Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/1-HZF_Uc44gjh1TQR1U1OYZDHjCk.roa
File:                     1-HZF_Uc44gjh1TQR1U1OYZDHjCk.roa (raw, json)
Hash identifier:          NuB8apKKsTUzor9NX4p/x2mqEfbsbGqLyBZkaxZdT4k=
Subject key identifier:   F8:76:45:FD:47:38:E2:08:E1:D5:34:11:D5:4D:4E:61:90:C7:8C:29
Certificate issuer:       /CN=57c670c8db32dd748df797c5c93013d8c91fa839
Certificate serial:       01974F73CA2CEE10E192DAEDB14DCB634E16
Authority key identifier: 57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/1-HZF_Uc44gjh1TQR1U1OYZDHjCk.roa
Signing time:             Sun 08 Jun 2025 12:11:17 +0000
ROA not before:           Sun 08 Jun 2025 12:11:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215115
IP address blocks:        194.31.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 20:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:4f:73:ca:2c:ee:10:e1:92:da:ed:b1:4d:cb:63:4e:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c670c8db32dd748df797c5c93013d8c91fa839
        Validity
            Not Before: Jun  8 12:11:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f87645fd4738e208e1d53411d54d4e6190c78c29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:18:50:96:ed:73:c0:7d:0b:eb:71:c1:37:54:
                    cf:7e:af:89:cb:c2:9d:8a:06:fc:56:c8:75:94:93:
                    d6:d5:19:50:87:8f:4b:48:8b:d4:d3:3e:d3:46:e9:
                    a7:4d:b4:9d:b8:ed:9b:3b:10:96:5f:20:fd:69:52:
                    dd:2c:dd:5f:37:ec:58:26:2c:6f:36:9f:84:62:34:
                    2d:e1:c6:26:9e:bf:b6:c2:3b:19:56:38:3f:e2:5a:
                    fc:f1:ea:81:26:d5:a8:9a:2d:89:f5:67:de:6a:16:
                    6e:d1:9f:a4:ba:9f:ff:ee:1c:0a:9e:28:9e:3b:9a:
                    85:db:f5:0f:ae:53:57:5f:0e:b5:7e:eb:8e:9e:39:
                    48:c6:e4:22:8c:dc:42:fb:c7:98:49:fe:f4:e6:8b:
                    79:92:1c:b9:1b:37:e1:b8:80:79:f3:e6:58:4a:95:
                    d8:d9:8a:80:43:18:9b:a0:a8:3a:ed:6d:53:74:b7:
                    6e:17:91:e5:a8:b6:b0:0c:9f:48:26:7b:8a:08:32:
                    00:07:5b:95:be:51:f7:20:d6:da:7a:5a:a4:6a:32:
                    21:13:37:8a:1c:1d:51:44:c3:63:65:90:6c:9c:99:
                    19:e4:12:30:04:70:df:07:38:3d:e0:72:4c:28:a5:
                    27:5a:df:56:20:00:59:be:98:d1:e7:62:f8:5b:1d:
                    fc:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:76:45:FD:47:38:E2:08:E1:D5:34:11:D5:4D:4E:61:90:C7:8C:29
            X509v3 Authority Key Identifier:
