Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/HJqHQWcA5ep5HQpRPW24HOux-6A.roa
File:                     HJqHQWcA5ep5HQpRPW24HOux-6A.roa (raw, json)
Hash identifier:          vjq6YUEAEKZJijs4Yg4mjrmthy0omSoXlwBPv+JMKv0=
Subject key identifier:   1C:9A:87:41:67:00:E5:EA:79:1D:0A:51:3D:6D:B8:1C:EB:B1:FB:A0
Certificate issuer:       /CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
Certificate serial:       019E02AA51ED9562F88E26A48B2B814D94DA
Authority key identifier: C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/HJqHQWcA5ep5HQpRPW24HOux-6A.roa
Signing time:             Thu 07 May 2026 13:39:36 +0000
ROA not before:           Thu 07 May 2026 13:39:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        193.106.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:02:aa:51:ed:95:62:f8:8e:26:a4:8b:2b:81:4d:94:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
        Validity
            Not Before: May  7 13:39:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1c9a87416700e5ea791d0a513d6db81cebb1fba0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:7b:66:48:73:d5:c5:aa:67:cf:81:42:15:e9:
                    ab:7f:f0:96:0a:8b:53:e0:90:67:72:1c:81:a6:e9:
                    cb:94:56:28:13:19:a5:e7:47:37:e8:82:dd:0f:95:
                    ec:ad:8a:31:6c:fb:a4:fb:83:0e:99:3d:35:70:96:
                    a4:fb:e7:06:6c:d4:55:47:56:07:cb:72:a2:ff:e4:
                    5e:61:58:ee:bf:1a:f6:d0:9d:3b:ff:80:5c:bb:97:
                    08:6f:9e:e6:31:79:85:c6:0b:5e:85:cd:c3:d3:c8:
                    3e:3b:6c:52:7e:13:8b:27:57:66:66:2f:78:98:a0:
                    45:59:83:1e:1a:d6:2b:7e:f3:b3:71:7f:b6:ba:c7:
                    f1:dc:26:7c:26:c4:25:ec:a6:af:c7:ad:5e:d0:a7:
                    4e:3d:91:f9:43:96:8d:58:b9:21:ed:8d:d9:da:f3:
                    70:aa:f2:3d:9f:63:e5:a3:69:f1:19:67:93:5e:2c:
                    22:d7:ef:5c:06:66:e2:f4:50:e8:cc:a9:cb:9d:b0:
                    7b:16:d5:bf:57:a1:a0:8b:e1:60:c5:12:50:c6:c9:
                    f8:91:b5:3b:68:0e:dd:42:d9:aa:0e:17:db:7d:5c:
                    5d:ec:d4:c9:5e:ba:fa:cb:f4:5c:af:6e:c6:ad:dd:
                    ce:ca:cf:98:d4:16:7d:82:e4:58:89:b9:d6:bd:26:
                    2b:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:9A:87:41:67:00:E5:EA:79:1D:0A:51:3D:6D:B8:1C:EB:B1:FB:A0
            X509v3 Authority Key Identifier:
                keyid:C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/HJqHQWcA5ep5HQpRPW24HOux-6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.106.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:40:66:8f:26:cd:72:a7:72:21:fa:fa:c2:66:dd:8b:0d:5d:
         84:98:c0:23:01:61:3c:69:0b:eb:6a:d9:0f:a8:d9:ac:92:fa:
         ff:3c:89:b7:51:cc:9f:5f:69:a0:07:84:7c:36:b3:66:a5:d9:
         7c:2b:e7:6e:15:80:2f:5b:3b:8b:99:b3:3b:24:10:f2:5d:b3:
         f4:d2:e3:b8:86:bb:fa:df:dc:38:77:2d:c7:89:01:b0:11:3e:
         94:bc:e4:d9:55:c5:fa:2f:47:4e:b0:dc:f3:c9:49:c0:5d:d7:
         ba:8a:38:b7:d4:8b:20:7b:b6:4b:9b:1a:f3:08:28:96:92:8b:
         df:b2:9a:5b:54:2f:14:2c:76:f4:3e:20:83:96:71:d4:89:7e:
         b9:60:19:d0:5c:a0:d2:1a:66:af:ee:f1:0d:4f:57:d5:9c:bb:
         0b:66:6c:4e:c1:7f:9f:6a:4e:9b:a5:12:f4:50:11:da:26:3e:
         e6:a7:cb:1a:31:5a:b9:11:e6:d3:79:d7:a8:0f:e5:90:ea:ee:
         f6:38:d1:07:61:d8:41:34:d9:de:76:65:d1:6c:b9:17:3a:4d:
         ee:70:ec:cd:eb:04:41:eb:a2:3f:07:4a:07:86:7a:8a:a3:7c:
         04:d6:93:81:b8:cf:c3:37:e6:29:4e:0d:4b:34:76:22:ec:67:
         c1:3b:65:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4CqlHtlWL4jiakiyuBTZTaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWU0NTQyNmUxMmU1MGZlMzBlOGZmYzM5ZTA0NDg1ZDhm
NzMzMzkwHhcNMjYwNTA3MTMzOTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzlhODc0MTY3MDBlNWVhNzkxZDBhNTEzZDZkYjgxY2ViYjFmYmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ntmSHPVxapnz4FCFemrf/CWCotT
4JBnchyBpunLlFYoExml50c36ILdD5XsrYoxbPuk+4MOmT01cJak++cGbNRVR1YH
y3Ki/+ReYVjuvxr20J07/4Bcu5cIb57mMXmFxgtehc3D08g+O2xSfhOLJ1dmZi94
mKBFWYMeGtYrfvOzcX+2usfx3CZ8JsQl7Kavx61e0KdOPZH5Q5aNWLkh7Y3Z2vNw
qvI9n2Plo2nxGWeTXiwi1+9cBmbi9FDozKnLnbB7FtW/V6Ggi+FgxRJQxsn4kbU7
aA7dQtmqDhfbfVxd7NTJXrr6y/Rcr27Grd3Oys+Y1BZ9guRYibnWvSYroQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFByah0FnAOXqeR0KUT1tuBzrsfugMB8GA1UdIwQY
MBaAFMLuRUJuEuUP4w6P/DngRIXY9zM5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUt
ZGE3NTQzMGIxNmY2LzEvSEpxSFFXY0E1ZXA1SFFwUlBXMjRIT3V4LTZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUtZGE3NTQzMGIxNmY2
LzEvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWrGMA0G
CSqGSIb3DQEBCwUAA4IBAQAjQGaPJs1yp3Ih+vrCZt2LDV2EmMAjAWE8aQvratkP
qNmskvr/PIm3UcyfX2mgB4R8NrNmpdl8K+duFYAvWzuLmbM7JBDyXbP00uO4hrv6
39w4dy3HiQGwET6UvOTZVcX6L0dOsNzzyUnAXde6iji31Isge7ZLmxrzCCiWkovf
sppbVC8ULHb0PiCDlnHUiX65YBnQXKDSGmav7vENT1fVnLsLZmxOwX+fak6bpRL0
UBHaJj7mp8saMVq5EebTedeoD+WQ6u72ONEHYdhBNNnedmXRbLkXOk3ucOzN6wRB
66I/B0oHhnqKo3wE1pOBuM/DN+YpTg1LNHYi7GfBO2Vj
-----END CERTIFICATE-----