:e4:c1:b1:79:32:
         07:44:95:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ64fhZb1GXuKnFdx+iDAIGSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ZTAzMzU0NjY2YzRjYjJhYmZkNTE0MTFlY2E1ZDUyNGIw
ZDViZTUwHhcNMjYwNjExMjEwMjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzA0Y2EzODViMTBmZTk0YWZmMjZlYTMwMTJhMDU2YzI2ZTE1MTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlo6c0smf/Z5tPsIW2Ho628uk65eG
e01x6sllFvTh2J+YdF4jva0Mz4SH2iavMhC7z3qPZ4CxpuDf7Slx2cx+1MDstJ/i
TfzmfFdGTE+QMtJLM8Ik01aTmf6O5nxkgpOg+DddBzb0pzOeGRPioeuuJcLnjY+g
53P8YMCtqyB7EPzFuN66053AWKzkv/y6s6x0ORUV9Q3Yq/ZajoUYbTbDWWmB+3Rj
FO7FBPM+roZbReyyhcnxdI0fDUqnjm039fY5R7cwKZ7F+vsjOA4uukLCcLPET0Qq
1k+PzIYZ6WNjU3TkyG/AMe3ZzaV89jz5yvYRIxF914/PjCIcrMk8ngZMBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBwEyjhbEP6Ur/JuowEqBWwm4VFQMB8GA1UdIwQY
MBaAFOXgM1RmbEyyq/1RQR7KXVJLDVvlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWVBelZHWnNUTEtyX1ZGQkhzcGRVa3NOVy1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS85YjYyNWQtMGI2Mi00NWQ5LTk5ZWYt
NjBmYjBmOTE5OTdlLzEvSEFUS09Gc1FfcFN2OG02akFTb0ZiQ2JoVVZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS85YjYyNWQtMGI2Mi00NWQ5LTk5ZWYtNjBmYjBmOTE5OTdl
LzEvNWVBelZHWnNUTEtyX1ZGQkhzcGRVa3NOVy1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+hOMA0G
CSqGSIb3DQEBCwUAA4IBAQDKk/8WMPMBIi8Ctd5upoYCNx8pKMJF8n5BDs2k3vzE
r+6Q2xQEgNFUN1AtY5FWUdXhnAq6wNk7BEc4h8vMg/5/vnyAoiRxe7kIxXdwfHmx
ptBs2o07Ew+1tv/1+vv6XynsYa+TWr2P7P/khqhrSAXh7lZhfzTDQDSUku2jglsR
SPMy+i8Pi29vdIh7qVKKVCGXu7jSvPmJZoObNdhtTTuTl6e6tRA2ng3jqS5j79fm
dVr8Q0qdf1pSphiF0ZEhATqoUSeOYh1fghbSCQ0T/Qi6NfRGN9R5csZ4mDsUJJWP
prXDlLLle/usOw4P+qSbZy4788vwWcjY5MGxeTIHRJXG
-----END CERTIFICATE-----