Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/7bdd07-6e55-4a05-9d1b-eeedd99b8cc4/1/HI4zLiz2JEgEYJYh3gpRHlO_ytc.roa
File:                     HI4zLiz2JEgEYJYh3gpRHlO_ytc.roa (raw, json)
Hash identifier:          fPCntXcBOYIgiDxy4qh6SOq8g019ewai7waqUaCRy1Q=
Subject key identifier:   1C:8E:33:2E:2C:F6:24:48:04:60:96:21:DE:0A:51:1E:53:BF:CA:D7
Certificate issuer:       /CN=5e7c7736945c29a77bacd5b18b0ff58751117bad
Certificate serial:       019C8B29A03A9A3A7DE3A00BC74B117A7E59
Authority key identifier: 5E:7C:77:36:94:5C:29:A7:7B:AC:D5:B1:8B:0F:F5:87:51:11:7B:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xnx3NpRcKad7rNWxiw_1h1ERe60.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/7bdd07-6e55-4a05-9d1b-eeedd99b8cc4/1/HI4zLiz2JEgEYJYh3gpRHlO_ytc.roa
Signing time:             Mon 23 Feb 2026 15:41:26 +0000
ROA not before:           Mon 23 Feb 2026 15:41:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206674
IP address blocks:        185.179.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/7bdd07-6e55-4a05-9d1b-eeedd99b8cc4/1/Xnx3NpRcKad7rNWxiw_1h1ERe60.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/7bdd07-6e55-4a05-9d1b-eeedd99b8cc4/1/Xnx3NpRcKad7rNWxiw_1h1ERe60.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xnx3NpRcKad7rNWxiw_1h1ERe60.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8b:29:a0:3a:9a:3a:7d:e3:a0:0b:c7:4b:11:7a:7e:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e7c7736945c29a77bacd5b18b0ff58751117bad
        Validity
            Not Before: Feb 23 15:41:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1c8e332e2cf6244804609621de0a511e53bfcad7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:3b:10:bd:46:13:42:5c:ee:9e:0a:b6:65:d2:
                    41:87:b5:49:f0:57:6a:17:c5:17:1f:4b:3e:ec:10:
                    06:6b:4c:b9:7e:e9:30:47:f2:11:8c:e9:09:17:06:
                    fa:72:0a:57:22:a2:bb:5c:cf:90:cc:38:10:d7:6c:
                    fa:9c:0d:30:f5:16:ed:32:d5:7a:ad:4c:df:4c:72:
                    a7:0a:6d:53:1b:0b:1c:51:da:9c:0d:f6:bc:81:f8:
                    64:00:e2:88:8a:05:ca:f7:63:05:28:58:d6:12:94:
                    59:99:cb:59:55:da:ff:33:5d:36:fc:04:09:f0:9b:
                    a4:05:39:c6:96:7b:3c:05:42:6f:59:d1:d1:9b:32:
                    82:81:54:4d:0f:ae:c9:00:0a:30:4c:9c:f4:0f:c0:
                    bf:87:1f:bb:97:7c:b3:0d:57:51:59:51:c3:31:15:
                    8e:1f:97:a0:e5:e5:38:7b:77:90:45:9b:aa:3c:8d:
                    f7:13:a9:3f:bf:6b:f8:80:56:89:80:e0:8c:8a:94:
                    7d:41:7f:44:ab:9f:4f:c7:68:69:0d:48:ec:50:38:
                    71:d0:e7:99:76:cb:17:5c:d8:bd:fc:8e:c9:9e:7f:
                    30:ed:e1:47:ca:2a:74:bc:a2:07:b4:b9:12:85:72:
                    dc:4e:3e:8a:89:75:00:90:77:c8:37:17:08:bd:c1:
                    45:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:8E:33:2E:2C:F6:24:48:04:60:96:21:DE:0A:51:1E:53:BF:CA:D7
            X509v3 Authority Key Identifier:
                keyid:5E:7C:77:36:94:5C:29:A7:7B:AC:D5:B1:8B:0F:F5:87:51:11:7B:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xnx3NpRcKad7rNWxiw_1h1ERe60.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7bdd07-6e55-4a05-9d1b-eeedd99b8cc4/1/HI4zLiz2JEgEYJYh3gpRHlO_ytc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7bdd07-6e55-4a05-9d1b-eeedd99b8cc4/1/Xnx3NpRcKad7rNWxiw_1h1ERe60.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:bd:0c:d9:87:9d:99:7e:13:35:9e:fe:1c:80:bd:1b:13:a1:
         6f:3d:ff:95:53:10:8c:65:56:7d:e7:98:70:c8:a2:c8:c1:7a:
         3a:c0:19:87:77:4b:d5:af:35:76:6c:00:94:ce:98:12:98:65:
         24:2c:e7:a6:28:32:32:64:02:97:b7:4c:e4:a8:59:d2:98:c2:
         dc:81:9d:a3:8f:5f:ce:31:ec:90:90:b4:9e:e0:13:6c:8f:f1:
         ed:4c:e6:53:c7:df:3c:a7:b7:08:65:52:86:d2:1b:aa:49:9f:
         ce:8e:a1:f4:2d:3a:cb:b3:b8:db:68:4c:a1:fb:9a:7d:23:ba:
         a1:28:7a:3b:7d:75:47:9e:85:6e:d6:55:55:2d:bb:62:13:1d:
         2c:ee:19:46:80:09:82:99:81:32:bf:63:e1:f0:7d:bb:60:8b:
         19:df:54:51:1d:c4:60:c3:9f:7d:81:bb:26:49:4b:f8:22:a0:
         98:aa:b2:27:fb:f6:db:95:4d:e8:cb:b7:bf:ba:ee:cc:93:59:
         d7:68:b6:ca:03:6c:b7:7b:e5:a5:48:0b:21:f2:ae:9a:1e:ad:
         ba:25:13:0f:12:9a:96:7b:36:7a:19:be:59:33:33:90:9b:9a:
         81:50:09:10:aa:b5:b1:30:0a:49:aa:ef:de:dd:cf:b2:df:79:
         a2:33:36:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyLKaA6mjp946ALx0sRen5ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlN2M3NzM2OTQ1YzI5YTc3YmFjZDViMThiMGZmNTg3NTEx
MTdiYWQwHhcNMjYwMjIzMTU0MTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzhlMzMyZTJjZjYyNDQ4MDQ2MDk2MjFkZTBhNTExZTUzYmZjYWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxTsQvUYTQlzungq2ZdJBh7VJ8Fdq
F8UXH0s+7BAGa0y5fukwR/IRjOkJFwb6cgpXIqK7XM+QzDgQ12z6nA0w9RbtMtV6
rUzfTHKnCm1TGwscUdqcDfa8gfhkAOKIigXK92MFKFjWEpRZmctZVdr/M102/AQJ
8JukBTnGlns8BUJvWdHRmzKCgVRND67JAAowTJz0D8C/hx+7l3yzDVdRWVHDMRWO
H5eg5eU4e3eQRZuqPI33E6k/v2v4gFaJgOCMipR9QX9Eq59Px2hpDUjsUDhx0OeZ
dssXXNi9/I7Jnn8w7eFHyip0vKIHtLkShXLcTj6KiXUAkHfINxcIvcFFKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFByOMy4s9iRIBGCWId4KUR5Tv8rXMB8GA1UdIwQY
MBaAFF58dzaUXCmne6zVsYsP9YdREXutMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWG54M05wUmNLYWQ3ck5XeGl3XzFoMUVSZTYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS83YmRkMDctNmU1NS00YTA1LTlkMWIt
ZWVlZGQ5OWI4Y2M0LzEvSEk0ekxpejJKRWdFWUpZaDNncFJIbE9feXRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS83YmRkMDctNmU1NS00YTA1LTlkMWItZWVlZGQ5OWI4Y2M0
LzEvWG54M05wUmNLYWQ3ck5XeGl3XzFoMUVSZTYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubM5MA0G
CSqGSIb3DQEBCwUAA4IBAQBzvQzZh52ZfhM1nv4cgL0bE6FvPf+VUxCMZVZ955hw
yKLIwXo6wBmHd0vVrzV2bACUzpgSmGUkLOemKDIyZAKXt0zkqFnSmMLcgZ2jj1/O
MeyQkLSe4BNsj/HtTOZTx988p7cIZVKG0huqSZ/OjqH0LTrLs7jbaEyh+5p9I7qh
KHo7fXVHnoVu1lVVLbtiEx0s7hlGgAmCmYEyv2Ph8H27YIsZ31RRHcRgw599gbsm
SUv4IqCYqrIn+/bblU3oy7e/uu7Mk1nXaLbKA2y3e+WlSAsh8q6aHq26JRMPEpqW
ezZ6Gb5ZMzOQm5qBUAkQqrWxMApJqu/e3c+y33miMzZc
-----END CERTIFICATE-----