Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/663453-cf92-4915-af26-d2f1cebb63aa/1/hB7k-pSsmCCA65cdeBOLaQ0pu5c.roa
File:                     hB7k-pSsmCCA65cdeBOLaQ0pu5c.roa (raw, json)
Hash identifier:          VeZsd2ieUrYDf4TqpzlV6sh6N/ypni7g2R6QNYjKO6A=
Subject key identifier:   84:1E:E4:FA:94:AC:98:20:80:EB:97:1D:78:13:8B:69:0D:29:BB:97
Certificate issuer:       /CN=a25ad2ce171893e607a72bae9d0544fc01d309aa
Certificate serial:       019DE250070F2F8AEB728DB4246E7BDE81E6
Authority key identifier: A2:5A:D2:CE:17:18:93:E6:07:A7:2B:AE:9D:05:44:FC:01:D3:09:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olrSzhcYk-YHpyuunQVE_AHTCao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/663453-cf92-4915-af26-d2f1cebb63aa/1/hB7k-pSsmCCA65cdeBOLaQ0pu5c.roa
Signing time:             Fri 01 May 2026 06:53:08 +0000
ROA not before:           Fri 01 May 2026 06:53:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        195.60.85.192/26 maxlen: 26
                          2001:7f8:170::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/663453-cf92-4915-af26-d2f1cebb63aa/1/olrSzhcYk-YHpyuunQVE_AHTCao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/663453-cf92-4915-af26-d2f1cebb63aa/1/olrSzhcYk-YHpyuunQVE_AHTCao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olrSzhcYk-YHpyuunQVE_AHTCao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 12:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e2:50:07:0f:2f:8a:eb:72:8d:b4:24:6e:7b:de:81:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a25ad2ce171893e607a72bae9d0544fc01d309aa
        Validity
            Not Before: May  1 06:53:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=841ee4fa94ac982080eb971d78138b690d29bb97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:28:72:50:49:79:90:48:90:31:18:93:16:86:
                    0b:f9:2b:c0:6c:6f:17:56:07:c5:72:12:1d:20:d0:
                    cd:16:0c:71:ad:39:e5:be:0d:c3:09:0c:58:32:63:
                    83:18:9d:66:6d:39:b3:d9:d8:18:23:2b:39:83:cb:
                    c3:19:26:34:f0:06:fb:49:ee:13:84:b3:7c:62:38:
                    ec:0c:4f:1c:fc:1f:19:60:39:a2:12:70:c8:e2:13:
                    ff:6d:e4:d6:30:be:da:f3:5e:41:51:af:8e:36:ac:
                    ff:9a:5b:f8:04:53:a1:2a:59:8f:ef:35:a7:3f:f5:
                    42:f7:93:55:8a:e8:1b:de:4a:43:38:b7:57:b9:b3:
                    0e:e0:97:41:cc:b2:0a:d9:2b:55:80:56:34:cf:21:
                    cd:cb:81:53:6b:03:50:a5:c7:1a:47:55:6f:15:d2:
                    63:c7:df:1f:41:85:be:3a:83:f6:8c:22:a8:f3:eb:
                    3b:45:2c:cf:fb:22:a1:8a:1d:2f:68:3c:4d:1e:d8:
                    76:b8:c5:84:34:fd:f2:86:f5:81:b2:77:ce:fa:67:
                    8a:c2:62:03:db:46:ce:db:b8:97:a6:cd:54:0e:f0:
                    35:d2:9f:65:0b:64:83:25:90:db:29:16:2b:f0:c1:
                    94:54:68:10:fa:ed:5c:95:42:72:31:86:f3:06:21:
                    3b:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:1E:E4:FA:94:AC:98:20:80:EB:97:1D:78:13:8B:69:0D:29:BB:97
            X509v3 Authority Key Identifier:
                keyid:A2:5A:D2:CE:17:18:93:E6:07:A7:2B:AE:9D:05:44:FC:01:D3:09:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olrSzhcYk-YHpyuunQVE_AHTCao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/663453-cf92-4915-af26-d2f1cebb63aa/1/hB7k-pSsmCCA65cdeBOLaQ0pu5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/663453-cf92-4915-af26-d2f1cebb63aa/1/olrSzhcYk-YHpyuunQVE_AHTCao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.60.85.192/26
                IPv6:
                  2001:7f8:170::/48

    Signature Algorithm: sha256WithRSAEncryption
         85:72:a4:01:e5:0d:d5:aa:5b:7b:1e:05:a6:88:8a:29:f0:77:
         a4:e9:13:2b:4b:4b:93:c3:94:88:07:2b:7d:c2:36:9a:60:95:
         d6:ca:09:de:a9:06:e8:eb:34:d1:9e:35:11:8e:3b:23:7f:16:
         28:d7:51:fb:c0:12:51:00:1f:81:1d:8b:86:fe:8b:a2:80:41:
         d9:b7:ce:f6:2f:56:3c:36:e4:69:7c:34:55:b0:9c:40:03:e1:
         4b:63:71:c3:43:38:d3:84:df:d9:05:a2:7d:ba:a5:29:c9:5d:
         7d:3f:cb:1a:f9:ab:44:5a:2f:a6:c6:9c:be:e8:ff:96:9a:d1:
         87:e5:2e:ac:58:6d:b7:d2:b5:c3:bc:66:4f:2b:8e:98:28:51:
         9b:8f:b7:51:23:ed:99:80:20:fd:03:db:f7:fb:e7:b4:3b:7c:
         15:63:1d:a1:0f:9d:9e:c7:f8:9f:3c:dc:6d:e2:af:3b:76:15:
         86:cc:fa:0f:05:82:64:af:51:53:85:17:4a:a0:42:5f:52:e1:
         cc:6a:2e:e2:bb:84:23:eb:0f:42:75:6e:5f:a1:79:78:af:12:
         cd:de:30:6a:83:8b:84:9f:ef:b7:03:e1:64:a9:9a:65:ba:52:
         c1:ae:8c:18:ec:6f:05:51:94:bd:eb:08:a6:24:38:cf:ae:09:
         f3:94:1a:1c
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ3iUAcPL4rrco20JG573oHmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNWFkMmNlMTcxODkzZTYwN2E3MmJhZTlkMDU0NGZjMDFk
MzA5YWEwHhcNMjYwNTAxMDY1MzA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDFlZTRmYTk0YWM5ODIwODBlYjk3MWQ3ODEzOGI2OTBkMjliYjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvShyUEl5kEiQMRiTFoYL+SvAbG8X
VgfFchIdINDNFgxxrTnlvg3DCQxYMmODGJ1mbTmz2dgYIys5g8vDGSY08Ab7Se4T
hLN8YjjsDE8c/B8ZYDmiEnDI4hP/beTWML7a815BUa+ONqz/mlv4BFOhKlmP7zWn
P/VC95NViugb3kpDOLdXubMO4JdBzLIK2StVgFY0zyHNy4FTawNQpccaR1VvFdJj
x98fQYW+OoP2jCKo8+s7RSzP+yKhih0vaDxNHth2uMWENP3yhvWBsnfO+meKwmID
20bO27iXps1UDvA10p9lC2SDJZDbKRYr8MGUVGgQ+u1clUJyMYbzBiE7uQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFIQe5PqUrJgggOuXHXgTi2kNKbuXMB8GA1UdIwQY
MBaAFKJa0s4XGJPmB6crrp0FRPwB0wmqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xyU3poY1lrLVlIcHl1dW5RVkVfQUhUQ2FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC82NjM0NTMtY2Y5Mi00OTE1LWFmMjYt
ZDJmMWNlYmI2M2FhLzEvaEI3ay1wU3NtQ0NBNjVjZGVCT0xhUTBwdTVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC82NjM0NTMtY2Y5Mi00OTE1LWFmMjYtZDJmMWNlYmI2M2Fh
LzEvb2xyU3poY1lrLVlIcHl1dW5RVkVfQUhUQ2FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDANBAIAATAHAwUGwzxVwDAP
BAIAAjAJAwcAIAEH+AFwMA0GCSqGSIb3DQEBCwUAA4IBAQCFcqQB5Q3Vqlt7HgWm
iIop8Hek6RMrS0uTw5SIByt9wjaaYJXWygneqQbo6zTRnjURjjsjfxYo11H7wBJR
AB+BHYuG/ouigEHZt872L1Y8NuRpfDRVsJxAA+FLY3HDQzjThN/ZBaJ9uqUpyV19
P8sa+atEWi+mxpy+6P+WmtGH5S6sWG230rXDvGZPK46YKFGbj7dRI+2ZgCD9A9v3
++e0O3wVYx2hD52ex/ifPNxt4q87dhWGzPoPBYJkr1FThRdKoEJfUuHMai7iu4Qj
6w9CdW5foXl4rxLN3jBqg4uEn++3A+FkqZplulLBrowY7G8FUZS96wimJDjPrgnz
lBoc
-----END CERTIFICATE-----