Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/hh7Gdh6zfaFogwbFBRa2NVcPr_I.roa
File:                     hh7Gdh6zfaFogwbFBRa2NVcPr_I.roa (raw, json)
Hash identifier:          ssBuLOF5j4levhxPJMBnrdwY3/mZUCOBNj16h6KB1U0=
Subject key identifier:   86:1E:C6:76:1E:B3:7D:A1:68:83:06:C5:05:16:B6:35:57:0F:AF:F2
Certificate issuer:       /CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
Certificate serial:       0198B33A1390F6AD978B69E471E28C142C67
Authority key identifier: 4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/hh7Gdh6zfaFogwbFBRa2NVcPr_I.roa
Signing time:             Sat 16 Aug 2025 14:13:04 +0000
ROA not before:           Sat 16 Aug 2025 14:13:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16589
IP address blocks:        159.197.224.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:b3:3a:13:90:f6:ad:97:8b:69:e4:71:e2:8c:14:2c:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
        Validity
            Not Before: Aug 16 14:13:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=861ec6761eb37da1688306c50516b635570faff2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:41:8f:0a:50:1f:32:8f:0f:1c:b8:b5:6b:d4:
                    8b:75:41:2e:a3:66:cc:13:dc:c4:17:02:2c:13:d0:
                    d8:d5:7a:b9:91:cf:d2:69:6f:77:fc:2b:74:0f:74:
                    d8:97:54:15:5f:d9:6a:69:1a:93:a1:da:99:46:98:
                    50:cb:54:1e:8c:71:f1:59:3e:50:f6:90:95:03:42:
                    36:21:11:ec:f6:49:48:30:42:ed:94:c7:db:2f:9f:
                    8a:7e:28:0f:99:8a:d3:11:e1:c0:bf:c1:bf:6b:1c:
                    50:33:3d:8f:c6:3f:3c:a4:ca:3d:ec:a6:7b:e2:15:
                    0b:57:df:a3:94:05:bb:63:00:d5:da:dc:d2:73:97:
                    d1:20:d6:70:8e:26:20:13:ed:fe:04:9c:bd:eb:43:
                    cb:6f:0d:e8:7c:bb:0e:b3:39:4b:b7:58:ed:bf:09:
                    76:df:ed:e0:33:5e:86:14:40:65:c2:f2:89:af:a3:
                    69:cb:e4:92:3c:ae:6c:e4:0e:cc:59:c8:85:0b:d6:
                    2a:9c:e7:5e:e7:16:c6:cd:b0:96:df:17:9c:26:cb:
                    3c:dd:78:a2:14:9b:ed:59:cd:77:78:3d:bf:86:b2:
                    19:e1:36:9d:82:50:63:cd:e6:16:01:dc:e3:3c:bd:
                    da:0c:32:56:9d:c8:c2:c1:dc:81:9f:38:cf:54:a6:
                    b0:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:1E:C6:76:1E:B3:7D:A1:68:83:06:C5:05:16:B6:35:57:0F:AF:F2
            X509v3 Authority Key Identifier:
                keyid:4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/hh7Gdh6zfaFogwbFBRa2NVcPr_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.197.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         af:24:b1:7a:f5:c7:e2:7f:ca:09:bf:22:6c:47:a7:50:59:a2:
         75:ad:1c:d8:50:c8:b2:d1:70:a9:a2:ed:10:d5:6d:3e:5b:1a:
         cc:f7:15:de:75:fc:e6:59:0d:7f:86:9f:8c:18:35:f1:23:97:
         03:82:a1:a0:02:5e:11:90:46:d8:25:f4:26:aa:1b:06:95:30:
         8e:83:a1:b5:2e:f9:ae:fd:dd:e6:e3:4a:b6:0f:0d:0c:1b:14:
         04:c3:e6:08:f8:93:76:ed:40:fb:06:fb:b2:29:ac:75:c9:6b:
         db:4a:c2:d8:49:bf:46:c8:39:33:8b:72:74:06:53:2e:64:6d:
         f5:e2:7c:63:a1:bc:61:9b:5a:eb:b7:22:a8:47:1d:79:f0:79:
         5a:08:46:8a:06:20:b4:71:d5:c5:d3:f7:53:a9:84:58:62:23:
         8c:bf:3b:b7:e7:72:80:46:ad:48:bd:7c:b6:c4:67:65:40:d7:
         30:47:e2:37:7c:56:13:6b:74:1e:a3:44:2c:4c:2b:c4:9c:35:
         0e:15:5a:ec:d6:bf:4a:b8:7b:e2:e0:27:fc:3f:77:f7:c3:b6:
         93:1d:33:ae:51:eb:45:b0:8b:d2:9c:4f:48:fb:dd:de:5e:75:
         23:e3:58:56:b9:54:a5:a2:d3:9f:02:53:f5:f7:8d:99:73:06:
         36:5f:f6:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZizOhOQ9q2Xi2nkceKMFCxnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDk1NGQzYzc3YzljNGUzN2VlYmY3NTNkODZmM2RjZjA5
MWQ0YTkwHhcNMjUwODE2MTQxMzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjFlYzY3NjFlYjM3ZGExNjg4MzA2YzUwNTE2YjYzNTU3MGZhZmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00GPClAfMo8PHLi1a9SLdUEuo2bM
E9zEFwIsE9DY1Xq5kc/SaW93/Ct0D3TYl1QVX9lqaRqTodqZRphQy1QejHHxWT5Q
9pCVA0I2IRHs9klIMELtlMfbL5+KfigPmYrTEeHAv8G/axxQMz2Pxj88pMo97KZ7
4hULV9+jlAW7YwDV2tzSc5fRINZwjiYgE+3+BJy960PLbw3ofLsOszlLt1jtvwl2
3+3gM16GFEBlwvKJr6Npy+SSPK5s5A7MWciFC9YqnOde5xbGzbCW3xecJss83Xii
FJvtWc13eD2/hrIZ4TadglBjzeYWAdzjPL3aDDJWncjCwdyBnzjPVKaw0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIYexnYes32haIMGxQUWtjVXD6/yMB8GA1UdIwQY
MBaAFE3ZVNPHfJxON+6/dT2G89zwkdSpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDIt
ZWI3YWFhNjgyOGJlLzEvaGg3R2RoNnpmYUZvZ3diRkJSYTJOVmNQcl9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDItZWI3YWFhNjgyOGJl
LzEvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFn8XgMA0G
CSqGSIb3DQEBCwUAA4IBAQCvJLF69cfif8oJvyJsR6dQWaJ1rRzYUMiy0XCpou0Q
1W0+WxrM9xXedfzmWQ1/hp+MGDXxI5cDgqGgAl4RkEbYJfQmqhsGlTCOg6G1Lvmu
/d3m40q2Dw0MGxQEw+YI+JN27UD7BvuyKax1yWvbSsLYSb9GyDkzi3J0BlMuZG31
4nxjobxhm1rrtyKoRx158HlaCEaKBiC0cdXF0/dTqYRYYiOMvzu353KARq1IvXy2
xGdlQNcwR+I3fFYTa3Qeo0QsTCvEnDUOFVrs1r9KuHvi4Cf8P3f3w7aTHTOuUetF
sIvSnE9I+93eXnUj41hWuVSlotOfAlP1942ZcwY2X/b9
-----END CERTIFICATE-----