Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/hzEaXmPaUY54VWFGqzsc9-S_jco.roa
File:                     hzEaXmPaUY54VWFGqzsc9-S_jco.roa (raw, json)
Hash identifier:          b/9Jt4SeZhitJ6bIYinYMhWctfBNjzRlJm/hiKWEzLY=
Subject key identifier:   87:31:1A:5E:63:DA:51:8E:78:55:61:46:AB:3B:1C:F7:E4:BF:8D:CA
Certificate issuer:       /CN=dc11daefaff81c7e501278d87d9bc2b204d71155
Certificate serial:       01999B0E31E0CA6B963B38296BE67A20C545
Authority key identifier: DC:11:DA:EF:AF:F8:1C:7E:50:12:78:D8:7D:9B:C2:B2:04:D7:11:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/hzEaXmPaUY54VWFGqzsc9-S_jco.roa
Signing time:             Tue 30 Sep 2025 14:37:02 +0000
ROA not before:           Tue 30 Sep 2025 14:37:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208185
IP address blocks:        94.154.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9b:0e:31:e0:ca:6b:96:3b:38:29:6b:e6:7a:20:c5:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc11daefaff81c7e501278d87d9bc2b204d71155
        Validity
            Not Before: Sep 30 14:37:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=87311a5e63da518e78556146ab3b1cf7e4bf8dca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:5a:fb:99:9f:3d:aa:fa:10:d6:1c:6d:a1:60:
                    6e:6b:82:65:87:48:5c:ee:f9:d7:ab:d0:a8:72:1e:
                    f3:3f:47:af:44:0f:c9:58:3d:9c:70:1c:12:ae:a2:
                    37:2e:79:e3:ea:b3:90:14:d8:ad:ae:6d:8f:54:5f:
                    6f:8b:52:a1:dd:a7:80:f4:88:45:d2:f0:af:54:1b:
                    03:59:b9:33:73:46:ea:e3:f1:7d:c8:5c:18:7f:8d:
                    d1:a7:01:2d:35:dc:82:69:57:fa:1a:53:2b:65:2b:
                    ee:98:16:73:46:c0:3f:85:f5:ac:2f:4b:0f:b5:ed:
                    5f:d6:70:b3:f3:d0:2b:84:08:ae:dc:14:4d:68:03:
                    36:25:62:31:93:95:91:5a:4d:2a:0b:5e:3a:d2:10:
                    d5:41:fe:6f:4a:cb:49:35:78:31:78:e9:7d:67:03:
                    37:8e:53:dd:5d:6c:d9:41:18:8d:c0:c5:cb:be:51:
                    36:5b:fe:55:f4:4e:48:17:ab:b5:52:5a:9f:f8:e0:
                    b6:42:b7:43:61:55:7f:0e:a9:2a:de:12:29:7b:a0:
                    cb:d5:f3:46:10:e5:48:25:4d:ad:68:01:d7:6b:de:
                    98:61:84:82:b5:7b:51:31:b6:1c:51:20:12:c6:0c:
                    ef:a5:99:ff:06:50:81:7b:a8:99:b8:47:e4:52:b4:
                    30:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:31:1A:5E:63:DA:51:8E:78:55:61:46:AB:3B:1C:F7:E4:BF:8D:CA
            X509v3 Authority Key Identifier:
                keyid:DC:11:DA:EF:AF:F8:1C:7E:50:12:78:D8:7D:9B:C2:B2:04:D7:11:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/hzEaXmPaUY54VWFGqzsc9-S_jco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:b5:d6:5d:ad:4e:cf:3a:41:5c:fa:b9:13:99:c9:3d:e7:2d:
         e3:e8:66:e8:08:30:bb:4f:09:9d:77:81:f9:5c:90:c7:ae:b3:
         3b:c9:85:c6:7e:34:56:bf:79:e9:a9:e4:99:a9:36:55:ac:4a:
         a5:82:5e:24:43:21:2c:71:7d:76:58:26:aa:2c:68:d7:95:68:
         ce:08:03:b6:8a:78:65:2d:6e:c2:fd:93:71:a8:1b:37:dd:47:
         43:2f:15:29:97:f5:df:94:d6:a2:be:ec:6b:f6:0c:24:3a:f2:
         dd:b2:c3:f0:e7:82:11:e2:30:71:0f:0a:93:b1:1a:ec:13:af:
         10:08:4d:0e:78:f5:26:b0:73:af:29:f9:56:22:92:7a:b7:1b:
         4d:e8:6c:8f:c6:6a:3a:e7:f6:57:e2:86:4c:62:84:99:9d:05:
         dd:45:a6:76:b1:7e:b2:c1:3c:10:4d:32:37:bf:fa:c5:6e:90:
         25:dc:8d:c5:04:38:ab:6b:8b:e1:20:37:0b:4e:be:84:b4:77:
         09:ed:63:94:d4:69:66:30:7e:ee:5e:d7:f3:12:f2:57:06:0c:
         27:b5:55:5a:93:77:d2:cd:57:3e:1c:fa:d5:d3:8e:ba:8b:28:
         f5:bc:47:2e:ce:e7:82:fe:8e:c8:80:79:e0:e5:db:1f:23:a9:
         ba:89:96:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmbDjHgymuWOzgpa+Z6IMVFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMTFkYWVmYWZmODFjN2U1MDEyNzhkODdkOWJjMmIyMDRk
NzExNTUwHhcNMjUwOTMwMTQzNzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzMxMWE1ZTYzZGE1MThlNzg1NTYxNDZhYjNiMWNmN2U0YmY4ZGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVr7mZ89qvoQ1hxtoWBua4Jlh0hc
7vnXq9Coch7zP0evRA/JWD2ccBwSrqI3Lnnj6rOQFNitrm2PVF9vi1Kh3aeA9IhF
0vCvVBsDWbkzc0bq4/F9yFwYf43RpwEtNdyCaVf6GlMrZSvumBZzRsA/hfWsL0sP
te1f1nCz89ArhAiu3BRNaAM2JWIxk5WRWk0qC1460hDVQf5vSstJNXgxeOl9ZwM3
jlPdXWzZQRiNwMXLvlE2W/5V9E5IF6u1Ulqf+OC2QrdDYVV/Dqkq3hIpe6DL1fNG
EOVIJU2taAHXa96YYYSCtXtRMbYcUSASxgzvpZn/BlCBe6iZuEfkUrQwuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIcxGl5j2lGOeFVhRqs7HPfkv43KMB8GA1UdIwQY
MBaAFNwR2u+v+Bx+UBJ42H2bwrIE1xFVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0JIYTc2XzRISDVRRW5qWWZadkNzZ1RYRVZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9iMjI2MDMtOTBhYi00M2FkLWFiMTYt
NjUyNDljYmM1NzNjLzEvaHpFYVhtUGFVWTU0VldGR3F6c2M5LVNfamNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9iMjI2MDMtOTBhYi00M2FkLWFiMTYtNjUyNDljYmM1NzNj
LzEvM0JIYTc2XzRISDVRRW5qWWZadkNzZ1RYRVZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXporMA0G
CSqGSIb3DQEBCwUAA4IBAQA2tdZdrU7POkFc+rkTmck95y3j6GboCDC7Twmdd4H5
XJDHrrM7yYXGfjRWv3npqeSZqTZVrEqlgl4kQyEscX12WCaqLGjXlWjOCAO2inhl
LW7C/ZNxqBs33UdDLxUpl/XflNaivuxr9gwkOvLdssPw54IR4jBxDwqTsRrsE68Q
CE0OePUmsHOvKflWIpJ6txtN6GyPxmo65/ZX4oZMYoSZnQXdRaZ2sX6ywTwQTTI3
v/rFbpAl3I3FBDira4vhIDcLTr6EtHcJ7WOU1GlmMH7uXtfzEvJXBgwntVVak3fS
zVc+HPrV0466iyj1vEcuzueC/o7IgHng5dsfI6m6iZYb
-----END CERTIFICATE-----