Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/HhUrjGbpn8SL5-2hj-GcK9MMa9I.roa
File:                     HhUrjGbpn8SL5-2hj-GcK9MMa9I.roa (raw, json)
Hash identifier:          eBNLXcJnAhm4og9EF1M5ox9/NJgr8EmQjaiInt9oEzg=
Subject key identifier:   1E:15:2B:8C:66:E9:9F:C4:8B:E7:ED:A1:8F:E1:9C:2B:D3:0C:6B:D2
Certificate issuer:       /CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Certificate serial:       019D99FE6AEAF30EF94167C094F7144B2402
Authority key identifier: 2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/HhUrjGbpn8SL5-2hj-GcK9MMa9I.roa
Signing time:             Fri 17 Apr 2026 05:51:20 +0000
ROA not before:           Fri 17 Apr 2026 05:51:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198250
IP address blocks:        213.145.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:99:fe:6a:ea:f3:0e:f9:41:67:c0:94:f7:14:4b:24:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa16ab06020067740a4c1fb47a912622f1d0722
        Validity
            Not Before: Apr 17 05:51:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1e152b8c66e99fc48be7eda18fe19c2bd30c6bd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:54:f5:46:18:6f:a1:84:5b:f7:e2:61:fe:5e:
                    df:27:26:85:d1:91:44:0f:ef:8a:d8:f5:07:0f:d9:
                    11:ba:4f:5e:a3:78:56:df:7b:8a:05:04:e5:20:22:
                    62:a1:93:78:a3:77:8e:80:d2:0f:54:01:0a:1b:bc:
                    3f:25:2f:78:8d:b8:4f:dc:75:2a:e5:d5:de:28:08:
                    7c:ca:44:36:98:23:76:5f:70:e5:69:5b:11:cf:d2:
                    18:6a:91:d8:eb:11:f5:89:36:a1:18:44:8f:8a:b5:
                    c9:cc:35:76:fd:86:17:1f:99:fc:e8:85:07:df:04:
                    57:4f:0c:17:91:f0:50:06:df:a1:71:2d:7f:66:19:
                    88:a6:fa:4c:5b:57:71:b3:22:0f:d2:3f:39:fa:02:
                    9c:e6:23:a2:2b:6c:39:9e:ae:25:fc:c7:77:84:9a:
                    d1:db:6c:7c:2a:19:ef:39:97:5e:3b:8a:23:9a:cd:
                    6d:de:43:eb:3e:03:3e:e7:33:02:f1:0c:e2:57:01:
                    23:fa:ad:a3:45:0d:fd:be:ff:b7:d2:29:97:ac:1d:
                    8f:dd:e9:23:49:3a:c5:c1:ae:2d:bb:7f:f6:b6:ee:
                    74:97:29:02:7f:6b:73:fc:b0:ab:52:bd:b4:67:f6:
                    ac:aa:bd:d0:d5:19:83:28:97:ac:8d:37:de:91:1e:
                    bd:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:15:2B:8C:66:E9:9F:C4:8B:E7:ED:A1:8F:E1:9C:2B:D3:0C:6B:D2
            X509v3 Authority Key Identifier:
                keyid:2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/HhUrjGbpn8SL5-2hj-GcK9MMa9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.145.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ee:86:ca:2e:a3:1d:78:3b:28:a4:3f:bb:4b:ec:66:b6:9a:4d:
         c1:95:b6:01:ff:e9:7f:58:1b:1f:b7:c1:7e:81:60:fd:0d:dd:
         06:8f:b7:34:93:3e:bf:4d:06:9e:aa:f7:75:aa:37:9a:f1:2b:
         ce:8d:81:bc:9c:b8:26:3c:08:51:ab:bf:3e:24:1d:ab:86:48:
         5a:24:c9:94:04:1b:29:f5:62:f2:dd:dc:4c:10:29:60:54:2c:
         31:a1:78:a5:26:8f:3b:43:26:c9:57:6c:7f:4c:ed:de:30:30:
         15:fc:6d:77:5e:87:01:12:40:df:3e:30:d1:55:58:db:7d:ec:
         92:34:ad:09:f9:61:af:c3:47:9a:51:ab:74:c7:55:aa:8a:b5:
         f1:c3:e0:9c:30:7a:34:0b:4a:c0:25:cf:23:13:de:0c:c2:df:
         35:2e:40:f5:3c:d6:bf:63:be:ed:53:ee:a5:aa:3d:89:db:94:
         5a:68:21:b8:e9:ea:c9:2c:5d:48:c8:68:76:91:eb:fa:fd:94:
         0c:50:81:5b:cc:ab:c1:f4:cd:c3:e0:8b:34:a8:11:3b:d3:4c:
         13:cd:93:74:86:2b:55:9e:f0:23:db:ea:05:7d:b6:98:1c:dc:
         49:8c:5e:cb:6b:15:e1:cf:9e:56:35:38:dc:02:5a:69:46:f1:
         05:80:78:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2Z/mrq8w75QWfAlPcUSyQCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTE2YWIwNjAyMDA2Nzc0MGE0YzFmYjQ3YTkxMjYyMmYx
ZDA3MjIwHhcNMjYwNDE3MDU1MTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTE1MmI4YzY2ZTk5ZmM0OGJlN2VkYTE4ZmUxOWMyYmQzMGM2YmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVT1RhhvoYRb9+Jh/l7fJyaF0ZFE
D++K2PUHD9kRuk9eo3hW33uKBQTlICJioZN4o3eOgNIPVAEKG7w/JS94jbhP3HUq
5dXeKAh8ykQ2mCN2X3DlaVsRz9IYapHY6xH1iTahGESPirXJzDV2/YYXH5n86IUH
3wRXTwwXkfBQBt+hcS1/ZhmIpvpMW1dxsyIP0j85+gKc5iOiK2w5nq4l/Md3hJrR
22x8KhnvOZdeO4ojms1t3kPrPgM+5zMC8QziVwEj+q2jRQ39vv+30imXrB2P3ekj
STrFwa4tu3/2tu50lykCf2tz/LCrUr20Z/asqr3Q1RmDKJesjTfekR69mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB4VK4xm6Z/Ei+ftoY/hnCvTDGvSMB8GA1UdIwQY
MBaAFC+harBgIAZ3QKTB+0epEmIvHQciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUt
ZDI0MmI2ZjNhOGExLzEvSGhVcmpHYnBuOFNMNS0yaGotR2NLOU1NYTlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUtZDI0MmI2ZjNhOGEx
LzEvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZFGMA0G
CSqGSIb3DQEBCwUAA4IBAQDuhsouox14OyikP7tL7Ga2mk3BlbYB/+l/WBsft8F+
gWD9Dd0Gj7c0kz6/TQaeqvd1qjea8SvOjYG8nLgmPAhRq78+JB2rhkhaJMmUBBsp
9WLy3dxMEClgVCwxoXilJo87QybJV2x/TO3eMDAV/G13XocBEkDfPjDRVVjbfeyS
NK0J+WGvw0eaUat0x1WqirXxw+CcMHo0C0rAJc8jE94Mwt81LkD1PNa/Y77tU+6l
qj2J25RaaCG46erJLF1IyGh2kev6/ZQMUIFbzKvB9M3D4Is0qBE700wTzZN0hitV
nvAj2+oFfbaYHNxJjF7LaxXhz55WNTjcAlppRvEFgHj8
-----END CERTIFICATE-----