Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/HKCiGEhR4fFhsZOpPFeU4mXhprk.roa
File:                     HKCiGEhR4fFhsZOpPFeU4mXhprk.roa (raw, json)
Hash identifier:          0zvzkM1mpsOcozWpMfFAWvOFPmpu1Wrf9k9QIlegOMk=
Subject key identifier:   1C:A0:A2:18:48:51:E1:F1:61:B1:93:A9:3C:57:94:E2:65:E1:A6:B9
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019D76324F7CB3B550034D57198DF3DF097C
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/HKCiGEhR4fFhsZOpPFeU4mXhprk.roa
Signing time:             Fri 10 Apr 2026 07:01:41 +0000
ROA not before:           Fri 10 Apr 2026 07:01:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199614
IP address blocks:        94.176.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:76:32:4f:7c:b3:b5:50:03:4d:57:19:8d:f3:df:09:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Apr 10 07:01:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1ca0a2184851e1f161b193a93c5794e265e1a6b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:43:7a:26:e4:01:9b:9a:ff:79:42:0f:30:b2:
                    bc:24:56:b5:c0:d4:eb:54:79:bb:2e:d1:b3:2a:c8:
                    11:d0:69:3c:af:be:df:e5:8a:cc:c0:e1:7b:31:bc:
                    d0:06:be:f4:a3:01:e3:56:5d:fb:7e:74:d5:bf:27:
                    75:d8:eb:ae:85:28:7f:12:a4:c5:6a:b1:0a:6f:f4:
                    2a:8b:d2:b0:f9:4f:62:32:ca:59:c7:93:58:af:e3:
                    0e:45:b0:75:d9:21:be:f8:ab:04:68:f1:ec:fb:db:
                    51:a0:a3:23:f9:47:0e:10:01:af:5d:9d:08:9d:ed:
                    4e:85:4a:7f:06:c6:fe:04:0a:23:d3:48:50:aa:5c:
                    8c:56:f2:4f:a8:07:6e:48:d3:fc:6a:5c:f9:05:1d:
                    99:8e:07:7e:22:19:3e:13:73:17:f5:37:20:f8:90:
                    99:6e:1a:f5:43:8a:1d:b0:51:2e:77:d6:9b:ea:6e:
                    62:a1:54:c0:93:6d:85:26:22:db:cf:f5:a3:5b:05:
                    e7:3d:ce:d6:34:70:ac:dc:5b:f8:1a:7f:e6:00:4d:
                    ce:94:55:e1:9d:65:b7:9d:76:b9:9d:c1:5b:94:87:
                    2f:35:fa:2c:44:1b:c3:8e:2d:2c:f4:3a:5c:99:46:
                    aa:d3:cb:c7:71:28:7d:cf:91:c1:24:e8:2b:be:e8:
                    1f:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:A0:A2:18:48:51:E1:F1:61:B1:93:A9:3C:57:94:E2:65:E1:A6:B9
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/HKCiGEhR4fFhsZOpPFeU4mXhprk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.176.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:2b:2e:07:f6:9d:45:f2:f3:1a:da:8f:b7:33:87:d4:b8:24:
         e5:3b:a3:b8:c9:c7:c2:e8:94:07:49:bb:ba:0b:b6:f4:0f:95:
         cf:e9:1d:e5:79:89:06:46:39:43:91:0f:25:36:5c:ac:67:d3:
         1b:39:8e:0c:46:d7:b4:3c:42:51:af:8b:a0:a3:d6:f4:0a:d6:
         cd:1b:e5:71:93:a8:c1:ac:7b:60:b0:9a:6c:dc:00:8f:58:eb:
         55:7a:da:73:33:d9:22:2a:3c:77:ce:b9:0f:70:dc:cf:f7:de:
         93:d1:e2:1b:e8:e0:34:60:bf:51:e6:d9:1f:01:60:aa:e9:7d:
         b2:26:8a:72:e1:44:f9:1d:9b:ce:37:d3:08:b7:1b:02:5e:08:
         cf:3e:2f:e2:2f:d9:87:b8:44:63:64:16:fe:96:a3:78:8b:e5:
         d8:01:06:ce:70:c4:81:07:90:57:15:00:59:a8:ce:c4:d6:f0:
         ad:43:7a:78:93:94:b6:f7:36:20:27:13:69:1b:ef:a5:02:23:
         f7:ce:d0:72:8c:ea:85:e7:2d:9f:39:8b:99:44:aa:da:8d:b9:
         a0:87:aa:e6:ff:a1:ae:a3:0e:47:77:da:8c:f1:17:af:a2:6a:
         78:04:7d:08:59:4e:04:aa:1e:42:c9:da:23:9d:8c:0f:2d:ea:
         99:ae:20:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ12Mk98s7VQA01XGY3z3wl8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwNDEwMDcwMTQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2EwYTIxODQ4NTFlMWYxNjFiMTkzYTkzYzU3OTRlMjY1ZTFhNmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0N6JuQBm5r/eUIPMLK8JFa1wNTr
VHm7LtGzKsgR0Gk8r77f5YrMwOF7MbzQBr70owHjVl37fnTVvyd12OuuhSh/EqTF
arEKb/Qqi9Kw+U9iMspZx5NYr+MORbB12SG++KsEaPHs+9tRoKMj+UcOEAGvXZ0I
ne1OhUp/Bsb+BAoj00hQqlyMVvJPqAduSNP8alz5BR2Zjgd+Ihk+E3MX9Tcg+JCZ
bhr1Q4odsFEud9ab6m5ioVTAk22FJiLbz/WjWwXnPc7WNHCs3Fv4Gn/mAE3OlFXh
nWW3nXa5ncFblIcvNfosRBvDji0s9DpcmUaq08vHcSh9z5HBJOgrvugfvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBygohhIUeHxYbGTqTxXlOJl4aa5MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvSEtDaUdFaFI0ZkZoc1pPcFBGZVU0bVhocHJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXrBuMA0G
CSqGSIb3DQEBCwUAA4IBAQAfKy4H9p1F8vMa2o+3M4fUuCTlO6O4ycfC6JQHSbu6
C7b0D5XP6R3leYkGRjlDkQ8lNlysZ9MbOY4MRte0PEJRr4ugo9b0CtbNG+Vxk6jB
rHtgsJps3ACPWOtVetpzM9kiKjx3zrkPcNzP996T0eIb6OA0YL9R5tkfAWCq6X2y
Jopy4UT5HZvON9MItxsCXgjPPi/iL9mHuERjZBb+lqN4i+XYAQbOcMSBB5BXFQBZ
qM7E1vCtQ3p4k5S29zYgJxNpG++lAiP3ztByjOqF5y2fOYuZRKrajbmgh6rm/6Gu
ow5Hd9qM8Revomp4BH0IWU4Eqh5CydojnYwPLeqZriDB
-----END CERTIFICATE-----