Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/HfXhcMLQSQZQwza7V9Arj2x9L2c.roa
File:                     HfXhcMLQSQZQwza7V9Arj2x9L2c.roa (raw, json)
Hash identifier:          fqR85lomPOT5NEJEaCczGH+7WyCvqD5rnkkrfn2ehQo=
Subject key identifier:   1D:F5:E1:70:C2:D0:49:06:50:C3:36:BB:57:D0:2B:8F:6C:7D:2F:67
Certificate issuer:       /CN=d5637692ff5c45486d1053b149dc1420026cd733
Certificate serial:       0197A38AEDB055DC28AA66595BF27084235E
Authority key identifier: D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/HfXhcMLQSQZQwza7V9Arj2x9L2c.roa
Signing time:             Tue 24 Jun 2025 20:04:40 +0000
ROA not before:           Tue 24 Jun 2025 20:04:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19318
IP address blocks:        80.246.232.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a3:8a:ed:b0:55:dc:28:aa:66:59:5b:f2:70:84:23:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5637692ff5c45486d1053b149dc1420026cd733
        Validity
            Not Before: Jun 24 20:04:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1df5e170c2d0490650c336bb57d02b8f6c7d2f67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:16:b6:aa:72:06:d8:23:fa:5c:be:7d:af:01:
                    f3:fb:84:0e:2e:72:00:fb:33:31:6e:89:93:b1:f5:
                    13:db:4b:8a:27:2f:0d:f4:04:a9:76:9b:d9:f8:34:
                    2e:e6:a6:1d:e6:4a:ce:02:33:bf:aa:0e:9e:be:a3:
                    ba:77:4e:01:41:2b:33:41:6f:51:49:3a:ae:c5:ee:
                    0c:5d:c4:eb:1d:51:29:d5:cb:b3:71:f7:60:11:40:
                    9c:f2:e0:22:4e:48:fd:32:bc:9b:10:dd:15:d3:8c:
                    d8:aa:dc:00:09:03:be:ac:58:20:db:b3:f7:55:07:
                    62:52:f0:84:96:c1:26:1b:1d:1e:1d:e7:78:2d:c1:
                    fb:09:e6:96:15:5b:0b:74:73:b4:ca:0b:7c:90:b2:
                    50:e7:09:e8:ea:8d:ad:74:10:36:52:8a:1d:e2:90:
                    24:b1:0e:d4:bf:cc:2b:b6:32:43:45:48:16:00:ea:
                    b8:df:0a:17:6c:01:89:b4:42:59:34:46:24:3b:1e:
                    f0:b0:62:64:e6:c1:aa:da:5c:c6:83:a8:9e:54:9f:
                    6e:74:35:2b:4b:83:15:f5:36:95:e0:8a:f7:8f:c6:
                    30:00:c3:84:40:13:aa:1c:10:0c:d3:6a:78:6c:04:
                    14:59:f6:0e:77:45:48:09:dc:92:6c:9d:2c:83:9e:
                    6b:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:F5:E1:70:C2:D0:49:06:50:C3:36:BB:57:D0:2B:8F:6C:7D:2F:67
            X509v3 Authority Key Identifier:
                keyid:D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/HfXhcMLQSQZQwza7V9Arj2x9L2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.246.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         11:47:dd:2d:68:24:5a:2c:7a:63:9b:7c:59:37:ed:4f:e1:96:
         03:0e:cc:93:bc:af:a8:58:4f:9b:f4:e3:2c:b9:7c:64:79:9d:
         d7:a9:16:1e:3f:94:26:33:94:c2:a9:ad:a4:14:b4:dc:c8:0a:
         6a:f3:d3:0f:bc:18:a8:40:bb:5e:0d:97:92:bf:42:7f:08:ac:
         37:dd:81:74:38:8d:71:93:44:ee:14:fc:98:36:04:63:f0:90:
         ff:c3:76:ad:43:b1:36:bd:59:25:a3:0a:c0:db:60:56:27:3f:
         2e:7a:16:42:01:cc:5f:d0:bc:4e:2e:42:ba:2b:3a:f0:41:e5:
         fe:2e:e0:be:da:b8:df:ef:29:c7:db:d7:b7:b9:ae:8c:c3:7a:
         95:34:41:85:7c:7b:a4:c5:4c:4c:4b:83:02:a8:65:7b:82:0a:
         a1:37:45:39:73:97:89:a3:22:72:a4:a8:8e:aa:c4:ce:ed:46:
         e5:b5:ed:cb:c4:d3:68:ab:e7:99:44:a4:1b:7d:63:d6:0f:87:
         ef:b7:43:f1:1e:5f:4e:44:e9:56:f7:00:75:0a:ad:b8:fe:5b:
         e3:59:4d:16:82:eb:b5:9d:07:6c:0b:02:87:59:3b:81:57:1d:
         1a:0a:20:58:0f:b3:41:72:9f:ce:57:4f:41:91:a8:b8:64:15:
         4b:87:04:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZejiu2wVdwoqmZZW/JwhCNeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjM3NjkyZmY1YzQ1NDg2ZDEwNTNiMTQ5ZGMxNDIwMDI2
Y2Q3MzMwHhcNMjUwNjI0MjAwNDQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGY1ZTE3MGMyZDA0OTA2NTBjMzM2YmI1N2QwMmI4ZjZjN2QyZjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzBa2qnIG2CP6XL59rwHz+4QOLnIA
+zMxbomTsfUT20uKJy8N9ASpdpvZ+DQu5qYd5krOAjO/qg6evqO6d04BQSszQW9R
STquxe4MXcTrHVEp1cuzcfdgEUCc8uAiTkj9MrybEN0V04zYqtwACQO+rFgg27P3
VQdiUvCElsEmGx0eHed4LcH7CeaWFVsLdHO0ygt8kLJQ5wno6o2tdBA2Uood4pAk
sQ7Uv8wrtjJDRUgWAOq43woXbAGJtEJZNEYkOx7wsGJk5sGq2lzGg6ieVJ9udDUr
S4MV9TaV4Ir3j8YwAMOEQBOqHBAM02p4bAQUWfYOd0VICdySbJ0sg55rwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB314XDC0EkGUMM2u1fQK49sfS9nMB8GA1UdIwQY
MBaAFNVjdpL/XEVIbRBTsUncFCACbNczMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDkt
YWRlYWRlMjg2NWMxLzEvSGZYaGNNTFFTUVpRd3phN1Y5QXJqMng5TDJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDktYWRlYWRlMjg2NWMx
LzEvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDUPboMA0G
CSqGSIb3DQEBCwUAA4IBAQARR90taCRaLHpjm3xZN+1P4ZYDDsyTvK+oWE+b9OMs
uXxkeZ3XqRYeP5QmM5TCqa2kFLTcyApq89MPvBioQLteDZeSv0J/CKw33YF0OI1x
k0TuFPyYNgRj8JD/w3atQ7E2vVklowrA22BWJz8uehZCAcxf0LxOLkK6KzrwQeX+
LuC+2rjf7ynH29e3ua6Mw3qVNEGFfHukxUxMS4MCqGV7ggqhN0U5c5eJoyJypKiO
qsTO7Ublte3LxNNoq+eZRKQbfWPWD4fvt0PxHl9OROlW9wB1Cq24/lvjWU0Wguu1
nQdsCwKHWTuBVx0aCiBYD7NBcp/OV09Bkai4ZBVLhwTo
-----END CERTIFICATE-----