Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/77fa2a-13fc-4da6-aebb-7456f430c3f1/1/HbiTFz7V9i6HXWWSqGlfQX8_ozw.roa
File:                     HbiTFz7V9i6HXWWSqGlfQX8_ozw.roa (raw, json)
Hash identifier:          BHZpHAZhPw4oI1w65XG0GhSp8q7BaCOt4LTrGAHW2wc=
Subject key identifier:   1D:B8:93:17:3E:D5:F6:2E:87:5D:65:92:A8:69:5F:41:7F:3F:A3:3C
Certificate issuer:       /CN=50f5fe99bc2232887116fdac82d4082adbc6acb7
Certificate serial:       0197F05A237ED56D761080B5322DEE5524FC
Authority key identifier: 50:F5:FE:99:BC:22:32:88:71:16:FD:AC:82:D4:08:2A:DB:C6:AC:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UPX-mbwiMohxFv2sgtQIKtvGrLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/77fa2a-13fc-4da6-aebb-7456f430c3f1/1/HbiTFz7V9i6HXWWSqGlfQX8_ozw.roa
Signing time:             Wed 09 Jul 2025 18:02:08 +0000
ROA not before:           Wed 09 Jul 2025 18:02:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204765
IP address blocks:        176.121.224.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/77fa2a-13fc-4da6-aebb-7456f430c3f1/1/UPX-mbwiMohxFv2sgtQIKtvGrLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/77fa2a-13fc-4da6-aebb-7456f430c3f1/1/UPX-mbwiMohxFv2sgtQIKtvGrLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UPX-mbwiMohxFv2sgtQIKtvGrLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f0:5a:23:7e:d5:6d:76:10:80:b5:32:2d:ee:55:24:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50f5fe99bc2232887116fdac82d4082adbc6acb7
        Validity
            Not Before: Jul  9 18:02:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1db893173ed5f62e875d6592a8695f417f3fa33c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:8c:3a:c5:26:f2:9e:b2:f8:a4:81:ec:3b:f7:
                    54:c1:fc:ea:dc:ad:74:1b:ab:d7:b2:31:e5:0c:13:
                    e9:c9:c3:7f:d9:f5:0c:50:b4:da:34:eb:42:52:84:
                    1b:fa:9b:4d:8b:93:d2:27:e7:12:84:20:f6:2c:8d:
                    92:d8:4d:e8:d1:2a:98:da:ea:f5:41:28:10:7f:93:
                    28:f3:b3:03:91:07:9e:6c:b3:95:23:d7:77:2c:22:
                    12:ce:b2:4e:6f:fa:6d:3e:56:d2:52:69:27:93:76:
                    1c:ab:5a:a8:fd:e5:8d:59:9e:cb:7e:16:bc:f3:d0:
                    46:d9:e5:28:91:ff:35:f3:29:83:2b:20:a0:46:bc:
                    d1:29:56:96:89:19:f0:d7:1e:26:67:5d:f0:32:99:
                    10:f3:86:40:d1:bd:43:1c:1c:b0:b5:00:8a:c4:52:
                    f6:81:b5:57:bc:70:af:d5:17:41:13:19:9c:01:d5:
                    bd:74:a6:5b:7c:44:0c:bd:ee:a7:40:45:fd:fd:69:
                    70:90:a1:c4:73:c8:f5:62:39:fe:d2:55:55:04:8c:
                    ea:ab:c7:cf:a0:ad:6d:5d:4f:74:8a:1c:61:ce:82:
                    2b:8a:79:9f:69:63:5d:0e:02:da:bf:eb:41:16:44:
                    0a:a8:c8:0f:72:79:9d:48:a5:6b:a1:c8:fd:01:1b:
                    4f:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:B8:93:17:3E:D5:F6:2E:87:5D:65:92:A8:69:5F:41:7F:3F:A3:3C
            X509v3 Authority Key Identifier:
