Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/a962a9-abff-4495-86cc-b56c8ccb2935/1/Hec-pIq-giAIiXgtqBY9YPV7h4U.roa
File:                     Hec-pIq-giAIiXgtqBY9YPV7h4U.roa (raw, json)
Hash identifier:          2/lKcaU6foyq4wbat5pas5qcbh09bXQ1njGqYgBPvws=
Subject key identifier:   1D:E7:3E:A4:8A:BE:82:20:08:89:78:2D:A8:16:3D:60:F5:7B:87:85
Certificate issuer:       /CN=cb662ceeb726774b1b44c51ff1fc0df908bdebbc
Certificate serial:       0199BED3D6995ED0EB91B3216F8C4F166403
Authority key identifier: CB:66:2C:EE:B7:26:77:4B:1B:44:C5:1F:F1:FC:0D:F9:08:BD:EB:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y2Ys7rcmd0sbRMUf8fwN-Qi967w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/a962a9-abff-4495-86cc-b56c8ccb2935/1/Hec-pIq-giAIiXgtqBY9YPV7h4U.roa
Signing time:             Tue 07 Oct 2025 13:19:37 +0000
ROA not before:           Tue 07 Oct 2025 13:19:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12969
IP address blocks:        5.23.80.0/20 maxlen: 20
                          81.15.0.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/a962a9-abff-4495-86cc-b56c8ccb2935/1/y2Ys7rcmd0sbRMUf8fwN-Qi967w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/a962a9-abff-4495-86cc-b56c8ccb2935/1/y2Ys7rcmd0sbRMUf8fwN-Qi967w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y2Ys7rcmd0sbRMUf8fwN-Qi967w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:be:d3:d6:99:5e:d0:eb:91:b3:21:6f:8c:4f:16:64:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb662ceeb726774b1b44c51ff1fc0df908bdebbc
        Validity
            Not Before: Oct  7 13:19:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1de73ea48abe82200889782da8163d60f57b8785
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:e7:a2:2d:be:4c:a8:d2:88:01:b5:d3:2b:58:
                    a4:6e:48:75:64:a9:cf:df:f7:c7:32:ed:7f:19:79:
                    e1:8c:c2:76:4d:d0:3d:ef:fe:3b:8d:ec:db:d5:cf:
                    64:e1:e3:92:24:f1:9e:4b:e2:f0:6e:97:34:eb:16:
                    3e:4f:e6:cf:8f:b0:b1:73:12:9c:22:d8:15:79:fd:
                    62:d6:47:88:d0:e3:6e:d2:4b:6c:02:84:5d:3b:6a:
                    ab:c2:2a:7b:af:a9:fa:4b:ab:8f:4b:ee:36:59:4d:
                    25:23:fc:26:1c:43:33:b5:a8:ac:ce:2e:5a:06:b3:
                    f6:64:6b:8c:cf:be:2b:ae:30:9f:92:05:87:87:86:
                    8c:c9:71:8f:1f:dc:b8:a3:f2:bb:e1:01:d3:0c:e6:
                    6c:58:7b:d1:48:49:52:71:f5:d6:b2:e3:ec:a9:68:
                    9c:b3:fa:ad:62:c9:b4:6e:a4:8f:ee:72:3a:91:c2:
                    68:8b:70:fe:a4:64:9b:e5:e9:f0:19:dd:47:ea:d3:
                    ba:e8:79:e9:eb:eb:df:8d:50:bd:55:82:07:8a:f1:
                    66:aa:54:01:65:83:9b:61:61:8a:fd:a5:31:44:84:
                    97:e1:73:13:05:18:d6:09:bc:7d:68:88:2b:17:a9:
                    d8:51:2a:0e:e6:b4:9a:67:2d:9d:4a:7f:c7:97:43:
                    9a:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:E7:3E:A4:8A:BE:82:20:08:89:78:2D:A8:16:3D:60:F5:7B:87:85
            X509v3 Authority Key Identifier:
                keyid:CB:66:2C:EE:B7:26:77:4B:1B:44:C5:1F:F1:FC:0D:F9:08:BD:EB:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y2Ys7rcmd0sbRMUf8fwN-Qi967w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a962a9-abff-4495-86cc-b56c8ccb2935/1/Hec-pIq-giAIiXgtqBY9YPV7h4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a962a9-abff-4495-86cc-b56c8ccb2935/1/y2Ys7rcmd0sbRMUf8fwN-Qi967w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.23.80.0/20
                  81.15.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         06:be:9d:37:47:68:59:27:25:b0:3e:c5:0b:12:af:83:a3:fb:
         db:18:cb:99:bb:c9:57:5f:f0:fd:95:77:36:3f:d7:1e:57:69:
         ca:96:ed:34:eb:a1:14:b2:16:5e:fc:5f:02:9f:6a:06:88:db:
         be:08:a8:bb:3e:fc:be:7f:01:3b:00:db:84:76:cb:ad:53:b6:
         64:e4:af:40:7e:28:33:3b:e3:29:a2:43:b6:35:52:e7:56:a5:
         58:96:51:b6:5a:b4:eb:ee:50:ca:14:09:68:d7:99:45:b1:91:
         bf:e4:84:36:e0:43:70:4c:13:9d:04:3f:b5:23:03:43:17:93:
         a2:72:26:e7:2b:71:76:f8:9a:55:7b:b7:09:73:c7:4e:e4:9b:
         37:f2:8d:e6:95:af:98:50:3d:4c:ad:30:0f:d4:14:24:de:cb:
         95:8c:35:98:25:65:af:6b:8e:86:6e:81:3e:1e:92:88:b2:ee:
         fd:9f:a7:2a:a0:97:6c:5d:d9:d4:48:5b:74:b7:7b:55:5d:48:
         51:f5:e9:fe:ec:07:b6:86:5d:3f:8d:f0:d7:b0:85:19:ee:5c:
         e7:cc:39:8c:a1:c1:53:56:b5:fb:cc:cd:a2:bd:86:9d:79:aa:
         fa:89:c9:48:50:27:df:6b:cb:3d:fc:08:e5:41:b7:21:2e:d2:
         3f:10:79:6a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZm+09aZXtDrkbMhb4xPFmQDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiNjYyY2VlYjcyNjc3NGIxYjQ0YzUxZmYxZmMwZGY5MDhi
ZGViYmMwHhcNMjUxMDA3MTMxOTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGU3M2VhNDhhYmU4MjIwMDg4OTc4MmRhODE2M2Q2MGY1N2I4Nzg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsueiLb5MqNKIAbXTK1ikbkh1ZKnP
3/fHMu1/GXnhjMJ2TdA97/47jezb1c9k4eOSJPGeS+Lwbpc06xY+T+bPj7CxcxKc
ItgVef1i1keI0ONu0ktsAoRdO2qrwip7r6n6S6uPS+42WU0lI/wmHEMztaiszi5a
BrP2ZGuMz74rrjCfkgWHh4aMyXGPH9y4o/K74QHTDOZsWHvRSElScfXWsuPsqWic
s/qtYsm0bqSP7nI6kcJoi3D+pGSb5enwGd1H6tO66Hnp6+vfjVC9VYIHivFmqlQB
ZYObYWGK/aUxRISX4XMTBRjWCbx9aIgrF6nYUSoO5rSaZy2dSn/Hl0OaWwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB3nPqSKvoIgCIl4LagWPWD1e4eFMB8GA1UdIwQY
MBaAFMtmLO63JndLG0TFH/H8DfkIveu8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTJZczdyY21kMHNiUk1VZjhmd04tUWk5Njd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9hOTYyYTktYWJmZi00NDk1LTg2Y2Mt
YjU2YzhjY2IyOTM1LzEvSGVjLXBJcS1naUFJaVhndHFCWTlZUFY3aDRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9hOTYyYTktYWJmZi00NDk1LTg2Y2MtYjU2YzhjY2IyOTM1
LzEveTJZczdyY21kMHNiUk1VZjhmd04tUWk5Njd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEBRdQAwQH
UQ8AMA0GCSqGSIb3DQEBCwUAA4IBAQAGvp03R2hZJyWwPsULEq+Do/vbGMuZu8lX
X/D9lXc2P9ceV2nKlu0066EUshZe/F8Cn2oGiNu+CKi7Pvy+fwE7ANuEdsutU7Zk
5K9AfigzO+MpokO2NVLnVqVYllG2WrTr7lDKFAlo15lFsZG/5IQ24ENwTBOdBD+1
IwNDF5OicibnK3F2+JpVe7cJc8dO5Js38o3mla+YUD1MrTAP1BQk3suVjDWYJWWv
a46GboE+HpKIsu79n6cqoJdsXdnUSFt0t3tVXUhR9en+7Ae2hl0/jfDXsIUZ7lzn
zDmMocFTVrX7zM2ivYadear6iclIUCffa8s9/AjlQbchLtI/EHlq
-----END CERTIFICATE-----