Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/H4L-qt_BxEvihq_o1Xaqz-fkvFE.roa
File:                     H4L-qt_BxEvihq_o1Xaqz-fkvFE.roa (raw, json)
Hash identifier:          VEe/jw2PB8S6n9CGD2VAh3zIwGdGkRNshlPXiJ7ysA0=
Subject key identifier:   1F:82:FE:AA:DF:C1:C4:4B:E2:86:AF:E8:D5:76:AA:CF:E7:E4:BC:51
Certificate issuer:       /CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
Certificate serial:       019D2304EDF6DC8CB03F34BD8183897A511D
Authority key identifier: D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/H4L-qt_BxEvihq_o1Xaqz-fkvFE.roa
Signing time:             Wed 25 Mar 2026 03:23:38 +0000
ROA not before:           Wed 25 Mar 2026 03:23:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     26042
IP address blocks:        85.149.216.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 15:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:23:04:ed:f6:dc:8c:b0:3f:34:bd:81:83:89:7a:51:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
        Validity
            Not Before: Mar 25 03:23:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1f82feaadfc1c44be286afe8d576aacfe7e4bc51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e4:4a:37:3c:73:eb:1f:7a:84:34:78:81:a0:
                    61:eb:7d:e1:f2:1d:cf:b3:42:66:8c:ae:b6:fa:00:
                    ba:38:6e:68:60:3f:6b:26:ba:12:85:de:c7:bf:79:
                    bf:5d:b7:d2:c0:34:9a:bc:54:9c:9c:58:41:34:17:
                    83:e2:2d:3b:11:de:ff:e7:e2:7c:49:c7:81:d6:40:
                    60:de:a6:76:3f:7e:e1:71:e3:19:b6:df:26:48:2b:
                    d5:46:77:5c:3f:db:fd:24:57:0b:d9:9f:11:7e:c4:
                    f2:63:10:38:90:0e:cd:ac:e9:f4:48:39:43:66:de:
                    a4:2f:2c:df:fe:82:74:30:bf:bf:e6:ad:74:22:de:
                    9d:a2:a3:91:e8:b0:52:a7:98:8f:2a:79:d2:f6:5b:
                    f5:7e:7e:ab:de:d0:a2:8e:9d:51:68:13:1f:9f:a6:
                    05:ac:85:de:c2:52:c3:f1:72:d8:12:a2:9a:b0:9d:
                    68:ef:a5:f5:2c:18:72:ac:22:b9:3b:13:4b:79:87:
                    2d:b0:a9:0e:85:fd:e8:82:cc:f5:4b:d9:91:03:b0:
                    02:3d:86:af:b0:6e:ab:67:9e:1c:a2:6f:8a:43:17:
                    d5:f7:18:aa:a2:8e:58:4c:b4:6f:3e:c9:c7:5d:51:
                    d2:03:7c:49:d2:e3:8f:df:42:ce:08:26:56:0c:78:
                    c5:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:82:FE:AA:DF:C1:C4:4B:E2:86:AF:E8:D5:76:AA:CF:E7:E4:BC:51
            X509v3 Authority Key Identifier:
                keyid:D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/H4L-qt_BxEvihq_o1Xaqz-fkvFE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.149.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         69:1f:43:0d:6f:c2:9f:79:ac:4c:e1:0c:d9:ec:f6:83:e6:d2:
         9b:23:0e:1e:29:55:e0:88:1c:f9:11:d5:39:c9:8b:40:49:61:
         68:fc:95:01:b9:85:71:8c:35:18:64:7a:e0:25:73:36:40:a9:
         3e:46:90:ce:e4:bd:3a:fb:61:c5:64:78:08:ea:ff:64:99:b3:
         74:35:8a:29:47:e4:c4:5e:ab:33:dd:96:7d:b4:1e:bd:58:76:
         22:bf:50:27:30:3a:1f:55:c9:cb:94:5b:54:70:d5:24:be:3a:
         ef:77:e0:35:ec:32:73:39:b9:99:b1:ca:4f:01:4e:73:f4:f7:
         8b:85:2d:b5:8a:b7:cf:d9:35:aa:9c:bd:da:98:a3:cd:8e:d6:
         64:86:33:c7:ff:8c:ea:84:d7:02:29:99:f6:cc:24:c8:df:ce:
         4f:75:72:5c:19:48:e9:ad:ad:43:b2:cf:e5:c2:74:32:c7:88:
         26:5a:0c:81:49:5b:13:1c:7a:17:b9:76:c1:0b:33:b4:69:d6:
         d4:57:24:85:2c:64:42:09:67:84:30:0c:8e:9d:b9:ef:ba:33:
         a8:b6:86:80:04:98:99:42:7b:fc:6e:b5:1c:cf:b2:56:5a:fa:
         e3:29:61:bf:a5:31:c5:b8:2e:2b:a7:05:8f:b5:e5:9e:b8:32:
         f6:ee:61:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0jBO323IywPzS9gYOJelEdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDNjYTJjMjMxYWZkZjNiMDM1NWM3N2E3Y2JiMjI2Zjgx
Yjc0ZGUwHhcNMjYwMzI1MDMyMzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjgyZmVhYWRmYzFjNDRiZTI4NmFmZThkNTc2YWFjZmU3ZTRiYzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+RKNzxz6x96hDR4gaBh633h8h3P
s0JmjK62+gC6OG5oYD9rJroShd7Hv3m/XbfSwDSavFScnFhBNBeD4i07Ed7/5+J8
SceB1kBg3qZ2P37hceMZtt8mSCvVRndcP9v9JFcL2Z8RfsTyYxA4kA7NrOn0SDlD
Zt6kLyzf/oJ0ML+/5q10It6doqOR6LBSp5iPKnnS9lv1fn6r3tCijp1RaBMfn6YF
rIXewlLD8XLYEqKasJ1o76X1LBhyrCK5OxNLeYctsKkOhf3ogsz1S9mRA7ACPYav
sG6rZ54com+KQxfV9xiqoo5YTLRvPsnHXVHSA3xJ0uOP30LOCCZWDHjFkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+C/qrfwcRL4oav6NV2qs/n5LxRMB8GA1UdIwQY
MBaAFNjTyiwjGv3zsDVcd6fLsib4G3TeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTkt
OTkxMjhiZjZhODQxLzEvSDRMLXF0X0J4RXZpaHFfbzFYYXF6LWZrdkZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTktOTkxMjhiZjZhODQx
LzEvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVZXYMA0G
CSqGSIb3DQEBCwUAA4IBAQBpH0MNb8KfeaxM4QzZ7PaD5tKbIw4eKVXgiBz5EdU5
yYtASWFo/JUBuYVxjDUYZHrgJXM2QKk+RpDO5L06+2HFZHgI6v9kmbN0NYopR+TE
Xqsz3ZZ9tB69WHYiv1AnMDofVcnLlFtUcNUkvjrvd+A17DJzObmZscpPAU5z9PeL
hS21irfP2TWqnL3amKPNjtZkhjPH/4zqhNcCKZn2zCTI385PdXJcGUjpra1Dss/l
wnQyx4gmWgyBSVsTHHoXuXbBCzO0adbUVySFLGRCCWeEMAyOnbnvujOotoaABJiZ
Qnv8brUcz7JWWvrjKWG/pTHFuC4rpwWPteWeuDL27mEf
-----END CERTIFICATE-----