Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/hdBLVcan7hGut9vR1h003tddzSM.roa
File:                     hdBLVcan7hGut9vR1h003tddzSM.roa (raw, json)
Hash identifier:          1p8uvwOtpy6HlpY1Oww00qifRwsGP9qPBMfTzFkvp50=
Subject key identifier:   85:D0:4B:55:C6:A7:EE:11:AE:B7:DB:D1:D6:1D:34:DE:D7:5D:CD:23
Certificate issuer:       /CN=4292b5da4b4ffeaf720649518fbaaa10c5cb2811
Certificate serial:       0198943087C71C835409A3F16F89C59E9BFC
Authority key identifier: 42:92:B5:DA:4B:4F:FE:AF:72:06:49:51:8F:BA:AA:10:C5:CB:28:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/hdBLVcan7hGut9vR1h003tddzSM.roa
Signing time:             Sun 10 Aug 2025 13:34:25 +0000
ROA not before:           Sun 10 Aug 2025 13:34:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57866
IP address blocks:        193.37.216.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:94:30:87:c7:1c:83:54:09:a3:f1:6f:89:c5:9e:9b:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4292b5da4b4ffeaf720649518fbaaa10c5cb2811
        Validity
            Not Before: Aug 10 13:34:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85d04b55c6a7ee11aeb7dbd1d61d34ded75dcd23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:3b:4b:91:df:30:1e:99:bb:cd:36:52:67:18:
                    6e:c8:c6:0b:e3:64:0d:97:9a:c1:36:7d:0d:7a:ec:
                    b9:97:a2:92:f6:27:b3:e5:09:13:9c:da:1d:04:f0:
                    e7:76:c4:a7:e3:40:fc:97:49:e5:e1:54:1f:e0:1b:
                    9b:6e:00:40:e2:a8:0f:f0:f3:d6:15:89:66:bc:cc:
                    13:39:da:d5:45:76:94:d1:19:83:d0:17:5b:f8:55:
                    52:75:d0:c8:ce:f5:21:12:b0:99:35:1c:af:88:17:
                    5d:fe:3c:1e:07:e5:75:ee:8d:f3:56:d7:5f:76:79:
                    bf:bd:c1:fe:c6:f9:d1:18:0a:e6:aa:17:86:0e:20:
                    9f:06:fb:21:e1:37:d9:dc:39:9d:f4:ae:9e:83:46:
                    0e:e5:95:7c:db:21:c6:53:46:9c:2f:68:46:a9:00:
                    58:70:d7:6c:f3:34:a2:e8:62:fc:9d:29:a1:16:e4:
                    15:b4:6d:c1:12:dc:d3:cf:cc:97:1d:93:95:ab:cc:
                    e8:cb:aa:8a:dd:61:8d:12:f4:31:ad:8f:1c:33:3f:
                    48:e4:39:e9:36:f1:a8:6f:cc:3a:2f:e1:2c:3f:d2:
                    5d:c3:d1:80:50:7b:e7:b3:6d:dc:6d:86:e1:52:c6:
                    2c:5c:01:39:29:0a:b1:c0:40:a5:a5:ab:ff:06:f6:
                    87:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:D0:4B:55:C6:A7:EE:11:AE:B7:DB:D1:D6:1D:34:DE:D7:5D:CD:23
            X509v3 Authority Key Identifier:
                keyid:42:92:B5:DA:4B:4F:FE:AF:72:06:49:51:8F:BA:AA:10:C5:CB:28:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/hdBLVcan7hGut9vR1h003tddzSM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0c:dd:8b:ba:17:0c:19:d6:30:c2:81:41:15:06:19:3b:3a:99:
         fd:89:ee:0f:58:1e:c4:29:ae:b2:fa:70:66:3e:1c:f3:ec:e0:
         12:30:75:ea:cd:99:e3:4e:4f:cd:2b:83:a6:91:e4:37:d7:12:
         f2:7c:df:3b:bb:97:26:32:d9:93:f7:85:1d:4e:f7:e2:05:76:
         e2:42:7b:ec:68:b8:cb:97:b5:1c:0d:59:43:f3:eb:43:62:52:
         d9:4a:b4:43:47:17:0c:c9:d1:af:54:5d:7f:bc:a9:37:79:24:
         af:5f:93:e7:28:03:21:93:05:91:4f:9d:c9:44:c7:ab:68:70:
         13:98:b7:2a:62:1c:a2:d3:fc:54:ff:68:9b:63:be:0a:90:41:
         e6:b7:94:42:08:95:7a:fb:57:29:c4:34:df:f5:6d:87:5f:c6:
         de:a6:ae:be:d4:47:f6:ab:ca:5f:b7:78:ff:5d:10:90:19:3e:
         d8:69:62:19:02:3c:3c:0d:65:52:87:71:d7:29:5a:a1:5b:97:
         74:81:38:28:4b:c0:2d:36:5f:0e:60:d0:74:7f:78:21:31:84:
         3e:e5:cd:b5:93:2a:62:7f:87:3b:84:52:97:2c:bd:52:59:cb:
         5b:b5:c5:ba:20:00:14:26:c8:6f:3a:2e:c7:ea:ef:2a:6c:ed:
         40:a2:29:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiUMIfHHINUCaPxb4nFnpv8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOTJiNWRhNGI0ZmZlYWY3MjA2NDk1MThmYmFhYTEwYzVj
YjI4MTEwHhcNMjUwODEwMTMzNDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWQwNGI1NWM2YTdlZTExYWViN2RiZDFkNjFkMzRkZWQ3NWRjZDIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3jtLkd8wHpm7zTZSZxhuyMYL42QN
l5rBNn0Neuy5l6KS9iez5QkTnNodBPDndsSn40D8l0nl4VQf4BubbgBA4qgP8PPW
FYlmvMwTOdrVRXaU0RmD0Bdb+FVSddDIzvUhErCZNRyviBdd/jweB+V17o3zVtdf
dnm/vcH+xvnRGArmqheGDiCfBvsh4TfZ3Dmd9K6eg0YO5ZV82yHGU0acL2hGqQBY
cNds8zSi6GL8nSmhFuQVtG3BEtzTz8yXHZOVq8zoy6qK3WGNEvQxrY8cMz9I5Dnp
NvGob8w6L+EsP9Jdw9GAUHvns23cbYbhUsYsXAE5KQqxwEClpav/BvaH4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIXQS1XGp+4Rrrfb0dYdNN7XXc0jMB8GA1UdIwQY
MBaAFEKStdpLT/6vcgZJUY+6qhDFyygRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBLMTJrdFBfcTl5QmtsUmo3cXFFTVhMS0JFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS80NTIyZmItYzFkYS00Y2NjLWE3Yzct
YTA0M2UxYjY3Yjk0LzEvaGRCTFZjYW43aEd1dDl2UjFoMDAzdGRkelNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS80NTIyZmItYzFkYS00Y2NjLWE3YzctYTA0M2UxYjY3Yjk0
LzEvUXBLMTJrdFBfcTl5QmtsUmo3cXFFTVhMS0JFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwSXYMA0G
CSqGSIb3DQEBCwUAA4IBAQAM3Yu6FwwZ1jDCgUEVBhk7Opn9ie4PWB7EKa6y+nBm
Phzz7OASMHXqzZnjTk/NK4OmkeQ31xLyfN87u5cmMtmT94UdTvfiBXbiQnvsaLjL
l7UcDVlD8+tDYlLZSrRDRxcMydGvVF1/vKk3eSSvX5PnKAMhkwWRT53JRMeraHAT
mLcqYhyi0/xU/2ibY74KkEHmt5RCCJV6+1cpxDTf9W2HX8bepq6+1Ef2q8pft3j/
XRCQGT7YaWIZAjw8DWVSh3HXKVqhW5d0gTgoS8AtNl8OYNB0f3ghMYQ+5c21kypi
f4c7hFKXLL1SWctbtcW6IAAUJshvOi7H6u8qbO1Aoika
-----END CERTIFICATE-----