Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/742a04-17af-4f40-a140-604584895925/1/HTsrx9Wfp4NlogQqyGFERMCHjME.roa
File:                     HTsrx9Wfp4NlogQqyGFERMCHjME.roa (raw, json)
Hash identifier:          qUCFvpFwZ+rAEW4PKzOQClC2RRU+DPcjwot7U4Nm7cE=
Subject key identifier:   1D:3B:2B:C7:D5:9F:A7:83:65:A2:04:2A:C8:61:44:44:C0:87:8C:C1
Certificate issuer:       /CN=e8477ad21cb789143313c40b19f8cc0023de88a6
Certificate serial:       019C9942A466C2A69BFACC14EA66D69AAE50
Authority key identifier: E8:47:7A:D2:1C:B7:89:14:33:13:C4:0B:19:F8:CC:00:23:DE:88:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6Ed60hy3iRQzE8QLGfjMACPeiKY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/742a04-17af-4f40-a140-604584895925/1/HTsrx9Wfp4NlogQqyGFERMCHjME.roa
Signing time:             Thu 26 Feb 2026 09:23:27 +0000
ROA not before:           Thu 26 Feb 2026 09:23:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213892
IP address blocks:        86.106.75.0/24 maxlen: 24
                          2a05:cbc0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/742a04-17af-4f40-a140-604584895925/1/6Ed60hy3iRQzE8QLGfjMACPeiKY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/742a04-17af-4f40-a140-604584895925/1/6Ed60hy3iRQzE8QLGfjMACPeiKY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6Ed60hy3iRQzE8QLGfjMACPeiKY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 12:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:99:42:a4:66:c2:a6:9b:fa:cc:14:ea:66:d6:9a:ae:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8477ad21cb789143313c40b19f8cc0023de88a6
        Validity
            Not Before: Feb 26 09:23:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1d3b2bc7d59fa78365a2042ac8614444c0878cc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a2:7e:29:5c:5e:15:e4:32:0d:a1:a8:0f:f7:
                    7c:68:7e:f2:83:c4:f3:95:1e:6f:9e:88:6c:d9:c6:
                    20:0d:b7:f4:27:8f:09:d3:1b:d3:cb:cc:c1:3b:cb:
                    31:16:ac:42:6e:e6:fb:86:3e:4d:6b:24:1d:37:53:
                    c4:12:72:0a:95:ba:1c:64:d7:af:0f:7b:a8:26:78:
                    74:82:b4:de:ba:f9:df:cb:dc:cd:d7:43:9b:2c:97:
                    78:44:e7:78:bd:35:48:32:a9:58:cd:ed:f0:69:8d:
                    4b:f5:7b:91:c0:58:4b:0e:51:e8:56:20:1f:0e:f5:
                    30:3c:71:1c:de:2e:6b:cd:8a:d7:45:63:2c:47:0f:
                    fe:44:4f:c8:e2:54:d6:dc:dc:88:43:6e:a2:f9:cf:
                    d2:17:62:6f:a3:85:bf:f4:76:8d:2b:19:58:56:21:
                    f4:56:32:48:95:ef:74:fb:08:2f:49:12:c4:c9:3b:
                    0b:dd:e1:62:b4:26:28:e1:b7:46:2e:24:d6:e1:1f:
                    58:68:63:6b:8c:8e:fb:9b:11:cc:a8:31:e8:8c:1e:
                    79:eb:48:1d:fc:d3:7e:0d:cd:cb:52:b5:2a:5c:73:
                    a4:4a:da:1b:b4:99:57:cf:a5:86:9a:60:38:6b:89:
                    73:79:dc:bc:75:21:b8:f5:c2:dc:bc:f3:0c:55:7d:
                    aa:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:3B:2B:C7:D5:9F:A7:83:65:A2:04:2A:C8:61:44:44:C0:87:8C:C1
            X509v3 Authority Key Identifier:
