Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/409949-f229-498d-9315-34b67df7cb03/1/HkHNahLcMn29F8mn38rgMtihXs4.roa
File:                     HkHNahLcMn29F8mn38rgMtihXs4.roa (raw, json)
Hash identifier:          ub8cZTZrM4u+sWY7kMq23CbCe1Gwl8HzBfkM+mdpS/s=
Subject key identifier:   1E:41:CD:6A:12:DC:32:7D:BD:17:C9:A7:DF:CA:E0:32:D8:A1:5E:CE
Certificate issuer:       /CN=465ef7bd2eb3dcdbab04908380d48a8f2febc62c
Certificate serial:       019DDF84B3F9E49966C1C0106D62E7ED22C5
Authority key identifier: 46:5E:F7:BD:2E:B3:DC:DB:AB:04:90:83:80:D4:8A:8F:2F:EB:C6:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rl73vS6z3NurBJCDgNSKjy_rxiw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/409949-f229-498d-9315-34b67df7cb03/1/HkHNahLcMn29F8mn38rgMtihXs4.roa
Signing time:             Thu 30 Apr 2026 17:51:49 +0000
ROA not before:           Thu 30 Apr 2026 17:51:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210955
IP address blocks:        194.113.70.0/24 maxlen: 24
                          194.113.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/409949-f229-498d-9315-34b67df7cb03/1/Rl73vS6z3NurBJCDgNSKjy_rxiw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/409949-f229-498d-9315-34b67df7cb03/1/Rl73vS6z3NurBJCDgNSKjy_rxiw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rl73vS6z3NurBJCDgNSKjy_rxiw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 11:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:df:84:b3:f9:e4:99:66:c1:c0:10:6d:62:e7:ed:22:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=465ef7bd2eb3dcdbab04908380d48a8f2febc62c
        Validity
            Not Before: Apr 30 17:51:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1e41cd6a12dc327dbd17c9a7dfcae032d8a15ece
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:7d:e5:34:a0:d7:97:a3:88:07:93:64:e5:66:
                    58:60:d2:42:68:16:ec:b7:16:5e:13:ea:1e:05:7b:
                    23:2a:d4:41:0a:45:22:c5:20:6a:7d:bd:1e:5e:32:
                    75:0e:5d:1d:4f:d0:be:2b:6d:ed:19:71:66:47:81:
                    cc:16:98:07:af:ab:23:5e:34:5b:12:a9:2f:c9:b1:
                    0e:30:51:e9:e8:b0:66:e5:22:ca:5f:d3:e1:b9:fc:
                    07:62:42:a3:01:4e:6e:1e:6a:ad:2b:a9:59:9c:84:
                    20:1b:9f:6e:aa:e1:41:b1:d8:74:8a:2b:52:a4:21:
                    b7:43:38:98:4c:04:ef:d3:75:73:c3:77:1a:44:a0:
                    31:17:b4:66:a3:ca:f4:af:a0:bd:61:8e:fd:a5:cc:
                    cc:83:49:dc:9b:12:fa:63:6b:73:5c:35:05:0e:a4:
                    cb:50:2e:e3:91:51:d4:bc:51:40:a7:b3:47:84:a6:
                    c7:25:31:97:5b:45:0d:99:b9:5f:fb:ce:98:72:e7:
                    ad:de:90:d3:2d:40:a5:96:e4:9b:53:72:04:80:89:
                    70:96:9b:97:68:51:1f:73:36:ca:72:7a:18:88:eb:
                    e5:92:3a:3b:cb:bb:ae:8c:74:fa:38:0d:03:59:0e:
                    c2:99:6a:44:b3:3f:4a:cf:7f:17:80:9f:bb:c5:89:
                    f9:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:41:CD:6A:12:DC:32:7D:BD:17:C9:A7:DF:CA:E0:32:D8:A1:5E:CE
            X509v3 Authority Key Identifier:
                keyid:46:5E:F7:BD:2E:B3:DC:DB:AB:04:90:83:80:D4:8A:8F:2F:EB:C6:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rl73vS6z3NurBJCDgNSKjy_rxiw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/409949-f229-498d-9315-34b67df7cb03/1/HkHNahLcMn29F8mn38rgMtihXs4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/409949-f229-498d-9315-34b67df7cb03/1/Rl73vS6z3NurBJCDgNSKjy_rxiw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.70.0/24
                  194.113.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:78:65:33:b0:9a:16:04:cc:a7:fc:f4:39:69:92:8c:7f:d4:
         28:24:0c:60:7b:18:6a:bb:9c:64:bb:47:8f:f4:56:38:26:f6:
         d4:e9:e9:67:97:86:66:be:65:24:a8:5b:69:e2:9e:a1:42:71:
         1d:f2:ce:4b:d4:65:38:bb:64:bd:d8:4b:01:06:de:1c:83:03:
         3d:63:43:fb:02:c3:c9:b1:03:cf:c4:9b:b0:38:40:e9:4e:f6:
         51:2a:6d:c3:d4:f7:95:c3:38:88:4c:c1:14:08:f8:77:f2:78:
         cd:24:ce:21:8d:c5:23:8f:0e:6c:78:dd:a7:d2:0b:5d:de:2e:
         c4:b5:d6:3f:3d:b8:7d:40:be:7e:4a:e1:45:b1:dc:71:71:8a:
         4b:19:51:b8:fb:b1:13:24:7d:bc:e1:73:b9:88:a9:b1:bf:3b:
         22:bf:39:e9:e0:53:f7:90:ba:6c:7a:42:ad:a4:9a:f1:cd:a6:
         68:c5:37:1a:27:98:af:a7:5d:8b:d7:94:5c:31:6f:53:e8:0c:
         80:35:83:76:82:ec:72:95:98:64:ca:cd:41:fd:a5:33:d6:d3:
         68:c4:a9:bd:8c:64:79:f7:c4:4b:a9:12:7f:2b:6c:ca:34:0a:
         c1:14:f5:7e:7d:80:78:90:93:ef:85:22:f0:d6:6c:1c:1f:4f:
         c1:ac:61:3c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3fhLP55JlmwcAQbWLn7SLFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NWVmN2JkMmViM2RjZGJhYjA0OTA4MzgwZDQ4YThmMmZl
YmM2MmMwHhcNMjYwNDMwMTc1MTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTQxY2Q2YTEyZGMzMjdkYmQxN2M5YTdkZmNhZTAzMmQ4YTE1ZWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA533lNKDXl6OIB5Nk5WZYYNJCaBbs
txZeE+oeBXsjKtRBCkUixSBqfb0eXjJ1Dl0dT9C+K23tGXFmR4HMFpgHr6sjXjRb
EqkvybEOMFHp6LBm5SLKX9PhufwHYkKjAU5uHmqtK6lZnIQgG59uquFBsdh0iitS
pCG3QziYTATv03Vzw3caRKAxF7Rmo8r0r6C9YY79pczMg0ncmxL6Y2tzXDUFDqTL
UC7jkVHUvFFAp7NHhKbHJTGXW0UNmblf+86Ycuet3pDTLUClluSbU3IEgIlwlpuX
aFEfczbKcnoYiOvlkjo7y7uujHT6OA0DWQ7CmWpEsz9Kz38XgJ+7xYn5PwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB5BzWoS3DJ9vRfJp9/K4DLYoV7OMB8GA1UdIwQY
MBaAFEZe970us9zbqwSQg4DUio8v68YsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmw3M3ZTNnozTnVyQkpDRGdOU0tqeV9yeGl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80MDk5NDktZjIyOS00OThkLTkzMTUt
MzRiNjdkZjdjYjAzLzEvSGtITmFoTGNNbjI5RjhtbjM4cmdNdGloWHM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC80MDk5NDktZjIyOS00OThkLTkzMTUtMzRiNjdkZjdjYjAz
LzEvUmw3M3ZTNnozTnVyQkpDRGdOU0tqeV9yeGl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwnFGAwQA
wnFcMA0GCSqGSIb3DQEBCwUAA4IBAQAKeGUzsJoWBMyn/PQ5aZKMf9QoJAxgexhq
u5xku0eP9FY4JvbU6elnl4ZmvmUkqFtp4p6hQnEd8s5L1GU4u2S92EsBBt4cgwM9
Y0P7AsPJsQPPxJuwOEDpTvZRKm3D1PeVwziITMEUCPh38njNJM4hjcUjjw5seN2n
0gtd3i7EtdY/Pbh9QL5+SuFFsdxxcYpLGVG4+7ETJH284XO5iKmxvzsivznp4FP3
kLpsekKtpJrxzaZoxTcaJ5ivp12L15RcMW9T6AyANYN2guxylZhkys1B/aUz1tNo
xKm9jGR598RLqRJ/K2zKNArBFPV+fYB4kJPvhSLw1mwcH0/BrGE8
-----END CERTIFICATE-----