Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/HZbbroSrq6QQVVgDTvkGOIg8CG8.roa
File:                     HZbbroSrq6QQVVgDTvkGOIg8CG8.roa (raw, json)
Hash identifier:          PAIuto+Pct3SW5ZHIUtMXRjRllfD0Y9hcduQwRWTAAk=
Subject key identifier:   1D:96:DB:AE:84:AB:AB:A4:10:55:58:03:4E:F9:06:38:88:3C:08:6F
Certificate issuer:       /CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
Certificate serial:       01983C6D2F334F007681CD9F82D14994E150
Authority key identifier: E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/HZbbroSrq6QQVVgDTvkGOIg8CG8.roa
Signing time:             Thu 24 Jul 2025 12:34:05 +0000
ROA not before:           Thu 24 Jul 2025 12:34:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39199
IP address blocks:        94.154.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 03:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:3c:6d:2f:33:4f:00:76:81:cd:9f:82:d1:49:94:e1:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
        Validity
            Not Before: Jul 24 12:34:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d96dbae84ababa4105558034ef90638883c086f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:cc:5d:1a:99:55:72:a2:53:79:2d:73:06:3a:
                    de:43:58:38:9f:f7:7e:6d:76:4e:1a:48:c1:5d:c9:
                    7d:21:94:81:bb:bc:1f:f2:31:ef:dd:4d:0b:4f:a9:
                    a3:0f:5b:b1:a5:51:a9:22:fe:56:25:dc:18:3d:47:
                    c4:33:fd:84:4b:de:cd:22:36:ca:da:f3:b3:8e:e1:
                    98:37:a1:ab:85:15:1d:63:ae:a6:bb:22:1c:51:26:
                    3d:73:e8:2b:5b:9d:dc:4f:e8:4d:9d:ae:99:65:ff:
                    1e:2c:75:7e:09:39:59:e8:f8:08:86:49:e7:3f:45:
                    5c:9e:8e:ca:a4:c1:d6:11:5b:c3:af:b4:9b:d6:ab:
                    cc:0e:eb:c0:60:7b:3e:73:47:9a:da:92:32:2e:73:
                    d2:d2:37:48:87:ef:e0:a9:17:ca:d6:55:02:81:9c:
                    1a:77:61:92:b2:68:4d:89:70:67:43:08:3d:23:e6:
                    b4:88:39:5d:1d:5d:19:db:4d:68:e9:71:e5:d5:72:
                    09:13:1a:3d:4d:b2:46:89:3c:5e:49:a4:76:df:c7:
                    36:5a:b4:99:cd:60:09:bd:93:2f:3e:bc:51:8f:f7:
                    3a:64:29:30:e4:eb:9f:ef:2e:7a:86:34:83:86:a8:
                    80:12:ea:13:93:72:f9:a0:28:fe:fd:1c:7f:7c:1e:
                    56:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:96:DB:AE:84:AB:AB:A4:10:55:58:03:4E:F9:06:38:88:3C:08:6F
            X509v3 Authority Key Identifier:
                keyid:E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/HZbbroSrq6QQVVgDTvkGOIg8CG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:d0:f2:d5:9d:fd:9f:5b:e2:e9:19:68:93:2d:93:59:ba:2d:
         05:91:c5:d5:bd:2b:f5:f5:b5:b9:39:71:57:fb:4d:8f:c7:60:
         73:7b:4a:e4:7f:41:28:64:2c:60:07:32:44:83:6d:67:68:cd:
         e6:a4:c3:c2:a5:75:91:91:28:47:b4:9e:4a:99:6c:f7:98:33:
         e9:4b:f6:ee:af:a6:0e:ce:9e:6a:43:5b:2b:7a:17:9a:f3:bc:
         97:c0:66:22:b9:4f:a9:46:fe:a2:a2:72:3b:fc:b8:92:6a:97:
         a3:15:5d:5a:38:67:2b:bc:4b:8b:a9:6f:c0:de:b8:3c:3a:43:
         22:f2:69:4b:4e:c1:9c:cc:34:c2:1d:f5:71:b9:b9:de:14:d3:
         8d:8b:e1:b8:f5:68:3d:3b:be:6c:96:6d:05:27:54:65:1d:2f:
         e9:87:a7:31:cd:2b:92:81:ab:86:ee:42:dc:68:9a:aa:df:89:
         0e:af:9f:aa:6f:7a:0b:81:43:12:68:2d:0e:7b:1e:53:74:73:
         14:f6:63:f2:53:40:1a:cb:0b:4c:ec:04:44:7a:cd:eb:50:6d:
         8e:1f:ea:73:45:2e:51:cf:4b:37:3c:2c:8e:53:d4:46:68:fd:
         b0:a9:d5:a5:44:35:62:6d:a3:76:9e:27:a5:3b:cf:e9:83:e0:
         5c:06:2e:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZg8bS8zTwB2gc2fgtFJlOFQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Y2YzODg0Yjc4MDA3YTI1ZGJlMmUyY2VmMGNjNzNiNjk5
MjFmODgwHhcNMjUwNzI0MTIzNDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDk2ZGJhZTg0YWJhYmE0MTA1NTU4MDM0ZWY5MDYzODg4M2MwODZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8xdGplVcqJTeS1zBjreQ1g4n/d+
bXZOGkjBXcl9IZSBu7wf8jHv3U0LT6mjD1uxpVGpIv5WJdwYPUfEM/2ES97NIjbK
2vOzjuGYN6GrhRUdY66muyIcUSY9c+grW53cT+hNna6ZZf8eLHV+CTlZ6PgIhknn
P0Vcno7KpMHWEVvDr7Sb1qvMDuvAYHs+c0ea2pIyLnPS0jdIh+/gqRfK1lUCgZwa
d2GSsmhNiXBnQwg9I+a0iDldHV0Z201o6XHl1XIJExo9TbJGiTxeSaR238c2WrSZ
zWAJvZMvPrxRj/c6ZCkw5Ouf7y56hjSDhqiAEuoTk3L5oCj+/Rx/fB5WXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB2W266Eq6ukEFVYA075BjiIPAhvMB8GA1UdIwQY
MBaAFOfPOIS3gAeiXb4uLO8Mxztpkh+IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgt
YTE4NGYzNTU2ZTQzLzEvSFpiYnJvU3JxNlFRVlZnRFR2a0dPSWc4Q0c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgtYTE4NGYzNTU2ZTQz
LzEvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpohMA0G
CSqGSIb3DQEBCwUAA4IBAQAD0PLVnf2fW+LpGWiTLZNZui0FkcXVvSv19bW5OXFX
+02Px2Bze0rkf0EoZCxgBzJEg21naM3mpMPCpXWRkShHtJ5KmWz3mDPpS/bur6YO
zp5qQ1srehea87yXwGYiuU+pRv6ionI7/LiSapejFV1aOGcrvEuLqW/A3rg8OkMi
8mlLTsGczDTCHfVxubneFNONi+G49Wg9O75slm0FJ1RlHS/ph6cxzSuSgauG7kLc
aJqq34kOr5+qb3oLgUMSaC0Oex5TdHMU9mPyU0AaywtM7AREes3rUG2OH+pzRS5R
z0s3PCyOU9RGaP2wqdWlRDVibaN2nielO8/pg+BcBi6+
-----END CERTIFICATE-----