Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/hp01qqaG6ojwTceGwUYjwpMc_FA.roa
File:                     hp01qqaG6ojwTceGwUYjwpMc_FA.roa (raw, json)
Hash identifier:          +EoDWRDS7zIW8lYYUpVakjrqTS94dDcew7HVE2+smMs=
Subject key identifier:   86:9D:35:AA:A6:86:EA:88:F0:4D:C7:86:C1:46:23:C2:93:1C:FC:50
Certificate issuer:       /CN=8cd802512ccb745b2a1b8f315714ebe39395403e
Certificate serial:       019E16E489A0F65E4766F25CB373A0ED90C7
Authority key identifier: 8C:D8:02:51:2C:CB:74:5B:2A:1B:8F:31:57:14:EB:E3:93:95:40:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jNgCUSzLdFsqG48xVxTr45OVQD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/hp01qqaG6ojwTceGwUYjwpMc_FA.roa
Signing time:             Mon 11 May 2026 11:55:36 +0000
ROA not before:           Mon 11 May 2026 11:55:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7029
IP address blocks:        141.0.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/jNgCUSzLdFsqG48xVxTr45OVQD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/jNgCUSzLdFsqG48xVxTr45OVQD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jNgCUSzLdFsqG48xVxTr45OVQD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:16:e4:89:a0:f6:5e:47:66:f2:5c:b3:73:a0:ed:90:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8cd802512ccb745b2a1b8f315714ebe39395403e
        Validity
            Not Before: May 11 11:55:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=869d35aaa686ea88f04dc786c14623c2931cfc50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c7:84:d2:da:2a:41:c4:bd:88:f7:cd:69:5c:
                    5b:24:e8:66:04:3d:32:38:e4:6c:13:59:e0:da:d4:
                    45:2c:40:03:f6:97:78:5d:1d:2b:76:de:71:ca:cd:
                    48:fc:36:68:be:d6:43:ca:61:e5:22:f3:1d:a0:32:
                    10:40:59:05:3b:4f:0f:a2:82:df:46:bf:2b:d5:8d:
                    91:01:10:4f:48:9e:7f:a8:cb:8d:80:39:bc:91:49:
                    ad:41:e5:8d:a3:f3:54:72:8d:a8:a5:6b:f2:8c:1e:
                    59:dc:34:37:53:a7:3c:ec:94:ad:b6:df:f2:4e:17:
                    21:88:98:93:21:b8:ed:12:ff:ce:e6:16:70:0b:7a:
                    22:f5:18:8d:d9:82:09:07:4c:17:57:79:65:fd:90:
                    f9:83:e8:2b:84:58:e2:64:0c:28:c1:3c:a6:f5:b9:
                    99:a9:a0:d6:c5:60:ea:44:00:52:36:3d:0a:c4:a5:
                    a5:c9:8a:c5:fe:55:4c:a3:e5:77:ba:85:73:5d:f0:
                    fe:fa:95:25:f1:7c:23:e8:8c:38:3b:c2:f0:cf:00:
                    29:19:b6:3a:e7:ab:79:5d:ec:ce:2e:d9:84:3d:71:
                    64:a3:82:1b:22:7d:87:8e:4a:6d:a1:6a:61:5d:b7:
                    44:47:9d:b5:9a:08:b5:07:1f:27:fe:3d:fa:52:b2:
                    81:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:9D:35:AA:A6:86:EA:88:F0:4D:C7:86:C1:46:23:C2:93:1C:FC:50
            X509v3 Authority Key Identifier:
                keyid:8C:D8:02:51:2C:CB:74:5B:2A:1B:8F:31:57:14:EB:E3:93:95:40:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jNgCUSzLdFsqG48xVxTr45OVQD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/hp01qqaG6ojwTceGwUYjwpMc_FA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/jNgCUSzLdFsqG48xVxTr45OVQD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.0.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:5f:a1:31:39:8f:78:30:58:1b:ad:d4:db:0d:c7:c5:46:43:
         0d:94:92:0a:bb:58:1d:b7:92:98:a2:62:ee:1c:54:e2:6f:91:
         48:ea:b9:44:b4:05:14:06:e3:71:0c:76:f9:c5:bc:83:8a:2d:
         d2:53:73:8c:0b:02:73:a2:56:5e:d8:14:4c:7c:49:44:b0:f4:
         08:20:96:6d:ca:5f:10:a5:36:ee:ad:b8:61:b4:43:e0:f9:ea:
         3d:5f:00:bd:7f:7d:e4:d6:fd:af:52:db:8a:05:04:22:15:bb:
         db:fd:ae:e4:8b:92:43:46:32:45:aa:b0:f4:1d:22:54:7d:d8:
         e4:bc:1f:64:44:02:9f:7f:27:99:d0:cd:d8:1c:52:29:a5:d1:
         ab:27:41:6a:08:44:d3:e7:c2:de:f6:09:68:b3:63:dc:f4:4e:
         35:33:0d:99:ee:f7:20:b8:53:b4:49:eb:80:90:16:cc:79:91:
         16:5e:fd:33:ba:80:c8:74:31:91:76:f6:1d:ab:a3:40:1f:32:
         80:90:dd:6b:5e:55:84:da:dc:6a:54:e7:f7:3f:82:7d:d1:56:
         36:61:51:2f:82:a4:d7:ff:bf:cd:e8:0c:96:2b:46:0b:93:3c:
         07:c8:21:db:ba:f0:a1:34:65:aa:a5:31:8b:e7:2c:ed:ee:c6:
         19:a0:c3:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4W5Img9l5HZvJcs3Og7ZDHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjZDgwMjUxMmNjYjc0NWIyYTFiOGYzMTU3MTRlYmUzOTM5
NTQwM2UwHhcNMjYwNTExMTE1NTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjlkMzVhYWE2ODZlYTg4ZjA0ZGM3ODZjMTQ2MjNjMjkzMWNmYzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMeE0toqQcS9iPfNaVxbJOhmBD0y
OORsE1ng2tRFLEAD9pd4XR0rdt5xys1I/DZovtZDymHlIvMdoDIQQFkFO08PooLf
Rr8r1Y2RARBPSJ5/qMuNgDm8kUmtQeWNo/NUco2opWvyjB5Z3DQ3U6c87JSttt/y
ThchiJiTIbjtEv/O5hZwC3oi9RiN2YIJB0wXV3ll/ZD5g+grhFjiZAwowTym9bmZ
qaDWxWDqRABSNj0KxKWlyYrF/lVMo+V3uoVzXfD++pUl8Xwj6Iw4O8LwzwApGbY6
56t5XezOLtmEPXFko4IbIn2HjkptoWphXbdER521mgi1Bx8n/j36UrKBLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIadNaqmhuqI8E3HhsFGI8KTHPxQMB8GA1UdIwQY
MBaAFIzYAlEsy3RbKhuPMVcU6+OTlUA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvak5nQ1VTekxkRnNxRzQ4eFZ4VHI0NU9WUUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi8zZDg5M2EtNWIxYS00ZDcwLTllYmIt
MzhlMDY4NTM2ZTZiLzEvaHAwMXFxYUc2b2p3VGNlR3dVWWp3cE1jX0ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi8zZDg5M2EtNWIxYS00ZDcwLTllYmItMzhlMDY4NTM2ZTZi
LzEvak5nQ1VTekxkRnNxRzQ4eFZ4VHI0NU9WUUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQC6MA0G
CSqGSIb3DQEBCwUAA4IBAQC6X6ExOY94MFgbrdTbDcfFRkMNlJIKu1gdt5KYomLu
HFTib5FI6rlEtAUUBuNxDHb5xbyDii3SU3OMCwJzolZe2BRMfElEsPQIIJZtyl8Q
pTburbhhtEPg+eo9XwC9f33k1v2vUtuKBQQiFbvb/a7ki5JDRjJFqrD0HSJUfdjk
vB9kRAKffyeZ0M3YHFIppdGrJ0FqCETT58Le9glos2Pc9E41Mw2Z7vcguFO0SeuA
kBbMeZEWXv0zuoDIdDGRdvYdq6NAHzKAkN1rXlWE2txqVOf3P4J90VY2YVEvgqTX
/7/N6AyWK0YLkzwHyCHbuvChNGWqpTGL5yzt7sYZoMNI
-----END CERTIFICATE-----