Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/hnmTxbLPIEOsoAhhqHjW7M4hwgw.roa
File:                     hnmTxbLPIEOsoAhhqHjW7M4hwgw.roa (raw, json)
Hash identifier:          FhvyTRBgKarHqw7HLvZl9yUoexBYc+FADGI6KtlCA9g=
Subject key identifier:   86:79:93:C5:B2:CF:20:43:AC:A0:08:61:A8:78:D6:EC:CE:21:C2:0C
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       019D0F7C2E6040A705F7AE0566C6B55DD4A5
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/hnmTxbLPIEOsoAhhqHjW7M4hwgw.roa
Signing time:             Sat 21 Mar 2026 08:21:29 +0000
ROA not before:           Sat 21 Mar 2026 08:21:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57043
IP address blocks:        150.251.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 21:12:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0f:7c:2e:60:40:a7:05:f7:ae:05:66:c6:b5:5d:d4:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: Mar 21 08:21:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=867993c5b2cf2043aca00861a878d6ecce21c20c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:97:12:7e:d4:58:58:a4:13:c2:a2:82:db:1f:
                    64:c2:a2:bc:30:84:1c:53:28:31:04:4b:04:0e:16:
                    a4:61:2a:f7:c6:c1:83:c6:60:64:4c:43:bf:37:29:
                    a1:cc:e0:4a:90:79:8e:c2:1a:7a:b9:55:ce:e1:66:
                    17:15:f7:43:4b:94:1e:6a:a2:f3:08:3b:be:c3:c5:
                    59:b1:68:d2:9d:70:2c:40:60:33:3f:52:3e:08:61:
                    d1:28:de:80:e9:3b:d6:70:d3:92:1d:75:8b:a7:d5:
                    86:d6:ba:61:aa:fe:74:a5:84:38:4e:fa:2f:43:34:
                    9b:a2:24:77:a0:57:32:ca:17:92:ed:9a:85:86:d4:
                    2f:2c:bb:c9:c3:69:4d:0f:20:5b:78:1f:91:e0:21:
                    f4:a3:84:2e:33:7f:ef:82:8a:0f:b0:d9:5e:fa:c1:
                    37:5f:d6:07:1e:a4:ef:52:60:b8:7d:4a:da:db:48:
                    b5:e7:b1:f0:48:d4:fb:5b:21:a0:aa:e4:8b:78:3f:
                    b6:69:93:20:eb:17:25:c6:14:8f:07:a4:3b:48:6f:
                    04:cd:c8:db:8d:d9:7a:9b:d4:d9:cf:20:24:a5:cc:
                    7a:1d:ba:39:a7:26:92:a9:3d:04:6c:fb:b3:a1:7d:
                    bb:d6:7f:22:9a:27:de:b7:e3:a4:fd:fa:55:37:91:
                    d4:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:79:93:C5:B2:CF:20:43:AC:A0:08:61:A8:78:D6:EC:CE:21:C2:0C
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/hnmTxbLPIEOsoAhhqHjW7M4hwgw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.251.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:c4:cb:c2:ab:01:30:e9:44:ab:e0:7c:8f:0e:1a:8e:fd:86:
         40:38:bc:cf:2b:aa:82:ee:46:80:06:28:25:86:ac:0b:24:ce:
         b1:f1:69:e5:24:e4:e2:a8:38:3f:b5:fe:6e:58:22:4e:c1:cc:
         a6:5b:ad:8e:05:21:18:a0:30:79:18:67:ef:d4:5e:de:8c:4d:
         54:a3:c4:bb:e6:21:14:ca:a7:b1:0d:68:14:68:69:54:ea:7e:
         c4:eb:5f:15:e4:70:d0:82:08:34:cb:12:17:62:45:ef:0b:b9:
         30:50:28:26:16:9b:ed:af:d8:4e:1a:96:76:3d:56:a8:60:65:
         6e:74:6c:8e:33:55:40:92:80:16:62:53:2a:42:e5:30:f6:4b:
         36:bb:e1:92:4d:ac:a9:e0:a9:60:28:58:ad:82:c2:8f:5a:d5:
         aa:7f:27:0f:29:3a:e1:0b:a4:94:e1:cb:e8:18:54:ee:68:4a:
         51:20:b2:7a:42:18:cb:38:e1:43:ec:06:8e:69:44:92:ff:b5:
         98:f9:3a:1c:f9:ad:1d:3b:3e:8d:fa:ba:d7:c7:f2:38:74:4d:
         c0:82:c6:53:98:d4:fa:7b:38:74:1b:94:a7:e4:33:fd:ed:ca:
         15:0b:c4:1b:c2:6e:30:41:0e:7f:bf:94:e2:51:30:d5:73:84:
         8a:9b:c7:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0PfC5gQKcF964FZsa1XdSlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjYwMzIxMDgyMTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Njc5OTNjNWIyY2YyMDQzYWNhMDA4NjFhODc4ZDZlY2NlMjFjMjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpcSftRYWKQTwqKC2x9kwqK8MIQc
UygxBEsEDhakYSr3xsGDxmBkTEO/NymhzOBKkHmOwhp6uVXO4WYXFfdDS5QeaqLz
CDu+w8VZsWjSnXAsQGAzP1I+CGHRKN6A6TvWcNOSHXWLp9WG1rphqv50pYQ4Tvov
QzSboiR3oFcyyheS7ZqFhtQvLLvJw2lNDyBbeB+R4CH0o4QuM3/vgooPsNle+sE3
X9YHHqTvUmC4fUra20i157HwSNT7WyGgquSLeD+2aZMg6xclxhSPB6Q7SG8Ezcjb
jdl6m9TZzyAkpcx6Hbo5pyaSqT0EbPuzoX271n8imifet+Ok/fpVN5HULwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZ5k8WyzyBDrKAIYah41uzOIcIMMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvaG5tVHhiTFBJRU9zb0FoaHFIalc3TTRod2d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlvuRMA0G
CSqGSIb3DQEBCwUAA4IBAQCmxMvCqwEw6USr4HyPDhqO/YZAOLzPK6qC7kaABigl
hqwLJM6x8WnlJOTiqDg/tf5uWCJOwcymW62OBSEYoDB5GGfv1F7ejE1Uo8S75iEU
yqexDWgUaGlU6n7E618V5HDQggg0yxIXYkXvC7kwUCgmFpvtr9hOGpZ2PVaoYGVu
dGyOM1VAkoAWYlMqQuUw9ks2u+GSTayp4KlgKFitgsKPWtWqfycPKTrhC6SU4cvo
GFTuaEpRILJ6QhjLOOFD7AaOaUSS/7WY+Toc+a0dOz6N+rrXx/I4dE3AgsZTmNT6
ezh0G5Sn5DP97coVC8Qbwm4wQQ5/v5TiUTDVc4SKm8eS
-----END CERTIFICATE-----