Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/5f575f-992c-48e9-9158-d80f5ea62d44/1/HgFja2bLpVL2qd4TnI1Z6oWyNO8.roa
File:                     HgFja2bLpVL2qd4TnI1Z6oWyNO8.roa (raw, json)
Hash identifier:          xWIulmmQRVp8Zbt+l6Hy12uHB1PLbHRuuRd4Ash/YeI=
Subject key identifier:   1E:01:63:6B:66:CB:A5:52:F6:A9:DE:13:9C:8D:59:EA:85:B2:34:EF
Certificate issuer:       /CN=30be52bae4d48dddc9cbec2076aba91c953ae12e
Certificate serial:       019B79ECFEB19AAF6A9CBCCBF75E5DDC1B8C
Authority key identifier: 30:BE:52:BA:E4:D4:8D:DD:C9:CB:EC:20:76:AB:A9:1C:95:3A:E1:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ML5SuuTUjd3Jy-wgdqupHJU64S4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/5f575f-992c-48e9-9158-d80f5ea62d44/1/HgFja2bLpVL2qd4TnI1Z6oWyNO8.roa
Signing time:             Thu 01 Jan 2026 14:18:53 +0000
ROA not before:           Thu 01 Jan 2026 14:18:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43305
IP address blocks:        91.198.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/5f575f-992c-48e9-9158-d80f5ea62d44/1/ML5SuuTUjd3Jy-wgdqupHJU64S4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/5f575f-992c-48e9-9158-d80f5ea62d44/1/ML5SuuTUjd3Jy-wgdqupHJU64S4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ML5SuuTUjd3Jy-wgdqupHJU64S4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 20:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:fe:b1:9a:af:6a:9c:bc:cb:f7:5e:5d:dc:1b:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30be52bae4d48dddc9cbec2076aba91c953ae12e
        Validity
            Not Before: Jan  1 14:18:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1e01636b66cba552f6a9de139c8d59ea85b234ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:94:41:82:24:e7:3f:dd:4a:1e:d3:91:e8:ee:
                    8b:0b:1a:df:76:fc:65:86:55:44:c8:3a:ff:99:f3:
                    09:3b:3a:cb:77:c4:c3:e7:31:15:b1:98:e0:0d:ac:
                    6b:f6:15:c7:57:dd:65:15:58:b3:56:f9:4c:d7:f9:
                    48:0f:64:22:07:80:5c:72:73:46:3d:ca:d7:3b:58:
                    28:f4:3c:da:8a:10:08:b1:4e:ac:94:63:f2:b2:46:
                    0f:92:6c:2a:4e:57:ad:37:e3:f2:07:16:4e:c3:13:
                    85:99:ef:93:a9:7e:41:b6:40:3e:49:ee:e1:73:fb:
                    3e:fe:38:2f:c0:b6:a2:a5:46:25:38:a3:7e:1e:23:
                    b1:22:f6:2f:5d:24:b2:18:0a:c2:d8:ca:a4:ad:26:
                    74:d1:2f:25:5b:4f:f7:0f:f4:f9:04:f3:ff:bd:fc:
                    97:54:27:b7:c1:33:8f:eb:bb:a0:aa:e0:da:f8:35:
                    47:c2:6c:37:2b:00:62:03:1a:cc:c3:da:89:f4:ee:
                    84:18:7e:2d:d9:87:e8:f5:fb:02:e1:2a:b6:1a:20:
                    8d:5f:1e:ce:74:9d:c0:72:d7:5f:cf:2e:b7:b2:21:
                    f9:2d:47:b2:b9:f8:7c:66:2d:c7:da:ed:19:15:0b:
                    76:0c:18:a2:73:e2:b6:a0:ea:19:26:81:84:b8:df:
                    57:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:01:63:6B:66:CB:A5:52:F6:A9:DE:13:9C:8D:59:EA:85:B2:34:EF
            X509v3 Authority Key Identifier:
