Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/e862de-c46c-4f21-b38e-eb5bc7d97aa0/1/hmzomv1-759nj0qSVJG0M2x1-8Q.roa
File:                     hmzomv1-759nj0qSVJG0M2x1-8Q.roa (raw, json)
Hash identifier:          MK4TAOVTO08aktfn+4XR5IYWs4vIY8zv+w46XozbGLk=
Subject key identifier:   86:6C:E8:9A:FD:7E:EF:9F:67:8F:4A:92:54:91:B4:33:6C:75:FB:C4
Certificate issuer:       /CN=ea46963cc479dadbe3c52234ab9fabaa8122d25b
Certificate serial:       01978194BD558452DADDF25C448A591D5FC8
Authority key identifier: EA:46:96:3C:C4:79:DA:DB:E3:C5:22:34:AB:9F:AB:AA:81:22:D2:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6kaWPMR52tvjxSI0q5-rqoEi0ls.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/e862de-c46c-4f21-b38e-eb5bc7d97aa0/1/hmzomv1-759nj0qSVJG0M2x1-8Q.roa
Signing time:             Wed 18 Jun 2025 05:48:18 +0000
ROA not before:           Wed 18 Jun 2025 05:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203080
IP address blocks:        193.200.106.0/23 maxlen: 23
                          193.200.106.0/24 maxlen: 24
                          193.200.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/e862de-c46c-4f21-b38e-eb5bc7d97aa0/1/6kaWPMR52tvjxSI0q5-rqoEi0ls.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/e862de-c46c-4f21-b38e-eb5bc7d97aa0/1/6kaWPMR52tvjxSI0q5-rqoEi0ls.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6kaWPMR52tvjxSI0q5-rqoEi0ls.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 15:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:81:94:bd:55:84:52:da:dd:f2:5c:44:8a:59:1d:5f:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea46963cc479dadbe3c52234ab9fabaa8122d25b
        Validity
            Not Before: Jun 18 05:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=866ce89afd7eef9f678f4a925491b4336c75fbc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:1f:0b:5c:7e:18:ac:11:33:27:df:f7:0d:3c:
                    a8:8d:c2:58:a5:05:00:0b:b4:36:f3:b9:f8:57:b9:
                    82:7b:83:2f:03:21:dc:cf:22:ed:f8:bf:7e:4a:b0:
                    2d:d3:07:85:dd:08:63:7b:ac:b0:e1:dc:ef:45:4e:
                    9c:05:d5:ac:be:2f:74:50:3e:bc:30:2b:64:2e:fe:
                    e7:6e:93:cc:9d:22:81:2e:d2:70:e8:11:92:00:ea:
                    f4:40:f3:6a:7b:42:92:db:d5:8a:0f:3e:17:8c:aa:
                    96:b3:b3:3d:6e:7b:53:00:50:d3:47:3b:38:8d:84:
                    91:ee:22:e2:ac:40:c6:d9:33:af:97:29:04:a7:80:
                    b0:48:29:eb:dd:71:f9:a5:1b:de:c7:80:b5:47:9a:
                    85:7c:1a:1d:df:3f:b1:dc:b1:db:f9:b9:90:f8:bd:
                    27:5f:72:3a:3c:b0:ef:25:8d:d4:e5:7e:2d:6d:4d:
                    34:c8:39:52:f6:82:29:3e:3b:6b:b0:7e:12:44:1f:
                    f8:7f:8c:c8:a4:95:12:55:1f:01:35:d9:c8:99:ca:
                    42:ec:8a:e8:14:29:07:31:74:70:a5:b3:74:1b:72:
                    0e:f7:b8:48:cc:9a:74:cd:2d:ba:c1:67:ee:08:c1:
                    0e:74:1e:e6:ee:12:7b:6d:06:d5:42:38:c2:95:5c:
                    db:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:6C:E8:9A:FD:7E:EF:9F:67:8F:4A:92:54:91:B4:33:6C:75:FB:C4
