Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/HbyWHPybIklTpRR77b2_jKRgZxA.roa
File:                     HbyWHPybIklTpRR77b2_jKRgZxA.roa (raw, json)
Hash identifier:          b2TtxTei7Hc1U0pEoHwvYSdc1+G4FvVkOgboIuWr0Zc=
Subject key identifier:   1D:BC:96:1C:FC:9B:22:49:53:A5:14:7B:ED:BD:BF:8C:A4:60:67:10
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       0199767B6A954C698C10FC0EA08ECF009037
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/HbyWHPybIklTpRR77b2_jKRgZxA.roa
Signing time:             Tue 23 Sep 2025 12:10:23 +0000
ROA not before:           Tue 23 Sep 2025 12:10:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202764
IP address blocks:        109.248.224.0/24 maxlen: 24
                          188.130.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:76:7b:6a:95:4c:69:8c:10:fc:0e:a0:8e:cf:00:90:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Sep 23 12:10:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1dbc961cfc9b224953a5147bedbdbf8ca4606710
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:39:2a:cb:36:c7:01:a6:76:26:f4:bb:3e:89:
                    21:8c:98:22:4c:f4:ca:b9:31:e2:b1:d6:af:bb:2f:
                    9c:35:22:6d:1a:a0:37:d2:ba:fc:99:2a:06:ef:58:
                    f5:88:86:3d:2d:4b:07:09:cb:80:b8:e1:2c:fa:56:
                    40:b9:6f:7b:df:5c:d3:01:0d:24:40:0f:71:5b:3c:
                    9f:41:65:d8:ab:61:64:ca:ba:11:1f:96:73:32:b3:
                    b9:fe:a1:7f:d5:a1:61:b3:e9:a1:a5:3e:f1:b9:e3:
                    fe:ac:0f:b9:ac:44:b6:c6:71:ef:7f:10:fa:29:aa:
                    f2:50:f6:f5:80:57:dc:85:a0:f5:ca:f4:fc:03:f3:
                    1e:66:80:7b:f3:54:1d:ee:16:4e:04:93:c8:22:10:
                    26:50:52:76:21:8f:3f:cc:ef:cc:fa:ea:22:f6:8f:
                    25:82:c6:0e:3c:b2:5b:ac:3a:83:6c:d9:16:3f:68:
                    38:8c:33:3b:24:03:91:4a:d9:fc:95:51:f7:b8:50:
                    99:17:c8:0b:33:d2:49:a3:f6:e6:b7:c6:0a:b5:bb:
                    2e:ef:77:21:ee:3b:52:da:22:8b:be:9e:a4:2d:5c:
                    7f:68:e4:8e:33:5f:c5:32:04:ae:14:e6:98:cd:f3:
                    d7:17:ed:96:ac:79:a4:e9:fd:4e:cb:2f:81:1c:1f:
                    fa:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:BC:96:1C:FC:9B:22:49:53:A5:14:7B:ED:BD:BF:8C:A4:60:67:10
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/HbyWHPybIklTpRR77b2_jKRgZxA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.248.224.0/24
                  188.130.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:c0:a4:32:d2:d4:84:4e:28:9a:29:0c:da:59:3d:b3:77:d8:
         0d:f2:db:4c:35:3b:54:76:d3:51:f6:d6:99:c0:a5:6d:a0:9a:
         6c:9a:c1:cb:0f:51:cf:a1:93:7e:34:31:49:a6:53:e7:9c:69:
         d8:08:6e:d1:92:e0:c3:34:7f:7f:40:9c:82:79:b2:6c:ce:d2:
         02:fe:0d:cc:b8:27:14:36:75:2b:0d:99:7f:f5:e5:0b:82:c0:
         39:ca:d8:03:95:34:aa:0f:a1:22:63:34:31:f5:7f:ce:83:73:
         a7:7a:4e:3d:98:8e:bb:40:8b:b5:69:cb:e8:49:c1:a7:94:fa:
         16:be:5c:05:5d:43:b8:29:7d:6d:a0:1f:1b:a8:e3:14:09:b0:
         c7:4d:b2:14:79:da:53:4b:9c:18:e2:24:d1:74:ce:f0:be:64:
         b8:ca:a8:f1:c0:53:42:cd:15:89:e6:8c:01:35:af:dd:80:0e:
         eb:ab:bb:9b:82:ef:15:fc:22:0e:db:00:df:20:ea:8f:0c:a9:
         e0:98:39:9e:27:da:0e:c7:40:c4:ec:be:68:74:ae:98:dd:d4:
         79:9a:16:ca:72:31:34:c3:cb:b3:47:49:f0:43:a8:41:ed:82:
         7b:8b:2c:f5:9d:4f:ee:02:8c:f3:51:0c:1c:ff:3c:61:9a:7a:
         20:76:77:e5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZl2e2qVTGmMEPwOoI7PAJA3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjUwOTIzMTIxMDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGJjOTYxY2ZjOWIyMjQ5NTNhNTE0N2JlZGJkYmY4Y2E0NjA2NzEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvzkqyzbHAaZ2JvS7PokhjJgiTPTK
uTHisdavuy+cNSJtGqA30rr8mSoG71j1iIY9LUsHCcuAuOEs+lZAuW9731zTAQ0k
QA9xWzyfQWXYq2FkyroRH5ZzMrO5/qF/1aFhs+mhpT7xueP+rA+5rES2xnHvfxD6
KaryUPb1gFfchaD1yvT8A/MeZoB781Qd7hZOBJPIIhAmUFJ2IY8/zO/M+uoi9o8l
gsYOPLJbrDqDbNkWP2g4jDM7JAORStn8lVH3uFCZF8gLM9JJo/bmt8YKtbsu73ch
7jtS2iKLvp6kLVx/aOSOM1/FMgSuFOaYzfPXF+2WrHmk6f1Oyy+BHB/69QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB28lhz8myJJU6UUe+29v4ykYGcQMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvSGJ5V0hQeWJJa2xUcFJSNzdiMl9qS1JnWnhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbfjgAwQA
vILeMA0GCSqGSIb3DQEBCwUAA4IBAQAuwKQy0tSETiiaKQzaWT2zd9gN8ttMNTtU
dtNR9taZwKVtoJpsmsHLD1HPoZN+NDFJplPnnGnYCG7RkuDDNH9/QJyCebJsztIC
/g3MuCcUNnUrDZl/9eULgsA5ytgDlTSqD6EiYzQx9X/Og3Onek49mI67QIu1acvo
ScGnlPoWvlwFXUO4KX1toB8bqOMUCbDHTbIUedpTS5wY4iTRdM7wvmS4yqjxwFNC
zRWJ5owBNa/dgA7rq7ubgu8V/CIO2wDfIOqPDKngmDmeJ9oOx0DE7L5odK6Y3dR5
mhbKcjE0w8uzR0nwQ6hB7YJ7iyz1nU/uAozzUQwc/zxhmnogdnfl
-----END CERTIFICATE-----