                keyid:50:F5:FE:99:BC:22:32:88:71:16:FD:AC:82:D4:08:2A:DB:C6:AC:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UPX-mbwiMohxFv2sgtQIKtvGrLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/77fa2a-13fc-4da6-aebb-7456f430c3f1/1/HbiTFz7V9i6HXWWSqGlfQX8_ozw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/77fa2a-13fc-4da6-aebb-7456f430c3f1/1/UPX-mbwiMohxFv2sgtQIKtvGrLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.121.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         4f:e1:5b:56:34:9e:31:e7:d4:1b:52:2b:6a:ec:f1:9a:90:e7:
         30:ea:9a:9a:75:e8:54:b4:02:e7:0f:b9:43:c8:e3:15:e2:9b:
         79:40:71:95:5e:a8:cc:11:a5:8c:18:d4:15:77:ba:6d:15:6f:
         a1:d4:14:e0:a3:88:b6:35:ba:2e:b9:54:2a:9b:20:9e:5e:2a:
         7c:e9:96:f4:cc:f9:b3:9e:6e:0e:cc:cd:6e:4f:dc:e2:22:b2:
         ee:fe:94:b0:1f:62:62:9a:96:d1:66:b2:ed:09:f6:1a:66:06:
         f8:b5:7b:dd:5c:f1:e7:d4:b4:82:87:f0:e0:a3:d3:be:c3:f1:
         31:40:ef:5b:03:cc:dd:67:ab:29:ef:51:d0:3a:c0:61:8e:f1:
         d2:4e:12:cf:c8:88:e3:84:aa:2f:0e:8f:e1:42:e6:0f:c3:dc:
         e8:2b:6a:c2:8f:7c:21:9a:ac:8b:8f:fb:b8:db:5e:2d:9b:23:
         03:88:77:b8:20:5b:8e:16:15:51:40:cf:ae:b4:e0:0f:57:f4:
         e6:63:8d:54:1d:40:d4:0d:a0:05:8d:c2:6a:b2:5f:1b:32:92:
         46:ca:29:83:8d:13:7f:2c:89:0c:23:9a:3b:24:fb:ff:36:42:
         5c:8b:f4:e2:4a:57:a3:d3:21:ac:ac:24:93:61:68:a6:03:53:
         cc:4e:bc:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfwWiN+1W12EIC1Mi3uVST8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwZjVmZTk5YmMyMjMyODg3MTE2ZmRhYzgyZDQwODJhZGJj
NmFjYjcwHhcNMjUwNzA5MTgwMjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGI4OTMxNzNlZDVmNjJlODc1ZDY1OTJhODY5NWY0MTdmM2ZhMzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Yw6xSbynrL4pIHsO/dUwfzq3K10
G6vXsjHlDBPpycN/2fUMULTaNOtCUoQb+ptNi5PSJ+cShCD2LI2S2E3o0SqY2ur1
QSgQf5Mo87MDkQeebLOVI9d3LCISzrJOb/ptPlbSUmknk3Ycq1qo/eWNWZ7Lfha8
89BG2eUokf818ymDKyCgRrzRKVaWiRnw1x4mZ13wMpkQ84ZA0b1DHBywtQCKxFL2
gbVXvHCv1RdBExmcAdW9dKZbfEQMve6nQEX9/WlwkKHEc8j1Yjn+0lVVBIzqq8fP
oK1tXU90ihxhzoIrinmfaWNdDgLav+tBFkQKqMgPcnmdSKVrocj9ARtPDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB24kxc+1fYuh11lkqhpX0F/P6M8MB8GA1UdIwQY
MBaAFFD1/pm8IjKIcRb9rILUCCrbxqy3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVBYLW1id2lNb2h4RnYyc2d0UUlLdHZHckxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC83N2ZhMmEtMTNmYy00ZGE2LWFlYmIt
NzQ1NmY0MzBjM2YxLzEvSGJpVEZ6N1Y5aTZIWFdXU3FHbGZRWDhfb3p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC83N2ZhMmEtMTNmYy00ZGE2LWFlYmItNzQ1NmY0MzBjM2Yx
LzEvVVBYLW1id2lNb2h4RnYyc2d0UUlLdHZHckxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFsHngMA0G
CSqGSIb3DQEBCwUAA4IBAQBP4VtWNJ4x59QbUitq7PGakOcw6pqadehUtALnD7lD
yOMV4pt5QHGVXqjMEaWMGNQVd7ptFW+h1BTgo4i2NbouuVQqmyCeXip86Zb0zPmz
nm4OzM1uT9ziIrLu/pSwH2JimpbRZrLtCfYaZgb4tXvdXPHn1LSCh/Dgo9O+w/Ex
QO9bA8zdZ6sp71HQOsBhjvHSThLPyIjjhKovDo/hQuYPw9zoK2rCj3whmqyLj/u4
214tmyMDiHe4IFuOFhVRQM+utOAPV/TmY41UHUDUDaAFjcJqsl8bMpJGyimDjRN/
LIkMI5o7JPv/NkJci/TiSlej0yGsrCSTYWimA1PMTrzA
-----END CERTIFICATE-----