Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/HVMp3VvTMqSiiMvK8ekyUscXHKE.roa
File:                     HVMp3VvTMqSiiMvK8ekyUscXHKE.roa (raw, json)
Hash identifier:          5bZY9H0pxJFOXf0QcKTcd4xctzA8L1dqR59jUwC+mbk=
Subject key identifier:   1D:53:29:DD:5B:D3:32:A4:A2:88:CB:CA:F1:E9:32:52:C7:17:1C:A1
Certificate issuer:       /CN=47aa878f76b50947cbd7deca04ac832e287b514d
Certificate serial:       0199E83FCBF44C650A20D322B06499190A5A
Authority key identifier: 47:AA:87:8F:76:B5:09:47:CB:D7:DE:CA:04:AC:83:2E:28:7B:51:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R6qHj3a1CUfL197KBKyDLih7UU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/HVMp3VvTMqSiiMvK8ekyUscXHKE.roa
Signing time:             Wed 15 Oct 2025 14:21:58 +0000
ROA not before:           Wed 15 Oct 2025 14:21:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        194.61.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/R6qHj3a1CUfL197KBKyDLih7UU0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/R6qHj3a1CUfL197KBKyDLih7UU0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R6qHj3a1CUfL197KBKyDLih7UU0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 17:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e8:3f:cb:f4:4c:65:0a:20:d3:22:b0:64:99:19:0a:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47aa878f76b50947cbd7deca04ac832e287b514d
        Validity
            Not Before: Oct 15 14:21:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d5329dd5bd332a4a288cbcaf1e93252c7171ca1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:81:77:9a:e7:0a:7a:0c:1c:07:ba:ef:94:62:
                    40:1f:ba:ad:e4:96:af:2f:5f:12:d8:d8:cf:96:a7:
                    18:d5:6a:99:74:a7:d8:11:3e:28:c1:93:13:de:58:
                    21:43:ea:c6:fb:d0:7e:a2:40:3e:04:38:14:3d:0b:
                    53:cc:9e:b3:e6:9b:80:7b:49:8f:c8:e6:ac:c8:91:
                    3e:9d:5a:0d:eb:f3:ba:04:a3:bf:ea:3e:69:0d:82:
                    cf:ab:ad:4e:4a:d9:dd:99:6a:8a:ba:7f:f5:eb:50:
                    e3:18:27:d3:97:71:4f:b6:e5:ff:f9:fe:61:81:14:
                    e1:05:24:54:d6:4c:c7:bc:5c:5b:10:67:30:74:a1:
                    64:4a:86:dc:05:aa:a5:f7:dc:44:d0:fc:f4:99:40:
                    4b:c6:ba:c6:6e:65:7d:f1:0c:12:cd:1a:77:ad:45:
                    94:19:c5:16:a4:1f:44:e7:4c:9d:c7:97:bd:27:c0:
                    1e:20:c3:fa:f7:84:29:63:7f:22:42:fa:92:a3:ba:
                    ae:5e:94:3e:cc:c5:1d:53:d0:1b:97:55:9d:a8:bd:
                    74:9a:82:11:1e:05:ba:dd:36:3e:54:03:23:73:53:
                    f5:72:1a:74:4b:ee:73:ea:b4:ce:17:3d:f2:25:52:
                    ef:99:18:cf:24:cb:4b:1c:95:59:c9:df:fc:a4:61:
                    ac:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:53:29:DD:5B:D3:32:A4:A2:88:CB:CA:F1:E9:32:52:C7:17:1C:A1
            X509v3 Authority Key Identifier:
                keyid:47:AA:87:8F:76:B5:09:47:CB:D7:DE:CA:04:AC:83:2E:28:7B:51:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R6qHj3a1CUfL197KBKyDLih7UU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/HVMp3VvTMqSiiMvK8ekyUscXHKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/R6qHj3a1CUfL197KBKyDLih7UU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.61.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:a8:68:ba:4d:50:e3:5e:94:aa:d6:e3:79:85:75:57:c3:90:
         c5:6e:05:19:5f:3c:a2:db:37:b2:5b:fd:8f:04:08:cc:c0:87:
         09:c3:99:c0:e8:de:ae:34:67:02:52:99:0f:e7:99:3f:11:91:
         ca:d2:73:ed:a6:fd:2a:22:c8:e8:a3:25:7b:1c:b8:ae:2a:41:
         7d:d3:8e:37:c1:10:68:81:cd:03:45:7c:16:22:1e:f9:4b:c6:
         b9:fe:53:f8:15:31:21:3b:bb:d2:11:df:04:ef:c3:24:18:2c:
         ba:b4:36:af:20:ca:44:ff:b9:e4:ef:5f:1f:3e:84:e2:3a:01:
         d8:f2:11:7e:10:be:a4:a2:c5:28:0b:39:6f:5f:73:e7:a7:87:
         2f:c7:bc:08:5d:e5:7b:a2:d9:b6:c1:9c:cd:fa:3e:da:4e:00:
         b1:33:60:cf:3c:30:32:a4:a5:f0:36:73:c7:72:0f:00:3b:ad:
         88:9d:da:1d:a5:73:e3:41:e7:9b:f3:68:da:e8:53:3c:a7:a8:
         1b:4a:c5:87:ae:c6:51:22:f4:06:80:79:2e:99:84:b8:cb:71:
         9c:ad:3d:51:d8:fc:a9:7e:b1:fe:4b:ec:b6:3b:dd:17:ee:7c:
         23:a7:04:1f:48:e7:90:6c:46:09:14:b7:6b:df:a2:88:02:63:
         3d:16:60:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnoP8v0TGUKINMisGSZGQpaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3YWE4NzhmNzZiNTA5NDdjYmQ3ZGVjYTA0YWM4MzJlMjg3
YjUxNGQwHhcNMjUxMDE1MTQyMTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDUzMjlkZDViZDMzMmE0YTI4OGNiY2FmMWU5MzI1MmM3MTcxY2ExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYF3mucKegwcB7rvlGJAH7qt5Jav
L18S2NjPlqcY1WqZdKfYET4owZMT3lghQ+rG+9B+okA+BDgUPQtTzJ6z5puAe0mP
yOasyJE+nVoN6/O6BKO/6j5pDYLPq61OStndmWqKun/161DjGCfTl3FPtuX/+f5h
gRThBSRU1kzHvFxbEGcwdKFkSobcBaql99xE0Pz0mUBLxrrGbmV98QwSzRp3rUWU
GcUWpB9E50ydx5e9J8AeIMP694QpY38iQvqSo7quXpQ+zMUdU9Abl1WdqL10moIR
HgW63TY+VAMjc1P1chp0S+5z6rTOFz3yJVLvmRjPJMtLHJVZyd/8pGGsCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB1TKd1b0zKkoojLyvHpMlLHFxyhMB8GA1UdIwQY
MBaAFEeqh492tQlHy9feygSsgy4oe1FNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjZxSGozYTFDVWZMMTk3S0JLeURMaWg3VVUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jMWFiMjYtMjhiMC00NjM3LWI1MWIt
Mzk5MmM1NGUxODdiLzEvSFZNcDNWdlRNcVNpaU12Szhla3lVc2NYSEtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jMWFiMjYtMjhiMC00NjM3LWI1MWItMzk5MmM1NGUxODdi
LzEvUjZxSGozYTFDVWZMMTk3S0JLeURMaWg3VVUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwj1lMA0G
CSqGSIb3DQEBCwUAA4IBAQCeqGi6TVDjXpSq1uN5hXVXw5DFbgUZXzyi2zeyW/2P
BAjMwIcJw5nA6N6uNGcCUpkP55k/EZHK0nPtpv0qIsjooyV7HLiuKkF90443wRBo
gc0DRXwWIh75S8a5/lP4FTEhO7vSEd8E78MkGCy6tDavIMpE/7nk718fPoTiOgHY
8hF+EL6kosUoCzlvX3Pnp4cvx7wIXeV7otm2wZzN+j7aTgCxM2DPPDAypKXwNnPH
cg8AO62IndodpXPjQeeb82ja6FM8p6gbSsWHrsZRIvQGgHkumYS4y3GcrT1R2Pyp
frH+S+y2O90X7nwjpwQfSOeQbEYJFLdr36KIAmM9FmAV
-----END CERTIFICATE-----