Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/VHDpAdR3NVqsO0e_r0e6tavcLhw.roa
File:                     VHDpAdR3NVqsO0e_r0e6tavcLhw.roa (raw, json)
Hash identifier:          YhgbecYr8tRf7lmpu+uKj0OPPDbutngJmi5z3NyL5Eg=
Subject key identifier:   54:70:E9:01:D4:77:35:5A:AC:3B:47:BF:AF:47:BA:B5:AB:DC:2E:1C
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       0199CCD0790283BDE97E2EB7C8C678531D69
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/VHDpAdR3NVqsO0e_r0e6tavcLhw.roa
Signing time:             Fri 10 Oct 2025 06:30:38 +0000
ROA not before:           Fri 10 Oct 2025 06:30:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41397
IP address blocks:        213.220.22.0/23 maxlen: 23
                          213.220.24.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 12:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:cc:d0:79:02:83:bd:e9:7e:2e:b7:c8:c6:78:53:1d:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Oct 10 06:30:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5470e901d477355aac3b47bfaf47bab5abdc2e1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:e1:04:9f:8c:82:e0:e5:57:5f:ec:52:8f:38:
                    a2:8e:f9:9c:3b:63:97:cf:67:bb:1c:12:8c:7d:17:
                    c4:64:e0:c3:44:be:b9:16:e3:e5:a1:ee:15:c6:97:
                    fc:32:b9:67:bc:63:99:35:6a:04:40:ca:22:66:6b:
                    6a:b8:c1:64:f9:c8:e1:4a:f9:a7:02:fb:f2:20:66:
                    cd:55:6b:1d:70:d3:ad:d7:95:01:95:c4:0b:24:99:
                    9a:ea:47:c7:0e:65:71:1f:6c:dc:a2:b8:73:13:23:
                    4d:61:19:06:48:65:6d:6e:cc:b8:87:15:39:7d:07:
                    10:2d:e5:4f:7b:47:31:7f:70:c9:a6:66:7a:72:58:
                    3b:2e:84:5a:40:f0:62:2c:9a:83:45:44:c5:32:57:
                    1c:4b:95:bd:63:da:f5:3c:a4:51:76:4d:e2:e8:1f:
                    c6:ea:58:93:b3:ba:f5:5e:10:9d:05:00:2c:00:dd:
                    3e:15:97:f8:a8:15:88:6f:c6:19:9c:3b:91:75:42:
                    50:92:9e:c2:02:7a:92:c9:0d:d5:98:b1:04:05:0e:
                    ef:6e:6d:b0:b9:60:e5:ad:b3:f4:3d:5b:b0:df:e0:
                    f2:d4:ee:a1:3b:03:cc:2e:dc:0e:c1:9b:db:1e:e8:
                    79:3c:37:82:10:4a:39:fe:8b:a9:53:75:4d:d1:6f:
                    77:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:70:E9:01:D4:77:35:5A:AC:3B:47:BF:AF:47:BA:B5:AB:DC:2E:1C
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/VHDpAdR3NVqsO0e_r0e6tavcLhw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.220.22.0-213.220.31.255

    Signature Algorithm: sha256WithRSAEncryption
         2e:00:3b:91:65:6b:c1:33:c1:43:3e:ca:5f:dd:72:41:58:c1:
         35:42:84:6a:dd:10:b5:62:4d:1b:09:15:8d:c9:b8:b3:7b:9b:
         cc:ed:23:b3:b6:40:d5:ec:62:28:21:d3:6a:a1:3b:7b:f4:01:
         e1:d1:f6:a0:d8:b4:6b:10:7d:5f:55:36:de:d7:48:57:38:78:
         32:85:9a:01:64:77:f7:d5:69:80:fc:8b:4c:4d:46:a1:e8:8e:
         fb:5c:22:b4:fc:49:0a:54:71:a3:26:f0:a2:22:a7:17:da:64:
         bf:66:01:9d:37:27:de:7e:5d:5c:d6:7c:97:48:a1:20:cf:41:
         b8:5a:53:0f:3f:7a:68:2e:ef:82:96:0c:d6:e5:12:b9:75:01:
         79:b3:c1:6b:93:f0:86:25:2a:ab:c0:30:da:cc:a9:0e:a3:aa:
         56:79:a0:b5:fb:2c:d3:c1:01:a2:39:27:82:7b:db:d0:72:da:
         bf:f3:da:eb:04:ca:3f:ab:29:e9:a6:dd:7e:54:d6:7f:e6:b1:
         ef:0a:38:4b:ea:b0:ee:43:f1:6b:8e:cb:7c:2e:aa:ea:5e:9e:
         49:52:a8:66:60:ec:45:47:6f:22:62:50:9d:4f:a1:99:e6:d9:
         ed:66:9d:0b:9c:cd:84:00:42:92:da:b4:58:c5:21:e5:02:0e:
         0e:17:1e:61
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZnM0HkCg73pfi63yMZ4Ux1pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjUxMDEwMDYzMDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDcwZTkwMWQ0NzczNTVhYWMzYjQ3YmZhZjQ3YmFiNWFiZGMyZTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOEEn4yC4OVXX+xSjziijvmcO2OX
z2e7HBKMfRfEZODDRL65FuPloe4Vxpf8MrlnvGOZNWoEQMoiZmtquMFk+cjhSvmn
AvvyIGbNVWsdcNOt15UBlcQLJJma6kfHDmVxH2zcorhzEyNNYRkGSGVtbsy4hxU5
fQcQLeVPe0cxf3DJpmZ6clg7LoRaQPBiLJqDRUTFMlccS5W9Y9r1PKRRdk3i6B/G
6liTs7r1XhCdBQAsAN0+FZf4qBWIb8YZnDuRdUJQkp7CAnqSyQ3VmLEEBQ7vbm2w
uWDlrbP0PVuw3+Dy1O6hOwPMLtwOwZvbHuh5PDeCEEo5/oupU3VN0W93RwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFRw6QHUdzVarDtHv69HurWr3C4cMB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvVkhEcEFkUjNOVnFzTzBlX3IwZTZ0YXZjTGh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAHV3BYD
BAXV3AAwDQYJKoZIhvcNAQELBQADggEBAC4AO5Fla8EzwUM+yl/dckFYwTVChGrd
ELViTRsJFY3JuLN7m8ztI7O2QNXsYigh02qhO3v0AeHR9qDYtGsQfV9VNt7XSFc4
eDKFmgFkd/fVaYD8i0xNRqHojvtcIrT8SQpUcaMm8KIipxfaZL9mAZ03J95+XVzW
fJdIoSDPQbhaUw8/emgu74KWDNblErl1AXmzwWuT8IYlKqvAMNrMqQ6jqlZ5oLX7
LNPBAaI5J4J729By2r/z2usEyj+rKemm3X5U1n/mse8KOEvqsO5D8WuOy3wuqupe
nklSqGZg7EVHbyJiUJ1PoZnm2e1mnQuczYQAQpLatFjFIeUCDg4XHmE=
-----END CERTIFICATE-----