Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/bc5fd7-3e63-4945-afb7-1175e5a07a55/1/HANmGqWDLzD8xzgH1N2qbf2RpVU.roa
File:                     HANmGqWDLzD8xzgH1N2qbf2RpVU.roa (raw, json)
Hash identifier:          w2O64hJj+mcPhVqUkjApVC5JtsigQzHQewLezmoT9do=
Subject key identifier:   1C:03:66:1A:A5:83:2F:30:FC:C7:38:07:D4:DD:AA:6D:FD:91:A5:55
Certificate issuer:       /CN=d3f60b176d95fd8d3d0bd65c5d12c83941f7f054
Certificate serial:       0196CB0B3041E7833BE8BA70041A2F5C7B84
Authority key identifier: D3:F6:0B:17:6D:95:FD:8D:3D:0B:D6:5C:5D:12:C8:39:41:F7:F0:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0_YLF22V_Y09C9ZcXRLIOUH38FQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/bc5fd7-3e63-4945-afb7-1175e5a07a55/1/HANmGqWDLzD8xzgH1N2qbf2RpVU.roa
Signing time:             Tue 13 May 2025 19:07:10 +0000
ROA not before:           Tue 13 May 2025 19:07:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        194.201.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/bc5fd7-3e63-4945-afb7-1175e5a07a55/1/0_YLF22V_Y09C9ZcXRLIOUH38FQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/bc5fd7-3e63-4945-afb7-1175e5a07a55/1/0_YLF22V_Y09C9ZcXRLIOUH38FQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0_YLF22V_Y09C9ZcXRLIOUH38FQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 01 Jun 2025 19:01:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:cb:0b:30:41:e7:83:3b:e8:ba:70:04:1a:2f:5c:7b:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3f60b176d95fd8d3d0bd65c5d12c83941f7f054
        Validity
            Not Before: May 13 19:07:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c03661aa5832f30fcc73807d4ddaa6dfd91a555
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:32:ed:e4:63:c2:b6:ff:10:7c:d4:2d:d9:98:
                    f9:ec:d8:50:f2:ca:6d:94:2b:18:55:58:df:b3:bb:
                    3e:bd:14:e9:14:c8:95:dc:61:4d:50:2c:67:fb:20:
                    a9:cb:70:6f:6d:00:ac:21:d5:3a:44:b1:69:dd:9f:
                    d0:f9:44:cb:d5:34:18:01:90:be:9a:6d:50:f7:fa:
                    03:93:d0:d5:aa:45:ce:8a:d2:74:96:41:bc:31:50:
                    0c:74:10:71:5d:48:de:76:31:3c:5e:47:11:a8:f9:
                    3d:98:f6:04:55:3d:d7:52:94:c1:9b:75:b7:d3:d1:
                    76:f9:89:c8:ed:f7:a1:25:82:08:4a:b7:ec:d6:75:
                    0d:2c:d1:83:80:58:0a:46:b4:bd:5c:7a:c1:bb:17:
                    37:e6:c3:fe:d9:e9:f1:69:d8:ad:03:ce:27:5a:cf:
                    df:79:b0:9a:14:e5:1c:03:cb:71:cb:6d:cd:11:7e:
                    16:cc:13:66:ec:19:71:2f:78:99:d5:e5:80:d3:cc:
                    0f:22:02:4c:22:4c:25:c4:5f:4e:82:42:aa:ac:59:
                    87:b6:46:60:4f:a9:f7:12:1b:0b:13:4b:fe:32:4b:
                    ab:2c:aa:ad:6e:2a:9d:8c:c6:a0:f0:56:f5:05:f2:
                    a8:c4:2a:8b:72:f4:6d:c5:4e:c8:68:e7:51:b6:25:
                    3e:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:03:66:1A:A5:83:2F:30:FC:C7:38:07:D4:DD:AA:6D:FD:91:A5:55
            X509v3 Authority Key Identifier:
                keyid:D3:F6:0B:17:6D:95:FD:8D:3D:0B:D6:5C:5D:12:C8:39:41:F7:F0:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0_YLF22V_Y09C9ZcXRLIOUH38FQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/bc5fd7-3e63-4945-afb7-1175e5a07a55/1/HANmGqWDLzD8xzgH1N2qbf2RpVU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/bc5fd7-3e63-4945-afb7-1175e5a07a55/1/0_YLF22V_Y09C9ZcXRLIOUH38FQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.201.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:34:7e:bc:5d:d6:41:ad:42:9e:22:f5:41:4f:5a:87:ba:7b:
         06:62:6a:52:0c:20:df:d6:86:44:b4:ac:23:45:70:1a:c9:e2:
         00:11:b4:66:a8:86:e3:dd:94:9a:78:6b:32:43:ea:9a:ef:b9:
         f2:ae:1b:14:d5:2a:c0:3b:97:ae:57:c4:6f:88:de:d7:05:a5:
         2f:b2:74:cf:d9:08:47:a6:09:54:80:25:0b:82:7d:bc:74:ce:
         d4:45:50:d1:b7:cb:45:c1:92:0d:38:30:7a:05:b1:e1:9f:47:
         b9:9d:40:23:39:51:c9:2d:17:8b:fe:6d:13:dc:a4:9d:b6:f4:
         6d:73:61:a8:8e:e1:0a:0e:33:7a:6f:6b:0c:57:29:45:c1:5f:
         a1:ac:5e:18:64:66:b0:d0:84:b3:64:4a:9b:43:1d:f2:30:c4:
         84:e2:02:d7:4c:e1:02:41:1a:c4:b3:14:e8:c9:35:c1:1a:14:
         63:f7:2f:1b:32:59:b6:da:ea:ab:8e:5d:da:87:4a:c5:e3:7f:
         f9:06:53:cb:fe:bd:54:f2:83:d8:a6:04:08:a3:72:db:9f:c1:
         38:0b:2e:eb:ff:2c:a2:0a:94:12:d8:1e:7a:5d:53:8a:5b:1a:
         43:cd:25:bf:60:72:40:89:4d:59:dd:a3:da:27:90:f0:5a:f7:
         fe:7d:86:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbLCzBB54M76LpwBBovXHuEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzZjYwYjE3NmQ5NWZkOGQzZDBiZDY1YzVkMTJjODM5NDFm
N2YwNTQwHhcNMjUwNTEzMTkwNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzAzNjYxYWE1ODMyZjMwZmNjNzM4MDdkNGRkYWE2ZGZkOTFhNTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujLt5GPCtv8QfNQt2Zj57NhQ8spt
lCsYVVjfs7s+vRTpFMiV3GFNUCxn+yCpy3BvbQCsIdU6RLFp3Z/Q+UTL1TQYAZC+
mm1Q9/oDk9DVqkXOitJ0lkG8MVAMdBBxXUjedjE8XkcRqPk9mPYEVT3XUpTBm3W3
09F2+YnI7fehJYIISrfs1nUNLNGDgFgKRrS9XHrBuxc35sP+2enxaditA84nWs/f
ebCaFOUcA8txy23NEX4WzBNm7BlxL3iZ1eWA08wPIgJMIkwlxF9OgkKqrFmHtkZg
T6n3EhsLE0v+MkurLKqtbiqdjMag8Fb1BfKoxCqLcvRtxU7IaOdRtiU+bQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBwDZhqlgy8w/Mc4B9Tdqm39kaVVMB8GA1UdIwQY
MBaAFNP2Cxdtlf2NPQvWXF0SyDlB9/BUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMF9ZTEYyMlZfWTA5QzlaY1hSTElPVUgzOEZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9iYzVmZDctM2U2My00OTQ1LWFmYjct
MTE3NWU1YTA3YTU1LzEvSEFObUdxV0RMekQ4eHpnSDFOMnFiZjJScFZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9iYzVmZDctM2U2My00OTQ1LWFmYjctMTE3NWU1YTA3YTU1
LzEvMF9ZTEYyMlZfWTA5QzlaY1hSTElPVUgzOEZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwsn9MA0G
CSqGSIb3DQEBCwUAA4IBAQBxNH68XdZBrUKeIvVBT1qHunsGYmpSDCDf1oZEtKwj
RXAayeIAEbRmqIbj3ZSaeGsyQ+qa77nyrhsU1SrAO5euV8RviN7XBaUvsnTP2QhH
pglUgCULgn28dM7URVDRt8tFwZINODB6BbHhn0e5nUAjOVHJLReL/m0T3KSdtvRt
c2GojuEKDjN6b2sMVylFwV+hrF4YZGaw0ISzZEqbQx3yMMSE4gLXTOECQRrEsxTo
yTXBGhRj9y8bMlm22uqrjl3ah0rF43/5BlPL/r1U8oPYpgQIo3Lbn8E4Cy7r/yyi
CpQS2B56XVOKWxpDzSW/YHJAiU1Z3aPaJ5DwWvf+fYar
-----END CERTIFICATE-----