Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/hdMhRXPkqOxd6xFDrB9U7Fci7VY.roa
File:                     hdMhRXPkqOxd6xFDrB9U7Fci7VY.roa (raw, json)
Hash identifier:          hb72Wv3Ty8NGqhQVsA+e2PBxO1ogzpMNtaMedfjgyDI=
Subject key identifier:   85:D3:21:45:73:E4:A8:EC:5D:EB:11:43:AC:1F:54:EC:57:22:ED:56
Certificate issuer:       /CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
Certificate serial:       019DC21BFA1750BB0F91BF6B220F4610CA61
Authority key identifier: D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/hdMhRXPkqOxd6xFDrB9U7Fci7VY.roa
Signing time:             Sat 25 Apr 2026 00:48:26 +0000
ROA not before:           Sat 25 Apr 2026 00:48:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7720
IP address blocks:        85.149.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 03:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c2:1b:fa:17:50:bb:0f:91:bf:6b:22:0f:46:10:ca:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
        Validity
            Not Before: Apr 25 00:48:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=85d3214573e4a8ec5deb1143ac1f54ec5722ed56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:0c:f4:99:0e:00:18:5a:54:56:5f:b3:26:41:
                    ae:90:cc:62:84:d2:64:4e:e3:0f:45:7f:1c:01:9d:
                    7c:80:a3:c8:df:39:ae:0f:10:11:51:6e:c9:11:ac:
                    b3:88:11:25:b3:16:5e:5f:b3:93:f9:98:a7:88:97:
                    ae:5c:a9:4e:a8:75:8e:8c:87:77:d7:5f:61:aa:00:
                    e5:a4:ed:ca:c7:bc:ff:b9:77:89:2a:89:86:34:6c:
                    fc:d4:69:8d:15:07:f9:9e:25:92:fc:1c:c1:43:d7:
                    f4:bd:e3:80:98:0d:de:ae:3e:12:33:55:43:40:8b:
                    08:7c:5e:d1:8f:c7:96:83:7f:9e:e0:7a:72:ce:2a:
                    4e:7d:a5:a1:5a:a7:1b:1f:f3:04:41:ad:7c:a7:7e:
                    4f:82:8c:b3:14:c9:20:dd:63:22:b4:a9:19:03:7b:
                    d9:68:54:45:98:44:1d:ab:99:b7:52:2a:5c:22:ad:
                    0b:25:22:33:1f:0c:7a:85:5d:3a:30:31:08:37:71:
                    56:7e:36:50:ed:6d:d0:d1:52:31:9a:7d:c1:eb:31:
                    8f:0d:ad:33:df:90:ae:91:92:4f:e9:dd:93:6c:ec:
                    15:21:8d:09:5e:c4:4e:ff:01:65:73:3d:28:73:04:
                    0d:6f:55:0d:ff:cb:e7:fb:88:db:42:f8:07:d8:b6:
                    ea:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:D3:21:45:73:E4:A8:EC:5D:EB:11:43:AC:1F:54:EC:57:22:ED:56
            X509v3 Authority Key Identifier:
                keyid:D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/hdMhRXPkqOxd6xFDrB9U7Fci7VY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.149.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:d3:1b:3d:5d:73:cd:68:92:28:c1:c7:eb:ea:97:b9:16:6e:
         57:63:fd:29:96:9f:e9:59:aa:0f:a9:ff:c3:35:52:3d:f0:9e:
         f6:b7:9d:20:d4:7d:36:6c:e0:8f:43:2a:77:7e:c0:29:c1:d1:
         40:43:57:ff:ac:a9:96:67:20:4e:a1:fa:38:64:62:15:ec:0b:
         59:d8:e7:3d:6b:5e:63:7d:f6:47:6f:2c:2e:c4:c6:f6:a0:9a:
         fe:bd:20:f9:31:cc:9c:4d:d3:58:a5:11:da:e1:e1:b9:e4:66:
         72:8b:80:a7:60:74:1f:a6:13:b4:e9:1a:3b:13:1a:78:ca:ab:
         f6:ef:43:b8:ff:42:1c:f8:d3:46:10:7d:c6:b3:35:ae:ab:cf:
         a3:77:98:3f:d0:c1:81:43:10:a2:a4:25:a2:5a:32:a4:ae:b7:
         09:2d:95:95:32:4c:89:b6:ac:fe:f2:c4:79:53:54:53:1d:07:
         29:8b:95:5d:0d:c4:75:66:79:b9:e0:8b:b3:76:d5:e7:45:09:
         62:97:5e:11:7e:e4:4a:54:c3:7f:3e:dd:f3:21:8d:19:74:ea:
         54:27:30:d4:81:24:26:11:a8:c6:67:65:58:54:31:b3:1d:20:
         9f:49:c8:15:7b:55:22:29:03:14:d6:e9:bc:f8:39:58:60:db:
         85:d4:d0:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3CG/oXULsPkb9rIg9GEMphMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDNjYTJjMjMxYWZkZjNiMDM1NWM3N2E3Y2JiMjI2Zjgx
Yjc0ZGUwHhcNMjYwNDI1MDA0ODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWQzMjE0NTczZTRhOGVjNWRlYjExNDNhYzFmNTRlYzU3MjJlZDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAz0mQ4AGFpUVl+zJkGukMxihNJk
TuMPRX8cAZ18gKPI3zmuDxARUW7JEayziBElsxZeX7OT+ZiniJeuXKlOqHWOjId3
119hqgDlpO3Kx7z/uXeJKomGNGz81GmNFQf5niWS/BzBQ9f0veOAmA3erj4SM1VD
QIsIfF7Rj8eWg3+e4HpyzipOfaWhWqcbH/MEQa18p35PgoyzFMkg3WMitKkZA3vZ
aFRFmEQdq5m3UipcIq0LJSIzHwx6hV06MDEIN3FWfjZQ7W3Q0VIxmn3B6zGPDa0z
35CukZJP6d2TbOwVIY0JXsRO/wFlcz0ocwQNb1UN/8vn+4jbQvgH2LbqvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIXTIUVz5KjsXesRQ6wfVOxXIu1WMB8GA1UdIwQY
MBaAFNjTyiwjGv3zsDVcd6fLsib4G3TeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTkt
OTkxMjhiZjZhODQxLzEvaGRNaFJYUGtxT3hkNnhGRHJCOVU3RmNpN1ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTktOTkxMjhiZjZhODQx
LzEvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVZXdMA0G
CSqGSIb3DQEBCwUAA4IBAQBd0xs9XXPNaJIowcfr6pe5Fm5XY/0plp/pWaoPqf/D
NVI98J72t50g1H02bOCPQyp3fsApwdFAQ1f/rKmWZyBOofo4ZGIV7AtZ2Oc9a15j
ffZHbywuxMb2oJr+vSD5McycTdNYpRHa4eG55GZyi4CnYHQfphO06Ro7Exp4yqv2
70O4/0Ic+NNGEH3GszWuq8+jd5g/0MGBQxCipCWiWjKkrrcJLZWVMkyJtqz+8sR5
U1RTHQcpi5VdDcR1Znm54IuzdtXnRQlil14RfuRKVMN/Pt3zIY0ZdOpUJzDUgSQm
EajGZ2VYVDGzHSCfScgVe1UiKQMU1um8+DlYYNuF1NDc
-----END CERTIFICATE-----