Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/hpvyAfi0qxRWP3IPH4AR1w-rhug.roa
File:                     hpvyAfi0qxRWP3IPH4AR1w-rhug.roa (raw, json)
Hash identifier:          grj5qc59kBCQ9jelmSCl6C/kgQO1QBZmsaIamVANIkM=
Subject key identifier:   86:9B:F2:01:F8:B4:AB:14:56:3F:72:0F:1F:80:11:D7:0F:AB:86:E8
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       0197E1DA38AC1B88114DCD05075897451E3B
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/hpvyAfi0qxRWP3IPH4AR1w-rhug.roa
Signing time:             Sun 06 Jul 2025 22:27:44 +0000
ROA not before:           Sun 06 Jul 2025 22:27:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205125
IP address blocks:        45.95.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 21:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e1:da:38:ac:1b:88:11:4d:cd:05:07:58:97:45:1e:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul  6 22:27:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=869bf201f8b4ab14563f720f1f8011d70fab86e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:21:68:fe:23:e0:56:af:7d:a4:45:0d:0a:02:
                    83:84:a8:fd:b0:21:d9:c7:fc:f2:db:48:2f:d7:18:
                    b4:e2:c0:eb:a3:3e:29:5d:d6:1e:ff:0d:44:a8:09:
                    bf:04:64:24:97:8e:94:92:fb:3c:b0:1f:0e:c6:ea:
                    06:4c:9b:b5:e1:b7:92:f4:df:c5:fa:ec:11:bd:7d:
                    71:4a:90:3c:c2:bd:f0:2b:35:e5:10:a1:1a:9b:e5:
                    8b:1a:1f:47:85:7e:29:aa:7b:24:d3:20:6e:05:0c:
                    40:8f:98:b9:3a:04:4d:50:c3:94:52:e3:74:f7:cd:
                    12:b3:33:74:9d:bd:9f:ae:5f:3d:80:fb:93:b9:a4:
                    f6:fa:e8:20:7f:30:a0:c6:61:61:0d:d8:6a:3b:ef:
                    a5:a4:d5:99:3c:09:6e:1b:bf:26:a4:4c:db:c3:c1:
                    2b:88:60:bb:2b:01:9b:bd:c1:94:50:44:b7:14:8c:
                    a7:f5:41:ce:47:fe:f0:11:a5:ba:c8:eb:76:b0:6b:
                    50:17:1a:00:fa:51:36:6f:18:2b:19:6a:b7:8c:cb:
                    de:e3:f4:1c:b1:10:9d:b2:00:57:da:db:4b:9f:88:
                    ff:8c:76:5c:80:af:91:d7:de:d3:d0:8f:e6:8c:f4:
                    09:38:ea:cb:82:05:e5:c2:bd:31:86:3f:f5:61:73:
                    8f:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:9B:F2:01:F8:B4:AB:14:56:3F:72:0F:1F:80:11:D7:0F:AB:86:E8
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/hpvyAfi0qxRWP3IPH4AR1w-rhug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:83:35:97:b4:13:f4:d5:f1:72:41:3b:99:30:7e:21:0e:4f:
         62:cd:85:60:a7:f4:30:bd:72:86:a0:5b:e3:56:62:16:40:ad:
         e6:77:aa:05:82:e3:56:b0:b5:e1:22:0f:44:5e:14:f0:e5:de:
         be:0b:ca:49:63:4f:46:7a:fe:44:41:cc:d9:af:65:6e:df:7c:
         b7:c3:9b:6c:ca:e2:ff:6d:c4:39:f1:0b:4b:b8:9b:a1:44:22:
         b6:35:d7:70:88:6f:75:35:f9:8a:dc:e8:3f:ff:f9:6e:99:e9:
         76:6f:b6:6d:cb:1e:03:24:ee:49:43:26:d8:f2:82:1a:b1:4d:
         87:7e:92:6f:76:04:a9:af:a6:a2:6c:fd:2e:e7:c5:d2:6a:7a:
         22:b0:50:9f:e0:0d:bb:ac:2e:f8:9b:51:e6:66:1a:73:5c:be:
         e7:7d:1f:94:c0:4a:3a:c9:6f:96:8b:dd:ea:4d:91:cc:5f:2b:
         d9:a2:b6:ac:0b:ff:28:33:40:a9:20:86:8b:f7:ae:c5:c7:32:
         5c:83:5a:93:2e:35:09:a1:f9:18:78:ad:70:f2:1d:ad:ea:44:
         e4:3c:9b:1c:ba:ca:54:d5:74:35:7b:24:9e:b5:58:ba:f2:a5:
         f7:69:66:1e:c2:50:81:c4:77:d3:ef:af:82:73:99:3c:b6:97:
         ae:f0:e5:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfh2jisG4gRTc0FB1iXRR47MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzA2MjIyNzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjliZjIwMWY4YjRhYjE0NTYzZjcyMGYxZjgwMTFkNzBmYWI4NmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSFo/iPgVq99pEUNCgKDhKj9sCHZ
x/zy20gv1xi04sDroz4pXdYe/w1EqAm/BGQkl46Ukvs8sB8OxuoGTJu14beS9N/F
+uwRvX1xSpA8wr3wKzXlEKEam+WLGh9HhX4pqnsk0yBuBQxAj5i5OgRNUMOUUuN0
980SszN0nb2frl89gPuTuaT2+uggfzCgxmFhDdhqO++lpNWZPAluG78mpEzbw8Er
iGC7KwGbvcGUUES3FIyn9UHOR/7wEaW6yOt2sGtQFxoA+lE2bxgrGWq3jMve4/Qc
sRCdsgBX2ttLn4j/jHZcgK+R197T0I/mjPQJOOrLggXlwr0xhj/1YXOP8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIab8gH4tKsUVj9yDx+AEdcPq4boMB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvaHB2eUFmaTBxeFJXUDNJUEg0QVIxdy1yaHVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV/JMA0G
CSqGSIb3DQEBCwUAA4IBAQBSgzWXtBP01fFyQTuZMH4hDk9izYVgp/QwvXKGoFvj
VmIWQK3md6oFguNWsLXhIg9EXhTw5d6+C8pJY09Gev5EQczZr2Vu33y3w5tsyuL/
bcQ58QtLuJuhRCK2NddwiG91NfmK3Og///lumel2b7Ztyx4DJO5JQybY8oIasU2H
fpJvdgSpr6aibP0u58XSanoisFCf4A27rC74m1HmZhpzXL7nfR+UwEo6yW+Wi93q
TZHMXyvZorasC/8oM0CpIIaL967FxzJcg1qTLjUJofkYeK1w8h2t6kTkPJscuspU
1XQ1eySetVi68qX3aWYewlCBxHfT76+Cc5k8tpeu8OWg
-----END CERTIFICATE-----