Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/cHQZJKLG2cB7omX95uex3ej-o5U.roa
File:                     cHQZJKLG2cB7omX95uex3ej-o5U.roa (raw, json)
Hash identifier:          l0IEM8oMzb1z3liJoqPq9NLy115fGzBvP1p/muYzSgg=
Subject key identifier:   70:74:19:24:A2:C6:D9:C0:7B:A2:65:FD:E6:E7:B1:DD:E8:FE:A3:95
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0199106986D38DEF1CCAE2CD4C01A90FB013
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/cHQZJKLG2cB7omX95uex3ej-o5U.roa
Signing time:             Wed 03 Sep 2025 16:29:35 +0000
ROA not before:           Wed 03 Sep 2025 16:29:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215433
IP address blocks:        94.156.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Sep 2025 17:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:10:69:86:d3:8d:ef:1c:ca:e2:cd:4c:01:a9:0f:b0:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Sep  3 16:29:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70741924a2c6d9c07ba265fde6e7b1dde8fea395
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:9f:81:75:0a:ec:42:a7:f3:10:d3:b2:f5:75:
                    24:d5:3a:2b:44:61:e5:99:08:0e:c3:fb:8d:62:69:
                    ba:91:d6:20:01:1c:fd:5c:5d:84:af:23:09:7d:29:
                    a8:a0:ff:e1:7f:c1:a7:01:bf:e5:1e:29:7e:8f:be:
                    b2:96:3c:a3:20:88:43:2a:af:03:e2:77:1d:cd:3e:
                    fd:2a:1f:1b:38:6b:26:9e:80:3a:53:c3:d2:1e:34:
                    41:14:30:d2:32:d1:d6:86:91:de:73:5f:04:34:45:
                    d0:7b:3e:40:43:3a:d9:70:c6:9d:47:5d:0c:af:ea:
                    d2:48:70:29:ca:97:c5:24:af:66:56:1e:6f:80:04:
                    2f:b9:da:48:20:f8:8a:c2:d8:89:36:0b:0b:bf:b8:
                    91:f4:d1:5f:10:ae:ee:ff:28:52:89:66:6b:77:68:
                    cd:f2:ec:af:c3:86:8c:fa:59:5d:18:69:fd:47:44:
                    8e:39:01:d4:32:0d:cd:75:cf:90:c8:59:a8:f3:7a:
                    61:95:09:ec:1c:dc:2f:2d:1a:c5:3c:3a:b1:5a:53:
                    84:b5:80:b0:6d:cd:b2:29:1f:35:1d:8a:3f:d7:00:
                    f4:38:d1:b6:07:8d:ac:42:eb:da:10:a8:a1:eb:db:
                    4f:f0:d2:6c:15:4e:97:bf:1c:95:16:a4:20:52:43:
                    5e:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:74:19:24:A2:C6:D9:C0:7B:A2:65:FD:E6:E7:B1:DD:E8:FE:A3:95
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/cHQZJKLG2cB7omX95uex3ej-o5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.156.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:b4:4b:0e:ba:c6:86:e2:3c:2f:a8:3e:1f:55:64:19:5e:3d:
         d0:52:f2:e0:56:8c:0e:5e:1a:f1:65:91:f3:b9:a8:91:fb:b9:
         3d:e5:c1:9a:40:ef:52:8f:f1:ba:96:a8:65:cf:82:fc:96:39:
         14:83:a7:4a:44:ce:34:06:39:eb:62:81:65:09:65:51:ed:da:
         a6:dc:f5:c4:13:ed:5e:7e:7f:93:8b:e6:2e:34:f8:0f:c2:02:
         ec:7c:c4:cf:a2:c0:31:8c:4a:f5:e8:93:da:97:b8:73:12:81:
         30:83:a8:c5:ac:ac:57:68:ac:70:7c:84:c8:95:e2:70:ff:9a:
         60:48:59:be:8e:5c:10:d5:23:a6:b3:97:ed:6d:78:56:ce:68:
         2f:54:71:b4:ec:c7:74:c0:ab:b2:0a:33:90:4e:a7:c1:ff:74:
         ed:75:31:5c:c5:72:7e:53:78:ea:d8:6d:b0:76:a0:bb:5f:8f:
         4e:dd:60:d1:c5:50:cf:95:64:cc:17:52:5d:5a:79:7f:76:3e:
         de:a1:af:ba:c0:2c:10:06:cb:9b:03:6c:ee:12:5d:31:40:1c:
         bb:3e:18:34:aa:a5:c7:c6:5f:97:c9:05:9c:73:8c:52:7d:99:
         d2:9a:aa:b0:f5:93:b8:96:13:09:f7:1a:83:a8:61:15:00:0e:
         f0:82:98:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkQaYbTje8cyuLNTAGpD7ATMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwOTAzMTYyOTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDc0MTkyNGEyYzZkOWMwN2JhMjY1ZmRlNmU3YjFkZGU4ZmVhMzk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4J+BdQrsQqfzENOy9XUk1TorRGHl
mQgOw/uNYmm6kdYgARz9XF2EryMJfSmooP/hf8GnAb/lHil+j76yljyjIIhDKq8D
4ncdzT79Kh8bOGsmnoA6U8PSHjRBFDDSMtHWhpHec18ENEXQez5AQzrZcMadR10M
r+rSSHApypfFJK9mVh5vgAQvudpIIPiKwtiJNgsLv7iR9NFfEK7u/yhSiWZrd2jN
8uyvw4aM+lldGGn9R0SOOQHUMg3Ndc+QyFmo83phlQnsHNwvLRrFPDqxWlOEtYCw
bc2yKR81HYo/1wD0ONG2B42sQuvaEKih69tP8NJsFU6XvxyVFqQgUkNeNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHB0GSSixtnAe6Jl/ebnsd3o/qOVMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvY0hRWkpLTEcyY0I3b21YOTV1ZXgzZWotbzVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpzuMA0G
CSqGSIb3DQEBCwUAA4IBAQBotEsOusaG4jwvqD4fVWQZXj3QUvLgVowOXhrxZZHz
uaiR+7k95cGaQO9Sj/G6lqhlz4L8ljkUg6dKRM40BjnrYoFlCWVR7dqm3PXEE+1e
fn+Ti+YuNPgPwgLsfMTPosAxjEr16JPal7hzEoEwg6jFrKxXaKxwfITIleJw/5pg
SFm+jlwQ1SOms5ftbXhWzmgvVHG07Md0wKuyCjOQTqfB/3TtdTFcxXJ+U3jq2G2w
dqC7X49O3WDRxVDPlWTMF1JdWnl/dj7eoa+6wCwQBsubA2zuEl0xQBy7Phg0qqXH
xl+XyQWcc4xSfZnSmqqw9ZO4lhMJ9xqDqGEVAA7wgpj6
-----END CERTIFICATE-----