            X509v3 Authority Key Identifier:
                keyid:EA:46:96:3C:C4:79:DA:DB:E3:C5:22:34:AB:9F:AB:AA:81:22:D2:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6kaWPMR52tvjxSI0q5-rqoEi0ls.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/e862de-c46c-4f21-b38e-eb5bc7d97aa0/1/hmzomv1-759nj0qSVJG0M2x1-8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/e862de-c46c-4f21-b38e-eb5bc7d97aa0/1/6kaWPMR52tvjxSI0q5-rqoEi0ls.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.106.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a7:dc:da:0f:45:d9:42:05:bd:7e:ed:3f:5d:f3:ce:bc:88:c8:
         0d:e9:5b:dc:12:18:81:13:1a:05:9b:f2:3c:5d:00:0a:62:14:
         59:e9:e5:0e:9f:0f:bd:1f:54:0d:ae:f7:b1:66:4c:8f:09:bb:
         12:0a:a9:31:6f:aa:72:35:66:50:b1:fc:09:80:cc:25:68:c1:
         e8:47:8a:f4:6f:f1:50:91:a1:eb:4b:a5:8b:47:c7:03:e7:5f:
         50:9f:55:4f:6f:95:ea:ce:6c:e8:47:c5:7e:93:10:c3:5b:40:
         32:3d:f7:83:f7:eb:b1:4d:0c:8a:c5:46:64:f5:aa:65:4d:c0:
         70:21:a0:92:5f:8d:75:8e:3e:25:10:97:86:ba:42:15:ed:10:
         71:ca:59:19:ea:7e:2e:19:6d:57:78:c7:21:1b:82:f4:60:6b:
         ea:e3:52:43:aa:30:73:b3:dc:94:9b:a5:e1:c7:dc:45:ad:bc:
         cd:46:d1:bc:68:fc:58:18:2f:bf:e2:62:3b:06:68:26:9d:1e:
         f1:32:6c:19:b4:7f:00:af:47:e6:7e:d6:c9:da:c3:1c:78:2e:
         5f:d7:57:af:09:59:ce:95:ce:60:33:51:a1:1f:79:d0:fb:d9:
         8b:30:66:d0:38:ae:c9:07:c0:bd:ce:f9:10:5c:0e:d0:a2:1d:
         8c:fb:31:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeBlL1VhFLa3fJcRIpZHV/IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhNDY5NjNjYzQ3OWRhZGJlM2M1MjIzNGFiOWZhYmFhODEy
MmQyNWIwHhcNMjUwNjE4MDU0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjZjZTg5YWZkN2VlZjlmNjc4ZjRhOTI1NDkxYjQzMzZjNzVmYmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsB8LXH4YrBEzJ9/3DTyojcJYpQUA
C7Q287n4V7mCe4MvAyHczyLt+L9+SrAt0weF3Qhje6yw4dzvRU6cBdWsvi90UD68
MCtkLv7nbpPMnSKBLtJw6BGSAOr0QPNqe0KS29WKDz4XjKqWs7M9bntTAFDTRzs4
jYSR7iLirEDG2TOvlykEp4CwSCnr3XH5pRvex4C1R5qFfBod3z+x3LHb+bmQ+L0n
X3I6PLDvJY3U5X4tbU00yDlS9oIpPjtrsH4SRB/4f4zIpJUSVR8BNdnImcpC7Iro
FCkHMXRwpbN0G3IO97hIzJp0zS26wWfuCMEOdB7m7hJ7bQbVQjjClVzbdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZs6Jr9fu+fZ49KklSRtDNsdfvEMB8GA1UdIwQY
MBaAFOpGljzEedrb48UiNKufq6qBItJbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmthV1BNUjUydHZqeFNJMHE1LXJxb0VpMGxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi9lODYyZGUtYzQ2Yy00ZjIxLWIzOGUt
ZWI1YmM3ZDk3YWEwLzEvaG16b212MS03NTluajBxU1ZKRzBNMngxLThRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi9lODYyZGUtYzQ2Yy00ZjIxLWIzOGUtZWI1YmM3ZDk3YWEw
LzEvNmthV1BNUjUydHZqeFNJMHE1LXJxb0VpMGxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwchqMA0G
CSqGSIb3DQEBCwUAA4IBAQCn3NoPRdlCBb1+7T9d8868iMgN6VvcEhiBExoFm/I8
XQAKYhRZ6eUOnw+9H1QNrvexZkyPCbsSCqkxb6pyNWZQsfwJgMwlaMHoR4r0b/FQ
kaHrS6WLR8cD519Qn1VPb5XqzmzoR8V+kxDDW0AyPfeD9+uxTQyKxUZk9aplTcBw
IaCSX411jj4lEJeGukIV7RBxylkZ6n4uGW1XeMchG4L0YGvq41JDqjBzs9yUm6Xh
x9xFrbzNRtG8aPxYGC+/4mI7BmgmnR7xMmwZtH8Ar0fmftbJ2sMceC5f11evCVnO
lc5gM1GhH3nQ+9mLMGbQOK7JB8C9zvkQXA7Qoh2M+zEU
-----END CERTIFICATE-----