Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/h-PNQcjWOScse8WjyOhQeSbv950.roa
File:                     h-PNQcjWOScse8WjyOhQeSbv950.roa (raw, json)
Hash identifier:          /sFDGAAGqPfiAFmlm5KuC6NUsSeC3ZuPzrCQYYwFUic=
Subject key identifier:   87:E3:CD:41:C8:D6:39:27:2C:7B:C5:A3:C8:E8:50:79:26:EF:F7:9D
Certificate issuer:       /CN=488c65dc359b58ca6ba5d3daeb874f058684e8c6
Certificate serial:       0198086C8E011EBA1F5F5F6AEC53C18C0F5D
Authority key identifier: 48:8C:65:DC:35:9B:58:CA:6B:A5:D3:DA:EB:87:4F:05:86:84:E8:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SIxl3DWbWMprpdPa64dPBYaE6MY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/h-PNQcjWOScse8WjyOhQeSbv950.roa
Signing time:             Mon 14 Jul 2025 10:13:08 +0000
ROA not before:           Mon 14 Jul 2025 10:13:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135402
IP address blocks:        195.39.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/SIxl3DWbWMprpdPa64dPBYaE6MY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/SIxl3DWbWMprpdPa64dPBYaE6MY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SIxl3DWbWMprpdPa64dPBYaE6MY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:08:6c:8e:01:1e:ba:1f:5f:5f:6a:ec:53:c1:8c:0f:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=488c65dc359b58ca6ba5d3daeb874f058684e8c6
        Validity
            Not Before: Jul 14 10:13:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=87e3cd41c8d639272c7bc5a3c8e8507926eff79d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:a0:1d:9a:47:78:a5:59:52:24:b7:a2:5f:47:
                    95:3f:cd:01:5c:2d:77:5a:45:76:1f:42:43:82:db:
                    1e:d4:53:9c:36:36:d6:b0:e8:c4:52:a6:64:56:be:
                    44:3c:fa:d8:ea:33:29:dd:fb:01:28:36:6f:04:b6:
                    e4:42:09:16:8c:22:27:6f:5d:70:5b:df:fa:65:ff:
                    3b:62:11:51:96:24:7a:c8:7f:53:e3:b3:b0:84:be:
                    25:5e:90:4a:45:34:f5:6c:c9:13:00:a2:49:60:a0:
                    1e:b6:9d:7f:51:a2:5d:b3:4e:d3:ee:58:18:c1:de:
                    71:17:1a:95:92:44:6d:15:7a:4e:ef:3d:f2:a6:45:
                    dd:8d:d7:1f:90:14:fa:3b:b6:98:a2:9c:85:7f:67:
                    19:89:80:4f:bd:0e:7e:9e:7c:cb:1b:5a:25:bd:3c:
                    fd:f6:af:d0:41:81:24:c1:62:8d:15:ff:16:57:7f:
                    0f:0b:87:4b:93:d7:27:78:4f:db:cd:bb:bb:58:62:
                    3f:30:0b:29:48:e3:97:e2:d1:1f:2e:a3:b3:ec:86:
                    66:74:72:db:30:5f:a1:f8:0f:5f:4a:fc:bd:b3:5e:
                    c8:28:6f:43:0d:c9:d0:a9:d3:b7:c3:0b:1c:10:0d:
                    65:ba:05:93:51:de:78:e5:aa:00:cb:3f:4e:f6:42:
                    17:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:E3:CD:41:C8:D6:39:27:2C:7B:C5:A3:C8:E8:50:79:26:EF:F7:9D
            X509v3 Authority Key Identifier:
                keyid:48:8C:65:DC:35:9B:58:CA:6B:A5:D3:DA:EB:87:4F:05:86:84:E8:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SIxl3DWbWMprpdPa64dPBYaE6MY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/h-PNQcjWOScse8WjyOhQeSbv950.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/SIxl3DWbWMprpdPa64dPBYaE6MY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.39.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:ae:ee:76:10:d7:ea:28:1f:ad:a8:bb:de:30:c8:ee:2a:cb:
         d9:31:07:7e:0c:92:85:4e:e9:83:bd:3c:90:ce:cc:73:1a:fc:
         02:4b:ec:a1:ac:9b:ba:b2:dd:19:10:ff:6c:f5:90:41:f1:99:
         9a:20:f5:aa:df:a6:a4:3c:e2:7b:cd:c3:65:7b:44:21:be:d9:
         9b:ba:1c:58:06:c2:a7:0a:ef:61:74:75:9f:c9:90:65:f2:91:
         18:b4:7f:f2:a2:df:04:e0:e6:f0:65:34:3c:f6:76:42:27:70:
         45:88:4b:d5:26:30:a7:b7:a6:a0:ed:c0:ba:ae:7e:5f:c7:32:
         a6:4b:a9:b0:24:eb:65:5c:7c:c3:be:29:cc:a9:0f:62:6c:e4:
         b1:c1:fb:2a:7a:8e:d0:7c:63:e8:c5:99:5f:ad:80:b5:11:e8:
         9b:0c:98:b6:8b:13:b0:f3:e5:fb:b4:cc:e7:e2:c3:a2:2b:06:
         44:e7:70:94:ae:e6:eb:9c:56:d8:c3:11:d6:e2:1e:70:93:d8:
         94:7a:29:3c:c2:4a:e2:78:a2:4c:be:2b:e6:e2:3f:4d:83:90:
         95:8a:fc:02:53:6b:04:df:53:b4:3e:22:b4:34:ad:a5:fa:10:
         01:de:15:22:24:ae:0c:c0:b9:73:5b:27:c6:bf:64:83:7e:5c:
         ba:9c:99:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgIbI4BHrofX19q7FPBjA9dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4OGM2NWRjMzU5YjU4Y2E2YmE1ZDNkYWViODc0ZjA1ODY4
NGU4YzYwHhcNMjUwNzE0MTAxMzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2UzY2Q0MWM4ZDYzOTI3MmM3YmM1YTNjOGU4NTA3OTI2ZWZmNzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1KAdmkd4pVlSJLeiX0eVP80BXC13
WkV2H0JDgtse1FOcNjbWsOjEUqZkVr5EPPrY6jMp3fsBKDZvBLbkQgkWjCInb11w
W9/6Zf87YhFRliR6yH9T47OwhL4lXpBKRTT1bMkTAKJJYKAetp1/UaJds07T7lgY
wd5xFxqVkkRtFXpO7z3ypkXdjdcfkBT6O7aYopyFf2cZiYBPvQ5+nnzLG1olvTz9
9q/QQYEkwWKNFf8WV38PC4dLk9cneE/bzbu7WGI/MAspSOOX4tEfLqOz7IZmdHLb
MF+h+A9fSvy9s17IKG9DDcnQqdO3wwscEA1lugWTUd545aoAyz9O9kIXrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIfjzUHI1jknLHvFo8joUHkm7/edMB8GA1UdIwQY
MBaAFEiMZdw1m1jKa6XT2uuHTwWGhOjGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0l4bDNEV2JXTXBycGRQYTY0ZFBCWWFFNk1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9jNDgyNzEtZGVlNS00ODQxLWE3ZGQt
YjBkNzJlOTEwZWZlLzEvaC1QTlFjaldPU2NzZThXanlPaFFlU2J2OTUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9jNDgyNzEtZGVlNS00ODQxLWE3ZGQtYjBkNzJlOTEwZWZl
LzEvU0l4bDNEV2JXTXBycGRQYTY0ZFBCWWFFNk1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwyfXMA0G
CSqGSIb3DQEBCwUAA4IBAQAbru52ENfqKB+tqLveMMjuKsvZMQd+DJKFTumDvTyQ
zsxzGvwCS+yhrJu6st0ZEP9s9ZBB8ZmaIPWq36akPOJ7zcNle0QhvtmbuhxYBsKn
Cu9hdHWfyZBl8pEYtH/yot8E4ObwZTQ89nZCJ3BFiEvVJjCnt6ag7cC6rn5fxzKm
S6mwJOtlXHzDvinMqQ9ibOSxwfsqeo7QfGPoxZlfrYC1EeibDJi2ixOw8+X7tMzn
4sOiKwZE53CUrubrnFbYwxHW4h5wk9iUeik8wkrieKJMvivm4j9Ng5CVivwCU2sE
31O0PiK0NK2l+hAB3hUiJK4MwLlzWyfGv2SDfly6nJmz
-----END CERTIFICATE-----