Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/61ec7d-8df6-4ffe-b637-5b09a6743375/1/hoPMx8cKt2l3U6Uh7qXffDc38GI.roa
File:                     hoPMx8cKt2l3U6Uh7qXffDc38GI.roa (raw, json)
Hash identifier:          cSBxnQp/0+IglLraeUk1nEXqdG208OR0aDWNNNv7dX8=
Subject key identifier:   86:83:CC:C7:C7:0A:B7:69:77:53:A5:21:EE:A5:DF:7C:37:37:F0:62
Certificate issuer:       /CN=ff3ed3d4d47b8e825fbfd079482f7a0c21dc91ef
Certificate serial:       019D538A5FD1C949C10D8DFD23C2BD644AD4
Authority key identifier: FF:3E:D3:D4:D4:7B:8E:82:5F:BF:D0:79:48:2F:7A:0C:21:DC:91:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_z7T1NR7joJfv9B5SC96DCHcke8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/61ec7d-8df6-4ffe-b637-5b09a6743375/1/hoPMx8cKt2l3U6Uh7qXffDc38GI.roa
Signing time:             Fri 03 Apr 2026 13:31:10 +0000
ROA not before:           Fri 03 Apr 2026 13:31:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202676
IP address blocks:        185.55.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/61ec7d-8df6-4ffe-b637-5b09a6743375/1/_z7T1NR7joJfv9B5SC96DCHcke8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/61ec7d-8df6-4ffe-b637-5b09a6743375/1/_z7T1NR7joJfv9B5SC96DCHcke8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_z7T1NR7joJfv9B5SC96DCHcke8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:53:8a:5f:d1:c9:49:c1:0d:8d:fd:23:c2:bd:64:4a:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff3ed3d4d47b8e825fbfd079482f7a0c21dc91ef
        Validity
            Not Before: Apr  3 13:31:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8683ccc7c70ab7697753a521eea5df7c3737f062
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:69:b0:9d:7d:cb:0a:8a:a5:f9:a5:8f:45:95:
                    17:1d:4e:e3:68:e1:2b:01:2c:b9:72:06:f6:ae:74:
                    5b:d2:ad:73:2e:29:fe:9c:7e:ae:6e:bb:c0:d6:79:
                    b2:b2:de:d4:93:c7:e6:9a:67:3e:fb:cf:f0:3e:c1:
                    b3:43:20:57:d2:ef:32:7a:10:45:64:bd:97:b8:4c:
                    54:f9:99:24:7f:db:3d:ab:b7:a2:49:12:6a:9e:1a:
                    9d:51:77:f4:9f:c5:a6:7a:01:0c:36:2a:f7:88:c2:
                    ac:af:d2:ff:38:6d:a6:38:c6:01:48:81:5e:6a:5e:
                    03:56:40:2d:fd:66:4b:e8:ba:b6:dc:7b:58:75:15:
                    89:04:dd:c1:47:a7:36:10:fd:cb:41:d7:b1:c3:35:
                    54:61:22:c8:d6:b5:05:9b:a2:62:b6:5f:e9:9d:34:
                    e8:22:0f:c7:06:ab:ef:73:81:a7:ba:50:20:c9:a7:
                    60:3e:cf:5a:e7:96:3a:7d:46:e1:04:f2:33:55:02:
                    22:66:44:7b:3f:8f:92:55:ec:97:1b:10:72:e9:fc:
                    d4:1d:62:15:db:fd:01:e5:7a:46:05:7a:ed:f0:0b:
                    a9:46:8d:04:cc:a6:8f:ff:35:54:dc:5a:f2:0f:95:
                    6a:23:50:4a:d7:2c:87:bb:36:09:aa:35:12:0b:95:
                    d7:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:83:CC:C7:C7:0A:B7:69:77:53:A5:21:EE:A5:DF:7C:37:37:F0:62
            X509v3 Authority Key Identifier:
                keyid:FF:3E:D3:D4:D4:7B:8E:82:5F:BF:D0:79:48:2F:7A:0C:21:DC:91:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_z7T1NR7joJfv9B5SC96DCHcke8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/61ec7d-8df6-4ffe-b637-5b09a6743375/1/hoPMx8cKt2l3U6Uh7qXffDc38GI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/61ec7d-8df6-4ffe-b637-5b09a6743375/1/_z7T1NR7joJfv9B5SC96DCHcke8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.55.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:29:6f:8f:96:70:c6:b7:e7:91:5e:fb:a2:31:eb:97:7f:21:
         09:c2:dd:53:15:bb:8b:33:5d:96:f1:7f:f2:d3:c7:17:76:64:
         46:5d:09:30:fc:57:38:be:b3:6a:31:14:85:5c:7c:ad:50:c8:
         00:09:1f:c1:c9:f9:24:02:a0:eb:d9:3a:26:71:09:dc:4d:35:
         7d:13:5f:56:05:f0:99:c9:f0:26:5c:15:74:77:21:d8:91:89:
         1e:21:ff:de:0c:ea:9a:b1:29:e1:bc:59:81:58:ab:26:ca:4e:
         73:77:e2:e0:28:02:11:27:d5:69:b7:85:97:a0:38:c7:cc:7d:
         5d:ce:03:54:c9:35:62:04:70:00:dc:35:13:f8:9f:7b:8f:e8:
         f0:44:6c:fd:da:c2:03:b3:79:52:20:22:82:d8:1f:2c:94:50:
         5e:5e:c5:72:f8:b9:52:18:37:2f:a7:64:f2:d2:c4:d0:f3:bb:
         51:43:19:7b:f4:e7:e8:49:07:67:41:d0:40:0f:1f:92:91:d4:
         67:29:4c:af:c1:14:09:9a:a8:eb:9b:a7:7e:5c:aa:97:c4:3d:
         c7:ca:48:d5:d4:98:2a:f9:5c:0e:46:a5:4e:99:1f:c1:21:b3:
         c4:3c:85:d2:12:29:37:cf:a2:0a:ae:d0:39:7b:39:5a:c5:f1:
         56:2c:1a:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1Til/RyUnBDY39I8K9ZErUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmM2VkM2Q0ZDQ3YjhlODI1ZmJmZDA3OTQ4MmY3YTBjMjFk
YzkxZWYwHhcNMjYwNDAzMTMzMTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjgzY2NjN2M3MGFiNzY5Nzc1M2E1MjFlZWE1ZGY3YzM3MzdmMDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2mwnX3LCoql+aWPRZUXHU7jaOEr
ASy5cgb2rnRb0q1zLin+nH6ubrvA1nmyst7Uk8fmmmc++8/wPsGzQyBX0u8yehBF
ZL2XuExU+Zkkf9s9q7eiSRJqnhqdUXf0n8WmegEMNir3iMKsr9L/OG2mOMYBSIFe
al4DVkAt/WZL6Lq23HtYdRWJBN3BR6c2EP3LQdexwzVUYSLI1rUFm6Jitl/pnTTo
Ig/HBqvvc4GnulAgyadgPs9a55Y6fUbhBPIzVQIiZkR7P4+SVeyXGxBy6fzUHWIV
2/0B5XpGBXrt8AupRo0EzKaP/zVU3FryD5VqI1BK1yyHuzYJqjUSC5XXvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIaDzMfHCrdpd1OlIe6l33w3N/BiMB8GA1UdIwQY
MBaAFP8+09TUe46CX7/QeUgvegwh3JHvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3o3VDFOUjdqb0pmdjlCNVNDOTZEQ0hja2U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS82MWVjN2QtOGRmNi00ZmZlLWI2Mzct
NWIwOWE2NzQzMzc1LzEvaG9QTXg4Y0t0MmwzVTZVaDdxWGZmRGMzOEdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS82MWVjN2QtOGRmNi00ZmZlLWI2MzctNWIwOWE2NzQzMzc1
LzEvX3o3VDFOUjdqb0pmdjlCNVNDOTZEQ0hja2U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTefMA0G
CSqGSIb3DQEBCwUAA4IBAQBqKW+PlnDGt+eRXvuiMeuXfyEJwt1TFbuLM12W8X/y
08cXdmRGXQkw/Fc4vrNqMRSFXHytUMgACR/ByfkkAqDr2TomcQncTTV9E19WBfCZ
yfAmXBV0dyHYkYkeIf/eDOqasSnhvFmBWKsmyk5zd+LgKAIRJ9Vpt4WXoDjHzH1d
zgNUyTViBHAA3DUT+J97j+jwRGz92sIDs3lSICKC2B8slFBeXsVy+LlSGDcvp2Ty
0sTQ87tRQxl79OfoSQdnQdBADx+SkdRnKUyvwRQJmqjrm6d+XKqXxD3HykjV1Jgq
+VwORqVOmR/BIbPEPIXSEik3z6IKrtA5ezlaxfFWLBrn
-----END CERTIFICATE-----