Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/9cc39c-dd7b-4892-94bf-ee46ac018600/1/HIF_dDhlW9UGjpCh7e5JQg2Sx1M.roa
File:                     HIF_dDhlW9UGjpCh7e5JQg2Sx1M.roa (raw, json)
Hash identifier:          POCLCGfYMh6nvgW/t/CwlWH1wc57PzDL2vDMBxMdZBc=
Subject key identifier:   1C:81:7F:74:38:65:5B:D5:06:8E:90:A1:ED:EE:49:42:0D:92:C7:53
Certificate issuer:       /CN=b0b6a49bcc10de340e39d203f56658bd7d648ddf
Certificate serial:       0197AB942756606AB11447E6FD6C9E3392AD
Authority key identifier: B0:B6:A4:9B:CC:10:DE:34:0E:39:D2:03:F5:66:58:BD:7D:64:8D:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sLakm8wQ3jQOOdID9WZYvX1kjd8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/9cc39c-dd7b-4892-94bf-ee46ac018600/1/HIF_dDhlW9UGjpCh7e5JQg2Sx1M.roa
Signing time:             Thu 26 Jun 2025 09:31:42 +0000
ROA not before:           Thu 26 Jun 2025 09:31:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51200
IP address blocks:        83.219.252.0/22 maxlen: 22
                          83.219.252.0/24 maxlen: 24
                          83.219.253.0/24 maxlen: 24
                          83.219.254.0/24 maxlen: 24
                          83.219.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/9cc39c-dd7b-4892-94bf-ee46ac018600/1/sLakm8wQ3jQOOdID9WZYvX1kjd8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/9cc39c-dd7b-4892-94bf-ee46ac018600/1/sLakm8wQ3jQOOdID9WZYvX1kjd8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sLakm8wQ3jQOOdID9WZYvX1kjd8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 07:42:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ab:94:27:56:60:6a:b1:14:47:e6:fd:6c:9e:33:92:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0b6a49bcc10de340e39d203f56658bd7d648ddf
        Validity
            Not Before: Jun 26 09:31:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c817f7438655bd5068e90a1edee49420d92c753
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:17:8d:c4:7e:b3:32:d6:e8:92:9b:a5:f9:10:
                    ac:67:01:29:e6:0c:e9:18:5e:79:2f:ec:f9:ee:8c:
                    98:f0:59:e5:d5:49:fe:22:1c:40:cb:07:1b:5c:8b:
                    a8:d6:05:2b:f1:b3:32:3e:1c:e7:12:11:97:58:2d:
                    73:25:a7:ef:66:8f:5e:1a:6b:67:7d:1f:ce:4b:5b:
                    84:02:54:32:b2:3f:38:57:3d:1c:e8:3d:5a:ff:af:
                    ee:0d:ca:74:90:6a:5e:0f:bd:b1:93:3f:25:1f:a3:
                    a5:fd:8a:b7:e4:6d:f0:fb:eb:a3:86:8b:f2:f4:9c:
                    6c:77:ae:58:2e:48:06:b9:c3:87:04:ae:83:71:fa:
                    00:3d:92:22:54:cc:a8:46:5a:86:2f:7a:e4:1f:7e:
                    16:59:39:11:86:dc:11:c5:99:2e:58:d9:f2:7d:d2:
                    56:3c:1c:9a:89:13:22:2f:cd:f6:1b:6d:48:bd:e1:
                    14:86:3e:7a:18:ad:72:6d:13:50:9e:e7:41:b1:37:
                    cd:0d:53:91:3a:36:31:15:56:ac:1e:eb:01:1b:7a:
                    61:da:f6:4f:cc:6c:f9:9d:0c:79:b3:a4:91:a0:7b:
                    81:d7:28:a8:1d:7a:50:29:db:4f:08:bd:4e:92:c2:
                    a8:f4:05:9e:59:a9:39:8c:a1:93:6c:bf:2f:d1:2b:
                    da:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:81:7F:74:38:65:5B:D5:06:8E:90:A1:ED:EE:49:42:0D:92:C7:53
