Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/dc573d-a3db-41f9-8c3f-867965eb50ca/1/HdtIM72Je6eID2UflpjXv9hX0Fg.roa
File:                     HdtIM72Je6eID2UflpjXv9hX0Fg.roa (raw, json)
Hash identifier:          c++PW514MuKO6i2Ca50xS+brdGSlfDfubR4SvsYDiXQ=
Subject key identifier:   1D:DB:48:33:BD:89:7B:A7:88:0F:65:1F:96:98:D7:BF:D8:57:D0:58
Certificate issuer:       /CN=83b5b4913cc78e40803c00bec6b1a9dc48ff3684
Certificate serial:       019CEB525C8B705B376ADC345E981BFB9517
Authority key identifier: 83:B5:B4:91:3C:C7:8E:40:80:3C:00:BE:C6:B1:A9:DC:48:FF:36:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g7W0kTzHjkCAPAC-xrGp3Ej_NoQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/dc573d-a3db-41f9-8c3f-867965eb50ca/1/HdtIM72Je6eID2UflpjXv9hX0Fg.roa
Signing time:             Sat 14 Mar 2026 07:49:29 +0000
ROA not before:           Sat 14 Mar 2026 07:49:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214128
IP address blocks:        185.115.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/dc573d-a3db-41f9-8c3f-867965eb50ca/1/g7W0kTzHjkCAPAC-xrGp3Ej_NoQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/dc573d-a3db-41f9-8c3f-867965eb50ca/1/g7W0kTzHjkCAPAC-xrGp3Ej_NoQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g7W0kTzHjkCAPAC-xrGp3Ej_NoQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:eb:52:5c:8b:70:5b:37:6a:dc:34:5e:98:1b:fb:95:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83b5b4913cc78e40803c00bec6b1a9dc48ff3684
        Validity
            Not Before: Mar 14 07:49:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1ddb4833bd897ba7880f651f9698d7bfd857d058
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:33:0d:e0:19:fe:67:36:d8:d4:4c:dc:1e:2a:
                    4f:6f:da:ef:a3:11:1a:85:bd:b5:32:87:79:3a:7b:
                    38:c4:22:f2:ee:a8:2c:33:09:4f:02:c1:3c:a2:15:
                    12:2c:85:42:ff:28:59:af:51:a3:2a:48:27:f0:d1:
                    2c:a5:41:cd:c1:b5:ea:09:64:d6:f8:5c:49:ba:4e:
                    2c:6d:d2:77:38:dd:51:f4:7b:20:8f:47:b0:15:40:
                    57:c1:97:fc:f2:48:97:0d:ec:41:d7:3c:5e:64:6d:
                    63:c9:8a:cf:1c:69:41:33:3d:4f:ec:b3:ea:fc:4f:
                    94:69:50:b2:c3:e9:9c:97:d3:af:13:51:a6:4e:71:
                    9b:c2:ce:1c:24:a4:40:ff:a4:4f:71:c1:9c:84:75:
                    dd:6d:c1:08:48:d4:e4:e6:c5:8e:39:43:15:03:44:
                    23:c5:29:3c:51:d7:9f:9e:f2:4d:55:bf:58:e0:13:
                    fa:a1:3c:45:c9:67:15:df:bf:f8:91:fb:8d:e7:56:
                    5e:07:04:13:a4:ed:5d:d1:3c:84:b4:94:95:a6:f0:
                    cb:4c:5d:cb:20:1e:92:08:d3:63:84:ef:1f:8b:12:
                    ec:02:ee:ff:b6:d7:ba:3d:60:18:b4:14:a9:5f:3d:
                    3d:6d:6e:23:5a:24:58:00:64:7e:d8:fd:3c:50:fa:
                    59:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:DB:48:33:BD:89:7B:A7:88:0F:65:1F:96:98:D7:BF:D8:57:D0:58
            X509v3 Authority Key Identifier:
                keyid:83:B5:B4:91:3C:C7:8E:40:80:3C:00:BE:C6:B1:A9:DC:48:FF:36:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g7W0kTzHjkCAPAC-xrGp3Ej_NoQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/dc573d-a3db-41f9-8c3f-867965eb50ca/1/HdtIM72Je6eID2UflpjXv9hX0Fg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/dc573d-a3db-41f9-8c3f-867965eb50ca/1/g7W0kTzHjkCAPAC-xrGp3Ej_NoQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.115.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:29:dc:7e:1e:bb:9d:b3:2e:2c:29:b4:9b:73:0a:24:66:00:
         02:83:d8:70:4f:18:ea:87:74:3e:e0:4b:d3:3d:20:e2:c4:0e:
         6a:6b:11:a7:e6:7e:d0:61:7c:cf:24:26:c0:dc:81:76:94:d6:
         03:44:9d:31:da:ce:b4:8d:b3:91:61:39:01:e5:b8:dc:d8:c6:
         9e:55:c4:ac:87:87:a7:1f:f1:c4:6a:7f:75:30:7d:53:20:10:
         b7:d0:88:93:7b:d1:ca:69:97:2a:81:96:02:64:25:97:64:b7:
         1f:27:cb:b3:8b:83:e2:3f:99:6a:4b:13:74:7d:09:c5:d4:0f:
         6e:26:86:f0:27:0d:fa:6a:4f:e5:00:3b:83:06:24:8b:d8:9b:
         f6:b2:3a:33:f4:6c:e3:d7:60:09:ad:df:98:dd:e2:9c:35:fe:
         25:97:3d:37:c2:6f:fa:b3:eb:40:f7:16:88:27:de:72:6b:26:
         27:a5:ea:76:a6:6c:98:39:04:a6:5b:5f:12:09:0a:53:f4:d6:
         93:fb:d3:0d:ac:18:7b:31:88:ca:14:ef:ea:2e:19:7f:c2:68:
         45:3b:a3:3a:f2:60:e1:4b:cf:2b:be:51:55:84:d2:35:7b:97:
         a5:14:a1:19:85:e7:19:74:94:fb:4c:0e:96:f4:10:16:e4:c7:
         64:25:94:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzrUlyLcFs3atw0Xpgb+5UXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzYjViNDkxM2NjNzhlNDA4MDNjMDBiZWM2YjFhOWRjNDhm
ZjM2ODQwHhcNMjYwMzE0MDc0OTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGRiNDgzM2JkODk3YmE3ODgwZjY1MWY5Njk4ZDdiZmQ4NTdkMDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTMN4Bn+ZzbY1EzcHipPb9rvoxEa
hb21Mod5Ons4xCLy7qgsMwlPAsE8ohUSLIVC/yhZr1GjKkgn8NEspUHNwbXqCWTW
+FxJuk4sbdJ3ON1R9Hsgj0ewFUBXwZf88kiXDexB1zxeZG1jyYrPHGlBMz1P7LPq
/E+UaVCyw+mcl9OvE1GmTnGbws4cJKRA/6RPccGchHXdbcEISNTk5sWOOUMVA0Qj
xSk8UdefnvJNVb9Y4BP6oTxFyWcV37/4kfuN51ZeBwQTpO1d0TyEtJSVpvDLTF3L
IB6SCNNjhO8fixLsAu7/tte6PWAYtBSpXz09bW4jWiRYAGR+2P08UPpZhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB3bSDO9iXuniA9lH5aY17/YV9BYMB8GA1UdIwQY
MBaAFIO1tJE8x45AgDwAvsaxqdxI/zaEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzdXMGtUekhqa0NBUEFDLXhyR3AzRWpfTm9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS9kYzU3M2QtYTNkYi00MWY5LThjM2Yt
ODY3OTY1ZWI1MGNhLzEvSGR0SU03MkplNmVJRDJVZmxwalh2OWhYMEZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS9kYzU3M2QtYTNkYi00MWY5LThjM2YtODY3OTY1ZWI1MGNh
LzEvZzdXMGtUekhqa0NBUEFDLXhyR3AzRWpfTm9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXOhMA0G
CSqGSIb3DQEBCwUAA4IBAQA/Kdx+Hrudsy4sKbSbcwokZgACg9hwTxjqh3Q+4EvT
PSDixA5qaxGn5n7QYXzPJCbA3IF2lNYDRJ0x2s60jbORYTkB5bjc2MaeVcSsh4en
H/HEan91MH1TIBC30IiTe9HKaZcqgZYCZCWXZLcfJ8uzi4PiP5lqSxN0fQnF1A9u
JobwJw36ak/lADuDBiSL2Jv2sjoz9Gzj12AJrd+Y3eKcNf4llz03wm/6s+tA9xaI
J95yayYnpep2pmyYOQSmW18SCQpT9NaT+9MNrBh7MYjKFO/qLhl/wmhFO6M68mDh
S88rvlFVhNI1e5elFKEZhecZdJT7TA6W9BAW5MdkJZQS
-----END CERTIFICATE-----