Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/HqO0vz0vybK8ZzilAz921e-v7A0.roa
File:                     HqO0vz0vybK8ZzilAz921e-v7A0.roa (raw, json)
Hash identifier:          t7CB3e4oXlF7KBCFDGONQN1uxM+rIuKUsaP+mY2P0TQ=
Subject key identifier:   1E:A3:B4:BF:3D:2F:C9:B2:BC:67:38:A5:03:3F:76:D5:EF:AF:EC:0D
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       0199BDEF525D60FEC0AA38B59DB5EBF768DC
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/HqO0vz0vybK8ZzilAz921e-v7A0.roa
Signing time:             Tue 07 Oct 2025 09:10:01 +0000
ROA not before:           Tue 07 Oct 2025 09:10:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25198
IP address blocks:        212.134.19.0/24 maxlen: 24
                          212.135.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:bd:ef:52:5d:60:fe:c0:aa:38:b5:9d:b5:eb:f7:68:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Oct  7 09:10:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1ea3b4bf3d2fc9b2bc6738a5033f76d5efafec0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:c0:a5:67:dc:33:00:a9:d6:f0:7c:8c:0d:73:
                    95:43:93:e5:42:e4:f1:f1:f3:25:fe:f5:db:d7:d9:
                    a2:b0:7a:90:6c:99:e0:ff:83:d9:d6:9c:a7:e1:31:
                    23:70:15:54:59:45:ef:56:a6:0a:25:6c:08:ee:85:
                    bb:a1:39:2d:01:da:5d:dc:dd:ab:1d:cc:83:6c:ed:
                    9f:3b:17:a6:c2:16:8d:83:a4:93:03:a0:05:f7:dc:
                    0f:9a:78:ce:00:1c:01:c9:d8:06:0e:b8:70:ff:f3:
                    cf:8c:ee:c1:ce:22:62:95:1f:39:c0:37:db:6d:80:
                    9f:71:33:9b:ef:29:0e:57:d7:d2:a6:a2:5e:16:7e:
                    1b:7c:dd:fb:fe:ea:7b:d1:05:55:02:c3:85:cc:8d:
                    86:05:0f:81:82:8b:a5:e5:13:2d:0c:b0:d5:ca:d6:
                    65:3d:d3:81:d3:00:6c:12:b3:56:43:ad:5e:80:37:
                    25:70:d1:83:58:77:43:c3:4d:c9:44:46:76:b4:77:
                    02:0c:37:c5:15:b4:46:38:5a:a4:ed:a5:b4:19:d8:
                    e3:b2:12:9f:b2:47:bd:5b:a4:9f:c3:3f:21:5a:4d:
                    d0:2a:79:6c:79:cd:19:be:d4:ae:a0:fa:1d:07:72:
                    f7:25:28:1d:2b:5b:8c:f2:88:37:3e:cb:74:13:5d:
                    89:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:A3:B4:BF:3D:2F:C9:B2:BC:67:38:A5:03:3F:76:D5:EF:AF:EC:0D
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/HqO0vz0vybK8ZzilAz921e-v7A0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.19.0/24
                  212.135.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:a2:eb:09:00:f4:6f:19:cd:3e:32:58:39:5e:5b:38:df:40:
         cb:23:f7:a9:f3:24:60:b7:d7:30:ff:76:9c:68:af:a0:a9:95:
         62:25:3f:4e:af:d9:34:76:10:54:0e:c0:cd:fc:db:80:77:0e:
         1e:00:92:79:5c:a1:d5:ac:cb:fa:cf:1a:2a:3b:a7:a4:bc:1b:
         d7:ab:2d:92:2a:e9:95:d4:81:27:05:49:86:50:94:df:ce:f2:
         c6:35:36:ad:a3:57:a5:48:aa:91:78:f6:0a:d1:aa:99:8b:cf:
         c1:ab:98:1d:f8:41:c6:5b:18:05:41:b0:cc:f4:fc:c5:8d:f2:
         82:cb:4a:a2:15:ed:8b:7f:0e:3e:7f:ed:97:92:09:64:56:21:
         27:93:cf:0c:4f:7d:39:19:6f:61:a2:0a:ef:49:6c:ee:e1:21:
         3c:b7:3f:8d:e4:ad:ff:52:3f:cd:9d:71:b2:49:25:a9:ba:4b:
         40:63:0a:40:de:a5:68:31:6b:48:5d:78:c9:31:95:ac:88:93:
         ac:dc:cc:3c:b5:35:50:61:a7:73:75:09:bf:2c:0a:59:d9:8c:
         b7:d8:ac:25:f5:66:3d:73:62:46:21:9d:6c:3a:de:57:f2:59:
         c2:b4:25:75:e8:1e:2f:ef:c3:9c:71:ec:23:fe:cd:c3:a3:97:
         c5:ea:5c:79
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZm971JdYP7Aqji1nbXr92jcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjUxMDA3MDkxMDAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWEzYjRiZjNkMmZjOWIyYmM2NzM4YTUwMzNmNzZkNWVmYWZlYzBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjMClZ9wzAKnW8HyMDXOVQ5PlQuTx
8fMl/vXb19misHqQbJng/4PZ1pyn4TEjcBVUWUXvVqYKJWwI7oW7oTktAdpd3N2r
HcyDbO2fOxemwhaNg6STA6AF99wPmnjOABwBydgGDrhw//PPjO7BziJilR85wDfb
bYCfcTOb7ykOV9fSpqJeFn4bfN37/up70QVVAsOFzI2GBQ+Bgoul5RMtDLDVytZl
PdOB0wBsErNWQ61egDclcNGDWHdDw03JREZ2tHcCDDfFFbRGOFqk7aW0GdjjshKf
ske9W6Sfwz8hWk3QKnlsec0ZvtSuoPodB3L3JSgdK1uM8og3Pst0E12JPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB6jtL89L8myvGc4pQM/dtXvr+wNMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvSHFPMHZ6MHZ5Yks4WnppbEF6OTIxZS12N0EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1IYTAwQA
1IekMA0GCSqGSIb3DQEBCwUAA4IBAQBgousJAPRvGc0+Mlg5Xls430DLI/ep8yRg
t9cw/3acaK+gqZViJT9Or9k0dhBUDsDN/NuAdw4eAJJ5XKHVrMv6zxoqO6ekvBvX
qy2SKumV1IEnBUmGUJTfzvLGNTato1elSKqRePYK0aqZi8/Bq5gd+EHGWxgFQbDM
9PzFjfKCy0qiFe2Lfw4+f+2XkglkViEnk88MT305GW9hogrvSWzu4SE8tz+N5K3/
Uj/NnXGySSWpuktAYwpA3qVoMWtIXXjJMZWsiJOs3Mw8tTVQYadzdQm/LApZ2Yy3
2Kwl9WY9c2JGIZ1sOt5X8lnCtCV16B4v78Occewj/s3Do5fF6lx5
-----END CERTIFICATE-----