Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/134f0c-d911-4887-96b7-a8766520fea2/1/HlRlmfqG33_y8zZWUJ5cFuyj6Fc.roa
File:                     HlRlmfqG33_y8zZWUJ5cFuyj6Fc.roa (raw, json)
Hash identifier:          u9+BSFLokNeEPeP/eOU5bAd4eXptmEVrwo502ugbJuk=
Subject key identifier:   1E:54:65:99:FA:86:DF:7F:F2:F3:36:56:50:9E:5C:16:EC:A3:E8:57
Certificate issuer:       /CN=dbecec96a0371a3ae62d7aa6dd7d9e43ac55d025
Certificate serial:       01992E1B4F30E93A4FDE71F16D65E9C44866
Authority key identifier: DB:EC:EC:96:A0:37:1A:3A:E6:2D:7A:A6:DD:7D:9E:43:AC:55:D0:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2-zslqA3GjrmLXqm3X2eQ6xV0CU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/134f0c-d911-4887-96b7-a8766520fea2/1/HlRlmfqG33_y8zZWUJ5cFuyj6Fc.roa
Signing time:             Tue 09 Sep 2025 10:52:45 +0000
ROA not before:           Tue 09 Sep 2025 10:52:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215273
IP address blocks:        194.104.94.0/24 maxlen: 24
                          2a14:2640::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/134f0c-d911-4887-96b7-a8766520fea2/1/2-zslqA3GjrmLXqm3X2eQ6xV0CU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/134f0c-d911-4887-96b7-a8766520fea2/1/2-zslqA3GjrmLXqm3X2eQ6xV0CU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2-zslqA3GjrmLXqm3X2eQ6xV0CU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:2e:1b:4f:30:e9:3a:4f:de:71:f1:6d:65:e9:c4:48:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbecec96a0371a3ae62d7aa6dd7d9e43ac55d025
        Validity
            Not Before: Sep  9 10:52:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e546599fa86df7ff2f33656509e5c16eca3e857
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:4f:ea:65:4c:87:23:57:15:60:c2:60:23:ae:
                    88:a8:5c:bd:d5:c2:69:e9:f8:d1:f2:c8:86:7b:c1:
                    3f:6f:af:a6:4c:2e:c8:20:c2:8d:c3:c8:25:47:e7:
                    05:f1:9f:fd:4f:4f:6f:1a:ec:17:ad:94:cb:a5:3e:
                    9a:ae:b6:23:49:8f:61:ad:31:eb:15:8e:85:ce:86:
                    74:bf:bb:36:39:77:8e:84:1d:b8:65:ce:c7:37:31:
                    7a:59:8b:79:31:cc:a4:71:05:5a:17:5a:a0:e0:16:
                    88:a5:6a:53:ac:e1:1a:01:6a:27:9c:03:43:43:ad:
                    5c:99:d9:38:33:c9:96:1d:ee:6e:db:c5:04:13:00:
                    d5:9e:e4:e6:ac:c1:64:13:15:ad:42:06:ef:74:13:
                    cd:36:7f:5a:a0:65:b8:38:76:22:7b:c5:da:0b:0b:
                    e3:9b:c0:a2:53:68:4b:d4:85:d1:2b:20:87:39:66:
                    76:ff:2d:fb:a0:ba:90:e6:7c:6b:b0:b2:e5:29:a8:
                    5a:9e:8c:f9:7e:16:4b:b4:3e:82:0e:61:bf:d5:de:
                    84:15:01:74:5f:94:1a:eb:65:ba:1a:dd:9e:2d:e4:
                    5d:56:32:a5:f5:f1:0e:bc:47:81:a3:96:33:54:a7:
                    89:4e:59:18:74:91:4b:8c:53:82:dd:c1:ef:7e:a7:
                    a5:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:54:65:99:FA:86:DF:7F:F2:F3:36:56:50:9E:5C:16:EC:A3:E8:57
            X509v3 Authority Key Identifier:
                keyid:DB:EC:EC:96:A0:37:1A:3A:E6:2D:7A:A6:DD:7D:9E:43:AC:55:D0:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2-zslqA3GjrmLXqm3X2eQ6xV0CU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/134f0c-d911-4887-96b7-a8766520fea2/1/HlRlmfqG33_y8zZWUJ5cFuyj6Fc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/134f0c-d911-4887-96b7-a8766520fea2/1/2-zslqA3GjrmLXqm3X2eQ6xV0CU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.94.0/24
                IPv6:
                  2a14:2640::/29

    Signature Algorithm: sha256WithRSAEncryption
         24:f3:8e:d5:c5:4f:d2:e4:4d:dc:49:aa:c6:f8:98:40:53:db:
         01:df:5c:49:3e:02:93:d2:b6:6c:06:a8:66:a5:e9:d6:a7:e5:
         aa:2e:16:e9:bb:f7:9d:e3:4b:e0:8c:f6:70:29:ee:52:5b:24:
         8a:e6:58:9a:fe:41:5c:f8:22:73:e4:5a:17:05:be:15:f8:d4:
         c0:27:67:a1:81:03:33:cd:e0:0d:19:fd:f4:db:42:e0:bf:76:
         cb:b6:df:a0:b8:c0:0b:07:d1:d5:9b:f9:6d:70:78:59:e1:a5:
         aa:a6:8f:ee:47:cc:ef:96:2a:c2:ae:b1:4b:30:05:30:01:e3:
         d5:b2:45:5d:af:b0:af:1d:38:e2:f8:91:99:d6:d1:11:d2:c1:
         50:b0:e8:96:9a:54:06:64:dc:13:cf:84:66:9f:41:47:4a:c9:
         cd:a0:c3:c0:10:a7:b9:b3:31:42:7a:b6:35:74:ef:f3:a2:a9:
         57:7d:a5:14:ac:bb:83:0b:d0:19:3c:1d:2d:9c:19:64:34:76:
         69:b5:5b:cc:0b:bc:6a:6e:93:4d:e2:dc:41:c4:30:fe:06:82:
         30:98:cb:f9:26:ac:ab:4e:55:ed:51:7a:ac:fd:94:ef:ca:3c:
         dc:db:9d:b1:d6:9c:ee:e2:f6:1d:13:ca:fe:6b:e2:8e:61:0a:
         a8:ad:84:69
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZkuG08w6TpP3nHxbWXpxEhmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiZWNlYzk2YTAzNzFhM2FlNjJkN2FhNmRkN2Q5ZTQzYWM1
NWQwMjUwHhcNMjUwOTA5MTA1MjQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTU0NjU5OWZhODZkZjdmZjJmMzM2NTY1MDllNWMxNmVjYTNlODU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxU/qZUyHI1cVYMJgI66IqFy91cJp
6fjR8siGe8E/b6+mTC7IIMKNw8glR+cF8Z/9T09vGuwXrZTLpT6arrYjSY9hrTHr
FY6FzoZ0v7s2OXeOhB24Zc7HNzF6WYt5McykcQVaF1qg4BaIpWpTrOEaAWonnAND
Q61cmdk4M8mWHe5u28UEEwDVnuTmrMFkExWtQgbvdBPNNn9aoGW4OHYie8XaCwvj
m8CiU2hL1IXRKyCHOWZ2/y37oLqQ5nxrsLLlKahanoz5fhZLtD6CDmG/1d6EFQF0
X5Qa62W6Gt2eLeRdVjKl9fEOvEeBo5YzVKeJTlkYdJFLjFOC3cHvfqelAQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB5UZZn6ht9/8vM2VlCeXBbso+hXMB8GA1UdIwQY
MBaAFNvs7JagNxo65i16pt19nkOsVdAlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMi16c2xxQTNHanJtTFhxbTNYMmVRNnhWMENVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC8xMzRmMGMtZDkxMS00ODg3LTk2Yjct
YTg3NjY1MjBmZWEyLzEvSGxSbG1mcUczM195OHpaV1VKNWNGdXlqNkZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC8xMzRmMGMtZDkxMS00ODg3LTk2YjctYTg3NjY1MjBmZWEy
LzEvMi16c2xxQTNHanJtTFhxbTNYMmVRNnhWMENVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwmheMA0E
AgACMAcDBQMqFCZAMA0GCSqGSIb3DQEBCwUAA4IBAQAk847VxU/S5E3cSarG+JhA
U9sB31xJPgKT0rZsBqhmpenWp+WqLhbpu/ed40vgjPZwKe5SWySK5lia/kFc+CJz
5FoXBb4V+NTAJ2ehgQMzzeANGf3020Lgv3bLtt+guMALB9HVm/ltcHhZ4aWqpo/u
R8zvlirCrrFLMAUwAePVskVdr7CvHTji+JGZ1tER0sFQsOiWmlQGZNwTz4Rmn0FH
SsnNoMPAEKe5szFCerY1dO/zoqlXfaUUrLuDC9AZPB0tnBlkNHZptVvMC7xqbpNN
4txBxDD+BoIwmMv5JqyrTlXtUXqs/ZTvyjzc252x1pzu4vYdE8r+a+KOYQqorYRp
-----END CERTIFICATE-----