                keyid:30:BE:52:BA:E4:D4:8D:DD:C9:CB:EC:20:76:AB:A9:1C:95:3A:E1:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ML5SuuTUjd3Jy-wgdqupHJU64S4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/5f575f-992c-48e9-9158-d80f5ea62d44/1/HgFja2bLpVL2qd4TnI1Z6oWyNO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/5f575f-992c-48e9-9158-d80f5ea62d44/1/ML5SuuTUjd3Jy-wgdqupHJU64S4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:f1:bb:84:8c:cb:e1:04:50:b6:28:cf:a3:5f:91:ba:b0:48:
         19:5a:8f:31:97:cd:47:49:6d:f5:a1:d1:6a:7c:14:06:fe:ca:
         3e:cd:6c:be:b5:8a:f5:d2:e7:52:09:6c:0a:7d:c8:9d:7b:4b:
         08:82:1f:dd:ef:dc:df:3b:c8:12:fe:0f:14:c4:40:2c:46:71:
         a9:52:5e:19:b6:ee:94:bf:40:73:74:8e:07:53:d4:8d:db:5c:
         de:6b:84:10:2d:a0:54:b2:e4:c0:0d:3e:16:a2:e5:fb:01:ae:
         3c:e1:77:00:e9:ba:da:c0:52:bd:9d:a9:88:8f:e1:96:99:0e:
         b9:c7:30:a7:97:a3:e9:31:62:77:ee:50:fb:0a:e9:94:5e:4c:
         32:19:27:53:36:25:32:a2:4d:7f:24:63:c1:39:e5:99:95:66:
         03:d8:53:9e:de:e8:5f:42:7e:4a:e4:75:66:1e:63:37:bd:d6:
         ec:e4:85:fb:86:53:ae:65:2e:d3:b2:f7:9f:70:74:7d:89:68:
         f8:94:65:ef:56:41:1e:f5:d7:f4:db:cc:3d:2c:14:24:2a:4a:
         9f:6d:dc:e6:3b:8c:48:ab:d3:b2:df:a0:58:3e:02:39:55:2e:
         c6:fb:4c:04:e3:c4:19:6a:92:ba:91:f7:cf:d8:dc:df:00:f9:
         39:15:51:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57P6xmq9qnLzL915d3BuMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYmU1MmJhZTRkNDhkZGRjOWNiZWMyMDc2YWJhOTFjOTUz
YWUxMmUwHhcNMjYwMTAxMTQxODUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTAxNjM2YjY2Y2JhNTUyZjZhOWRlMTM5YzhkNTllYTg1YjIzNGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5RBgiTnP91KHtOR6O6LCxrfdvxl
hlVEyDr/mfMJOzrLd8TD5zEVsZjgDaxr9hXHV91lFVizVvlM1/lID2QiB4BccnNG
PcrXO1go9DzaihAIsU6slGPyskYPkmwqTletN+PyBxZOwxOFme+TqX5BtkA+Se7h
c/s+/jgvwLaipUYlOKN+HiOxIvYvXSSyGArC2MqkrSZ00S8lW0/3D/T5BPP/vfyX
VCe3wTOP67ugquDa+DVHwmw3KwBiAxrMw9qJ9O6EGH4t2Yfo9fsC4Sq2GiCNXx7O
dJ3Actdfzy63siH5LUeyufh8Zi3H2u0ZFQt2DBiic+K2oOoZJoGEuN9X8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB4BY2tmy6VS9qneE5yNWeqFsjTvMB8GA1UdIwQY
MBaAFDC+Urrk1I3dycvsIHarqRyVOuEuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUw1U3V1VFVqZDNKeS13Z2RxdXBISlU2NFM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC81ZjU3NWYtOTkyYy00OGU5LTkxNTgt
ZDgwZjVlYTYyZDQ0LzEvSGdGamEyYkxwVkwycWQ0VG5JMVo2b1d5Tk84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC81ZjU3NWYtOTkyYy00OGU5LTkxNTgtZDgwZjVlYTYyZDQ0
LzEvTUw1U3V1VFVqZDNKeS13Z2RxdXBISlU2NFM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8YjMA0G
CSqGSIb3DQEBCwUAA4IBAQAn8buEjMvhBFC2KM+jX5G6sEgZWo8xl81HSW31odFq
fBQG/so+zWy+tYr10udSCWwKfcide0sIgh/d79zfO8gS/g8UxEAsRnGpUl4Ztu6U
v0BzdI4HU9SN21zea4QQLaBUsuTADT4WouX7Aa484XcA6brawFK9namIj+GWmQ65
xzCnl6PpMWJ37lD7CumUXkwyGSdTNiUyok1/JGPBOeWZlWYD2FOe3uhfQn5K5HVm
HmM3vdbs5IX7hlOuZS7TsvefcHR9iWj4lGXvVkEe9df028w9LBQkKkqfbdzmO4xI
q9Oy36BYPgI5VS7G+0wE48QZapK6kffP2NzfAPk5FVF+
-----END CERTIFICATE-----