Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/e46951-8fa4-45b6-87bf-5a4b7b5e4007/1/hNq3yGnPCHaydptWbrbgby3w7SM.roa
File:                     hNq3yGnPCHaydptWbrbgby3w7SM.roa (raw, json)
Hash identifier:          TF/bJmN5adtoEqSxW4KjZfMJbH3NebJd9z02MI+Ip68=
Subject key identifier:   84:DA:B7:C8:69:CF:08:76:B2:76:9B:56:6E:B6:E0:6F:2D:F0:ED:23
Certificate issuer:       /CN=028ccc8d8178c9e9d2ffc532fcb5cd68beaa776d
Certificate serial:       0197CA4B9DB8A04B37AC4B22575DD5A2D2F0
Authority key identifier: 02:8C:CC:8D:81:78:C9:E9:D2:FF:C5:32:FC:B5:CD:68:BE:AA:77:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AozMjYF4yenS_8Uy_LXNaL6qd20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/e46951-8fa4-45b6-87bf-5a4b7b5e4007/1/hNq3yGnPCHaydptWbrbgby3w7SM.roa
Signing time:             Wed 02 Jul 2025 08:40:42 +0000
ROA not before:           Wed 02 Jul 2025 08:40:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206388
IP address blocks:        194.110.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/e46951-8fa4-45b6-87bf-5a4b7b5e4007/1/AozMjYF4yenS_8Uy_LXNaL6qd20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/e46951-8fa4-45b6-87bf-5a4b7b5e4007/1/AozMjYF4yenS_8Uy_LXNaL6qd20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AozMjYF4yenS_8Uy_LXNaL6qd20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ca:4b:9d:b8:a0:4b:37:ac:4b:22:57:5d:d5:a2:d2:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=028ccc8d8178c9e9d2ffc532fcb5cd68beaa776d
        Validity
            Not Before: Jul  2 08:40:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=84dab7c869cf0876b2769b566eb6e06f2df0ed23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b7:51:10:bd:eb:47:28:2e:19:0a:c9:ac:96:
                    2e:49:13:16:0d:49:d1:7b:31:00:80:40:5d:ad:8e:
                    7e:87:54:97:67:05:29:bc:a5:82:a7:dd:8f:d7:fc:
                    d4:00:a6:5e:61:71:91:4a:9e:9f:7f:95:d6:ad:6d:
                    11:4a:09:ec:75:23:7e:2b:93:5a:65:c1:e3:ae:37:
                    ce:75:2b:26:59:4f:b5:c6:a8:74:70:69:13:52:26:
                    68:44:ae:4c:4d:46:de:ef:a8:38:57:f2:21:71:b1:
                    75:71:4d:95:ea:07:5c:a3:21:b5:aa:dd:8c:76:b0:
                    bb:2c:dd:6f:1e:34:5a:59:a5:f6:17:e6:2e:79:01:
                    62:53:d0:0d:78:73:d7:e9:00:2b:30:91:7f:8a:21:
                    71:82:22:79:35:cb:62:b6:7d:f3:c3:08:d3:78:bd:
                    f9:8e:fb:28:64:1a:3d:0e:d3:92:23:02:b6:52:3e:
                    de:fe:9c:2c:2f:51:52:87:e1:cf:3f:d8:5b:8c:cc:
                    2a:87:68:9b:91:4b:2e:3f:0b:97:d1:8e:61:3f:b8:
                    ab:ec:9f:49:b9:d7:59:1e:d4:13:b4:60:1b:47:97:
                    c5:c7:57:7c:3c:ef:8e:30:7e:20:0b:e5:07:dd:59:
                    3b:1c:54:28:62:34:2b:16:b8:db:42:03:33:eb:ee:
                    60:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:DA:B7:C8:69:CF:08:76:B2:76:9B:56:6E:B6:E0:6F:2D:F0:ED:23
            X509v3 Authority Key Identifier:
