Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/143e33-9312-454f-a99e-caa6584e9916/1/Hu4XjK4kmNzJLAM6_ajtwBsbj0A.roa
File:                     Hu4XjK4kmNzJLAM6_ajtwBsbj0A.roa (raw, json)
Hash identifier:          ChkZxtf+f4NVFn48swM6zD1dQ21c3QT2WX6YtJDB51E=
Subject key identifier:   1E:EE:17:8C:AE:24:98:DC:C9:2C:03:3A:FD:A8:ED:C0:1B:1B:8F:40
Certificate issuer:       /CN=2f2cad120aaff9efdf7c6959a4e0470e3e0624f0
Certificate serial:       019C9006BDEF96A96031B0C1855A19982399
Authority key identifier: 2F:2C:AD:12:0A:AF:F9:EF:DF:7C:69:59:A4:E0:47:0E:3E:06:24:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LyytEgqv-e_ffGlZpOBHDj4GJPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/143e33-9312-454f-a99e-caa6584e9916/1/Hu4XjK4kmNzJLAM6_ajtwBsbj0A.roa
Signing time:             Tue 24 Feb 2026 14:21:26 +0000
ROA not before:           Tue 24 Feb 2026 14:21:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211461
IP address blocks:        185.175.20.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/143e33-9312-454f-a99e-caa6584e9916/1/LyytEgqv-e_ffGlZpOBHDj4GJPA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/143e33-9312-454f-a99e-caa6584e9916/1/LyytEgqv-e_ffGlZpOBHDj4GJPA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LyytEgqv-e_ffGlZpOBHDj4GJPA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:90:06:bd:ef:96:a9:60:31:b0:c1:85:5a:19:98:23:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f2cad120aaff9efdf7c6959a4e0470e3e0624f0
        Validity
            Not Before: Feb 24 14:21:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1eee178cae2498dcc92c033afda8edc01b1b8f40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:44:e1:ba:6f:b9:39:e4:a1:c8:c9:7a:10:3e:
                    6b:07:51:4a:8a:8e:de:cb:bd:2c:97:b6:2a:41:52:
                    9f:f4:56:8d:e6:0c:ed:13:8d:39:43:77:10:40:d1:
                    7f:bc:ae:15:e3:79:6a:04:2f:ef:df:62:91:29:c4:
                    84:e4:32:a0:07:71:60:75:96:e0:88:c3:62:e0:f3:
                    c4:96:30:30:47:52:70:32:c9:40:b8:ad:57:b4:94:
                    0e:98:e8:37:d2:e0:ba:a1:cd:2e:af:7e:43:2b:23:
                    9b:e9:f4:8b:b3:f8:5e:6a:72:e6:cf:86:47:c6:0f:
                    17:94:13:89:62:e4:09:2c:d0:79:ee:80:05:a2:51:
                    81:8b:4e:45:1d:5c:2c:1f:02:bd:f2:52:ef:7e:33:
                    e8:1f:27:d7:e4:d0:73:67:62:46:ea:2a:4a:0c:91:
                    26:2f:e2:f8:e5:5a:da:48:25:58:88:43:f7:87:50:
                    89:5a:db:c5:1a:e9:c6:34:fb:ac:c3:6e:48:68:43:
                    65:9b:78:21:c4:05:e7:ef:b8:40:31:69:ea:51:39:
                    4e:cf:94:13:36:22:ba:9a:19:a7:71:94:19:83:53:
                    32:de:c7:83:ce:fd:5a:21:69:cb:24:78:9e:64:f8:
                    e9:cd:ae:bb:85:18:62:51:a7:79:b5:b7:5a:c0:a4:
                    71:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:EE:17:8C:AE:24:98:DC:C9:2C:03:3A:FD:A8:ED:C0:1B:1B:8F:40
            X509v3 Authority Key Identifier:
