Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/af58b6-9e8f-406e-ac1c-2fc030a60cea/1/hWHZBj8opxLji1dLlE3VmNv5Hls.roa
File:                     hWHZBj8opxLji1dLlE3VmNv5Hls.roa (raw, json)
Hash identifier:          soPJ0c1Js9F+eNHpUDKlZXFQ1H4GaNDtLLKDaTHKOIY=
Subject key identifier:   85:61:D9:06:3F:28:A7:12:E3:8B:57:4B:94:4D:D5:98:DB:F9:1E:5B
Certificate issuer:       /CN=1329cd3ee2fe126a82ca2a58c87ed5838fe2af57
Certificate serial:       019CBCD737CF92A90A793DB54C53A377D82F
Authority key identifier: 13:29:CD:3E:E2:FE:12:6A:82:CA:2A:58:C8:7E:D5:83:8F:E2:AF:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EynNPuL-EmqCyipYyH7Vg4_ir1c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/af58b6-9e8f-406e-ac1c-2fc030a60cea/1/hWHZBj8opxLji1dLlE3VmNv5Hls.roa
Signing time:             Thu 05 Mar 2026 07:12:26 +0000
ROA not before:           Thu 05 Mar 2026 07:12:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50005
IP address blocks:        195.178.18.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/af58b6-9e8f-406e-ac1c-2fc030a60cea/1/EynNPuL-EmqCyipYyH7Vg4_ir1c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/af58b6-9e8f-406e-ac1c-2fc030a60cea/1/EynNPuL-EmqCyipYyH7Vg4_ir1c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EynNPuL-EmqCyipYyH7Vg4_ir1c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:bc:d7:37:cf:92:a9:0a:79:3d:b5:4c:53:a3:77:d8:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1329cd3ee2fe126a82ca2a58c87ed5838fe2af57
        Validity
            Not Before: Mar  5 07:12:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8561d9063f28a712e38b574b944dd598dbf91e5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:40:87:df:ef:74:ca:21:0c:90:de:bd:de:fc:
                    0e:40:b0:32:23:8a:04:e4:04:9c:fe:0b:4c:a2:0b:
                    6b:25:30:ad:24:77:31:1a:05:59:67:e0:cf:01:2e:
                    40:92:67:8b:7e:43:6f:cc:c0:3b:2c:3e:1a:08:06:
                    6b:a1:3b:69:d9:bf:72:30:88:05:3e:1b:1b:5f:19:
                    4f:16:97:0d:be:dd:2c:ab:17:49:44:27:5b:9d:5f:
                    14:f3:22:98:30:92:70:1a:b3:ed:b1:54:c9:16:a0:
                    ac:16:e2:39:34:b3:0b:03:20:00:cd:79:44:91:11:
                    a9:fb:65:b8:2e:6c:f4:42:e6:11:8f:f3:94:93:6b:
                    4d:a3:47:ea:81:3c:8c:c6:d2:a8:69:4b:34:65:27:
                    26:0d:45:2b:11:48:fc:28:db:e8:f8:7a:cd:d6:62:
                    96:a1:e7:06:aa:41:4f:02:c8:09:95:f8:09:a8:04:
                    5b:9d:e0:d1:ec:68:37:dc:de:78:03:37:00:de:a3:
                    47:8a:e2:d9:ac:0b:78:0d:3f:11:1a:76:91:28:97:
                    d7:b6:77:a1:bd:97:00:c8:0a:8c:c6:85:bc:2a:03:
                    b5:97:34:04:ee:19:ad:dd:14:08:44:d5:67:7a:38:
                    49:1d:10:78:3b:d9:cd:d9:16:b7:f2:fd:46:c7:33:
                    d1:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:61:D9:06:3F:28:A7:12:E3:8B:57:4B:94:4D:D5:98:DB:F9:1E:5B
            X509v3 Authority Key Identifier:
