Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/hFLfi7y6acWn-HH4-tzBOKfKzRY.roa
File:                     hFLfi7y6acWn-HH4-tzBOKfKzRY.roa (raw, json)
Hash identifier:          xYND5KQ7rz8GZqxEFiwwG/BrGvhFrStCdg/rXumDivA=
Subject key identifier:   84:52:DF:8B:BC:BA:69:C5:A7:F8:71:F8:FA:DC:C1:38:A7:CA:CD:16
Certificate issuer:       /CN=a389e7035b08e181a341f37eda7343d23f1cafa4
Certificate serial:       0199AA84EFA1F8F24A11D87C6801C5C0EAB5
Authority key identifier: A3:89:E7:03:5B:08:E1:81:A3:41:F3:7E:DA:73:43:D2:3F:1C:AF:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o4nnA1sI4YGjQfN-2nND0j8cr6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/hFLfi7y6acWn-HH4-tzBOKfKzRY.roa
Signing time:             Fri 03 Oct 2025 14:41:02 +0000
ROA not before:           Fri 03 Oct 2025 14:41:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        176.121.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/o4nnA1sI4YGjQfN-2nND0j8cr6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/o4nnA1sI4YGjQfN-2nND0j8cr6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o4nnA1sI4YGjQfN-2nND0j8cr6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:aa:84:ef:a1:f8:f2:4a:11:d8:7c:68:01:c5:c0:ea:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a389e7035b08e181a341f37eda7343d23f1cafa4
        Validity
            Not Before: Oct  3 14:41:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8452df8bbcba69c5a7f871f8fadcc138a7cacd16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:dd:fc:82:f1:a3:9a:57:c3:0a:a4:cc:04:e6:
                    d6:03:be:1a:56:a4:2e:53:e8:69:0c:7c:e8:e9:77:
                    de:da:b9:e1:ba:1d:7e:14:3c:5d:f3:db:2a:49:fa:
                    64:9b:2c:42:bb:52:45:90:8d:45:ca:99:ec:6e:49:
                    2a:c6:c3:c0:12:a2:09:06:ee:6e:44:60:cc:25:3f:
                    c8:c6:f1:b2:0a:65:eb:d7:7b:45:9b:3f:60:3a:bf:
                    81:a7:9d:e5:ef:24:be:31:ad:a6:09:55:a3:6b:80:
                    38:4c:2d:0d:ec:ef:30:1c:0a:50:13:87:6e:5f:08:
                    41:17:87:4b:73:48:a1:70:26:ae:16:42:52:a3:b0:
                    3b:40:cd:ef:1b:e4:1c:84:78:ad:c4:a5:cd:c0:21:
                    7b:ff:d5:fd:aa:aa:d2:46:90:e8:3a:15:6c:24:6c:
                    15:0a:57:cc:34:78:6f:e2:a6:4a:65:98:11:aa:10:
                    2b:a1:1b:00:7e:bb:eb:81:bc:c0:71:61:cd:9e:08:
                    55:85:62:a0:c4:64:29:de:2c:48:92:51:97:7c:a2:
                    57:42:92:59:de:ea:36:a4:94:7b:48:16:ff:5e:d6:
                    d4:2a:39:a4:b7:0c:ef:43:e9:3b:6b:61:76:e3:30:
                    cb:02:73:23:b4:f2:68:6e:91:6a:b3:54:de:45:2f:
                    79:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:52:DF:8B:BC:BA:69:C5:A7:F8:71:F8:FA:DC:C1:38:A7:CA:CD:16
            X509v3 Authority Key Identifier:
                keyid:A3:89:E7:03:5B:08:E1:81:A3:41:F3:7E:DA:73:43:D2:3F:1C:AF:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o4nnA1sI4YGjQfN-2nND0j8cr6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/hFLfi7y6acWn-HH4-tzBOKfKzRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/o4nnA1sI4YGjQfN-2nND0j8cr6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.121.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:dd:8b:ac:d1:48:9f:bb:62:13:1d:aa:95:f2:b7:a4:8d:4f:
         d4:c5:e7:3f:8c:91:d8:c5:40:74:f0:e9:00:66:bf:44:40:48:
         72:67:f9:46:e4:45:60:d1:d0:7d:75:cf:49:f7:c3:25:f3:f3:
         08:6b:21:fc:54:c4:ff:45:7c:2c:1d:41:a9:3e:36:13:37:d2:
         17:85:f0:08:25:a4:6d:6e:36:f3:71:d6:54:9d:08:9a:bc:6a:
         3c:ae:34:17:e7:e2:30:71:3f:37:f0:4e:ec:73:ab:69:07:1f:
         b4:f7:43:7d:bf:c0:f7:c5:00:4c:f3:d8:7c:ad:e8:53:fb:88:
         4c:e0:6c:c7:17:52:4b:5c:bc:72:58:c8:c9:98:fc:40:9b:e5:
         a4:7e:1f:33:a1:38:c5:c1:4e:2c:06:ce:c0:d6:a6:f8:41:81:
         8e:78:af:11:ed:70:58:77:00:bc:ff:e1:f2:ec:bc:e1:3a:ae:
         7f:c9:64:b3:18:26:19:75:bf:a5:17:35:80:80:1e:1a:00:8e:
         bc:7a:80:d9:cc:b8:98:ef:55:aa:5f:c8:e1:1e:62:b2:c0:c4:
         4a:9c:14:dd:ba:7b:72:65:bc:da:9c:2d:d7:02:a8:16:4c:48:
         70:37:96:42:8e:1e:a7:3a:58:38:ea:d0:9d:39:41:d2:2a:90:
         31:51:a4:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmqhO+h+PJKEdh8aAHFwOq1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzODllNzAzNWIwOGUxODFhMzQxZjM3ZWRhNzM0M2QyM2Yx
Y2FmYTQwHhcNMjUxMDAzMTQ0MTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDUyZGY4YmJjYmE2OWM1YTdmODcxZjhmYWRjYzEzOGE3Y2FjZDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo938gvGjmlfDCqTMBObWA74aVqQu
U+hpDHzo6Xfe2rnhuh1+FDxd89sqSfpkmyxCu1JFkI1FypnsbkkqxsPAEqIJBu5u
RGDMJT/IxvGyCmXr13tFmz9gOr+Bp53l7yS+Ma2mCVWja4A4TC0N7O8wHApQE4du
XwhBF4dLc0ihcCauFkJSo7A7QM3vG+QchHitxKXNwCF7/9X9qqrSRpDoOhVsJGwV
ClfMNHhv4qZKZZgRqhAroRsAfrvrgbzAcWHNnghVhWKgxGQp3ixIklGXfKJXQpJZ
3uo2pJR7SBb/XtbUKjmktwzvQ+k7a2F24zDLAnMjtPJobpFqs1TeRS95/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIRS34u8umnFp/hx+PrcwTinys0WMB8GA1UdIwQY
MBaAFKOJ5wNbCOGBo0HzftpzQ9I/HK+kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzRubkExc0k0WUdqUWZOLTJuTkQwajhjcjZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9mMDUzY2QtMWQ3OS00M2ExLTlhYWIt
MGU3MjQxNmI0ZGM3LzEvaEZMZmk3eTZhY1duLUhINC10ekJPS2ZLelJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9mMDUzY2QtMWQ3OS00M2ExLTlhYWItMGU3MjQxNmI0ZGM3
LzEvbzRubkExc0k0WUdqUWZOLTJuTkQwajhjcjZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHlYMA0G
CSqGSIb3DQEBCwUAA4IBAQBh3Yus0Uifu2ITHaqV8rekjU/Uxec/jJHYxUB08OkA
Zr9EQEhyZ/lG5EVg0dB9dc9J98Ml8/MIayH8VMT/RXwsHUGpPjYTN9IXhfAIJaRt
bjbzcdZUnQiavGo8rjQX5+IwcT838E7sc6tpBx+090N9v8D3xQBM89h8rehT+4hM
4GzHF1JLXLxyWMjJmPxAm+Wkfh8zoTjFwU4sBs7A1qb4QYGOeK8R7XBYdwC8/+Hy
7LzhOq5/yWSzGCYZdb+lFzWAgB4aAI68eoDZzLiY71WqX8jhHmKywMRKnBTdunty
ZbzanC3XAqgWTEhwN5ZCjh6nOlg46tCdOUHSKpAxUaRY
-----END CERTIFICATE-----