Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/HDVuIW9XiSGyuuDPbsTsfpK9Hjg.roa
File:                     HDVuIW9XiSGyuuDPbsTsfpK9Hjg.roa (raw, json)
Hash identifier:          fjWKt3Cr3fyL7h6gCEroZ6zh75H5knry8QHJWUEc9+A=
Subject key identifier:   1C:35:6E:21:6F:57:89:21:B2:BA:E0:CF:6E:C4:EC:7E:92:BD:1E:38
Certificate issuer:       /CN=844969780141824cd0acbfa5a784611eeb0a7ddb
Certificate serial:       0199E76A79CC257D21E4315A70D146F53931
Authority key identifier: 84:49:69:78:01:41:82:4C:D0:AC:BF:A5:A7:84:61:1E:EB:0A:7D:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hElpeAFBgkzQrL-lp4RhHusKfds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/HDVuIW9XiSGyuuDPbsTsfpK9Hjg.roa
Signing time:             Wed 15 Oct 2025 10:28:58 +0000
ROA not before:           Wed 15 Oct 2025 10:28:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202561
IP address blocks:        188.125.161.0/24 maxlen: 24
                          195.62.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/hElpeAFBgkzQrL-lp4RhHusKfds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/hElpeAFBgkzQrL-lp4RhHusKfds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hElpeAFBgkzQrL-lp4RhHusKfds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e7:6a:79:cc:25:7d:21:e4:31:5a:70:d1:46:f5:39:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=844969780141824cd0acbfa5a784611eeb0a7ddb
        Validity
            Not Before: Oct 15 10:28:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c356e216f578921b2bae0cf6ec4ec7e92bd1e38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:8a:ff:77:a6:13:03:e5:29:e4:e7:23:73:9b:
                    12:0b:cf:c5:93:18:99:e3:a6:ff:30:dd:2b:b9:94:
                    ea:00:6d:8c:cb:f9:6e:0c:79:08:d0:d3:91:71:e0:
                    85:e2:1a:c8:37:be:b2:ca:cc:0d:05:14:9c:00:3d:
                    d1:72:79:dd:3a:4f:aa:f1:cf:58:f5:15:55:55:e3:
                    11:bc:54:92:30:6b:88:d8:db:52:c9:20:48:fe:bc:
                    76:27:ec:53:6d:84:3d:cf:e4:ef:6e:77:f9:3f:f5:
                    29:12:fc:5a:63:ce:cd:26:79:f6:fa:3f:fa:a0:17:
                    ad:2b:c5:bf:a1:f1:21:37:2b:84:f6:e3:91:4e:19:
                    d1:be:73:27:79:4c:24:53:ab:47:06:1f:a8:99:c3:
                    d6:4d:66:34:3c:36:c3:a2:81:62:38:29:d4:c6:4e:
                    94:f0:84:22:73:46:10:16:2d:c7:ad:18:39:eb:14:
                    f5:5b:0c:98:92:8e:8a:e3:81:0d:1a:98:3c:a8:2b:
                    d0:8b:c6:c0:58:3b:3d:7e:c8:09:c3:ea:52:c9:d1:
                    d5:e6:d4:33:eb:86:46:5a:e1:b4:24:ad:be:6a:e8:
                    9f:21:ac:56:fd:39:db:e6:60:f0:39:3d:1b:cb:fe:
                    0a:e8:01:5a:68:d2:e4:3f:f6:4b:dc:28:29:6e:55:
                    b5:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:35:6E:21:6F:57:89:21:B2:BA:E0:CF:6E:C4:EC:7E:92:BD:1E:38
            X509v3 Authority Key Identifier:
                keyid:84:49:69:78:01:41:82:4C:D0:AC:BF:A5:A7:84:61:1E:EB:0A:7D:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hElpeAFBgkzQrL-lp4RhHusKfds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/HDVuIW9XiSGyuuDPbsTsfpK9Hjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/hElpeAFBgkzQrL-lp4RhHusKfds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.125.161.0/24
                  195.62.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:d7:75:fa:a3:2a:1b:5a:b7:cf:8c:3c:ff:53:c0:ac:14:d1:
         d0:18:0c:ab:ca:7b:83:cf:4b:d4:7c:b2:9d:f3:de:80:31:1e:
         a2:ab:e6:92:65:69:ff:f1:4c:d6:e4:20:82:9e:b2:82:c8:64:
         7f:3c:1c:7f:7c:8f:43:8d:e6:76:31:cd:16:6b:65:aa:cb:e6:
         62:01:7d:46:97:f9:13:64:3c:44:b8:04:bc:74:b7:1b:a0:e5:
         65:f1:03:6b:bc:47:d5:60:9c:c1:d4:c7:f3:be:29:6d:75:73:
         f7:06:f7:39:a6:41:a2:1e:6a:49:ac:ca:30:4c:a4:8d:a7:c5:
         a4:d6:c8:90:ae:f4:1c:d4:e5:9a:c6:fd:7f:a2:32:fa:6c:ed:
         cc:2d:8e:28:0d:09:dc:03:29:a7:8c:23:89:54:b8:2b:28:06:
         50:ef:df:f7:4c:33:de:9f:27:07:06:b4:76:17:ed:7c:25:93:
         1e:0f:c4:4f:05:bc:ca:be:ed:a3:60:49:54:56:e3:9d:87:aa:
         42:66:7b:c4:ad:32:d4:81:fd:4b:6d:e9:ba:04:4d:3c:cc:1d:
         8a:57:9b:0b:03:c4:a2:d2:9a:60:bd:d7:3e:97:b7:77:0b:88:
         c0:76:74:54:73:a0:18:0b:ec:8f:99:8e:42:87:d9:91:1d:98:
         74:28:2c:82
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZnnannMJX0h5DFacNFG9TkxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NDk2OTc4MDE0MTgyNGNkMGFjYmZhNWE3ODQ2MTFlZWIw
YTdkZGIwHhcNMjUxMDE1MTAyODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzM1NmUyMTZmNTc4OTIxYjJiYWUwY2Y2ZWM0ZWM3ZTkyYmQxZTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Yr/d6YTA+Up5Ocjc5sSC8/FkxiZ
46b/MN0ruZTqAG2My/luDHkI0NORceCF4hrIN76yyswNBRScAD3RcnndOk+q8c9Y
9RVVVeMRvFSSMGuI2NtSySBI/rx2J+xTbYQ9z+Tvbnf5P/UpEvxaY87NJnn2+j/6
oBetK8W/ofEhNyuE9uORThnRvnMneUwkU6tHBh+omcPWTWY0PDbDooFiOCnUxk6U
8IQic0YQFi3HrRg56xT1WwyYko6K44ENGpg8qCvQi8bAWDs9fsgJw+pSydHV5tQz
64ZGWuG0JK2+auifIaxW/Tnb5mDwOT0by/4K6AFaaNLkP/ZL3CgpblW1UQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBw1biFvV4khsrrgz27E7H6SvR44MB8GA1UdIwQY
MBaAFIRJaXgBQYJM0Ky/paeEYR7rCn3bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEVscGVBRkJna3pRckwtbHA0UmhIdXNLZmRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9lNjJmOTUtYWJiZC00MzBkLTgxNjAt
MDRhYzE3ODgxYWE5LzEvSERWdUlXOVhpU0d5dXVEUGJzVHNmcEs5SGpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9lNjJmOTUtYWJiZC00MzBkLTgxNjAtMDRhYzE3ODgxYWE5
LzEvaEVscGVBRkJna3pRckwtbHA0UmhIdXNLZmRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAvH2hAwQA
wz4yMA0GCSqGSIb3DQEBCwUAA4IBAQAP13X6oyobWrfPjDz/U8CsFNHQGAyrynuD
z0vUfLKd896AMR6iq+aSZWn/8UzW5CCCnrKCyGR/PBx/fI9DjeZ2Mc0Wa2Wqy+Zi
AX1Gl/kTZDxEuAS8dLcboOVl8QNrvEfVYJzB1MfzviltdXP3Bvc5pkGiHmpJrMow
TKSNp8Wk1siQrvQc1OWaxv1/ojL6bO3MLY4oDQncAymnjCOJVLgrKAZQ79/3TDPe
nycHBrR2F+18JZMeD8RPBbzKvu2jYElUVuOdh6pCZnvErTLUgf1Lbem6BE08zB2K
V5sLA8Si0ppgvdc+l7d3C4jAdnRUc6AYC+yPmY5Ch9mRHZh0KCyC
-----END CERTIFICATE-----