Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/mhTRmoaCXrpnkAAowvMfA3sbqzc.roa
File:                     mhTRmoaCXrpnkAAowvMfA3sbqzc.roa (raw, json)
Hash identifier:          Vvq64WFu+V010ObX2eAnm+3JUcx64YbahUS0NTI8q3M=
Subject key identifier:   9A:14:D1:9A:86:82:5E:BA:67:90:00:28:C2:F3:1F:03:7B:1B:AB:37
Certificate issuer:       /CN=57182aab5ad9efa380a6c6f06c016e158be977bc
Certificate serial:       019DBFD69E64ABD4D6981FB0165E32ECC428
Authority key identifier: 57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/mhTRmoaCXrpnkAAowvMfA3sbqzc.roa
Signing time:             Fri 24 Apr 2026 14:13:26 +0000
ROA not before:           Fri 24 Apr 2026 14:13:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212239
IP address blocks:        81.160.8.0/25 maxlen: 25
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:bf:d6:9e:64:ab:d4:d6:98:1f:b0:16:5e:32:ec:c4:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57182aab5ad9efa380a6c6f06c016e158be977bc
        Validity
            Not Before: Apr 24 14:13:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9a14d19a86825eba67900028c2f31f037b1bab37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:7a:c5:3d:fb:5d:0c:a5:9d:16:0b:ec:dd:93:
                    a1:96:65:cc:56:ed:ed:24:28:ff:95:cd:65:0e:a6:
                    54:1c:a4:72:9a:0e:9f:71:eb:f0:ab:0d:0a:3c:5c:
                    fe:a3:d8:a3:dd:e6:cb:0f:28:f2:5b:17:00:f2:ca:
                    76:05:f0:36:ee:ec:1f:a7:84:23:3a:4d:81:c4:42:
                    40:93:0a:ef:6a:b2:af:be:19:83:32:35:d0:c0:2c:
                    5d:f0:32:ad:d3:20:92:bb:53:c7:c0:36:53:4e:c0:
                    5a:e1:81:f7:c1:3d:08:2d:8a:f3:fe:c2:ae:f9:19:
                    46:cd:d2:ea:3d:fc:eb:32:27:df:6d:6c:09:63:42:
                    50:9b:c5:82:81:8f:2d:70:15:7c:82:76:ce:d3:9f:
                    5d:d3:e3:bc:ce:5c:34:d6:68:f5:75:07:62:6c:5b:
                    1f:d7:9c:30:0c:40:69:c4:6f:e3:b0:52:20:28:19:
                    35:0d:97:b8:f5:ce:03:ef:4a:04:dc:4d:e2:33:a2:
                    b1:90:13:50:88:52:46:42:3b:fe:ee:0c:eb:e4:bf:
                    74:62:de:c3:26:82:08:8d:ed:05:9e:b6:77:c9:da:
                    ef:23:f9:86:20:e2:8c:ba:11:01:33:d4:e1:6b:c8:
                    2a:dd:90:45:d7:e3:dd:1c:5d:bb:29:29:a2:a7:2a:
                    69:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:14:D1:9A:86:82:5E:BA:67:90:00:28:C2:F3:1F:03:7B:1B:AB:37
            X509v3 Authority Key Identifier:
                keyid:57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/mhTRmoaCXrpnkAAowvMfA3sbqzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.160.8.0/25

    Signature Algorithm: sha256WithRSAEncryption
         d4:48:54:ca:6a:5e:8e:6b:41:bc:a9:2e:f8:e0:d3:52:a0:fa:
         d0:38:b5:68:58:f5:bb:6e:f3:f4:af:49:8e:f2:73:64:56:43:
         9c:95:cf:c6:70:da:6e:52:23:1f:cb:cf:83:a4:0a:c0:9c:25:
         1a:84:87:c0:bf:7c:98:78:44:80:e3:d0:a1:3e:b0:40:6f:d8:
         2a:eb:d7:51:90:26:e7:b9:f6:f7:91:54:c7:65:39:88:9e:b6:
         49:af:e3:1e:99:cc:97:51:43:d5:3b:66:3d:b4:66:c9:b8:98:
         ca:f7:99:23:ba:bc:40:ad:c8:8d:46:2a:72:32:a1:56:df:0a:
         cb:9d:e2:37:a4:0a:30:78:a0:80:2a:4f:00:54:f7:46:05:68:
         47:3d:a9:9c:c8:c0:25:9e:56:22:da:ed:61:f7:07:09:da:41:
         5e:23:67:c6:e4:39:0b:fb:b5:fb:eb:2f:64:79:8e:07:6a:15:
         ea:f3:0a:45:c7:88:e2:45:3c:07:a9:e6:26:27:fa:48:fa:87:
         e8:64:61:3b:ba:f8:a6:5b:f6:12:80:c6:53:7e:4a:76:42:a0:
         fa:81:ed:2b:56:6e:94:78:5e:4f:b3:11:4d:bb:d4:e7:d5:ba:
         55:83:6b:60:34:cb:33:40:9b:14:eb:3f:2b:ee:09:ca:31:7b:
         29:82:f3:b7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ2/1p5kq9TWmB+wFl4y7MQoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MTgyYWFiNWFkOWVmYTM4MGE2YzZmMDZjMDE2ZTE1OGJl
OTc3YmMwHhcNMjYwNDI0MTQxMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTE0ZDE5YTg2ODI1ZWJhNjc5MDAwMjhjMmYzMWYwMzdiMWJhYjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxnrFPftdDKWdFgvs3ZOhlmXMVu3t
JCj/lc1lDqZUHKRymg6fcevwqw0KPFz+o9ij3ebLDyjyWxcA8sp2BfA27uwfp4Qj
Ok2BxEJAkwrvarKvvhmDMjXQwCxd8DKt0yCSu1PHwDZTTsBa4YH3wT0ILYrz/sKu
+RlGzdLqPfzrMiffbWwJY0JQm8WCgY8tcBV8gnbO059d0+O8zlw01mj1dQdibFsf
15wwDEBpxG/jsFIgKBk1DZe49c4D70oE3E3iM6KxkBNQiFJGQjv+7gzr5L90Yt7D
JoIIje0FnrZ3ydrvI/mGIOKMuhEBM9Tha8gq3ZBF1+PdHF27KSmipypp5QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJoU0ZqGgl66Z5AAKMLzHwN7G6s3MB8GA1UdIwQY
MBaAFFcYKqta2e+jgKbG8GwBbhWL6Xe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYt
YTk2YzYyNjZhYmRiLzEvbWhUUm1vYUNYcnBua0FBb3d2TWZBM3NicXpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYtYTk2YzYyNjZhYmRi
LzEvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUHUaAIADAN
BgkqhkiG9w0BAQsFAAOCAQEA1EhUympejmtBvKku+ODTUqD60Di1aFj1u27z9K9J
jvJzZFZDnJXPxnDablIjH8vPg6QKwJwlGoSHwL98mHhEgOPQoT6wQG/YKuvXUZAm
57n295FUx2U5iJ62Sa/jHpnMl1FD1TtmPbRmybiYyveZI7q8QK3IjUYqcjKhVt8K
y53iN6QKMHiggCpPAFT3RgVoRz2pnMjAJZ5WItrtYfcHCdpBXiNnxuQ5C/u1++sv
ZHmOB2oV6vMKRceI4kU8B6nmJif6SPqH6GRhO7r4plv2EoDGU35KdkKg+oHtK1Zu
lHheT7MRTbvU59W6VYNrYDTLM0CbFOs/K+4JyjF7KYLztw==
-----END CERTIFICATE-----