Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/hryCAnXILF_v7a6M_L6UbzP1x0E.roa
File:                     hryCAnXILF_v7a6M_L6UbzP1x0E.roa (raw, json)
Hash identifier:          KffgzjGeNv+fdBscER8L1iiMJC1SCTAbWKtpEJoIDmc=
Subject key identifier:   86:BC:82:02:75:C8:2C:5F:EF:ED:AE:8C:FC:BE:94:6F:33:F5:C7:41
Certificate issuer:       /CN=5c64f9d04efd5a9fc2e23b42d5b51aefd9a50250
Certificate serial:       0199B725A12E85DC80F1B254DE6DC7349C74
Authority key identifier: 5C:64:F9:D0:4E:FD:5A:9F:C2:E2:3B:42:D5:B5:1A:EF:D9:A5:02:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XGT50E79Wp_C4jtC1bUa79mlAlA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/hryCAnXILF_v7a6M_L6UbzP1x0E.roa
Signing time:             Mon 06 Oct 2025 01:32:00 +0000
ROA not before:           Mon 06 Oct 2025 01:32:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211692
IP address blocks:        176.124.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/XGT50E79Wp_C4jtC1bUa79mlAlA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/XGT50E79Wp_C4jtC1bUa79mlAlA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XGT50E79Wp_C4jtC1bUa79mlAlA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b7:25:a1:2e:85:dc:80:f1:b2:54:de:6d:c7:34:9c:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c64f9d04efd5a9fc2e23b42d5b51aefd9a50250
        Validity
            Not Before: Oct  6 01:32:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86bc820275c82c5fefedae8cfcbe946f33f5c741
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:e9:15:0a:a7:cd:b7:e4:75:f0:ab:45:89:0f:
                    39:4f:aa:8b:60:5c:13:72:b3:67:d7:ad:bc:0d:5e:
                    40:b9:02:8d:3c:5a:5b:19:05:51:d8:8e:c1:01:e6:
                    59:a3:08:fa:8c:a0:d2:7a:92:2f:f3:88:c0:5e:70:
                    02:c7:11:ba:e0:f0:34:22:04:73:b8:0a:5b:dd:b5:
                    e4:cd:8c:90:af:a8:89:f9:d2:c5:18:73:a9:55:44:
                    10:9b:b7:da:94:61:0d:01:e8:96:e1:18:ea:95:3a:
                    3f:a0:90:7b:f7:86:f6:bd:bb:a4:d4:21:c0:dd:e9:
                    98:29:8a:5c:73:5a:4a:34:fc:1b:6e:8b:e2:14:36:
                    cd:29:c1:ea:b3:47:f7:e5:13:dc:a5:3b:ac:16:13:
                    c4:4f:23:35:5e:ce:70:69:dd:75:56:9b:80:d0:45:
                    ca:e6:77:fa:33:72:8c:7a:86:1b:8f:f6:f5:d4:a6:
                    5f:ad:a9:6e:13:0e:ad:cb:ff:96:0a:93:10:17:9a:
                    8d:27:d2:ac:f8:af:1b:68:66:2b:7c:dd:9f:2f:4e:
                    dd:a3:bc:bb:26:e2:de:80:cc:70:a2:26:a4:16:66:
                    24:13:c9:bb:06:26:f5:d5:0b:95:2b:25:be:02:56:
                    5d:21:30:13:63:8c:fe:81:ce:c8:f3:4b:d2:32:47:
                    3c:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:BC:82:02:75:C8:2C:5F:EF:ED:AE:8C:FC:BE:94:6F:33:F5:C7:41
            X509v3 Authority Key Identifier:
                keyid:5C:64:F9:D0:4E:FD:5A:9F:C2:E2:3B:42:D5:B5:1A:EF:D9:A5:02:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XGT50E79Wp_C4jtC1bUa79mlAlA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/hryCAnXILF_v7a6M_L6UbzP1x0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/XGT50E79Wp_C4jtC1bUa79mlAlA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.124.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:e2:8e:fd:81:af:17:98:0f:65:2d:15:7a:b1:43:aa:39:62:
         82:8f:4a:a0:f0:cf:72:f1:63:33:ad:e3:26:43:b8:18:be:80:
         93:c6:e0:3f:3f:03:18:1d:35:cb:59:44:d9:51:c0:2e:a1:b4:
         62:86:14:86:4a:28:f4:06:24:07:36:01:cc:95:64:80:8b:b5:
         88:7a:48:a7:52:18:39:54:ea:55:99:d0:f5:53:e0:e7:5e:63:
         b7:32:f6:b9:c0:d0:ec:29:78:79:d7:a4:77:1b:7e:0b:20:92:
         17:83:cd:e6:59:70:c3:f5:c2:87:ff:50:02:5f:f5:db:ec:7b:
         48:5e:1f:f4:21:9f:db:40:61:1d:6e:c7:4f:1d:4d:aa:a3:42:
         7a:c1:05:73:33:20:7f:99:9d:31:f7:b7:26:57:90:4f:c4:4d:
         6e:4b:3f:bd:38:53:2b:00:da:07:49:ab:9b:f2:57:a0:c7:52:
         00:70:02:62:42:63:1b:5b:b2:11:98:6f:c3:d6:4b:97:77:60:
         7e:70:a6:74:79:18:7b:f4:a5:5f:1d:33:b1:f2:db:cf:67:b7:
         44:61:7f:ab:60:6e:2b:d2:81:7b:ce:4a:01:6a:80:0b:98:78:
         7e:b8:2e:d6:e9:ef:26:7e:dc:a5:bf:a5:c3:59:f5:e5:5d:78:
         ec:ce:cf:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZm3JaEuhdyA8bJU3m3HNJx0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNjRmOWQwNGVmZDVhOWZjMmUyM2I0MmQ1YjUxYWVmZDlh
NTAyNTAwHhcNMjUxMDA2MDEzMjAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmJjODIwMjc1YzgyYzVmZWZlZGFlOGNmY2JlOTQ2ZjMzZjVjNzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsukVCqfNt+R18KtFiQ85T6qLYFwT
crNn1628DV5AuQKNPFpbGQVR2I7BAeZZowj6jKDSepIv84jAXnACxxG64PA0IgRz
uApb3bXkzYyQr6iJ+dLFGHOpVUQQm7falGENAeiW4RjqlTo/oJB794b2vbuk1CHA
3emYKYpcc1pKNPwbboviFDbNKcHqs0f35RPcpTusFhPETyM1Xs5wad11VpuA0EXK
5nf6M3KMeoYbj/b11KZfraluEw6ty/+WCpMQF5qNJ9Ks+K8baGYrfN2fL07do7y7
JuLegMxwoiakFmYkE8m7Bib11QuVKyW+AlZdITATY4z+gc7I80vSMkc8oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIa8ggJ1yCxf7+2ujPy+lG8z9cdBMB8GA1UdIwQY
MBaAFFxk+dBO/VqfwuI7QtW1Gu/ZpQJQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEdUNTBFNzlXcF9DNGp0QzFiVWE3OW1sQWxBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS8xODQ5YTYtZjkyMS00YjUwLTkxNWUt
YjY2ZmE0ZjQ3NjNhLzEvaHJ5Q0FuWElMRl92N2E2TV9MNlVielAxeDBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS8xODQ5YTYtZjkyMS00YjUwLTkxNWUtYjY2ZmE0ZjQ3NjNh
LzEvWEdUNTBFNzlXcF9DNGp0QzFiVWE3OW1sQWxBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHwTMA0G
CSqGSIb3DQEBCwUAA4IBAQCL4o79ga8XmA9lLRV6sUOqOWKCj0qg8M9y8WMzreMm
Q7gYvoCTxuA/PwMYHTXLWUTZUcAuobRihhSGSij0BiQHNgHMlWSAi7WIekinUhg5
VOpVmdD1U+DnXmO3Mva5wNDsKXh516R3G34LIJIXg83mWXDD9cKH/1ACX/Xb7HtI
Xh/0IZ/bQGEdbsdPHU2qo0J6wQVzMyB/mZ0x97cmV5BPxE1uSz+9OFMrANoHSaub
8legx1IAcAJiQmMbW7IRmG/D1kuXd2B+cKZ0eRh79KVfHTOx8tvPZ7dEYX+rYG4r
0oF7zkoBaoALmHh+uC7W6e8mftylv6XDWfXlXXjszs9Y
-----END CERTIFICATE-----