Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/HAk_Ah-FGysvhPY5EiGkgb1MLC4.roa
File:                     HAk_Ah-FGysvhPY5EiGkgb1MLC4.roa (raw, json)
Hash identifier:          mrhzMTUS1Zyfoubwx1OV2BXg6/NBrlNBaM63ckQz8Kw=
Subject key identifier:   1C:09:3F:02:1F:85:1B:2B:2F:84:F6:39:12:21:A4:81:BD:4C:2C:2E
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       01996743D85C8D4959BBAC6C65FACDE21DBD
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/HAk_Ah-FGysvhPY5EiGkgb1MLC4.roa
Signing time:             Sat 20 Sep 2025 13:15:23 +0000
ROA not before:           Sat 20 Sep 2025 13:15:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5650
IP address blocks:        212.134.94.0/24 maxlen: 24
                          212.135.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:67:43:d8:5c:8d:49:59:bb:ac:6c:65:fa:cd:e2:1d:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Sep 20 13:15:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c093f021f851b2b2f84f6391221a481bd4c2c2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:71:d6:9f:35:91:3b:18:5c:68:22:7e:ae:99:
                    04:a5:79:35:62:72:77:1c:b6:75:91:4e:ae:48:10:
                    9c:13:11:22:0e:7b:b2:59:50:2c:9a:54:27:69:38:
                    bf:9a:29:2a:ca:8d:c1:5f:8e:f8:6b:a6:1e:05:20:
                    fb:e1:27:28:e5:4f:26:0f:a9:85:f1:e4:49:81:82:
                    a7:56:88:ac:15:bf:4b:85:ea:18:f4:fa:f0:02:83:
                    1f:a3:67:bd:a2:e7:be:b4:c2:3a:cc:df:97:71:35:
                    ce:5b:a3:5e:78:df:54:b6:1e:07:3b:46:eb:9e:01:
                    a1:7e:0a:0f:fc:3e:cf:b4:4a:06:d0:d6:fb:fb:12:
                    71:c8:6a:5f:44:5f:be:86:25:18:c2:06:31:19:46:
                    72:29:62:0c:50:0c:06:ad:8d:65:31:84:b5:6b:a9:
                    12:3b:dc:e8:80:9a:67:cb:2c:3b:59:c2:86:7a:56:
                    24:4e:ab:b0:41:65:36:c4:99:10:07:9d:9b:88:c2:
                    e4:26:ba:a3:53:fa:9d:6b:fe:ce:f3:1a:d6:d8:fe:
                    1e:8d:72:32:09:20:93:96:07:22:fc:e0:34:b4:8a:
                    0e:54:df:f1:04:45:20:b3:cc:b7:41:be:9f:df:6e:
                    b9:16:be:6f:98:55:86:a4:f8:3e:12:80:ef:68:63:
                    63:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:09:3F:02:1F:85:1B:2B:2F:84:F6:39:12:21:A4:81:BD:4C:2C:2E
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/HAk_Ah-FGysvhPY5EiGkgb1MLC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.94.0/24
                  212.135.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:09:7c:7a:ab:5a:d6:5d:fc:85:1c:20:80:cc:0e:c8:10:c3:
         c5:0a:52:e8:a6:4b:e5:f7:4c:17:40:03:33:66:db:b0:7e:75:
         ec:11:57:9c:77:83:fa:f4:65:13:e6:de:37:0b:f8:6e:16:05:
         d6:9d:e2:80:0c:91:78:6e:af:86:1f:e7:e4:78:fe:9f:92:64:
         31:9d:69:d9:1f:d3:e1:06:4e:c3:e3:0b:e4:15:4b:ca:4a:90:
         e5:32:8f:ea:d7:36:ad:a7:79:70:3c:57:e5:14:41:25:f5:ad:
         df:02:3d:02:57:5b:99:19:51:d2:6b:39:56:71:58:18:30:8e:
         d1:a8:ec:49:3e:6f:e1:b6:c7:78:bd:63:48:84:24:d0:1e:8f:
         c8:2d:d9:96:0f:bd:39:b6:8a:e4:19:a0:05:e2:35:04:b8:47:
         16:6d:c2:78:70:bc:d9:99:b9:25:4e:b4:e0:ac:be:03:f9:57:
         98:0c:0a:50:54:fe:cd:15:a5:78:f3:91:82:2e:77:0b:fe:43:
         87:3e:24:df:05:cc:a7:dc:4e:d8:b8:a3:d6:1e:02:56:a5:86:
         c4:ee:2c:b2:57:75:c4:11:01:0c:af:c2:c0:fb:c8:50:01:9e:
         7e:8f:26:ef:0a:3a:3e:8b:8f:1e:65:d7:52:f7:3d:12:02:6b:
         74:bc:df:37
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZlnQ9hcjUlZu6xsZfrN4h29MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjUwOTIwMTMxNTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzA5M2YwMjFmODUxYjJiMmY4NGY2MzkxMjIxYTQ4MWJkNGMyYzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnHWnzWROxhcaCJ+rpkEpXk1YnJ3
HLZ1kU6uSBCcExEiDnuyWVAsmlQnaTi/mikqyo3BX474a6YeBSD74Sco5U8mD6mF
8eRJgYKnVoisFb9LheoY9PrwAoMfo2e9oue+tMI6zN+XcTXOW6NeeN9Uth4HO0br
ngGhfgoP/D7PtEoG0Nb7+xJxyGpfRF++hiUYwgYxGUZyKWIMUAwGrY1lMYS1a6kS
O9zogJpnyyw7WcKGelYkTquwQWU2xJkQB52biMLkJrqjU/qda/7O8xrW2P4ejXIy
CSCTlgci/OA0tIoOVN/xBEUgs8y3Qb6f3265Fr5vmFWGpPg+EoDvaGNjSwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBwJPwIfhRsrL4T2ORIhpIG9TCwuMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvSEFrX0FoLUZHeXN2aFBZNUVpR2tnYjFNTEM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1IZeAwQA
1IevMA0GCSqGSIb3DQEBCwUAA4IBAQCrCXx6q1rWXfyFHCCAzA7IEMPFClLopkvl
90wXQAMzZtuwfnXsEVecd4P69GUT5t43C/huFgXWneKADJF4bq+GH+fkeP6fkmQx
nWnZH9PhBk7D4wvkFUvKSpDlMo/q1zatp3lwPFflFEEl9a3fAj0CV1uZGVHSazlW
cVgYMI7RqOxJPm/htsd4vWNIhCTQHo/ILdmWD705torkGaAF4jUEuEcWbcJ4cLzZ
mbklTrTgrL4D+VeYDApQVP7NFaV485GCLncL/kOHPiTfBcyn3E7YuKPWHgJWpYbE
7iyyV3XEEQEMr8LA+8hQAZ5+jybvCjo+i48eZddS9z0SAmt0vN83
-----END CERTIFICATE-----