Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/7cabe0-6d84-47a7-acec-c7cad5020eef/1/HL__qaGc13R_JJTvUCH7c2B82tc.roa
File:                     HL__qaGc13R_JJTvUCH7c2B82tc.roa (raw, json)
Hash identifier:          HV/JSNT03SbWk0eCa+7g8K+2C1DRHozLoBRXr4HShVE=
Subject key identifier:   1C:BF:FF:A9:A1:9C:D7:74:7F:24:94:EF:50:21:FB:73:60:7C:DA:D7
Certificate issuer:       /CN=a19fd633a4d3d210decf7db57d122b648b98ed25
Certificate serial:       019B7DCA40F57C46AC368A5F9F2CE0625A29
Authority key identifier: A1:9F:D6:33:A4:D3:D2:10:DE:CF:7D:B5:7D:12:2B:64:8B:98:ED:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oZ_WM6TT0hDez321fRIrZIuY7SU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/7cabe0-6d84-47a7-acec-c7cad5020eef/1/HL__qaGc13R_JJTvUCH7c2B82tc.roa
Signing time:             Fri 02 Jan 2026 08:19:25 +0000
ROA not before:           Fri 02 Jan 2026 08:19:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213648
IP address blocks:        5.182.232.0/22 maxlen: 22
                          194.93.78.0/24 maxlen: 24
                          2a14:8700::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/7cabe0-6d84-47a7-acec-c7cad5020eef/1/oZ_WM6TT0hDez321fRIrZIuY7SU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/7cabe0-6d84-47a7-acec-c7cad5020eef/1/oZ_WM6TT0hDez321fRIrZIuY7SU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oZ_WM6TT0hDez321fRIrZIuY7SU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:40:f5:7c:46:ac:36:8a:5f:9f:2c:e0:62:5a:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a19fd633a4d3d210decf7db57d122b648b98ed25
        Validity
            Not Before: Jan  2 08:19:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1cbfffa9a19cd7747f2494ef5021fb73607cdad7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:e0:09:f2:4a:8d:b1:8a:54:95:8c:11:65:1c:
                    d8:f9:c3:ab:53:68:82:81:6b:96:ca:f0:9d:4b:37:
                    81:04:fa:b0:e6:85:83:0e:3c:9a:5e:b8:52:b1:f5:
                    8c:48:49:55:f4:65:97:7b:19:40:7d:c7:7b:ff:7c:
                    56:ac:f5:dd:32:5a:c4:fc:03:d5:ba:c9:59:46:b2:
                    eb:1b:f4:4e:bc:6b:d7:8b:35:98:5f:f5:ce:e9:24:
                    e7:b0:51:d1:2e:29:c4:41:eb:5a:91:af:2b:ba:b1:
                    f0:50:d6:24:98:0e:fa:93:00:44:d4:d9:ef:cb:2e:
                    c2:ba:cc:d9:42:7a:8c:90:bc:b9:3e:6d:fd:66:89:
                    d9:f1:56:9b:65:91:74:41:31:45:1f:93:dd:21:ff:
                    a8:31:02:88:a8:7b:e1:34:15:42:e5:22:f0:6e:74:
                    ea:96:66:80:e8:fd:7f:20:e5:6c:f8:c0:a9:86:76:
                    7e:33:1c:89:83:f2:34:68:c9:f9:49:ff:53:39:5d:
                    ec:16:64:44:89:c9:74:25:4f:b9:13:be:4f:56:fa:
                    32:ab:74:9c:4b:cf:2b:41:82:a7:8a:db:57:e1:43:
                    d3:12:e1:5e:29:f0:b9:e1:e0:77:5c:76:69:cd:45:
                    e7:81:c2:ed:80:f9:18:5c:ac:8c:d2:1f:47:9c:02:
                    29:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:BF:FF:A9:A1:9C:D7:74:7F:24:94:EF:50:21:FB:73:60:7C:DA:D7
            X509v3 Authority Key Identifier:
                keyid:A1:9F:D6:33:A4:D3:D2:10:DE:CF:7D:B5:7D:12:2B:64:8B:98:ED:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oZ_WM6TT0hDez321fRIrZIuY7SU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/7cabe0-6d84-47a7-acec-c7cad5020eef/1/HL__qaGc13R_JJTvUCH7c2B82tc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/7cabe0-6d84-47a7-acec-c7cad5020eef/1/oZ_WM6TT0hDez321fRIrZIuY7SU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.232.0/22
                  194.93.78.0/24
                IPv6:
                  2a14:8700::/29

    Signature Algorithm: sha256WithRSAEncryption
         a3:07:ba:ba:71:be:b9:6e:be:cd:45:e5:df:d5:26:9b:25:13:
         b5:49:2b:d3:a0:9d:e0:54:33:d0:c4:d2:de:ed:94:76:25:5e:
         e4:e6:51:26:bc:e5:2c:5f:41:07:6f:10:94:ad:28:99:23:2f:
         a4:fa:8b:25:ef:bf:4e:8b:d1:b3:3c:c5:82:a9:7b:08:df:c4:
         6d:4e:23:31:57:f6:4d:bc:bf:9c:e4:99:34:cd:75:7f:48:81:
         d8:05:be:3d:16:46:d1:22:6c:a9:9a:35:fd:cb:45:9e:68:31:
         7c:b8:36:19:e8:0e:ab:5e:db:7a:e0:5c:01:a5:d6:c8:ec:dc:
         5d:e1:ca:eb:35:59:4a:24:98:1a:55:f2:47:e4:42:d7:35:b5:
         6e:b1:b6:8d:ca:4b:d2:bb:cd:12:58:d5:ea:ba:cc:41:3f:bd:
         7c:98:86:00:ef:f6:f6:a8:5f:f0:72:5b:da:c4:5e:5f:8e:9c:
         9c:8c:32:e6:5b:d1:58:dd:50:d6:f7:53:6f:10:bd:84:1e:14:
         79:e1:94:9e:08:6f:5d:65:c6:ea:6e:45:be:df:d6:ce:dc:62:
         be:d1:fb:2d:17:75:99:59:bf:9d:41:4b:a3:0e:b5:b2:92:22:
         50:c6:96:26:c0:13:27:12:2d:e0:0e:ff:e4:85:3e:51:43:bd:
         ea:1d:17:b2
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt9ykD1fEasNopfnyzgYlopMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExOWZkNjMzYTRkM2QyMTBkZWNmN2RiNTdkMTIyYjY0OGI5
OGVkMjUwHhcNMjYwMTAyMDgxOTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2JmZmZhOWExOWNkNzc0N2YyNDk0ZWY1MDIxZmI3MzYwN2NkYWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3+AJ8kqNsYpUlYwRZRzY+cOrU2iC
gWuWyvCdSzeBBPqw5oWDDjyaXrhSsfWMSElV9GWXexlAfcd7/3xWrPXdMlrE/APV
uslZRrLrG/ROvGvXizWYX/XO6STnsFHRLinEQetaka8rurHwUNYkmA76kwBE1Nnv
yy7CuszZQnqMkLy5Pm39ZonZ8VabZZF0QTFFH5PdIf+oMQKIqHvhNBVC5SLwbnTq
lmaA6P1/IOVs+MCphnZ+MxyJg/I0aMn5Sf9TOV3sFmREicl0JU+5E75PVvoyq3Sc
S88rQYKnittX4UPTEuFeKfC54eB3XHZpzUXngcLtgPkYXKyM0h9HnAIpfQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBy//6mhnNd0fySU71Ah+3NgfNrXMB8GA1UdIwQY
MBaAFKGf1jOk09IQ3s99tX0SK2SLmO0lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1pfV002VFQwaERlejMyMWZSSXJaSXVZN1NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC83Y2FiZTAtNmQ4NC00N2E3LWFjZWMt
YzdjYWQ1MDIwZWVmLzEvSExfX3FhR2MxM1JfSkpUdlVDSDdjMkI4MnRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC83Y2FiZTAtNmQ4NC00N2E3LWFjZWMtYzdjYWQ1MDIwZWVm
LzEvb1pfV002VFQwaERlejMyMWZSSXJaSXVZN1NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCBbboAwQA
wl1OMA0EAgACMAcDBQMqFIcAMA0GCSqGSIb3DQEBCwUAA4IBAQCjB7q6cb65br7N
ReXf1SabJRO1SSvToJ3gVDPQxNLe7ZR2JV7k5lEmvOUsX0EHbxCUrSiZIy+k+osl
779Oi9GzPMWCqXsI38RtTiMxV/ZNvL+c5Jk0zXV/SIHYBb49FkbRImypmjX9y0We
aDF8uDYZ6A6rXtt64FwBpdbI7Nxd4crrNVlKJJgaVfJH5ELXNbVusbaNykvSu80S
WNXqusxBP718mIYA7/b2qF/wclvaxF5fjpycjDLmW9FY3VDW91NvEL2EHhR54ZSe
CG9dZcbqbkW+39bO3GK+0fstF3WZWb+dQUujDrWykiJQxpYmwBMnEi3gDv/khT5R
Q73qHRey
-----END CERTIFICATE-----