                keyid:E8:47:7A:D2:1C:B7:89:14:33:13:C4:0B:19:F8:CC:00:23:DE:88:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6Ed60hy3iRQzE8QLGfjMACPeiKY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/742a04-17af-4f40-a140-604584895925/1/HTsrx9Wfp4NlogQqyGFERMCHjME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/742a04-17af-4f40-a140-604584895925/1/6Ed60hy3iRQzE8QLGfjMACPeiKY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.106.75.0/24
                IPv6:
                  2a05:cbc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         05:e7:25:3b:e0:5a:8d:e7:d5:c2:66:e8:f8:82:10:cd:01:7e:
         1e:7a:3a:c3:a7:dc:47:34:6b:bc:24:ef:20:a2:8b:2e:2a:f3:
         8a:e8:e8:ce:23:9d:5b:5d:0e:e3:d8:f0:5f:cc:ae:86:9e:6a:
         7e:7a:bc:5c:e4:d9:e9:ef:71:ba:f1:14:73:8a:6d:ed:dd:41:
         d7:80:4f:69:b0:99:42:5a:b6:c3:35:43:c7:c9:9b:7c:77:78:
         bb:53:69:02:f6:2c:d2:65:f6:da:dc:da:c5:88:86:cc:b9:f3:
         b4:d0:b7:84:b2:f7:bc:4a:ad:b4:be:75:e0:27:33:04:f1:6e:
         01:9e:f8:4d:b6:9c:f3:0c:99:27:7b:7c:5d:1e:40:a6:38:a1:
         5a:05:09:dd:27:99:4b:48:32:d7:cf:b3:1b:97:d5:8b:65:0e:
         ab:b0:88:18:93:da:86:f4:44:2f:43:c7:11:78:ae:2e:17:31:
         42:41:30:ad:ab:2f:ea:a0:27:3a:0d:dc:d0:d4:37:02:fa:8a:
         48:45:e9:7f:da:e4:50:eb:dd:59:48:bc:a4:dd:85:75:8b:5e:
         41:2e:b2:3a:8f:5f:f1:84:02:ae:f2:de:df:13:56:0d:f5:e6:
         83:20:65:6f:aa:d4:7f:2d:30:f9:58:2a:b5:f5:18:4d:a4:57:
         c7:1b:56:4a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZyZQqRmwqab+swU6mbWmq5QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NDc3YWQyMWNiNzg5MTQzMzEzYzQwYjE5ZjhjYzAwMjNk
ZTg4YTYwHhcNMjYwMjI2MDkyMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDNiMmJjN2Q1OWZhNzgzNjVhMjA0MmFjODYxNDQ0NGMwODc4Y2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtqJ+KVxeFeQyDaGoD/d8aH7yg8Tz
lR5vnohs2cYgDbf0J48J0xvTy8zBO8sxFqxCbub7hj5NayQdN1PEEnIKlbocZNev
D3uoJnh0grTeuvnfy9zN10ObLJd4ROd4vTVIMqlYze3waY1L9XuRwFhLDlHoViAf
DvUwPHEc3i5rzYrXRWMsRw/+RE/I4lTW3NyIQ26i+c/SF2Jvo4W/9HaNKxlYViH0
VjJIle90+wgvSRLEyTsL3eFitCYo4bdGLiTW4R9YaGNrjI77mxHMqDHojB5560gd
/NN+Dc3LUrUqXHOkStobtJlXz6WGmmA4a4lzedy8dSG49cLcvPMMVX2qxQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB07K8fVn6eDZaIEKshhRETAh4zBMB8GA1UdIwQY
MBaAFOhHetIct4kUMxPECxn4zAAj3oimMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkVkNjBoeTNpUlF6RThRTEdmak1BQ1BlaUtZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi83NDJhMDQtMTdhZi00ZjQwLWExNDAt
NjA0NTg0ODk1OTI1LzEvSFRzcng5V2ZwNE5sb2dRcXlHRkVSTUNIak1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi83NDJhMDQtMTdhZi00ZjQwLWExNDAtNjA0NTg0ODk1OTI1
LzEvNkVkNjBoeTNpUlF6RThRTEdmak1BQ1BlaUtZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAVmpLMA0E
AgACMAcDBQAqBcvAMA0GCSqGSIb3DQEBCwUAA4IBAQAF5yU74FqN59XCZuj4ghDN
AX4eejrDp9xHNGu8JO8goosuKvOK6OjOI51bXQ7j2PBfzK6Gnmp+erxc5Nnp73G6
8RRzim3t3UHXgE9psJlCWrbDNUPHyZt8d3i7U2kC9izSZfba3NrFiIbMufO00LeE
sve8Sq20vnXgJzME8W4BnvhNtpzzDJkne3xdHkCmOKFaBQndJ5lLSDLXz7Mbl9WL
ZQ6rsIgYk9qG9EQvQ8cReK4uFzFCQTCtqy/qoCc6DdzQ1DcC+opIRel/2uRQ691Z
SLyk3YV1i15BLrI6j1/xhAKu8t7fE1YN9eaDIGVvqtR/LTD5WCq19RhNpFfHG1ZK
-----END CERTIFICATE-----