Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/HpCfEImHkb3OVRB7Cg-DUXnBu1g.roa
File:                     HpCfEImHkb3OVRB7Cg-DUXnBu1g.roa (raw, json)
Hash identifier:          cdsGXatsZSEPYOtFACJlSbDzB+wwXF1txphXoAyPSt4=
Subject key identifier:   1E:90:9F:10:89:87:91:BD:CE:55:10:7B:0A:0F:83:51:79:C1:BB:58
Certificate issuer:       /CN=86170339c2bc664d600fa98b8061269d48e4f2c6
Certificate serial:       019D6D211EF13958C92BA428261328B2D60C
Authority key identifier: 86:17:03:39:C2:BC:66:4D:60:0F:A9:8B:80:61:26:9D:48:E4:F2:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/HpCfEImHkb3OVRB7Cg-DUXnBu1g.roa
Signing time:             Wed 08 Apr 2026 12:46:20 +0000
ROA not before:           Wed 08 Apr 2026 12:46:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211743
IP address blocks:        45.84.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:6d:21:1e:f1:39:58:c9:2b:a4:28:26:13:28:b2:d6:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86170339c2bc664d600fa98b8061269d48e4f2c6
        Validity
            Not Before: Apr  8 12:46:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1e909f10898791bdce55107b0a0f835179c1bb58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:56:61:1f:3d:a2:f3:71:50:7e:b5:ca:81:1c:
                    9a:ea:25:f6:b3:07:11:11:8e:af:1a:86:ea:3e:62:
                    c7:a7:91:ca:34:7c:1f:19:7f:df:9f:4c:ae:43:48:
                    dd:2a:14:0f:7c:9a:83:0b:aa:04:01:5d:99:d9:61:
                    00:78:54:56:5f:fb:0c:78:1f:83:87:ce:21:6b:f1:
                    53:29:07:e7:7f:77:70:b7:e6:f7:18:06:a9:77:52:
                    cb:bb:ef:da:a6:ea:91:9b:cb:b5:0c:ee:9d:75:b5:
                    64:c7:cf:74:ca:48:ac:f5:f9:0f:35:9c:4f:4a:e0:
                    58:1c:f2:dc:c9:ed:5b:2d:63:31:50:7c:dc:4b:ef:
                    46:25:80:e0:90:58:09:17:87:9e:f7:9e:77:5d:62:
                    20:81:b9:ae:65:d0:3e:ad:00:c8:f7:bb:3f:b4:b8:
                    94:a1:53:0e:13:e3:2f:38:94:92:ad:83:24:51:fa:
                    6e:3d:4e:06:80:c7:0a:92:ec:d2:5e:89:71:b8:f9:
                    fc:50:fe:7b:45:db:d5:c4:b9:de:00:c0:36:ee:f4:
                    dc:78:2e:b4:1e:a9:67:c4:e9:cc:34:28:a7:12:b4:
                    49:60:98:4d:1c:bb:24:2f:b9:6c:97:70:f8:85:fd:
                    1f:91:17:95:81:82:9d:6b:d7:4a:bf:95:74:57:3c:
                    ef:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:90:9F:10:89:87:91:BD:CE:55:10:7B:0A:0F:83:51:79:C1:BB:58
            X509v3 Authority Key Identifier:
                keyid:86:17:03:39:C2:BC:66:4D:60:0F:A9:8B:80:61:26:9D:48:E4:F2:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/HpCfEImHkb3OVRB7Cg-DUXnBu1g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:24:5c:e6:1f:9a:e7:b8:a2:6b:d2:e9:9b:b4:ba:06:f2:88:
