Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/Hhx08W6yxhRbHfCLKYdHm13ozS0.roa
File:                     Hhx08W6yxhRbHfCLKYdHm13ozS0.roa (raw, json)
Hash identifier:          jwpzK3qtdotyMub/ILdIHzVfvJLpMrtxw3Hz/Tq6IYI=
Subject key identifier:   1E:1C:74:F1:6E:B2:C6:14:5B:1D:F0:8B:29:87:47:9B:5D:E8:CD:2D
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       019EB27AC35DBA7B91F8E13E8B1D24982E29
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/Hhx08W6yxhRbHfCLKYdHm13ozS0.roa
Signing time:             Wed 10 Jun 2026 17:00:50 +0000
ROA not before:           Wed 10 Jun 2026 17:00:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212720
IP address blocks:        89.28.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b2:7a:c3:5d:ba:7b:91:f8:e1:3e:8b:1d:24:98:2e:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Jun 10 17:00:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1e1c74f16eb2c6145b1df08b2987479b5de8cd2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:d7:b8:e5:8f:9c:2a:13:7c:1e:a2:aa:84:ce:
                    b0:89:99:8d:49:35:83:36:81:d6:b7:a2:bd:00:36:
                    54:ef:b4:88:d1:6e:6c:52:e1:83:7b:0f:0d:15:a4:
                    7f:04:dd:cd:a7:57:c5:6a:39:3e:ec:46:35:f6:c8:
                    7f:85:19:af:6e:11:f9:63:28:de:b3:68:32:db:51:
                    b2:b8:ac:14:d0:b2:08:f2:0a:0d:f6:26:14:8f:0d:
                    74:34:66:0b:74:e3:bc:3a:87:52:8a:f1:20:2b:49:
                    b0:fa:34:5a:4a:40:14:11:9d:9f:9a:af:df:21:14:
                    a4:57:a2:5b:4f:d7:90:4f:49:66:49:91:8e:61:7a:
                    e6:ac:23:98:fe:3e:e2:64:eb:6e:09:b7:f6:29:3c:
                    3c:1a:d4:55:3e:fe:0c:60:f1:d9:a6:30:01:bf:8f:
                    ae:0d:92:e7:2e:3e:9f:28:6d:26:d9:8b:92:22:04:
                    e7:39:ac:36:65:ca:da:c4:93:c0:53:94:54:93:a2:
                    79:15:d3:e6:2e:ae:20:97:26:dc:59:d8:6d:4a:c4:
                    b9:bd:76:30:4f:e9:5d:f4:b4:aa:d8:ae:5e:87:6e:
                    97:c8:a0:54:51:36:73:2d:9c:0e:0a:61:65:4f:de:
                    27:80:df:29:dc:c4:5d:0f:21:81:8f:78:55:62:01:
                    0b:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:1C:74:F1:6E:B2:C6:14:5B:1D:F0:8B:29:87:47:9B:5D:E8:CD:2D
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/Hhx08W6yxhRbHfCLKYdHm13ozS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.28.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:88:15:f3:32:ab:88:4e:6b:64:59:c2:81:f1:01:49:79:86:
         0e:ba:f2:f8:5d:6e:0f:af:fd:5a:26:af:14:44:e6:b5:cf:e0:
         d1:f1:bd:02:22:3f:f4:af:e3:f1:fa:2c:29:db:2b:58:3c:f3:
         58:13:ff:4a:35:b2:bd:64:0c:6f:65:71:cb:d5:09:0d:9a:14:
         0f:06:20:7d:8a:84:dc:59:5d:09:85:de:90:cc:49:59:3e:eb:
         54:20:89:b0:74:b3:1f:b2:7c:46:c1:01:22:97:ec:dd:28:47:
         b5:86:01:32:13:b7:4f:83:b4:af:cc:9e:bd:bc:5f:c4:9b:11:
         0c:a7:bd:aa:e1:f2:11:ab:09:3a:cc:93:28:53:81:f3:b3:03:
         23:0c:38:6e:85:87:7c:2d:54:52:04:db:70:cf:39:f6:dd:9e:
         99:57:20:6f:78:78:ef:a6:e6:8d:de:64:13:8c:6d:b9:30:ca:
         00:bc:06:fe:69:33:00:f8:72:3d:60:1d:04:66:d6:84:ea:00:
         9b:b9:43:95:85:8b:8c:cf:2f:bf:2e:61:2b:c9:ba:f7:38:1a:
         a1:0a:17:81:43:ed:a0:af:89:e5:9e:70:5f:44:a3:46:33:4e:
         a0:d6:b4:65:51:c4:f6:39:ba:2b:81:55:0f:01:16:7a:f4:b3:
         3f:da:93:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6yesNdunuR+OE+ix0kmC4pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjYwNjEwMTcwMDUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTFjNzRmMTZlYjJjNjE0NWIxZGYwOGIyOTg3NDc5YjVkZThjZDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNe45Y+cKhN8HqKqhM6wiZmNSTWD
NoHWt6K9ADZU77SI0W5sUuGDew8NFaR/BN3Np1fFajk+7EY19sh/hRmvbhH5Yyje
s2gy21GyuKwU0LII8goN9iYUjw10NGYLdOO8OodSivEgK0mw+jRaSkAUEZ2fmq/f
IRSkV6JbT9eQT0lmSZGOYXrmrCOY/j7iZOtuCbf2KTw8GtRVPv4MYPHZpjABv4+u
DZLnLj6fKG0m2YuSIgTnOaw2ZcraxJPAU5RUk6J5FdPmLq4glybcWdhtSsS5vXYw
T+ld9LSq2K5eh26XyKBUUTZzLZwOCmFlT94ngN8p3MRdDyGBj3hVYgEL9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB4cdPFussYUWx3wiymHR5td6M0tMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvSGh4MDhXNnl4aFJiSGZDTEtZZEhtMTNvelMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRzJMA0G
CSqGSIb3DQEBCwUAA4IBAQAOiBXzMquITmtkWcKB8QFJeYYOuvL4XW4Pr/1aJq8U
ROa1z+DR8b0CIj/0r+Px+iwp2ytYPPNYE/9KNbK9ZAxvZXHL1QkNmhQPBiB9ioTc
WV0Jhd6QzElZPutUIImwdLMfsnxGwQEil+zdKEe1hgEyE7dPg7SvzJ69vF/EmxEM
p72q4fIRqwk6zJMoU4HzswMjDDhuhYd8LVRSBNtwzzn23Z6ZVyBveHjvpuaN3mQT
jG25MMoAvAb+aTMA+HI9YB0EZtaE6gCbuUOVhYuMzy+/LmErybr3OBqhCheBQ+2g
r4nlnnBfRKNGM06g1rRlUcT2OborgVUPARZ69LM/2pOJ
-----END CERTIFICATE-----