Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/50842a-ed02-4a9f-a789-901006bc1fd8/1/Hv6nIX8HVFeyFg4uQleXqqT5MWI.roa
File:                     Hv6nIX8HVFeyFg4uQleXqqT5MWI.roa (raw, json)
Hash identifier:          HIwiJMcqVUyXLS/mAM0+jLz/PX0Vv8ko69oawzAsSDQ=
Subject key identifier:   1E:FE:A7:21:7F:07:54:57:B2:16:0E:2E:42:57:97:AA:A4:F9:31:62
Certificate issuer:       /CN=cef446fe4472ba694fc2298298a4f8d155995e16
Certificate serial:       019D11BB21C6D3EF99161079AA66FF0B0F30
Authority key identifier: CE:F4:46:FE:44:72:BA:69:4F:C2:29:82:98:A4:F8:D1:55:99:5E:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvRG_kRyumlPwimCmKT40VWZXhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/50842a-ed02-4a9f-a789-901006bc1fd8/1/Hv6nIX8HVFeyFg4uQleXqqT5MWI.roa
Signing time:             Sat 21 Mar 2026 18:49:29 +0000
ROA not before:           Sat 21 Mar 2026 18:49:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209083
IP address blocks:        128.204.193.0/24 maxlen: 24
                          2a14:d680::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/50842a-ed02-4a9f-a789-901006bc1fd8/1/zvRG_kRyumlPwimCmKT40VWZXhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/50842a-ed02-4a9f-a789-901006bc1fd8/1/zvRG_kRyumlPwimCmKT40VWZXhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvRG_kRyumlPwimCmKT40VWZXhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 06:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:11:bb:21:c6:d3:ef:99:16:10:79:aa:66:ff:0b:0f:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cef446fe4472ba694fc2298298a4f8d155995e16
        Validity
            Not Before: Mar 21 18:49:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1efea7217f075457b2160e2e425797aaa4f93162
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:09:19:7f:67:0b:92:d3:17:75:01:bc:5f:0b:
                    3e:a5:6f:7d:2d:99:a6:4f:83:e2:9a:0f:8e:d7:5d:
                    da:53:fa:07:38:d7:25:ed:f4:ba:fa:d4:6f:7e:14:
                    ea:6c:41:54:94:ff:6f:07:bc:43:07:32:28:0f:4a:
                    d3:c8:3a:31:33:84:13:5c:6d:2b:e0:38:07:28:31:
                    e3:04:a4:12:45:fb:4e:6b:25:9d:da:b9:58:83:dc:
                    56:52:d1:4f:e4:93:3b:a6:ea:22:4c:22:ef:94:ce:
                    99:d2:0b:0e:83:60:2f:1d:f7:f8:9f:76:54:4c:bd:
                    87:5e:82:4b:66:ee:69:a2:ca:7c:b3:32:34:5f:f2:
                    06:45:b4:72:dc:51:cb:2c:de:ab:0a:da:77:e9:d2:
                    07:62:5e:9a:a2:94:8e:57:d7:2c:c2:a6:ee:a8:e3:
                    f9:d5:58:c7:3f:53:0a:aa:2c:0f:00:4c:bd:d6:0f:
                    54:63:75:28:1f:50:3d:c0:0c:e7:d4:cc:94:9b:62:
                    e4:dc:3e:08:78:53:cc:e2:b9:6f:00:10:f5:c5:98:
                    d6:7c:9e:c8:1e:49:c4:c7:8f:b6:3b:17:6c:77:e5:
                    f8:23:c4:4b:42:04:86:fb:eb:89:0c:78:a8:0b:82:
                    06:ae:1e:3e:82:6d:1b:f7:bb:64:ff:76:7f:0f:2f:
                    12:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:FE:A7:21:7F:07:54:57:B2:16:0E:2E:42:57:97:AA:A4:F9:31:62
            X509v3 Authority Key Identifier:
                keyid:CE:F4:46:FE:44:72:BA:69:4F:C2:29:82:98:A4:F8:D1:55:99:5E:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvRG_kRyumlPwimCmKT40VWZXhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/50842a-ed02-4a9f-a789-901006bc1fd8/1/Hv6nIX8HVFeyFg4uQleXqqT5MWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/50842a-ed02-4a9f-a789-901006bc1fd8/1/zvRG_kRyumlPwimCmKT40VWZXhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.204.193.0/24
                IPv6:
                  2a14:d680::/29

    Signature Algorithm: sha256WithRSAEncryption
         ab:5c:e4:b6:d6:66:98:23:83:d4:2f:91:5b:ce:57:f2:eb:dd:
         78:0a:29:e3:bb:4d:85:1f:bc:dc:34:d3:b2:ea:33:49:59:a0:
         a7:e6:50:22:63:2e:5b:f4:a4:55:d8:cd:0d:23:de:b7:44:55:
         ee:d7:63:3d:f9:76:2c:e7:3e:da:aa:c2:e0:3c:1d:9e:25:48:
         9f:9b:8a:6b:42:72:59:ad:70:ce:f0:d3:f9:20:36:ee:6c:34:
         e1:d2:c7:14:29:da:e3:f1:a6:9b:b4:e3:35:4a:a3:0d:7a:8b:
         06:80:99:0a:98:8e:94:c8:10:4b:d4:c1:db:aa:7a:ef:16:7d:
         cc:a3:bc:b1:af:5d:49:eb:8b:e3:77:bf:f2:93:a1:cf:83:10:
         9e:c6:04:01:b6:df:80:9d:c3:ac:c9:83:d5:79:2d:97:33:53:
         80:b9:8a:60:ae:54:4c:d2:9e:2b:f9:62:7b:ca:ee:97:71:c3:
         21:e7:5a:d6:19:de:67:17:76:f9:9d:05:9e:fc:f7:53:07:83:
         b9:13:52:99:44:6b:3f:e9:f8:b7:cf:9d:bd:be:af:9d:1b:a0:
         36:53:bc:c0:35:b8:ec:d5:0e:90:99:87:9c:51:40:e1:f3:b5:
         63:11:40:57:89:1e:83:b2:a8:d2:bb:70:8a:d2:db:97:aa:3b:
         de:c2:38:3b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ0RuyHG0++ZFhB5qmb/Cw8wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlZjQ0NmZlNDQ3MmJhNjk0ZmMyMjk4Mjk4YTRmOGQxNTU5
OTVlMTYwHhcNMjYwMzIxMTg0OTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWZlYTcyMTdmMDc1NDU3YjIxNjBlMmU0MjU3OTdhYWE0ZjkzMTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQkZf2cLktMXdQG8Xws+pW99LZmm
T4Pimg+O113aU/oHONcl7fS6+tRvfhTqbEFUlP9vB7xDBzIoD0rTyDoxM4QTXG0r
4DgHKDHjBKQSRftOayWd2rlYg9xWUtFP5JM7puoiTCLvlM6Z0gsOg2AvHff4n3ZU
TL2HXoJLZu5posp8szI0X/IGRbRy3FHLLN6rCtp36dIHYl6aopSOV9cswqbuqOP5
1VjHP1MKqiwPAEy91g9UY3UoH1A9wAzn1MyUm2Lk3D4IeFPM4rlvABD1xZjWfJ7I
HknEx4+2Oxdsd+X4I8RLQgSG++uJDHioC4IGrh4+gm0b97tk/3Z/Dy8SqQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB7+pyF/B1RXshYOLkJXl6qk+TFiMB8GA1UdIwQY
MBaAFM70Rv5EcrppT8Ipgpik+NFVmV4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenZSR19rUnl1bWxQd2ltQ21LVDQwVldaWGhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy81MDg0MmEtZWQwMi00YTlmLWE3ODkt
OTAxMDA2YmMxZmQ4LzEvSHY2bklYOEhWRmV5Rmc0dVFsZVhxcVQ1TVdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy81MDg0MmEtZWQwMi00YTlmLWE3ODktOTAxMDA2YmMxZmQ4
LzEvenZSR19rUnl1bWxQd2ltQ21LVDQwVldaWGhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAgMzBMA0E
AgACMAcDBQMqFNaAMA0GCSqGSIb3DQEBCwUAA4IBAQCrXOS21maYI4PUL5Fbzlfy
6914Cinju02FH7zcNNOy6jNJWaCn5lAiYy5b9KRV2M0NI963RFXu12M9+XYs5z7a
qsLgPB2eJUifm4prQnJZrXDO8NP5IDbubDTh0scUKdrj8aabtOM1SqMNeosGgJkK
mI6UyBBL1MHbqnrvFn3Mo7yxr11J64vjd7/yk6HPgxCexgQBtt+AncOsyYPVeS2X
M1OAuYpgrlRM0p4r+WJ7yu6XccMh51rWGd5nF3b5nQWe/PdTB4O5E1KZRGs/6fi3
z529vq+dG6A2U7zANbjs1Q6QmYecUUDh87VjEUBXiR6DsqjSu3CK0tuXqjvewjg7
-----END CERTIFICATE-----