                keyid:2F:2C:AD:12:0A:AF:F9:EF:DF:7C:69:59:A4:E0:47:0E:3E:06:24:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LyytEgqv-e_ffGlZpOBHDj4GJPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/143e33-9312-454f-a99e-caa6584e9916/1/Hu4XjK4kmNzJLAM6_ajtwBsbj0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/143e33-9312-454f-a99e-caa6584e9916/1/LyytEgqv-e_ffGlZpOBHDj4GJPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.175.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         72:e5:b8:d7:45:c5:02:2a:8c:06:fd:6c:02:55:9c:e4:a5:de:
         1a:ee:19:b3:0b:3f:db:26:89:37:04:10:b9:10:47:d6:33:87:
         67:37:e1:14:a3:9f:30:e2:36:fd:9f:ff:8c:98:2d:77:67:7f:
         ed:70:9e:e0:0d:60:3f:b8:ba:63:61:4c:b5:ce:ce:5a:49:0d:
         2f:14:16:64:11:24:fb:51:b5:8e:fd:82:b4:33:86:42:c6:fc:
         02:95:3a:b4:0f:e7:c7:aa:32:a0:2e:0d:14:f6:e1:7d:23:8f:
         ff:fb:9b:7a:a6:71:00:e4:e9:65:16:57:39:24:d3:e4:91:70:
         90:f1:cf:2d:cc:c6:95:7f:ce:61:9c:85:1e:37:ad:66:9a:47:
         13:89:fd:89:48:29:42:79:5c:cd:6f:3e:ed:d0:32:61:e8:4c:
         5e:1b:7e:62:4f:5e:53:84:32:8a:89:be:a2:a7:4a:17:62:87:
         eb:f6:ac:9a:86:29:3f:0a:48:1d:0a:53:14:d7:28:d7:71:39:
         9f:9f:fe:b3:e0:9e:a3:df:3e:33:d3:ed:db:2f:ce:05:fa:69:
         f1:84:61:54:e2:03:bb:d9:84:28:92:67:1d:72:8f:bb:41:44:
         5c:95:b2:2f:49:5e:9d:c1:14:a6:de:d5:19:ab:f8:99:ed:82:
         51:99:08:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyQBr3vlqlgMbDBhVoZmCOZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMmNhZDEyMGFhZmY5ZWZkZjdjNjk1OWE0ZTA0NzBlM2Uw
NjI0ZjAwHhcNMjYwMjI0MTQyMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWVlMTc4Y2FlMjQ5OGRjYzkyYzAzM2FmZGE4ZWRjMDFiMWI4ZjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuEThum+5OeShyMl6ED5rB1FKio7e
y70sl7YqQVKf9FaN5gztE405Q3cQQNF/vK4V43lqBC/v32KRKcSE5DKgB3FgdZbg
iMNi4PPEljAwR1JwMslAuK1XtJQOmOg30uC6oc0ur35DKyOb6fSLs/heanLmz4ZH
xg8XlBOJYuQJLNB57oAFolGBi05FHVwsHwK98lLvfjPoHyfX5NBzZ2JG6ipKDJEm
L+L45VraSCVYiEP3h1CJWtvFGunGNPusw25IaENlm3ghxAXn77hAMWnqUTlOz5QT
NiK6mhmncZQZg1My3seDzv1aIWnLJHieZPjpza67hRhiUad5tbdawKRxEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB7uF4yuJJjcySwDOv2o7cAbG49AMB8GA1UdIwQY
MBaAFC8srRIKr/nv33xpWaTgRw4+BiTwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHl5dEVncXYtZV9mZkdsWnBPQkhEajRHSlBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy8xNDNlMzMtOTMxMi00NTRmLWE5OWUt
Y2FhNjU4NGU5OTE2LzEvSHU0WGpLNGttTnpKTEFNNl9hanR3QnNiajBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy8xNDNlMzMtOTMxMi00NTRmLWE5OWUtY2FhNjU4NGU5OTE2
LzEvTHl5dEVncXYtZV9mZkdsWnBPQkhEajRHSlBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCua8UMA0G
CSqGSIb3DQEBCwUAA4IBAQBy5bjXRcUCKowG/WwCVZzkpd4a7hmzCz/bJok3BBC5
EEfWM4dnN+EUo58w4jb9n/+MmC13Z3/tcJ7gDWA/uLpjYUy1zs5aSQ0vFBZkEST7
UbWO/YK0M4ZCxvwClTq0D+fHqjKgLg0U9uF9I4//+5t6pnEA5OllFlc5JNPkkXCQ
8c8tzMaVf85hnIUeN61mmkcTif2JSClCeVzNbz7t0DJh6ExeG35iT15ThDKKib6i
p0oXYofr9qyahik/CkgdClMU1yjXcTmfn/6z4J6j3z4z0+3bL84F+mnxhGFU4gO7
2YQokmcdco+7QURclbIvSV6dwRSm3tUZq/iZ7YJRmQh1
-----END CERTIFICATE-----