            X509v3 Authority Key Identifier:
                keyid:B0:B6:A4:9B:CC:10:DE:34:0E:39:D2:03:F5:66:58:BD:7D:64:8D:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sLakm8wQ3jQOOdID9WZYvX1kjd8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/9cc39c-dd7b-4892-94bf-ee46ac018600/1/HIF_dDhlW9UGjpCh7e5JQg2Sx1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/9cc39c-dd7b-4892-94bf-ee46ac018600/1/sLakm8wQ3jQOOdID9WZYvX1kjd8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.219.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         23:f6:cf:52:a9:5e:53:49:2a:db:74:ec:9b:2e:84:e2:06:9c:
         85:ae:70:22:d8:75:b2:a8:31:ed:f9:94:df:24:d1:f0:f4:a8:
         e9:1c:07:a3:af:82:bb:d9:73:92:84:e1:a1:79:25:23:f1:65:
         78:90:5a:db:2e:1a:eb:58:33:c8:9d:f9:ed:d0:2f:17:a6:23:
         9d:ff:bd:ae:bd:b0:db:ae:73:17:c9:c9:6b:cf:5e:0e:26:c7:
         45:d6:39:2f:94:9a:e7:78:20:33:ff:23:fe:c2:1d:34:69:4c:
         3b:b0:d9:a3:b5:a4:4d:b8:e9:37:cf:9f:00:8f:26:07:18:18:
         cd:41:1e:2c:10:3d:dc:49:bf:ac:6b:d6:38:c4:ec:21:f5:cf:
         b5:7c:c1:3c:6b:f1:2b:a5:6b:65:56:56:e0:b6:ce:ce:b9:fa:
         e0:2b:52:89:8b:69:3b:f4:3e:83:02:1d:a4:64:aa:97:00:58:
         ba:4b:ff:f9:89:85:90:a6:18:5a:59:43:e9:2f:40:ea:85:37:
         4f:09:7f:e6:8e:d5:62:51:24:0d:28:6c:61:0b:79:6d:bb:9a:
         f6:cc:37:84:f3:bf:2e:70:3c:38:ec:80:0e:29:89:c5:4e:ed:
         9b:74:60:b6:03:40:82:bc:8e:9b:56:f5:a5:5c:90:9d:b4:7c:
         9d:c4:74:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZerlCdWYGqxFEfm/WyeM5KtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYjZhNDliY2MxMGRlMzQwZTM5ZDIwM2Y1NjY1OGJkN2Q2
NDhkZGYwHhcNMjUwNjI2MDkzMTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzgxN2Y3NDM4NjU1YmQ1MDY4ZTkwYTFlZGVlNDk0MjBkOTJjNzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5BeNxH6zMtbokpul+RCsZwEp5gzp
GF55L+z57oyY8Fnl1Un+IhxAywcbXIuo1gUr8bMyPhznEhGXWC1zJafvZo9eGmtn
fR/OS1uEAlQysj84Vz0c6D1a/6/uDcp0kGpeD72xkz8lH6Ol/Yq35G3w++ujhovy
9Jxsd65YLkgGucOHBK6DcfoAPZIiVMyoRlqGL3rkH34WWTkRhtwRxZkuWNnyfdJW
PByaiRMiL832G21IveEUhj56GK1ybRNQnudBsTfNDVOROjYxFVasHusBG3ph2vZP
zGz5nQx5s6SRoHuB1yioHXpQKdtPCL1OksKo9AWeWak5jKGTbL8v0SvabQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFByBf3Q4ZVvVBo6Qoe3uSUINksdTMB8GA1UdIwQY
MBaAFLC2pJvMEN40DjnSA/VmWL19ZI3fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0xha204d1EzalFPT2RJRDlXWll2WDFramQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi85Y2MzOWMtZGQ3Yi00ODkyLTk0YmYt
ZWU0NmFjMDE4NjAwLzEvSElGX2REaGxXOVVHanBDaDdlNUpRZzJTeDFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi85Y2MzOWMtZGQ3Yi00ODkyLTk0YmYtZWU0NmFjMDE4NjAw
LzEvc0xha204d1EzalFPT2RJRDlXWll2WDFramQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU9v8MA0G
CSqGSIb3DQEBCwUAA4IBAQAj9s9SqV5TSSrbdOybLoTiBpyFrnAi2HWyqDHt+ZTf
JNHw9KjpHAejr4K72XOShOGheSUj8WV4kFrbLhrrWDPInfnt0C8XpiOd/72uvbDb
rnMXyclrz14OJsdF1jkvlJrneCAz/yP+wh00aUw7sNmjtaRNuOk3z58AjyYHGBjN
QR4sED3cSb+sa9Y4xOwh9c+1fME8a/ErpWtlVlbgts7OufrgK1KJi2k79D6DAh2k
ZKqXAFi6S//5iYWQphhaWUPpL0DqhTdPCX/mjtViUSQNKGxhC3ltu5r2zDeE878u
cDw47IAOKYnFTu2bdGC2A0CCvI6bVvWlXJCdtHydxHSk
-----END CERTIFICATE-----