                keyid:13:29:CD:3E:E2:FE:12:6A:82:CA:2A:58:C8:7E:D5:83:8F:E2:AF:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EynNPuL-EmqCyipYyH7Vg4_ir1c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/af58b6-9e8f-406e-ac1c-2fc030a60cea/1/hWHZBj8opxLji1dLlE3VmNv5Hls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/af58b6-9e8f-406e-ac1c-2fc030a60cea/1/EynNPuL-EmqCyipYyH7Vg4_ir1c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.178.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         96:a7:53:34:54:98:fb:de:e4:88:1f:6e:6c:a3:75:df:0f:32:
         64:6d:3f:7a:85:ef:0a:5b:68:6b:c3:ce:23:fc:47:01:31:cd:
         36:94:76:3d:16:cd:26:2e:0f:54:80:e1:d6:de:5a:44:33:60:
         c2:56:16:25:80:f1:f9:12:7b:0c:29:90:31:c2:32:d4:8f:9b:
         96:ec:30:23:f7:b3:be:92:04:cb:43:83:3f:72:75:5c:70:ad:
         73:b8:36:5a:14:62:89:29:4a:df:eb:14:25:a6:8b:0d:da:7c:
         66:18:c9:fe:2a:af:46:52:a4:e3:21:5c:6a:f1:4e:24:b5:f4:
         fd:c1:d9:ba:7d:74:d7:e1:60:bd:9d:e8:29:fe:6f:f3:52:b3:
         cf:f3:be:96:0d:ae:3d:9b:fa:d1:6b:b1:d6:64:a3:19:dc:f6:
         af:b9:41:d9:50:dc:4b:18:e3:1d:73:54:26:ca:34:11:47:b9:
         fa:0b:e0:d3:22:5b:07:07:d7:ca:30:18:b1:29:a6:cd:f4:29:
         17:07:ba:90:09:e0:6a:d5:69:b2:c4:6a:93:bf:f5:4f:5d:97:
         68:29:1c:d2:ce:62:9d:9b:7b:e7:92:a4:54:a3:fa:9e:2d:c9:
         6e:28:07:6d:71:ea:7f:92:fa:c2:f1:31:8a:01:25:f8:1c:09:
         dd:85:b0:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy81zfPkqkKeT21TFOjd9gvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMjljZDNlZTJmZTEyNmE4MmNhMmE1OGM4N2VkNTgzOGZl
MmFmNTcwHhcNMjYwMzA1MDcxMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTYxZDkwNjNmMjhhNzEyZTM4YjU3NGI5NDRkZDU5OGRiZjkxZTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0CH3+90yiEMkN693vwOQLAyI4oE
5ASc/gtMogtrJTCtJHcxGgVZZ+DPAS5AkmeLfkNvzMA7LD4aCAZroTtp2b9yMIgF
PhsbXxlPFpcNvt0sqxdJRCdbnV8U8yKYMJJwGrPtsVTJFqCsFuI5NLMLAyAAzXlE
kRGp+2W4Lmz0QuYRj/OUk2tNo0fqgTyMxtKoaUs0ZScmDUUrEUj8KNvo+HrN1mKW
oecGqkFPAsgJlfgJqARbneDR7Gg33N54AzcA3qNHiuLZrAt4DT8RGnaRKJfXtneh
vZcAyAqMxoW8KgO1lzQE7hmt3RQIRNVnejhJHRB4O9nN2Ra38v1GxzPRvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIVh2QY/KKcS44tXS5RN1Zjb+R5bMB8GA1UdIwQY
MBaAFBMpzT7i/hJqgsoqWMh+1YOP4q9XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXluTlB1TC1FbXFDeWlwWXlIN1ZnNF9pcjFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9hZjU4YjYtOWU4Zi00MDZlLWFjMWMt
MmZjMDMwYTYwY2VhLzEvaFdIWkJqOG9weExqaTFkTGxFM1ZtTnY1SGxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9hZjU4YjYtOWU4Zi00MDZlLWFjMWMtMmZjMDMwYTYwY2Vh
LzEvRXluTlB1TC1FbXFDeWlwWXlIN1ZnNF9pcjFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw7ISMA0G
CSqGSIb3DQEBCwUAA4IBAQCWp1M0VJj73uSIH25so3XfDzJkbT96he8KW2hrw84j
/EcBMc02lHY9Fs0mLg9UgOHW3lpEM2DCVhYlgPH5EnsMKZAxwjLUj5uW7DAj97O+
kgTLQ4M/cnVccK1zuDZaFGKJKUrf6xQlposN2nxmGMn+Kq9GUqTjIVxq8U4ktfT9
wdm6fXTX4WC9negp/m/zUrPP876WDa49m/rRa7HWZKMZ3PavuUHZUNxLGOMdc1Qm
yjQRR7n6C+DTIlsHB9fKMBixKabN9CkXB7qQCeBq1WmyxGqTv/VPXZdoKRzSzmKd
m3vnkqRUo/qeLcluKAdtcep/kvrC8TGKASX4HAndhbDe
-----END CERTIFICATE-----