Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/HVzVqijJ7o0qrvWlkxNDkAPmHEY.roa
File:                     HVzVqijJ7o0qrvWlkxNDkAPmHEY.roa (raw, json)
Hash identifier:          2sVW5O8aGxQtgL38hF70ppYxmwMEKx6589a9501LodE=
Subject key identifier:   1D:5C:D5:AA:28:C9:EE:8D:2A:AE:F5:A5:93:13:43:90:03:E6:1C:46
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0196F2CEB291E2EF96FCD2FBAB0EDC60427D
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/HVzVqijJ7o0qrvWlkxNDkAPmHEY.roa
Signing time:             Wed 21 May 2025 12:25:54 +0000
ROA not before:           Wed 21 May 2025 12:25:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44382
IP address blocks:        79.110.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 00:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f2:ce:b2:91:e2:ef:96:fc:d2:fb:ab:0e:dc:60:42:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May 21 12:25:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d5cd5aa28c9ee8d2aaef5a59313439003e61c46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:dc:41:68:e2:d3:00:d3:51:13:3d:d9:8f:2d:
                    26:4f:b8:5b:60:2d:af:60:55:ad:51:8f:d6:2e:df:
                    68:2d:59:3a:7c:50:f8:67:34:a1:75:3c:7f:4f:96:
                    29:a0:18:fe:35:a9:e2:99:e3:6b:7a:14:48:f4:df:
                    80:30:8b:65:e4:d2:13:dc:a3:1a:9e:d0:61:28:8d:
                    59:31:94:5d:70:c6:16:87:77:2b:ff:3e:5e:4b:91:
                    08:47:32:5d:e7:c0:a6:5f:f1:ac:a7:50:5a:e7:5b:
                    d4:d3:15:0b:56:ea:74:78:9e:88:73:15:5e:49:78:
                    8c:a6:2b:36:2a:c0:76:a7:ae:76:d2:0b:8a:fe:d0:
                    4e:6a:81:08:2f:21:13:20:76:9f:9e:f0:64:7a:db:
                    27:bc:cb:51:7d:db:af:6c:36:fe:4c:f5:b2:f8:06:
                    b3:89:4d:2a:65:6d:dd:7b:46:f5:f2:a4:ff:9b:5d:
                    32:d0:37:af:4d:4d:49:3d:56:cc:41:e9:52:66:81:
                    5e:f4:04:f0:92:a0:24:01:ab:be:e1:31:f1:9d:3c:
                    e0:6d:c3:0c:47:0e:1f:9b:73:06:90:15:3a:da:0c:
                    34:18:22:c5:98:69:b1:e9:b7:00:25:2e:68:60:c6:
                    17:02:5f:52:a3:31:a1:61:07:11:1f:e5:86:7f:a9:
                    8d:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:5C:D5:AA:28:C9:EE:8D:2A:AE:F5:A5:93:13:43:90:03:E6:1C:46
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/HVzVqijJ7o0qrvWlkxNDkAPmHEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:3e:6c:b5:7e:dc:a3:7b:18:6b:dd:6d:3b:63:85:7f:cc:c0:
         31:80:60:39:79:84:16:6e:63:63:38:2a:bf:e0:38:9a:26:99:
         3f:1a:22:07:2d:26:9d:c6:98:c5:3e:97:b1:f6:09:62:34:07:
         16:ca:ed:97:c5:ca:a0:e6:d4:49:41:93:4c:d0:a4:72:41:aa:
         0a:79:f4:04:be:dc:23:06:a8:f5:8b:a0:46:04:dd:06:11:41:
         08:5f:43:8e:48:b6:75:5a:d3:93:0c:c8:26:3d:6d:fa:c4:80:
         02:a5:f1:99:5a:22:d7:fc:9f:8d:ce:70:bb:9a:7d:d0:8f:94:
         aa:38:be:8e:82:52:37:55:7a:40:66:c6:e8:49:4b:63:4d:11:
         c7:cd:98:d0:7a:4d:5c:ca:f4:82:50:b5:1b:3f:8b:93:aa:c6:
         b3:ef:fa:81:2e:40:1a:09:7c:d1:82:02:5e:c6:ee:38:40:87:
         b4:43:52:8f:98:53:ef:43:29:5a:bc:92:ab:99:06:cb:6c:00:
         5e:21:85:da:b2:26:ef:28:32:58:89:f0:29:46:44:51:f0:c8:
         d9:2c:3e:e2:10:89:b9:e4:50:91:5c:0b:27:f4:1b:a0:49:fb:
         9c:5f:b1:8a:bc:88:b5:e2:9b:ea:74:d5:10:7f:eb:cd:3f:1d:
         de:cd:2f:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbyzrKR4u+W/NL7qw7cYEJ9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNTIxMTIyNTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDVjZDVhYTI4YzllZThkMmFhZWY1YTU5MzEzNDM5MDAzZTYxYzQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqNxBaOLTANNREz3Zjy0mT7hbYC2v
YFWtUY/WLt9oLVk6fFD4ZzShdTx/T5YpoBj+NanimeNrehRI9N+AMItl5NIT3KMa
ntBhKI1ZMZRdcMYWh3cr/z5eS5EIRzJd58CmX/Gsp1Ba51vU0xULVup0eJ6IcxVe
SXiMpis2KsB2p6520guK/tBOaoEILyETIHafnvBketsnvMtRfduvbDb+TPWy+Aaz
iU0qZW3de0b18qT/m10y0DevTU1JPVbMQelSZoFe9ATwkqAkAau+4THxnTzgbcMM
Rw4fm3MGkBU62gw0GCLFmGmx6bcAJS5oYMYXAl9SozGhYQcRH+WGf6mNqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB1c1aooye6NKq71pZMTQ5AD5hxGMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSFZ6VnFpako3bzBxcnZXbGt4TkRrQVBtSEVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT24yMA0G
CSqGSIb3DQEBCwUAA4IBAQCHPmy1ftyjexhr3W07Y4V/zMAxgGA5eYQWbmNjOCq/
4DiaJpk/GiIHLSadxpjFPpex9gliNAcWyu2Xxcqg5tRJQZNM0KRyQaoKefQEvtwj
Bqj1i6BGBN0GEUEIX0OOSLZ1WtOTDMgmPW36xIACpfGZWiLX/J+NznC7mn3Qj5Sq
OL6OglI3VXpAZsboSUtjTRHHzZjQek1cyvSCULUbP4uTqsaz7/qBLkAaCXzRggJe
xu44QIe0Q1KPmFPvQylavJKrmQbLbABeIYXasibvKDJYifApRkRR8MjZLD7iEIm5
5FCRXAsn9BugSfucX7GKvIi14pvqdNUQf+vNPx3ezS+C
-----END CERTIFICATE-----