                keyid:57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/1-HZF_Uc44gjh1TQR1U1OYZDHjCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:c2:fc:4d:9c:f7:c1:cb:67:6b:be:fb:db:d3:c7:c4:99:55:
         bc:ac:e7:b2:2f:7d:42:9c:a8:16:e1:ef:4b:11:59:bd:ef:99:
         9e:76:5a:5e:4e:c6:70:a6:38:ae:2d:6b:8b:de:ea:73:11:f9:
         1a:2c:86:a6:0d:7f:9e:25:fb:e8:5e:88:81:96:06:cb:f5:86:
         f6:bb:11:db:36:94:cd:b9:f6:8d:68:0f:80:e7:a1:11:4b:25:
         17:1d:b8:76:52:7d:b9:97:be:23:b6:f0:4f:af:0a:b2:41:b5:
         5d:2f:2c:36:22:76:08:fd:1f:12:59:89:99:58:aa:80:b5:8d:
         3e:a6:07:38:bb:25:ca:09:be:9a:9b:96:01:5c:f9:11:ec:12:
         b2:95:85:e9:42:6a:9f:fd:13:e7:eb:00:8d:e9:7c:90:5f:5d:
         01:b0:23:2c:30:dc:0f:4f:2f:47:e1:b2:91:30:fc:59:aa:aa:
         1d:21:c6:5c:ec:d8:bc:4b:a9:ef:ed:92:26:72:db:e2:cf:f7:
         fe:27:2c:7f:b9:f1:d3:df:f1:6e:ec:4d:7a:3f:e7:b2:af:fa:
         7c:d5:1c:55:ad:8a:88:bb:60:5f:d8:0d:b3:aa:c3:a0:7b:4b:
         01:d0:9a:b9:7c:c0:de:a5:0d:3c:20:08:05:4b:86:4c:e7:90:
         ae:4d:5e:48
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZdPc8os7hDhktrtsU3LY04WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzY3MGM4ZGIzMmRkNzQ4ZGY3OTdjNWM5MzAxM2Q4Yzkx
ZmE4MzkwHhcNMjUwNjA4MTIxMTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODc2NDVmZDQ3MzhlMjA4ZTFkNTM0MTFkNTRkNGU2MTkwYzc4YzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphhQlu1zwH0L63HBN1TPfq+Jy8Kd
igb8Vsh1lJPW1RlQh49LSIvU0z7TRumnTbSduO2bOxCWXyD9aVLdLN1fN+xYJixv
Np+EYjQt4cYmnr+2wjsZVjg/4lr88eqBJtWomi2J9WfeahZu0Z+kup//7hwKniie
O5qF2/UPrlNXXw61fuuOnjlIxuQijNxC+8eYSf705ot5khy5GzfhuIB58+ZYSpXY
2YqAQxiboKg67W1TdLduF5HlqLawDJ9IJnuKCDIAB1uVvlH3INbaelqkajIhEzeK
HB1RRMNjZZBsnJkZ5BIwBHDfBzg94HJMKKUnWt9WIABZvpjR52L4Wx38tQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPh2Rf1HOOII4dU0EdVNTmGQx4wpMB8GA1UdIwQY
MBaAFFfGcMjbMt10jfeXxckwE9jJH6g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQt
MzA0OTVmNDAzNzg0LzEvMS1IWkZfVWM0NGdqaDFUUVIxVTFPWVpESGpDay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTgvNWE2ZmRhLTc4OTYtNGM1MC1hZmZkLTMwNDk1ZjQwMzc4
NC8xL1Y4Wnd5TnN5M1hTTjk1ZkZ5VEFUMk1rZnFEay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIfSzAN
BgkqhkiG9w0BAQsFAAOCAQEAnML8TZz3wctna77729PHxJlVvKznsi99QpyoFuHv
SxFZve+ZnnZaXk7GcKY4ri1ri97qcxH5GiyGpg1/niX76F6IgZYGy/WG9rsR2zaU
zbn2jWgPgOehEUslFx24dlJ9uZe+I7bwT68KskG1XS8sNiJ2CP0fElmJmViqgLWN
PqYHOLslygm+mpuWAVz5EewSspWF6UJqn/0T5+sAjel8kF9dAbAjLDDcD08vR+Gy
kTD8WaqqHSHGXOzYvEup7+2SJnLb4s/3/icsf7nx09/xbuxNej/nsq/6fNUcVa2K
iLtgX9gNs6rDoHtLAdCauXzA3qUNPCAIBUuGTOeQrk1eSA==
-----END CERTIFICATE-----