Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/4690c0-0b91-4322-94b9-706782cfa03b/1/hve1g89vqIvma0mEJM2c9FaOAR4.roa
File:                     hve1g89vqIvma0mEJM2c9FaOAR4.roa (raw, json)
Hash identifier:          HbqakuOkdoxtcbllvOJXcVdhzYdrz2GQYaxEe8AoMDY=
Subject key identifier:   86:F7:B5:83:CF:6F:A8:8B:E6:6B:49:84:24:CD:9C:F4:56:8E:01:1E
Certificate issuer:       /CN=2330e26060913c758137488bfd7ab1bfe9e10ae2
Certificate serial:       019D1F1E182892928F122A5FD1EEC2A95A81
Authority key identifier: 23:30:E2:60:60:91:3C:75:81:37:48:8B:FD:7A:B1:BF:E9:E1:0A:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IzDiYGCRPHWBN0iL_Xqxv-nhCuI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/4690c0-0b91-4322-94b9-706782cfa03b/1/hve1g89vqIvma0mEJM2c9FaOAR4.roa
Signing time:             Tue 24 Mar 2026 09:12:39 +0000
ROA not before:           Tue 24 Mar 2026 09:12:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15404
IP address blocks:        185.203.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/4690c0-0b91-4322-94b9-706782cfa03b/1/IzDiYGCRPHWBN0iL_Xqxv-nhCuI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/4690c0-0b91-4322-94b9-706782cfa03b/1/IzDiYGCRPHWBN0iL_Xqxv-nhCuI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IzDiYGCRPHWBN0iL_Xqxv-nhCuI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1f:1e:18:28:92:92:8f:12:2a:5f:d1:ee:c2:a9:5a:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2330e26060913c758137488bfd7ab1bfe9e10ae2
        Validity
            Not Before: Mar 24 09:12:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=86f7b583cf6fa88be66b498424cd9cf4568e011e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:59:c7:35:3e:b3:9b:ef:7a:fd:23:3c:e8:14:
                    85:a7:f8:96:dd:79:d0:14:c3:af:cf:31:e7:98:2e:
                    da:db:a9:66:7b:e4:7a:56:11:8b:7b:e4:bd:91:1b:
                    5b:38:24:68:34:3b:38:35:b9:cb:0f:c9:1a:62:3b:
                    0f:09:f0:26:81:85:e4:10:3b:e3:db:7f:95:34:ab:
                    f8:f2:e4:e3:24:b6:6f:a0:68:53:11:5a:cd:41:5e:
                    78:f4:85:8a:17:d3:bb:f5:89:d3:a2:dc:cc:11:8a:
                    81:1b:65:af:25:eb:ca:b2:67:9c:6e:ef:76:9a:17:
                    e5:02:62:ce:1d:66:6f:76:1d:5e:17:30:2c:0e:7a:
                    d0:3d:b3:91:06:5f:7f:b6:6c:e4:28:7b:c8:da:b9:
                    00:2f:24:4c:41:96:b4:c8:2d:d8:be:cc:e9:5e:d1:
                    41:9a:06:72:3f:e5:8f:45:8d:00:e8:4c:c1:6f:6c:
                    09:37:1b:2b:ab:b1:52:32:9b:8e:73:c9:66:3e:79:
                    31:79:e1:fe:b2:83:e6:ca:8b:7e:10:2c:bb:09:ed:
                    90:0f:d6:0b:7c:1a:b9:20:fa:29:b6:a5:28:dd:c4:
                    6a:1b:71:b5:fc:f0:39:6c:04:13:90:cd:d3:81:42:
                    b0:45:6e:7d:96:a1:da:35:5b:2a:08:9f:c8:c8:57:
                    bb:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:F7:B5:83:CF:6F:A8:8B:E6:6B:49:84:24:CD:9C:F4:56:8E:01:1E
            X509v3 Authority Key Identifier:
                keyid:23:30:E2:60:60:91:3C:75:81:37:48:8B:FD:7A:B1:BF:E9:E1:0A:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IzDiYGCRPHWBN0iL_Xqxv-nhCuI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/4690c0-0b91-4322-94b9-706782cfa03b/1/hve1g89vqIvma0mEJM2c9FaOAR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/4690c0-0b91-4322-94b9-706782cfa03b/1/IzDiYGCRPHWBN0iL_Xqxv-nhCuI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:84:a4:b8:52:a5:00:f6:72:40:b5:e6:1b:ec:6f:fb:c3:66:
         e3:0a:05:77:5b:38:42:29:e7:68:5b:0f:3b:42:e9:d1:43:27:
         d0:79:a6:12:6b:63:43:45:94:76:48:37:7b:e0:64:0b:10:dd:
         94:2f:de:14:e3:e1:1c:a6:bb:79:e4:66:dc:88:75:c2:83:17:
         b8:60:84:77:cf:19:af:74:4f:21:60:45:31:5c:c1:61:47:8f:
         2b:9b:57:bc:13:ae:ab:02:d0:0f:bd:1e:c5:e7:f6:5d:cb:57:
         50:cc:1b:a5:a3:69:98:12:f8:6d:12:12:a9:a9:a8:15:25:7b:
         dd:03:20:39:30:c6:47:1b:9c:02:70:2e:c1:73:bc:f4:95:0a:
         10:8f:ce:12:16:3a:89:4f:57:3b:c1:21:c1:6a:9d:20:22:bf:
         7c:b1:e4:bd:50:c7:04:cd:75:20:be:e7:5a:bc:25:f7:d5:88:
         9b:ae:43:22:94:86:4b:ac:cc:55:fe:18:13:17:86:87:71:df:
         51:26:a3:ca:f2:74:0c:e6:bb:b8:43:44:43:c8:fa:68:2b:a5:
         92:75:0a:fc:01:05:31:cd:f0:c1:7d:6a:01:1c:ab:8a:18:ce:
         2b:8d:dc:c7:06:de:9f:ae:a0:c4:45:a9:fe:fc:72:ee:f9:c1:
         48:f6:3e:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0fHhgokpKPEipf0e7CqVqBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMzBlMjYwNjA5MTNjNzU4MTM3NDg4YmZkN2FiMWJmZTll
MTBhZTIwHhcNMjYwMzI0MDkxMjM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmY3YjU4M2NmNmZhODhiZTY2YjQ5ODQyNGNkOWNmNDU2OGUwMTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxVnHNT6zm+96/SM86BSFp/iW3XnQ
FMOvzzHnmC7a26lme+R6VhGLe+S9kRtbOCRoNDs4NbnLD8kaYjsPCfAmgYXkEDvj
23+VNKv48uTjJLZvoGhTEVrNQV549IWKF9O79YnTotzMEYqBG2WvJevKsmecbu92
mhflAmLOHWZvdh1eFzAsDnrQPbORBl9/tmzkKHvI2rkALyRMQZa0yC3YvszpXtFB
mgZyP+WPRY0A6EzBb2wJNxsrq7FSMpuOc8lmPnkxeeH+soPmyot+ECy7Ce2QD9YL
fBq5IPoptqUo3cRqG3G1/PA5bAQTkM3TgUKwRW59lqHaNVsqCJ/IyFe7eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIb3tYPPb6iL5mtJhCTNnPRWjgEeMB8GA1UdIwQY
MBaAFCMw4mBgkTx1gTdIi/16sb/p4QriMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXpEaVlHQ1JQSFdCTjBpTF9YcXh2LW5oQ3VJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS80NjkwYzAtMGI5MS00MzIyLTk0Yjkt
NzA2NzgyY2ZhMDNiLzEvaHZlMWc4OXZxSXZtYTBtRUpNMmM5RmFPQVI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS80NjkwYzAtMGI5MS00MzIyLTk0YjktNzA2NzgyY2ZhMDNi
LzEvSXpEaVlHQ1JQSFdCTjBpTF9YcXh2LW5oQ3VJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucvoMA0G
CSqGSIb3DQEBCwUAA4IBAQBahKS4UqUA9nJAteYb7G/7w2bjCgV3WzhCKedoWw87
QunRQyfQeaYSa2NDRZR2SDd74GQLEN2UL94U4+Ecprt55GbciHXCgxe4YIR3zxmv
dE8hYEUxXMFhR48rm1e8E66rAtAPvR7F5/Zdy1dQzBulo2mYEvhtEhKpqagVJXvd
AyA5MMZHG5wCcC7Bc7z0lQoQj84SFjqJT1c7wSHBap0gIr98seS9UMcEzXUgvuda
vCX31YibrkMilIZLrMxV/hgTF4aHcd9RJqPK8nQM5ru4Q0RDyPpoK6WSdQr8AQUx
zfDBfWoBHKuKGM4rjdzHBt6frqDERan+/HLu+cFI9j68
-----END CERTIFICATE-----