Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/HQO2nUDhxm-wBv9MZj4wO34J_uA.roa
File:                     HQO2nUDhxm-wBv9MZj4wO34J_uA.roa (raw, json)
Hash identifier:          i36jIXAfgSFuzx1el+XjaTCEuBDnsOsIMzYawd+fKug=
Subject key identifier:   1D:03:B6:9D:40:E1:C6:6F:B0:06:FF:4C:66:3E:30:3B:7E:09:FE:E0
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019CFB7D77D26340ED3126494866BE367F15
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/HQO2nUDhxm-wBv9MZj4wO34J_uA.roa
Signing time:             Tue 17 Mar 2026 11:10:29 +0000
ROA not before:           Tue 17 Mar 2026 11:10:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201279
IP address blocks:        2a0d:d940:5e0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 22:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fb:7d:77:d2:63:40:ed:31:26:49:48:66:be:36:7f:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Mar 17 11:10:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1d03b69d40e1c66fb006ff4c663e303b7e09fee0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:c3:8d:89:1d:24:e9:1c:19:0f:d5:25:89:97:
                    50:14:2e:36:97:a5:f6:f8:d8:8a:5f:b3:b8:0f:af:
                    24:2e:ed:0e:3e:6c:af:d4:98:fc:53:81:3e:48:29:
                    05:d4:19:42:9a:8e:8b:0b:9a:5b:5f:61:7f:f5:de:
                    84:d2:96:16:d3:51:33:6c:5a:4e:da:86:38:ab:b9:
                    e4:4c:1a:26:0b:54:e3:75:b4:bd:a7:5e:ad:31:69:
                    8a:7e:fe:cb:ea:62:ac:43:f1:51:e9:e8:e9:af:fa:
                    27:2e:69:df:45:53:3e:bf:92:a5:4b:21:d7:05:1b:
                    10:e7:ba:e5:cf:96:cf:ad:ed:6f:ba:ac:35:db:09:
                    b8:51:b3:8c:fb:63:37:c6:65:dc:25:44:ee:8a:0b:
                    ea:f4:c8:95:4a:87:9e:bf:99:60:df:42:c2:ca:ab:
                    d8:10:ef:70:90:f0:1f:af:67:33:1c:9b:d2:73:43:
                    5b:c7:35:f8:d4:cb:e2:a9:cb:42:a3:f3:38:ee:6e:
                    3b:f6:57:17:5a:ec:97:32:aa:7b:43:a9:05:3e:80:
                    2f:89:1c:52:f1:17:54:cb:f6:ed:93:2a:6e:e9:d9:
                    8f:af:2a:19:da:50:0f:d3:4a:76:1a:ca:34:c7:11:
                    59:4a:48:16:47:55:c3:d7:7b:5a:a8:3f:31:ce:eb:
                    a5:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:03:B6:9D:40:E1:C6:6F:B0:06:FF:4C:66:3E:30:3B:7E:09:FE:E0
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/HQO2nUDhxm-wBv9MZj4wO34J_uA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:5e0::/44

    Signature Algorithm: sha256WithRSAEncryption
         54:72:d8:40:94:2f:3d:75:5b:fd:78:36:1f:5e:a4:2a:8b:f4:
         05:51:dd:8a:8f:44:59:03:64:3e:75:b8:40:6d:00:b5:8a:d8:
         92:7d:7f:26:0a:fe:50:99:2f:34:28:dc:d8:2e:d3:ff:2c:05:
         e4:87:65:e9:86:21:64:80:bd:8c:20:3a:a5:db:67:76:81:dc:
         bc:53:f0:ce:b3:ee:b4:e0:01:35:63:c7:70:ee:6b:3e:de:e3:
         20:9f:57:9e:f5:47:df:53:02:14:34:85:aa:04:e0:a1:3f:d3:
         e5:ea:b2:8f:3f:ee:1e:26:a0:a3:ee:7e:31:c5:5a:6c:77:0d:
         af:dd:25:7d:de:e1:ae:f3:48:b9:7a:29:f7:1d:1a:09:92:df:
         0a:72:fd:63:d4:5e:52:f5:c5:58:2c:4e:54:ab:1d:9a:e5:9d:
         b4:48:88:45:5b:57:9c:6f:30:1a:6c:9a:9b:b3:71:c3:ce:11:
         aa:b9:8a:d5:f6:58:9d:1b:0c:1d:d6:1e:f0:ef:fa:1c:61:da:
         4d:1f:74:ef:9a:a3:21:b2:23:fb:0e:26:e5:17:e6:38:73:74:
         1b:de:04:b9:e4:24:c1:fb:d8:3f:ef:7b:32:20:d7:ad:ca:32:
         40:09:6d:d0:5d:21:c1:b6:fd:b3:4a:62:27:29:30:7c:ea:d4:
         e8:79:d0:f0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZz7fXfSY0DtMSZJSGa+Nn8VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjYwMzE3MTExMDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDAzYjY5ZDQwZTFjNjZmYjAwNmZmNGM2NjNlMzAzYjdlMDlmZWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMONiR0k6RwZD9UliZdQFC42l6X2
+NiKX7O4D68kLu0OPmyv1Jj8U4E+SCkF1BlCmo6LC5pbX2F/9d6E0pYW01EzbFpO
2oY4q7nkTBomC1TjdbS9p16tMWmKfv7L6mKsQ/FR6ejpr/onLmnfRVM+v5KlSyHX
BRsQ57rlz5bPre1vuqw12wm4UbOM+2M3xmXcJUTuigvq9MiVSoeev5lg30LCyqvY
EO9wkPAfr2czHJvSc0NbxzX41MviqctCo/M47m479lcXWuyXMqp7Q6kFPoAviRxS
8RdUy/btkypu6dmPryoZ2lAP00p2Gso0xxFZSkgWR1XD13taqD8xzuulsQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB0Dtp1A4cZvsAb/TGY+MDt+Cf7gMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvSFFPMm5VRGh4bS13QnY5TVpqNHdPMzRKX3VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg3ZQAXg
MA0GCSqGSIb3DQEBCwUAA4IBAQBUcthAlC89dVv9eDYfXqQqi/QFUd2Kj0RZA2Q+
dbhAbQC1itiSfX8mCv5QmS80KNzYLtP/LAXkh2XphiFkgL2MIDql22d2gdy8U/DO
s+604AE1Y8dw7ms+3uMgn1ee9UffUwIUNIWqBOChP9Pl6rKPP+4eJqCj7n4xxVps
dw2v3SV93uGu80i5ein3HRoJkt8Kcv1j1F5S9cVYLE5Uqx2a5Z20SIhFW1ecbzAa
bJqbs3HDzhGquYrV9lidGwwd1h7w7/ocYdpNH3TvmqMhsiP7DiblF+Y4c3Qb3gS5
5CTB+9g/73syINetyjJACW3QXSHBtv2zSmInKTB86tToedDw
-----END CERTIFICATE-----