Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/941bd0-c4f3-45ee-8fd1-d5bcf28f748b/1/hRPKeHZ6_YWICYTS_JHAiqBF0Sg.roa
File:                     hRPKeHZ6_YWICYTS_JHAiqBF0Sg.roa (raw, json)
Hash identifier:          NDzOC26DELEHx7JLJ5CgjjPlTl9/8PN/GUB9G8BQkuk=
Subject key identifier:   85:13:CA:78:76:7A:FD:85:88:09:84:D2:FC:91:C0:8A:A0:45:D1:28
Certificate issuer:       /CN=b6e71ec05596dc499410670ff2193f3094faa6a7
Certificate serial:       01987F5761A7AAF184FCD32685D0E4C0469E
Authority key identifier: B6:E7:1E:C0:55:96:DC:49:94:10:67:0F:F2:19:3F:30:94:FA:A6:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tucewFWW3EmUEGcP8hk_MJT6pqc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/941bd0-c4f3-45ee-8fd1-d5bcf28f748b/1/hRPKeHZ6_YWICYTS_JHAiqBF0Sg.roa
Signing time:             Wed 06 Aug 2025 12:24:49 +0000
ROA not before:           Wed 06 Aug 2025 12:24:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202561
IP address blocks:        212.108.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/941bd0-c4f3-45ee-8fd1-d5bcf28f748b/1/tucewFWW3EmUEGcP8hk_MJT6pqc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/941bd0-c4f3-45ee-8fd1-d5bcf28f748b/1/tucewFWW3EmUEGcP8hk_MJT6pqc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tucewFWW3EmUEGcP8hk_MJT6pqc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Aug 2025 20:16:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7f:57:61:a7:aa:f1:84:fc:d3:26:85:d0:e4:c0:46:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6e71ec05596dc499410670ff2193f3094faa6a7
        Validity
            Not Before: Aug  6 12:24:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8513ca78767afd85880984d2fc91c08aa045d128
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:49:5b:29:46:00:3e:6d:f3:8e:f6:0a:ec:17:
                    82:97:b8:4b:84:c5:75:59:bc:2d:3d:eb:14:f0:43:
                    93:3b:6d:30:eb:46:1f:6f:fc:72:05:79:aa:dd:91:
                    22:b8:d7:ab:ce:3e:d7:ca:1e:c3:ce:44:de:bd:19:
                    5b:2d:09:89:43:a7:20:aa:09:b3:81:0a:c7:fd:7d:
                    72:1a:06:66:9c:b0:d4:8a:64:ea:c3:7e:f9:b3:cf:
                    f4:a7:12:f8:2d:89:e7:c2:0f:aa:97:60:78:a1:71:
                    b1:c1:b4:85:62:ea:06:19:2c:ac:27:f7:4b:79:b4:
                    c9:db:55:35:c1:1a:f0:a8:6c:56:0f:43:d8:01:a1:
                    6e:53:85:27:82:cb:b3:23:4f:be:87:40:9d:9a:13:
                    6c:d1:09:a1:22:ea:a5:10:0b:36:3a:75:59:16:4a:
                    d0:a9:44:97:44:3b:fe:53:e3:c1:bc:13:77:f1:b0:
                    c3:da:fa:dc:94:5a:ae:ee:ea:36:5c:d5:20:97:36:
                    15:6e:ac:e2:47:e6:88:1d:47:ae:6c:b9:ef:13:1a:
                    44:c8:78:20:83:d1:bf:0a:95:1a:89:0b:2d:e5:cb:
                    7f:f4:3c:80:67:b4:8e:82:80:38:6d:83:8a:f0:ae:
                    f9:39:83:0d:7b:04:d1:59:80:83:6d:74:3e:25:f0:
                    9e:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:13:CA:78:76:7A:FD:85:88:09:84:D2:FC:91:C0:8A:A0:45:D1:28
            X509v3 Authority Key Identifier:
                keyid:B6:E7:1E:C0:55:96:DC:49:94:10:67:0F:F2:19:3F:30:94:FA:A6:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tucewFWW3EmUEGcP8hk_MJT6pqc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/941bd0-c4f3-45ee-8fd1-d5bcf28f748b/1/hRPKeHZ6_YWICYTS_JHAiqBF0Sg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/941bd0-c4f3-45ee-8fd1-d5bcf28f748b/1/tucewFWW3EmUEGcP8hk_MJT6pqc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.108.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:3a:5d:b0:45:c8:9e:73:9a:36:51:ac:76:a7:f9:ee:4f:6e:
         a6:ee:4a:8f:58:9b:b1:81:57:5f:bf:9a:80:e4:f0:21:a9:8c:
         37:25:87:01:d2:db:86:57:46:1c:98:7c:ab:ea:63:69:ab:1a:
         c1:a8:b1:e9:d2:53:76:f6:bd:ad:94:63:ae:26:c5:02:61:2e:
         ba:6c:0d:f5:d3:e5:47:04:19:55:f6:77:af:6e:f7:be:51:80:
         bc:32:23:86:9e:5e:19:b8:09:60:69:2a:16:b7:93:43:e5:82:
         60:cb:31:4a:7a:12:91:cf:e9:17:f7:27:bf:68:01:02:53:72:
         8a:6c:b8:db:b9:c1:9f:48:d2:c3:e2:4a:0e:0f:2a:aa:a5:b8:
         4a:14:e7:dd:8f:0d:ea:a7:52:f3:65:4d:c5:89:ad:7e:db:7a:
         8a:45:9a:da:bf:69:9c:3c:dc:8c:12:bf:1f:84:3e:48:64:d8:
         bd:5e:43:4d:19:85:a1:63:f6:67:d5:48:80:0e:c8:8d:58:3c:
         5e:46:46:d1:e6:ee:9a:4a:d0:9e:c6:3a:fb:73:b7:b8:87:68:
         0e:8a:6c:47:47:98:8a:65:ff:cf:07:07:66:0c:dc:c2:be:0a:
         33:71:b3:01:93:9c:e7:03:69:e7:77:83:d4:76:fc:a0:75:33:
         b3:45:49:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh/V2GnqvGE/NMmhdDkwEaeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2ZTcxZWMwNTU5NmRjNDk5NDEwNjcwZmYyMTkzZjMwOTRm
YWE2YTcwHhcNMjUwODA2MTIyNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTEzY2E3ODc2N2FmZDg1ODgwOTg0ZDJmYzkxYzA4YWEwNDVkMTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmElbKUYAPm3zjvYK7BeCl7hLhMV1
WbwtPesU8EOTO20w60Yfb/xyBXmq3ZEiuNerzj7Xyh7DzkTevRlbLQmJQ6cgqgmz
gQrH/X1yGgZmnLDUimTqw375s8/0pxL4LYnnwg+ql2B4oXGxwbSFYuoGGSysJ/dL
ebTJ21U1wRrwqGxWD0PYAaFuU4UngsuzI0++h0CdmhNs0QmhIuqlEAs2OnVZFkrQ
qUSXRDv+U+PBvBN38bDD2vrclFqu7uo2XNUglzYVbqziR+aIHUeubLnvExpEyHgg
g9G/CpUaiQst5ct/9DyAZ7SOgoA4bYOK8K75OYMNewTRWYCDbXQ+JfCeCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIUTynh2ev2FiAmE0vyRwIqgRdEoMB8GA1UdIwQY
MBaAFLbnHsBVltxJlBBnD/IZPzCU+qanMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHVjZXdGV1czRW1VRUdjUDhoa19NSlQ2cHFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi85NDFiZDAtYzRmMy00NWVlLThmZDEt
ZDViY2YyOGY3NDhiLzEvaFJQS2VIWjZfWVdJQ1lUU19KSEFpcUJGMFNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi85NDFiZDAtYzRmMy00NWVlLThmZDEtZDViY2YyOGY3NDhi
LzEvdHVjZXdGV1czRW1VRUdjUDhoa19NSlQ2cHFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GxzMA0G
CSqGSIb3DQEBCwUAA4IBAQBjOl2wRciec5o2Uax2p/nuT26m7kqPWJuxgVdfv5qA
5PAhqYw3JYcB0tuGV0YcmHyr6mNpqxrBqLHp0lN29r2tlGOuJsUCYS66bA310+VH
BBlV9nevbve+UYC8MiOGnl4ZuAlgaSoWt5ND5YJgyzFKehKRz+kX9ye/aAECU3KK
bLjbucGfSNLD4koODyqqpbhKFOfdjw3qp1LzZU3Fia1+23qKRZrav2mcPNyMEr8f
hD5IZNi9XkNNGYWhY/Zn1UiADsiNWDxeRkbR5u6aStCexjr7c7e4h2gOimxHR5iK
Zf/PBwdmDNzCvgozcbMBk5znA2nnd4PUdvygdTOzRUmE
-----END CERTIFICATE-----