         87:da:ee:45:cd:73:37:e7:f6:08:5d:a7:4d:38:cf:3f:eb:25:
         e9:4e:00:42:f4:fe:e9:51:49:85:02:e8:b1:b2:5f:0d:2b:04:
         64:ba:f2:e1:36:97:8a:ce:b4:65:d2:77:27:21:a2:7c:36:bb:
         10:78:58:9d:b3:29:15:10:72:16:6a:e5:b0:c2:0c:f1:8f:ef:
         81:d4:37:0a:5c:56:ed:57:1d:9c:a8:77:85:46:04:fa:a6:18:
         2e:58:d6:37:bc:6f:ac:6a:46:93:0a:31:46:5f:fd:74:2c:9b:
         a9:95:a5:32:72:a7:42:e9:a6:b9:fa:0c:c5:57:31:97:a3:5d:
         f4:34:49:cf:e0:24:29:3f:27:41:9a:4a:d1:a9:b9:0d:76:26:
         b9:c7:7d:49:16:10:9d:be:f5:21:c9:7b:ab:e3:d8:7b:82:f9:
         c5:a9:eb:cf:86:09:9c:68:44:dc:1d:13:97:41:5c:7b:ee:93:
         d4:8c:f5:9f:49:84:f4:1e:e1:08:76:43:ed:2e:97:78:53:01:
         f8:f2:82:c1:e3:d9:9b:e5:70:ad:ad:2e:61:8b:fc:16:41:f0:
         26:88:7c:2e:57:e9:00:65:78:e0:61:e7:b9:8a:68:21:12:16:
         44:81:f4:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1tIR7xOVjJK6QoJhMostYMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2MTcwMzM5YzJiYzY2NGQ2MDBmYTk4YjgwNjEyNjlkNDhl
NGYyYzYwHhcNMjYwNDA4MTI0NjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTkwOWYxMDg5ODc5MWJkY2U1NTEwN2IwYTBmODM1MTc5YzFiYjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlZhHz2i83FQfrXKgRya6iX2swcR
EY6vGobqPmLHp5HKNHwfGX/fn0yuQ0jdKhQPfJqDC6oEAV2Z2WEAeFRWX/sMeB+D
h84ha/FTKQfnf3dwt+b3GAapd1LLu+/apuqRm8u1DO6ddbVkx890ykis9fkPNZxP
SuBYHPLcye1bLWMxUHzcS+9GJYDgkFgJF4ee9553XWIggbmuZdA+rQDI97s/tLiU
oVMOE+MvOJSSrYMkUfpuPU4GgMcKkuzSXolxuPn8UP57RdvVxLneAMA27vTceC60
HqlnxOnMNCinErRJYJhNHLskL7lsl3D4hf0fkReVgYKda9dKv5V0Vzzv8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB6QnxCJh5G9zlUQewoPg1F5wbtYMB8GA1UdIwQY
MBaAFIYXAznCvGZNYA+pi4BhJp1I5PLGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGhjRE9jSzhaazFnRDZtTGdHRW1uVWprOHNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9jOThhYTMtMGUwYy00ZDk3LTliYzMt
NzRkOTFjZGJlMTk1LzEvSHBDZkVJbUhrYjNPVlJCN0NnLURVWG5CdTFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9jOThhYTMtMGUwYy00ZDk3LTliYzMtNzRkOTFjZGJlMTk1
LzEvaGhjRE9jSzhaazFnRDZtTGdHRW1uVWprOHNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVRZMA0G
CSqGSIb3DQEBCwUAA4IBAQBQJFzmH5rnuKJr0umbtLoG8oiH2u5FzXM35/YIXadN
OM8/6yXpTgBC9P7pUUmFAuixsl8NKwRkuvLhNpeKzrRl0ncnIaJ8NrsQeFidsykV
EHIWauWwwgzxj++B1DcKXFbtVx2cqHeFRgT6phguWNY3vG+sakaTCjFGX/10LJup
laUycqdC6aa5+gzFVzGXo130NEnP4CQpPydBmkrRqbkNdia5x31JFhCdvvUhyXur
49h7gvnFqevPhgmcaETcHROXQVx77pPUjPWfSYT0HuEIdkPtLpd4UwH48oLB49mb
5XCtrS5hi/wWQfAmiHwuV+kAZXjgYee5imghEhZEgfTE
-----END CERTIFICATE-----