                keyid:02:8C:CC:8D:81:78:C9:E9:D2:FF:C5:32:FC:B5:CD:68:BE:AA:77:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AozMjYF4yenS_8Uy_LXNaL6qd20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/e46951-8fa4-45b6-87bf-5a4b7b5e4007/1/hNq3yGnPCHaydptWbrbgby3w7SM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/e46951-8fa4-45b6-87bf-5a4b7b5e4007/1/AozMjYF4yenS_8Uy_LXNaL6qd20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.110.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:19:d3:16:65:d3:87:93:f5:5f:d3:02:b5:bf:9b:df:31:21:
         94:05:cc:ea:b1:a7:ab:18:78:1b:c7:e9:13:91:98:35:15:ee:
         51:d9:73:28:16:03:06:ca:75:3e:81:ff:63:3d:fc:bc:20:ce:
         18:96:c7:67:ba:81:f6:50:b5:41:58:ce:d2:51:c7:61:17:25:
         69:a8:e7:9a:a4:68:d3:1b:c1:53:9c:2a:df:5a:ac:c7:d7:85:
         21:c8:73:67:43:e0:66:fd:c4:7b:95:92:ce:52:e8:8b:3b:cf:
         92:e1:c5:b3:6f:42:55:e4:6a:9b:fa:3f:ff:7f:dd:a7:a9:a1:
         c0:ac:0f:83:81:90:fc:ea:3f:4e:f4:b8:ea:4c:e1:1a:b2:27:
         0b:9b:1b:22:24:28:e1:2c:7d:d5:71:cf:ba:a2:b9:b3:41:c4:
         cf:0f:a5:b8:5c:ee:1f:8f:41:64:0e:a5:cf:5e:d5:92:f4:ae:
         d3:b9:36:d9:0e:ea:50:66:f6:90:4d:57:97:f1:dc:1c:3f:81:
         43:92:85:0d:50:2b:5b:77:f9:97:42:b7:b1:55:e5:b6:3d:cc:
         18:ee:a0:39:e1:dd:8e:a2:93:b7:37:2f:8c:28:14:86:b0:52:
         80:a5:19:c8:a6:01:87:bf:a8:e1:8c:18:19:f8:92:0f:87:9f:
         ae:8e:85:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfKS524oEs3rEsiV13VotLwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyOGNjYzhkODE3OGM5ZTlkMmZmYzUzMmZjYjVjZDY4YmVh
YTc3NmQwHhcNMjUwNzAyMDg0MDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGRhYjdjODY5Y2YwODc2YjI3NjliNTY2ZWI2ZTA2ZjJkZjBlZDIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLdREL3rRyguGQrJrJYuSRMWDUnR
ezEAgEBdrY5+h1SXZwUpvKWCp92P1/zUAKZeYXGRSp6ff5XWrW0RSgnsdSN+K5Na
ZcHjrjfOdSsmWU+1xqh0cGkTUiZoRK5MTUbe76g4V/IhcbF1cU2V6gdcoyG1qt2M
drC7LN1vHjRaWaX2F+YueQFiU9ANeHPX6QArMJF/iiFxgiJ5Nctitn3zwwjTeL35
jvsoZBo9DtOSIwK2Uj7e/pwsL1FSh+HPP9hbjMwqh2ibkUsuPwuX0Y5hP7ir7J9J
uddZHtQTtGAbR5fFx1d8PO+OMH4gC+UH3Vk7HFQoYjQrFrjbQgMz6+5gLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFITat8hpzwh2snabVm624G8t8O0jMB8GA1UdIwQY
MBaAFAKMzI2BeMnp0v/FMvy1zWi+qndtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQW96TWpZRjR5ZW5TXzhVeV9MWE5hTDZxZDIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9lNDY5NTEtOGZhNC00NWI2LTg3YmYt
NWE0YjdiNWU0MDA3LzEvaE5xM3lHblBDSGF5ZHB0V2JyYmdieTN3N1NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9lNDY5NTEtOGZhNC00NWI2LTg3YmYtNWE0YjdiNWU0MDA3
LzEvQW96TWpZRjR5ZW5TXzhVeV9MWE5hTDZxZDIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwm52MA0G
CSqGSIb3DQEBCwUAA4IBAQCxGdMWZdOHk/Vf0wK1v5vfMSGUBczqsaerGHgbx+kT
kZg1Fe5R2XMoFgMGynU+gf9jPfy8IM4YlsdnuoH2ULVBWM7SUcdhFyVpqOeapGjT
G8FTnCrfWqzH14UhyHNnQ+Bm/cR7lZLOUuiLO8+S4cWzb0JV5Gqb+j//f92nqaHA
rA+DgZD86j9O9LjqTOEasicLmxsiJCjhLH3Vcc+6ormzQcTPD6W4XO4fj0FkDqXP
XtWS9K7TuTbZDupQZvaQTVeX8dwcP4FDkoUNUCtbd/mXQrexVeW2PcwY7qA54d2O
opO3Ny+MKBSGsFKApRnIpgGHv6jhjBgZ+JIPh5+ujoWx
-----END CERTIFICATE-----