Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/1ha7E5Pk8nwTUnJEHOzuMgjsGUc.roa
File:                     1ha7E5Pk8nwTUnJEHOzuMgjsGUc.roa (raw, json)
Hash identifier:          x0h8YUD6Wnn6DfuYhXby8UIyKLngPYA1idrWj6umHXY=
Subject key identifier:   D6:16:BB:13:93:E4:F2:7C:13:52:72:44:1C:EC:EE:32:08:EC:19:47
Certificate issuer:       /CN=16055801b775e774306321455fd463fbd9273c4c
Certificate serial:       0199962702B2E1947B206021B8D2BFD26365
Authority key identifier: 16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/1ha7E5Pk8nwTUnJEHOzuMgjsGUc.roa
Signing time:             Mon 29 Sep 2025 15:46:02 +0000
ROA not before:           Mon 29 Sep 2025 15:46:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25198
IP address blocks:        144.56.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:96:27:02:b2:e1:94:7b:20:60:21:b8:d2:bf:d2:63:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16055801b775e774306321455fd463fbd9273c4c
        Validity
            Not Before: Sep 29 15:46:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d616bb1393e4f27c135272441cecee3208ec1947
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:d5:0c:7a:42:ff:73:58:05:3c:0c:52:90:ae:
                    ca:72:12:db:8f:42:7d:ce:78:ab:41:68:c9:46:a3:
                    ed:bd:89:6b:c6:0e:1f:bb:7f:e0:70:1e:e4:53:85:
                    2e:b1:35:6c:e3:4e:a2:73:3f:c3:a4:b8:4e:99:d7:
                    75:57:f1:a6:a3:c9:58:e9:0d:77:45:b0:fb:5c:b7:
                    ac:50:35:98:cd:3f:f6:2e:50:3e:62:77:27:a9:84:
                    8b:bc:2c:3e:ae:9e:99:16:c6:b8:54:52:74:d2:04:
                    48:4f:93:de:39:47:e7:d5:54:fe:7e:0c:ec:55:63:
                    8e:dc:d6:0d:ab:12:95:bb:c5:f4:99:d9:cb:d0:ee:
                    7f:6f:eb:ab:1d:f6:ac:8e:b3:90:9a:6a:b3:25:1d:
                    d7:84:34:12:4d:fd:61:56:eb:b0:66:21:d5:e0:20:
                    a6:73:1a:8d:40:73:21:67:03:a2:e2:b5:8f:03:b1:
                    e7:57:5a:a0:50:b6:36:53:18:fa:95:52:fa:f8:3d:
                    db:71:18:2a:72:c9:87:c8:06:3d:0e:be:7f:fe:18:
                    18:f1:16:1f:4b:4e:34:ac:50:8c:5b:b7:1b:23:4c:
                    91:7a:a0:59:02:b4:19:ed:b0:98:f7:98:e5:b8:3f:
                    ca:1c:c7:1a:ec:05:9b:81:a7:bf:6b:35:91:b7:d7:
                    74:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:16:BB:13:93:E4:F2:7C:13:52:72:44:1C:EC:EE:32:08:EC:19:47
            X509v3 Authority Key Identifier:
                keyid:16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/1ha7E5Pk8nwTUnJEHOzuMgjsGUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.56.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d5:4e:3f:09:80:a4:28:95:ec:f7:69:02:cb:b2:12:65:33:27:
         b0:15:9c:ed:55:45:f4:a4:74:8b:ff:ab:a5:b5:14:48:6a:d4:
         94:8e:7b:d4:5c:08:0f:80:1b:2b:3c:85:3b:80:e1:90:71:9f:
         08:45:bd:14:6f:e1:54:fe:0d:85:a2:1e:d9:ed:36:87:ad:82:
         13:72:0e:eb:7e:b0:df:2d:43:54:86:8e:fb:2f:d8:dc:25:fe:
         8b:0b:8c:5f:15:2d:4c:11:8f:32:65:14:a1:37:7d:dd:91:13:
         4f:cc:66:6f:6a:be:d2:25:ba:03:2b:31:7f:1e:be:78:6a:72:
         27:77:3c:cc:21:55:ed:60:dd:80:78:38:d0:49:3f:07:c9:2f:
         79:aa:31:10:c5:6e:23:08:6a:9a:ac:48:4f:24:0c:79:94:a2:
         c0:c2:d7:0b:29:3a:6b:ac:f6:d4:cb:0e:bb:14:33:04:e3:6a:
         9b:1c:04:ba:45:18:8d:b2:b5:d6:c0:2b:b3:eb:a9:38:a8:a2:
         c6:7e:34:1c:73:54:94:1f:af:0d:1f:f0:48:87:ec:08:f8:55:
         23:29:db:52:1a:87:0b:20:de:5f:49:43:a4:ee:e7:41:1d:15:
         06:b4:bc:d3:ee:fc:94:f5:df:b0:03:9c:d0:54:91:12:10:f5:
         f7:d7:a8:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmWJwKy4ZR7IGAhuNK/0mNlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MDU1ODAxYjc3NWU3NzQzMDYzMjE0NTVmZDQ2M2ZiZDky
NzNjNGMwHhcNMjUwOTI5MTU0NjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjE2YmIxMzkzZTRmMjdjMTM1MjcyNDQxY2VjZWUzMjA4ZWMxOTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptUMekL/c1gFPAxSkK7KchLbj0J9
znirQWjJRqPtvYlrxg4fu3/gcB7kU4UusTVs406icz/DpLhOmdd1V/Gmo8lY6Q13
RbD7XLesUDWYzT/2LlA+YncnqYSLvCw+rp6ZFsa4VFJ00gRIT5PeOUfn1VT+fgzs
VWOO3NYNqxKVu8X0mdnL0O5/b+urHfasjrOQmmqzJR3XhDQSTf1hVuuwZiHV4CCm
cxqNQHMhZwOi4rWPA7HnV1qgULY2Uxj6lVL6+D3bcRgqcsmHyAY9Dr5//hgY8RYf
S040rFCMW7cbI0yReqBZArQZ7bCY95jluD/KHMca7AWbgae/azWRt9d0CQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNYWuxOT5PJ8E1JyRBzs7jII7BlHMB8GA1UdIwQY
MBaAFBYFWAG3ded0MGMhRV/UY/vZJzxMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgt
MTM1NzE3ZWYzODhhLzEvMWhhN0U1UGs4bndUVW5KRUhPenVNZ2pzR1VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgtMTM1NzE3ZWYzODhh
LzEvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkDglMA0G
CSqGSIb3DQEBCwUAA4IBAQDVTj8JgKQolez3aQLLshJlMyewFZztVUX0pHSL/6ul
tRRIatSUjnvUXAgPgBsrPIU7gOGQcZ8IRb0Ub+FU/g2Foh7Z7TaHrYITcg7rfrDf
LUNUho77L9jcJf6LC4xfFS1MEY8yZRShN33dkRNPzGZvar7SJboDKzF/Hr54anIn
dzzMIVXtYN2AeDjQST8HyS95qjEQxW4jCGqarEhPJAx5lKLAwtcLKTprrPbUyw67
FDME42qbHAS6RRiNsrXWwCuz66k4qKLGfjQcc1SUH68NH/BIh+wI+FUjKdtSGocL
IN5fSUOk7udBHRUGtLzT7vyU9d+wA5zQVJESEPX316iU
-----END CERTIFICATE-----