Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/hberZRfUycPGPNW1jiGo2zugA1U.roa
File:                     hberZRfUycPGPNW1jiGo2zugA1U.roa (raw, json)
Hash identifier:          RbVYV+34ZTfn0BoVdzfZZGFvSN0NSCfuvU8MlhUoB5U=
Subject key identifier:   85:B7:AB:65:17:D4:C9:C3:C6:3C:D5:B5:8E:21:A8:DB:3B:A0:03:55
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       019D43DA121FF75886680ADD7D60C83531FE
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/hberZRfUycPGPNW1jiGo2zugA1U.roa
Signing time:             Tue 31 Mar 2026 12:24:18 +0000
ROA not before:           Tue 31 Mar 2026 12:24:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34470
IP address blocks:        193.238.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 13:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:43:da:12:1f:f7:58:86:68:0a:dd:7d:60:c8:35:31:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Mar 31 12:24:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=85b7ab6517d4c9c3c63cd5b58e21a8db3ba00355
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:71:a9:65:19:bc:87:8a:a8:97:24:a5:9e:bd:
                    8a:7c:82:32:53:ae:d4:e5:51:15:6a:90:ad:cd:03:
                    1a:ca:ee:e7:63:f9:a5:5f:22:3e:c3:51:f4:56:0a:
                    aa:b2:ab:9d:89:a3:f0:c1:9f:cb:58:e1:ca:2d:65:
                    6a:01:ba:e2:bf:50:73:8d:02:d2:dd:b7:03:b6:4e:
                    ea:31:d8:7f:83:a1:65:90:cd:37:14:74:23:09:59:
                    9d:bb:9c:3d:bb:9d:78:70:e1:3e:d8:0e:e7:67:a6:
                    19:46:63:6c:65:94:61:aa:22:db:bf:1f:a6:f2:94:
                    82:6d:b1:9c:5e:38:0c:6b:3f:ad:fb:85:b4:04:01:
                    15:70:19:5c:85:4f:b3:96:84:5c:ab:2a:68:e8:bc:
                    c9:c9:05:75:c4:db:d0:d1:f0:72:02:a4:3c:60:4e:
                    23:6d:f6:40:87:d1:23:a3:78:48:72:63:c0:95:7e:
                    65:d2:18:6f:f0:34:50:53:9a:32:1d:d2:4a:4b:ad:
                    e3:c1:cb:04:89:14:a0:af:0b:2b:75:a3:dc:89:91:
                    b6:e3:78:42:83:b8:9b:41:d0:1b:84:b8:8e:64:88:
                    6b:c6:32:ba:eb:5b:37:6c:1f:05:1d:29:a0:ab:31:
                    32:aa:05:9f:0b:4d:05:ee:2b:9a:7d:82:f8:07:31:
                    de:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:B7:AB:65:17:D4:C9:C3:C6:3C:D5:B5:8E:21:A8:DB:3B:A0:03:55
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/hberZRfUycPGPNW1jiGo2zugA1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.238.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:04:f1:16:30:62:9d:bf:9f:68:1b:fa:ac:96:da:78:4c:bd:
         71:05:c3:5c:98:f1:9a:b4:4b:a2:e2:bd:03:8f:25:5c:65:a0:
         76:0c:a6:00:df:12:6c:fa:7a:57:04:3b:b1:af:ce:57:99:3c:
         96:e0:d1:b0:88:a1:c0:eb:a2:f1:66:82:ee:fd:85:ca:ff:38:
         75:b4:b9:b7:ca:3c:0c:f6:51:5a:01:1d:51:75:84:47:9c:5b:
         82:74:ae:2b:8f:73:5b:3f:f9:7a:f6:5d:16:7f:a6:3d:90:59:
         23:84:2a:b0:55:88:b5:c0:d3:ec:bd:10:30:5c:b5:b8:51:7e:
         b2:ef:2f:cb:8f:09:4b:88:64:6f:61:b9:c2:f6:ca:3f:67:b6:
         1c:b6:20:bd:fb:51:1e:45:cb:63:fb:43:26:f9:2e:fc:04:ae:
         fc:0b:1b:3f:5b:92:cb:a4:37:11:e2:44:4a:47:b4:67:0a:80:
         7f:a4:ab:97:65:ac:16:4e:a4:98:46:e8:9b:13:35:61:a1:44:
         dd:5b:54:76:a8:17:8c:ca:50:f4:5a:d1:fa:4a:88:76:ce:8a:
         16:f9:d1:c3:8b:93:db:ec:ba:3e:f7:6b:9c:48:b8:26:d3:1c:
         ce:ea:2b:c9:c1:70:b8:d6:9a:dd:32:f4:a3:fb:95:8f:b9:79:
         8d:47:8b:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1D2hIf91iGaArdfWDINTH+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjYwMzMxMTIyNDE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWI3YWI2NTE3ZDRjOWMzYzYzY2Q1YjU4ZTIxYThkYjNiYTAwMzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6nGpZRm8h4qolySlnr2KfIIyU67U
5VEVapCtzQMayu7nY/mlXyI+w1H0VgqqsqudiaPwwZ/LWOHKLWVqAbriv1BzjQLS
3bcDtk7qMdh/g6FlkM03FHQjCVmdu5w9u514cOE+2A7nZ6YZRmNsZZRhqiLbvx+m
8pSCbbGcXjgMaz+t+4W0BAEVcBlchU+zloRcqypo6LzJyQV1xNvQ0fByAqQ8YE4j
bfZAh9Ejo3hIcmPAlX5l0hhv8DRQU5oyHdJKS63jwcsEiRSgrwsrdaPciZG243hC
g7ibQdAbhLiOZIhrxjK661s3bB8FHSmgqzEyqgWfC00F7iuafYL4BzHexQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIW3q2UX1MnDxjzVtY4hqNs7oANVMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvaGJlclpSZlV5Y1BHUE5XMWppR28yenVnQTFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwe6GMA0G
CSqGSIb3DQEBCwUAA4IBAQBMBPEWMGKdv59oG/qsltp4TL1xBcNcmPGatEui4r0D
jyVcZaB2DKYA3xJs+npXBDuxr85XmTyW4NGwiKHA66LxZoLu/YXK/zh1tLm3yjwM
9lFaAR1RdYRHnFuCdK4rj3NbP/l69l0Wf6Y9kFkjhCqwVYi1wNPsvRAwXLW4UX6y
7y/LjwlLiGRvYbnC9so/Z7YctiC9+1EeRctj+0Mm+S78BK78Cxs/W5LLpDcR4kRK
R7RnCoB/pKuXZawWTqSYRuibEzVhoUTdW1R2qBeMylD0WtH6Soh2zooW+dHDi5Pb
7Lo+92ucSLgm0xzO6ivJwXC41prdMvSj+5WPuXmNR4sX
-----END CERTIFICATE-----