Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/1ff001-26da-4bef-b1fb-83cac4b22233/1/rHga55Czu_olcqXp1dL1ZJ5IEJs.roa
File:                     rHga55Czu_olcqXp1dL1ZJ5IEJs.roa (raw, json)
Hash identifier:          HvIYhtCsc4ksr8e9YC8iXYnS+/L7IK0zJKHOtTBpT4E=
Subject key identifier:   AC:78:1A:E7:90:B3:BB:FA:25:72:A5:E9:D5:D2:F5:64:9E:48:10:9B
Certificate issuer:       /CN=5aab4a28fc29853dd23c76bd1e2f78ce9999a15a
Certificate serial:       019B7C11B2A9B4E898AF04C18E38827D5162
Authority key identifier: 5A:AB:4A:28:FC:29:85:3D:D2:3C:76:BD:1E:2F:78:CE:99:99:A1:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WqtKKPwphT3SPHa9Hi94zpmZoVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/1ff001-26da-4bef-b1fb-83cac4b22233/1/rHga55Czu_olcqXp1dL1ZJ5IEJs.roa
Signing time:             Fri 02 Jan 2026 00:18:13 +0000
ROA not before:           Fri 02 Jan 2026 00:18:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214667
IP address blocks:        195.214.200.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/1ff001-26da-4bef-b1fb-83cac4b22233/1/WqtKKPwphT3SPHa9Hi94zpmZoVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/1ff001-26da-4bef-b1fb-83cac4b22233/1/WqtKKPwphT3SPHa9Hi94zpmZoVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WqtKKPwphT3SPHa9Hi94zpmZoVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 06:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:b2:a9:b4:e8:98:af:04:c1:8e:38:82:7d:51:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5aab4a28fc29853dd23c76bd1e2f78ce9999a15a
        Validity
            Not Before: Jan  2 00:18:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ac781ae790b3bbfa2572a5e9d5d2f5649e48109b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:24:2f:38:eb:b0:34:03:84:35:ad:38:a0:e7:
                    8e:df:f1:76:1e:79:58:7d:07:36:7c:0a:74:5f:f6:
                    5d:9f:15:e1:8d:15:b8:97:a8:86:ff:05:0b:89:d3:
                    02:85:cf:7c:92:26:0f:45:f1:b3:ff:8a:ff:de:41:
                    db:f9:ef:fe:83:51:ac:fe:c6:e7:e6:76:a3:a9:fa:
                    b3:52:11:e2:ae:d2:ca:18:f5:5a:e1:7b:f2:0b:80:
                    78:20:c1:64:8a:19:ae:a7:a4:36:f4:bd:bc:06:91:
                    5c:97:88:9c:f7:0f:a9:68:28:15:f0:e3:fe:03:06:
                    92:df:16:d0:6b:40:d4:d7:27:68:78:0b:f3:85:4f:
                    aa:ef:0e:8d:5b:73:7c:a0:a6:94:d7:6a:29:a5:36:
                    a6:d8:7d:27:6b:b2:96:e3:64:1f:5c:ea:a3:47:7e:
                    56:d2:43:a7:fb:45:3f:70:99:f3:c6:f2:61:43:6c:
                    28:41:bb:20:42:28:bd:be:c2:80:36:dc:f4:d8:6f:
                    d8:53:7c:8a:5f:0d:f4:0e:86:93:9b:0b:48:d1:b8:
                    b8:ef:d6:63:7d:88:9b:17:e8:66:13:99:d4:91:e6:
                    29:f8:80:7e:2b:fc:20:f5:02:51:b4:cb:16:57:8c:
                    a5:8e:1a:02:8d:c3:8b:55:96:90:09:e2:5d:e3:39:
                    cf:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:78:1A:E7:90:B3:BB:FA:25:72:A5:E9:D5:D2:F5:64:9E:48:10:9B
            X509v3 Authority Key Identifier:
                keyid:5A:AB:4A:28:FC:29:85:3D:D2:3C:76:BD:1E:2F:78:CE:99:99:A1:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WqtKKPwphT3SPHa9Hi94zpmZoVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/1ff001-26da-4bef-b1fb-83cac4b22233/1/rHga55Czu_olcqXp1dL1ZJ5IEJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/1ff001-26da-4bef-b1fb-83cac4b22233/1/WqtKKPwphT3SPHa9Hi94zpmZoVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.214.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         27:82:09:99:21:be:89:91:7e:c4:82:da:1a:e4:b1:e0:6d:20:
         9e:14:74:c0:cc:83:43:3f:14:2a:f6:2a:83:51:3f:4e:cc:90:
         11:9f:5a:e4:95:fd:e0:0d:47:94:51:55:33:b1:fa:2d:5e:e1:
         c0:b3:ce:a0:4b:4c:fa:56:5b:a9:77:88:54:3d:fe:93:a2:10:
         2a:ab:d2:27:3c:30:03:38:aa:5c:a1:4a:25:10:d6:8b:2b:5a:
         c2:7f:03:11:05:f1:04:4c:a3:0e:5e:52:d9:a6:ba:bd:b2:f0:
         7f:29:50:ec:14:25:ea:ec:99:82:da:55:8a:27:e9:71:e2:18:
         1a:ac:04:b8:cf:a9:6c:1d:2d:6d:4d:e6:23:f0:0a:23:a0:43:
         b7:69:f1:5d:aa:e4:f8:d1:21:ff:8a:45:ff:2d:a3:71:ac:54:
         5f:04:0e:40:dc:e2:aa:5b:c4:f8:b3:25:dd:f7:60:b7:17:76:
         e4:f1:86:1c:3e:8c:40:63:92:e3:2c:46:f9:6e:e2:c3:67:f2:
         79:e6:1b:c1:08:72:80:31:dc:ff:05:39:a5:38:5b:49:13:7a:
         78:9e:c2:05:cc:c9:fc:2d:2f:91:ee:a1:10:ca:e0:da:aa:7d:
         f4:db:19:77:02:95:dc:c4:24:3d:5c:65:e0:45:ca:a5:df:66:
         29:e5:cb:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EbKptOiYrwTBjjiCfVFiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhYWI0YTI4ZmMyOTg1M2RkMjNjNzZiZDFlMmY3OGNlOTk5
OWExNWEwHhcNMjYwMTAyMDAxODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzc4MWFlNzkwYjNiYmZhMjU3MmE1ZTlkNWQyZjU2NDllNDgxMDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryQvOOuwNAOENa04oOeO3/F2HnlY
fQc2fAp0X/ZdnxXhjRW4l6iG/wULidMChc98kiYPRfGz/4r/3kHb+e/+g1Gs/sbn
5najqfqzUhHirtLKGPVa4XvyC4B4IMFkihmup6Q29L28BpFcl4ic9w+paCgV8OP+
AwaS3xbQa0DU1ydoeAvzhU+q7w6NW3N8oKaU12oppTam2H0na7KW42QfXOqjR35W
0kOn+0U/cJnzxvJhQ2woQbsgQii9vsKANtz02G/YU3yKXw30DoaTmwtI0bi479Zj
fYibF+hmE5nUkeYp+IB+K/wg9QJRtMsWV4yljhoCjcOLVZaQCeJd4znPOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKx4GueQs7v6JXKl6dXS9WSeSBCbMB8GA1UdIwQY
MBaAFFqrSij8KYU90jx2vR4veM6ZmaFaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3F0S0tQd3BoVDNTUEhhOUhpOTR6cG1ab1ZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8xZmYwMDEtMjZkYS00YmVmLWIxZmIt
ODNjYWM0YjIyMjMzLzEvckhnYTU1Q3p1X29sY3FYcDFkTDFaSjVJRUpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8xZmYwMDEtMjZkYS00YmVmLWIxZmItODNjYWM0YjIyMjMz
LzEvV3F0S0tQd3BoVDNTUEhhOUhpOTR6cG1ab1ZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDw9bIMA0G
CSqGSIb3DQEBCwUAA4IBAQAnggmZIb6JkX7Egtoa5LHgbSCeFHTAzINDPxQq9iqD
UT9OzJARn1rklf3gDUeUUVUzsfotXuHAs86gS0z6Vlupd4hUPf6TohAqq9InPDAD
OKpcoUolENaLK1rCfwMRBfEETKMOXlLZprq9svB/KVDsFCXq7JmC2lWKJ+lx4hga
rAS4z6lsHS1tTeYj8AojoEO3afFdquT40SH/ikX/LaNxrFRfBA5A3OKqW8T4syXd
92C3F3bk8YYcPoxAY5LjLEb5buLDZ/J55hvBCHKAMdz/BTmlOFtJE3p4nsIFzMn8
LS+R7qEQyuDaqn302xl3ApXcxCQ9XGXgRcql32Yp5cvO
-----END CERTIFICATE-----