Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HuacOsyQgMyYQwINDkmDQj4SKSk.roa
File:                     HuacOsyQgMyYQwINDkmDQj4SKSk.roa (raw, json)
Hash identifier:          sYwhjRHe6K10p1ZZ1o0gLwdvigp9sStD0w4L+EFeIIc=
Subject key identifier:   1E:E6:9C:3A:CC:90:80:CC:98:43:02:0D:0E:49:83:42:3E:12:29:29
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       019D6893A6861AE11CC299BEC2BD0752F631
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HuacOsyQgMyYQwINDkmDQj4SKSk.roa
Signing time:             Tue 07 Apr 2026 15:33:20 +0000
ROA not before:           Tue 07 Apr 2026 15:33:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200506
IP address blocks:        89.28.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:68:93:a6:86:1a:e1:1c:c2:99:be:c2:bd:07:52:f6:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Apr  7 15:33:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1ee69c3acc9080cc9843020d0e4983423e122929
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:26:7e:f2:56:e5:67:b1:2e:df:67:cc:22:e4:
                    11:8e:7e:27:16:1e:1f:8b:59:23:c7:8d:22:b3:5e:
                    54:d1:d8:f5:d5:a3:46:1c:1a:fe:7b:8d:4a:14:4f:
                    f0:30:49:bb:a3:61:91:44:aa:cd:da:77:4f:c2:77:
                    e8:83:53:69:57:59:93:b1:af:c7:c5:16:25:e9:aa:
                    cd:0c:b2:27:c8:9d:e2:c6:eb:80:74:12:f7:e1:62:
                    02:4e:66:2f:79:84:9d:96:71:82:82:25:40:fa:d8:
                    c2:83:02:ac:35:63:19:d5:b8:e0:fc:84:1a:4d:b8:
                    c1:d7:91:b6:8c:c0:c4:41:da:9d:a1:8f:08:ae:00:
                    7e:3c:0a:65:d1:62:00:cc:5c:3e:ae:bc:39:a1:ee:
                    26:b1:5e:a9:56:e8:40:c2:de:40:77:eb:3a:57:47:
                    cb:c1:5d:42:9c:5c:4e:c5:7b:97:7f:24:6a:4a:05:
                    c3:82:5e:04:62:15:a1:4d:1a:b0:17:cb:48:eb:4c:
                    34:aa:1b:bc:07:98:94:1a:0c:b5:eb:61:d8:b2:0f:
                    09:ae:62:14:fe:a4:c1:ca:14:4f:79:34:13:44:91:
                    51:a5:7e:fa:53:47:04:2e:ce:0d:48:94:e7:0e:50:
                    af:fe:c8:9c:38:36:4b:33:3c:b5:10:72:6b:8b:76:
                    ee:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:E6:9C:3A:CC:90:80:CC:98:43:02:0D:0E:49:83:42:3E:12:29:29
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HuacOsyQgMyYQwINDkmDQj4SKSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.28.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:87:be:1e:1d:e2:a0:32:2f:06:3d:2b:7c:62:ed:fb:52:85:
         0d:f5:7a:0d:11:b6:f0:f0:46:d9:61:af:7e:1a:9b:e1:f7:43:
         d7:a8:1c:64:c5:4f:a6:0e:c8:1c:5d:f0:6a:fd:47:84:1d:69:
         59:48:e7:98:ec:e0:34:b1:51:af:d2:13:d1:55:35:e6:fe:ba:
         c7:ef:49:7d:a2:56:b1:6b:eb:9c:58:28:32:07:9b:8b:e8:5b:
         ad:19:c3:d7:39:b8:af:93:00:3b:9b:69:9c:5f:70:b2:43:92:
         f0:45:fa:d2:f4:e2:03:f7:f5:b6:75:7b:9b:bd:e6:89:11:13:
         0a:89:31:b3:41:4a:38:c6:e0:33:6d:18:bb:1c:2c:1a:89:97:
         33:22:1d:da:0b:eb:32:17:70:50:59:32:91:13:28:0a:3c:9f:
         72:65:87:e4:ea:9d:58:79:dd:0d:4c:1a:35:b2:b6:ce:10:e5:
         5d:3c:26:66:b6:e7:68:0e:c6:8d:6f:68:80:e1:04:d1:a7:a0:
         33:f1:3c:f7:dc:90:e3:12:9a:80:d8:12:9e:f8:f1:ac:f7:f7:
         df:fe:c5:13:b8:c1:c4:69:88:e7:c5:93:ce:cd:91:7b:a3:57:
         bc:1d:2d:bf:1b:f5:5c:7c:76:b3:31:cc:ad:65:be:bf:e2:49:
         61:72:d1:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1ok6aGGuEcwpm+wr0HUvYxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjYwNDA3MTUzMzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWU2OWMzYWNjOTA4MGNjOTg0MzAyMGQwZTQ5ODM0MjNlMTIyOTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCZ+8lblZ7Eu32fMIuQRjn4nFh4f
i1kjx40is15U0dj11aNGHBr+e41KFE/wMEm7o2GRRKrN2ndPwnfog1NpV1mTsa/H
xRYl6arNDLInyJ3ixuuAdBL34WICTmYveYSdlnGCgiVA+tjCgwKsNWMZ1bjg/IQa
TbjB15G2jMDEQdqdoY8IrgB+PApl0WIAzFw+rrw5oe4msV6pVuhAwt5Ad+s6V0fL
wV1CnFxOxXuXfyRqSgXDgl4EYhWhTRqwF8tI60w0qhu8B5iUGgy162HYsg8JrmIU
/qTByhRPeTQTRJFRpX76U0cELs4NSJTnDlCv/sicODZLMzy1EHJri3buvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB7mnDrMkIDMmEMCDQ5Jg0I+EikpMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvSHVhY09zeVFnTXlZUXdJTkRrbURRajRTS1NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRzNMA0G
CSqGSIb3DQEBCwUAA4IBAQCkh74eHeKgMi8GPSt8Yu37UoUN9XoNEbbw8EbZYa9+
Gpvh90PXqBxkxU+mDsgcXfBq/UeEHWlZSOeY7OA0sVGv0hPRVTXm/rrH70l9olax
a+ucWCgyB5uL6FutGcPXObivkwA7m2mcX3CyQ5LwRfrS9OID9/W2dXubveaJERMK
iTGzQUo4xuAzbRi7HCwaiZczIh3aC+syF3BQWTKREygKPJ9yZYfk6p1Yed0NTBo1
srbOEOVdPCZmtudoDsaNb2iA4QTRp6Az8Tz33JDjEpqA2BKe+PGs9/ff/sUTuMHE
aYjnxZPOzZF7o1e8HS2/G/VcfHazMcytZb6/4klhctGt
-----END CERTIFICATE-----