Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/cf4d58-6a5e-4e16-915f-a9e6dec7ce7c/1/hkwJsKiTfC8rW3KRi6Vmul-Orv8.roa
File:                     hkwJsKiTfC8rW3KRi6Vmul-Orv8.roa (raw, json)
Hash identifier:          c0qpWB0aVtdIXpzZykn1cgENgV2hof3vV2QdsHMYwCs=
Subject key identifier:   86:4C:09:B0:A8:93:7C:2F:2B:5B:72:91:8B:A5:66:BA:5F:8E:AE:FF
Certificate issuer:       /CN=5788cc0f0edc55f26f4c1b5a86f7be4551d4e315
Certificate serial:       0197C4C26078F44AC1A24369F8203269345D
Authority key identifier: 57:88:CC:0F:0E:DC:55:F2:6F:4C:1B:5A:86:F7:BE:45:51:D4:E3:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V4jMDw7cVfJvTBtahve-RVHU4xU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/cf4d58-6a5e-4e16-915f-a9e6dec7ce7c/1/hkwJsKiTfC8rW3KRi6Vmul-Orv8.roa
Signing time:             Tue 01 Jul 2025 06:52:42 +0000
ROA not before:           Tue 01 Jul 2025 06:52:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44906
IP address blocks:        194.42.44.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/cf4d58-6a5e-4e16-915f-a9e6dec7ce7c/1/V4jMDw7cVfJvTBtahve-RVHU4xU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/cf4d58-6a5e-4e16-915f-a9e6dec7ce7c/1/V4jMDw7cVfJvTBtahve-RVHU4xU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V4jMDw7cVfJvTBtahve-RVHU4xU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c4:c2:60:78:f4:4a:c1:a2:43:69:f8:20:32:69:34:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5788cc0f0edc55f26f4c1b5a86f7be4551d4e315
        Validity
            Not Before: Jul  1 06:52:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=864c09b0a8937c2f2b5b72918ba566ba5f8eaeff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:41:2a:2e:3b:12:23:c8:1a:f0:ac:dc:51:49:
                    29:70:d8:8a:90:54:97:f3:9f:18:8a:26:b7:09:ed:
                    e1:0f:50:2a:5a:b2:f4:eb:db:b4:b5:93:de:b5:43:
                    65:4c:90:40:f2:32:76:44:a1:83:1f:6f:b1:c0:9c:
                    f0:59:c2:23:e7:85:10:5e:e4:66:8d:bc:e2:b8:b0:
                    a0:a6:de:c2:6d:61:c3:b3:67:df:e6:43:64:32:30:
                    1f:dc:e3:12:1d:3b:54:fa:60:a3:df:0b:47:50:3d:
                    f5:8f:fc:e9:49:e2:41:00:a5:f7:3c:d7:25:5d:95:
                    67:5f:cc:82:8b:45:b6:82:6c:b8:a6:15:9e:3f:e1:
                    59:8b:e0:19:6a:db:25:6e:f2:dd:ed:82:73:18:24:
                    8b:ed:88:dc:7d:fa:ec:76:c0:5c:5f:88:60:17:da:
                    e9:0c:74:0a:49:49:88:65:1b:f7:a5:30:eb:1b:59:
                    90:6c:28:6d:e3:34:93:b0:5c:46:70:ef:43:2f:d2:
                    c7:92:bc:58:59:af:bf:1d:96:68:ac:21:8e:30:6f:
                    4a:f9:b4:62:05:76:5a:0b:0e:40:c0:33:37:06:79:
                    a2:93:99:4a:14:20:ed:ce:cf:64:da:74:2d:70:57:
                    3e:22:c4:c2:a0:f5:ae:7b:cb:1c:8e:6f:2b:0d:f9:
                    51:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:4C:09:B0:A8:93:7C:2F:2B:5B:72:91:8B:A5:66:BA:5F:8E:AE:FF
            X509v3 Authority Key Identifier:
                keyid:57:88:CC:0F:0E:DC:55:F2:6F:4C:1B:5A:86:F7:BE:45:51:D4:E3:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V4jMDw7cVfJvTBtahve-RVHU4xU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/cf4d58-6a5e-4e16-915f-a9e6dec7ce7c/1/hkwJsKiTfC8rW3KRi6Vmul-Orv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/cf4d58-6a5e-4e16-915f-a9e6dec7ce7c/1/V4jMDw7cVfJvTBtahve-RVHU4xU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.42.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         70:b1:06:0f:7c:b8:1d:23:ca:c1:e0:e9:75:0d:91:19:05:cf:
         be:aa:68:99:5d:9e:3a:4f:21:6f:05:a5:63:a1:e5:cc:d4:eb:
         3b:3c:24:66:55:12:e0:48:1b:46:29:bf:2b:34:b7:88:f3:17:
         98:7a:a2:62:ca:31:35:39:3f:5a:f9:af:bc:4f:9d:8f:ec:c3:
         40:58:f1:33:32:b6:4a:2d:4e:ba:9f:d8:5d:8b:f9:c8:d0:d6:
         3d:bb:29:5d:08:e8:73:de:b6:2c:40:e2:6f:ec:bc:25:53:87:
         15:5f:a3:05:cf:ea:f7:2a:7c:88:ba:92:4a:26:88:de:56:29:
         62:9e:44:97:92:9e:64:4a:42:69:16:dc:12:f5:88:2a:10:b1:
         ad:7a:e0:67:a7:20:b0:a3:3c:ba:08:11:e3:e3:d4:4b:a1:ea:
         76:83:10:98:a4:ce:6c:7d:e4:35:82:77:22:3c:14:40:50:ef:
         bd:c0:18:66:0e:56:4b:14:ef:14:68:1d:ce:02:ba:3d:15:23:
         bc:2e:c4:c6:75:c0:3b:d1:14:64:1f:13:20:92:f6:df:20:ab:
         91:56:83:b6:0f:7e:a6:66:93:4f:61:c6:20:52:86:2d:c0:3c:
         f5:2c:6d:97:7e:74:5e:2f:19:f1:87:3f:59:86:8b:c5:de:2e:
         8e:a3:c9:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfEwmB49ErBokNp+CAyaTRdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3ODhjYzBmMGVkYzU1ZjI2ZjRjMWI1YTg2ZjdiZTQ1NTFk
NGUzMTUwHhcNMjUwNzAxMDY1MjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjRjMDliMGE4OTM3YzJmMmI1YjcyOTE4YmE1NjZiYTVmOGVhZWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEEqLjsSI8ga8KzcUUkpcNiKkFSX
858Yiia3Ce3hD1AqWrL069u0tZPetUNlTJBA8jJ2RKGDH2+xwJzwWcIj54UQXuRm
jbziuLCgpt7CbWHDs2ff5kNkMjAf3OMSHTtU+mCj3wtHUD31j/zpSeJBAKX3PNcl
XZVnX8yCi0W2gmy4phWeP+FZi+AZatslbvLd7YJzGCSL7YjcffrsdsBcX4hgF9rp
DHQKSUmIZRv3pTDrG1mQbCht4zSTsFxGcO9DL9LHkrxYWa+/HZZorCGOMG9K+bRi
BXZaCw5AwDM3Bnmik5lKFCDtzs9k2nQtcFc+IsTCoPWue8scjm8rDflRNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZMCbCok3wvK1tykYulZrpfjq7/MB8GA1UdIwQY
MBaAFFeIzA8O3FXyb0wbWob3vkVR1OMVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjRqTUR3N2NWZkp2VEJ0YWh2ZS1SVkhVNHhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9jZjRkNTgtNmE1ZS00ZTE2LTkxNWYt
YTllNmRlYzdjZTdjLzEvaGt3SnNLaVRmQzhyVzNLUmk2Vm11bC1PcnY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9jZjRkNTgtNmE1ZS00ZTE2LTkxNWYtYTllNmRlYzdjZTdj
LzEvVjRqTUR3N2NWZkp2VEJ0YWh2ZS1SVkhVNHhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwiosMA0G
CSqGSIb3DQEBCwUAA4IBAQBwsQYPfLgdI8rB4Ol1DZEZBc++qmiZXZ46TyFvBaVj
oeXM1Os7PCRmVRLgSBtGKb8rNLeI8xeYeqJiyjE1OT9a+a+8T52P7MNAWPEzMrZK
LU66n9hdi/nI0NY9uyldCOhz3rYsQOJv7LwlU4cVX6MFz+r3KnyIupJKJojeVili
nkSXkp5kSkJpFtwS9YgqELGteuBnpyCwozy6CBHj49RLoep2gxCYpM5sfeQ1gnci
PBRAUO+9wBhmDlZLFO8UaB3OAro9FSO8LsTGdcA70RRkHxMgkvbfIKuRVoO2D36m
ZpNPYcYgUoYtwDz1LG2XfnReLxnxhz9ZhovF3i6Oo8kw
-----END CERTIFICATE-----