Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/hXK9Hc5sAQMbjFO-IOFUQkBqBqs.roa
File:                     hXK9Hc5sAQMbjFO-IOFUQkBqBqs.roa (raw, json)
Hash identifier:          oayuIVbp9XMXi8iVnT1fc+bq2U/tSBJEowoJnqub+1M=
Subject key identifier:   85:72:BD:1D:CE:6C:01:03:1B:8C:53:BE:20:E1:54:42:40:6A:06:AB
Certificate issuer:       /CN=0c90c356e2864f43894857443555d8b5c0352819
Certificate serial:       019E5F1F72695E3C0EEFE37E82A9A0569CF2
Authority key identifier: 0C:90:C3:56:E2:86:4F:43:89:48:57:44:35:55:D8:B5:C0:35:28:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/hXK9Hc5sAQMbjFO-IOFUQkBqBqs.roa
Signing time:             Mon 25 May 2026 12:32:36 +0000
ROA not before:           Mon 25 May 2026 12:32:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215421
IP address blocks:        46.36.122.0/23 maxlen: 24
                          46.36.122.0/24 maxlen: 24
                          46.36.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jun 2026 01:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5f:1f:72:69:5e:3c:0e:ef:e3:7e:82:a9:a0:56:9c:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c90c356e2864f43894857443555d8b5c0352819
        Validity
            Not Before: May 25 12:32:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8572bd1dce6c01031b8c53be20e15442406a06ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:ea:4a:55:31:e4:f0:2d:b9:ec:06:f9:59:a1:
                    a2:0d:da:65:22:0a:73:82:6c:45:43:53:84:fa:c4:
                    de:8d:d5:af:f7:ef:01:17:ed:c4:ff:9d:e0:9b:e0:
                    3d:09:9f:54:c3:de:2e:2e:29:2f:a2:ad:a4:e9:1c:
                    b8:65:4e:99:6a:1c:f6:fe:c1:8b:ad:d4:6f:fd:04:
                    6b:86:de:16:f0:36:ff:16:88:7b:b5:20:f3:26:5f:
                    cb:72:f4:88:bd:6c:58:4e:b6:b4:20:2a:ac:52:48:
                    e8:c6:4c:49:d7:a0:d7:a2:52:1f:a8:a5:6f:04:cd:
                    31:f2:ea:68:c5:3d:de:ef:09:a0:46:b5:34:b2:cc:
                    a4:01:9a:52:db:3f:67:eb:03:e8:64:08:f9:73:7e:
                    ec:39:2d:ab:e4:4d:ac:24:e9:4b:41:10:c4:61:a1:
                    3f:4c:2c:9a:a3:d2:2d:78:5d:89:c6:62:bc:74:6a:
                    65:6e:de:61:4d:38:3f:af:f6:33:fb:68:f2:45:13:
                    da:69:00:ab:bb:8f:a8:dc:e3:f3:0a:52:3c:f2:9a:
                    f7:f2:4d:f3:ab:82:8b:ef:55:1d:76:cd:bf:52:a5:
                    6f:d7:d0:82:7b:8b:c9:e8:f2:7d:1c:a3:1a:da:c6:
                    a7:29:a6:3d:d0:e4:ea:ca:53:f7:64:07:08:7e:51:
                    d1:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:72:BD:1D:CE:6C:01:03:1B:8C:53:BE:20:E1:54:42:40:6A:06:AB
            X509v3 Authority Key Identifier:
                keyid:0C:90:C3:56:E2:86:4F:43:89:48:57:44:35:55:D8:B5:C0:35:28:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/hXK9Hc5sAQMbjFO-IOFUQkBqBqs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.36.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         73:4d:2c:65:49:59:2c:2d:9b:3b:7a:58:08:df:c2:fd:25:98:
         32:68:1c:85:2f:8c:0e:36:4a:88:9f:40:8a:ad:99:fc:c8:cc:
         2f:e8:44:b2:47:7c:f8:7b:e5:3a:a8:bf:df:39:22:4c:c6:da:
         06:10:68:1a:0a:a2:b7:c4:46:b4:42:e4:7a:e1:b9:5a:6c:2e:
         01:a3:17:4c:b4:7e:19:76:81:4a:c8:76:93:79:a5:dd:8f:b6:
         5d:13:0e:e7:47:01:6f:33:c1:b7:db:c6:05:e7:c9:b0:4f:b9:
         ec:a2:28:02:88:28:ac:20:98:b0:d6:3b:be:a5:b0:90:f7:9d:
         e7:62:74:9a:76:f3:56:09:2b:b7:c6:a8:0c:4c:85:79:98:fc:
         c6:ed:18:3a:14:fc:7f:08:30:4c:45:7e:51:9b:41:a8:8e:32:
         f9:d3:5e:db:ae:90:f2:57:67:d1:bf:db:96:80:7f:fc:f7:01:
         ff:71:e6:26:63:95:48:89:0c:2e:4a:21:cc:5a:20:f7:2e:47:
         65:66:39:71:91:c5:21:28:59:f9:ea:6e:5e:95:57:77:87:88:
         7b:e2:47:d4:5e:46:13:97:62:37:f1:b5:b1:f7:a9:97:0a:4c:
         13:ac:3e:60:98:23:a1:d0:d6:c8:05:e9:64:d9:d9:46:c4:7d:
         ae:ca:2f:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5fH3JpXjwO7+N+gqmgVpzyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjOTBjMzU2ZTI4NjRmNDM4OTQ4NTc0NDM1NTVkOGI1YzAz
NTI4MTkwHhcNMjYwNTI1MTIzMjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTcyYmQxZGNlNmMwMTAzMWI4YzUzYmUyMGUxNTQ0MjQwNmEwNmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0+pKVTHk8C257Ab5WaGiDdplIgpz
gmxFQ1OE+sTejdWv9+8BF+3E/53gm+A9CZ9Uw94uLikvoq2k6Ry4ZU6Zahz2/sGL
rdRv/QRrht4W8Db/Foh7tSDzJl/LcvSIvWxYTra0ICqsUkjoxkxJ16DXolIfqKVv
BM0x8upoxT3e7wmgRrU0ssykAZpS2z9n6wPoZAj5c37sOS2r5E2sJOlLQRDEYaE/
TCyao9IteF2JxmK8dGplbt5hTTg/r/Yz+2jyRRPaaQCru4+o3OPzClI88pr38k3z
q4KL71Udds2/UqVv19CCe4vJ6PJ9HKMa2sanKaY90OTqylP3ZAcIflHRfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIVyvR3ObAEDG4xTviDhVEJAagarMB8GA1UdIwQY
MBaAFAyQw1bihk9DiUhXRDVV2LXANSgZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREpERFZ1S0dUME9KU0ZkRU5WWFl0Y0ExS0JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hYzVhNTYtMTYzYS00OTdhLTk1NDct
ZTM3OTlhZGU5ZGZlLzEvaFhLOUhjNXNBUU1iakZPLUlPRlVRa0JxQnFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hYzVhNTYtMTYzYS00OTdhLTk1NDctZTM3OTlhZGU5ZGZl
LzEvREpERFZ1S0dUME9KU0ZkRU5WWFl0Y0ExS0JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLiR6MA0G
CSqGSIb3DQEBCwUAA4IBAQBzTSxlSVksLZs7elgI38L9JZgyaByFL4wONkqIn0CK
rZn8yMwv6ESyR3z4e+U6qL/fOSJMxtoGEGgaCqK3xEa0QuR64blabC4BoxdMtH4Z
doFKyHaTeaXdj7ZdEw7nRwFvM8G328YF58mwT7nsoigCiCisIJiw1ju+pbCQ953n
YnSadvNWCSu3xqgMTIV5mPzG7Rg6FPx/CDBMRX5Rm0GojjL5017brpDyV2fRv9uW
gH/89wH/ceYmY5VIiQwuSiHMWiD3LkdlZjlxkcUhKFn56m5elVd3h4h74kfUXkYT
l2I38bWx96mXCkwTrD5gmCOh0NbIBelk2dlGxH2uyi/6
-----END CERTIFICATE-----