Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/baef57-c484-4523-b14e-88ebbf99780b/1/Hhl_Ps8o2QGnYco4FO1OXr5ijFU.roa
File:                     Hhl_Ps8o2QGnYco4FO1OXr5ijFU.roa (raw, json)
Hash identifier:          6fvLi0/fqupKmxDBTFAgP5SGIqAO7BfwicUQEAWog9E=
Subject key identifier:   1E:19:7F:3E:CF:28:D9:01:A7:61:CA:38:14:ED:4E:5E:BE:62:8C:55
Certificate issuer:       /CN=0e91de17437a0025fd1ede10f710f17a3080b3ab
Certificate serial:       01973A9C19092398347EAC365E129103D49B
Authority key identifier: 0E:91:DE:17:43:7A:00:25:FD:1E:DE:10:F7:10:F1:7A:30:80:B3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DpHeF0N6ACX9Ht4Q9xDxejCAs6s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/baef57-c484-4523-b14e-88ebbf99780b/1/Hhl_Ps8o2QGnYco4FO1OXr5ijFU.roa
Signing time:             Wed 04 Jun 2025 11:03:17 +0000
ROA not before:           Wed 04 Jun 2025 11:03:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205763
IP address blocks:        185.207.124.0/24 maxlen: 24
                          2a0b:2340::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/baef57-c484-4523-b14e-88ebbf99780b/1/DpHeF0N6ACX9Ht4Q9xDxejCAs6s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/baef57-c484-4523-b14e-88ebbf99780b/1/DpHeF0N6ACX9Ht4Q9xDxejCAs6s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DpHeF0N6ACX9Ht4Q9xDxejCAs6s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3a:9c:19:09:23:98:34:7e:ac:36:5e:12:91:03:d4:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e91de17437a0025fd1ede10f710f17a3080b3ab
        Validity
            Not Before: Jun  4 11:03:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e197f3ecf28d901a761ca3814ed4e5ebe628c55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:7e:ad:5a:23:0e:d4:12:c1:2c:b8:4a:11:16:
                    d3:53:f0:89:49:b9:1c:a5:04:91:49:50:e6:71:d6:
                    8d:58:e5:61:68:3e:12:32:fc:00:a5:87:84:bd:b8:
                    2f:c0:34:0b:b4:e3:7a:94:41:2f:05:5b:55:d7:89:
                    e3:2c:43:2d:7e:f6:6c:01:7a:b0:42:ee:42:47:09:
                    1c:94:6b:9d:5b:ce:5c:51:65:14:48:a5:0e:1a:b7:
                    b5:65:a2:1d:be:a0:de:cd:f0:db:d9:1d:27:5e:98:
                    33:81:e5:b5:b3:f5:8d:96:c5:96:25:e6:ad:c5:8d:
                    56:5a:07:ae:dd:72:5e:99:63:20:41:f6:f1:cd:b2:
                    d3:c4:04:2e:dd:0b:b0:9d:2d:28:7c:ec:dd:dc:d6:
                    5d:36:3f:be:6a:90:e1:db:4c:b0:2e:ac:de:3d:35:
                    7d:32:f6:33:fa:cc:dc:d7:e0:9a:3c:ba:57:62:7c:
                    d8:3b:80:f1:37:9f:c8:d6:d3:c8:a4:44:15:b3:4b:
                    4c:2d:50:15:0c:2b:1a:2e:9c:78:b2:74:cd:ef:2c:
                    c0:a2:1c:a6:ba:52:b4:88:1a:6c:04:65:7a:2e:f8:
                    a8:11:4f:ed:6b:5b:4b:87:b4:9a:c6:e1:97:65:98:
                    80:d9:ce:3b:53:51:85:36:dc:40:2f:fc:da:57:34:
                    bd:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:19:7F:3E:CF:28:D9:01:A7:61:CA:38:14:ED:4E:5E:BE:62:8C:55
            X509v3 Authority Key Identifier:
                keyid:0E:91:DE:17:43:7A:00:25:FD:1E:DE:10:F7:10:F1:7A:30:80:B3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DpHeF0N6ACX9Ht4Q9xDxejCAs6s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/baef57-c484-4523-b14e-88ebbf99780b/1/Hhl_Ps8o2QGnYco4FO1OXr5ijFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/baef57-c484-4523-b14e-88ebbf99780b/1/DpHeF0N6ACX9Ht4Q9xDxejCAs6s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.207.124.0/24
                IPv6:
                  2a0b:2340::/29

    Signature Algorithm: sha256WithRSAEncryption
         4e:12:ad:c1:25:9b:4d:4a:70:26:25:56:81:69:2b:ad:e1:57:
         ae:59:81:e6:74:04:9f:37:70:8a:fd:30:a4:3f:18:f2:31:f4:
         7a:44:4c:52:d1:be:b2:37:42:81:8a:fa:06:74:ef:b7:d2:6a:
         42:c3:c0:bb:15:e7:29:66:5c:9b:05:69:24:5f:04:03:32:fb:
         71:ac:f8:09:42:68:aa:29:ae:67:79:e6:89:6f:4c:a5:e8:86:
         39:e6:45:9d:c2:7c:f2:e8:9a:02:cf:b5:1e:37:69:d1:29:38:
         dc:a3:da:3b:14:ef:f6:d2:83:69:d2:93:96:8c:c0:99:00:14:
         82:6e:8e:44:67:4d:86:12:23:48:87:79:77:a7:c1:da:b5:28:
         4f:28:67:ca:e8:ca:be:cf:a5:23:f0:51:41:88:76:7e:1b:1d:
         7f:f9:6d:58:de:bc:4f:58:b7:8f:2f:8d:c1:0f:98:87:11:7d:
         52:e0:d2:42:19:6a:06:4d:cb:ba:84:3f:4e:92:8a:d3:1f:16:
         db:88:0a:3e:ac:a4:4c:52:d9:55:ba:0a:dd:db:26:97:74:3d:
         de:6b:af:53:48:26:a5:d8:0d:8c:79:d5:08:53:ef:12:71:4f:
         10:0d:e6:02:8a:8b:c2:75:b3:1d:76:15:2c:4f:47:86:16:d2:
         df:ce:b0:a0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZc6nBkJI5g0fqw2XhKRA9SbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlOTFkZTE3NDM3YTAwMjVmZDFlZGUxMGY3MTBmMTdhMzA4
MGIzYWIwHhcNMjUwNjA0MTEwMzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTE5N2YzZWNmMjhkOTAxYTc2MWNhMzgxNGVkNGU1ZWJlNjI4YzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkn6tWiMO1BLBLLhKERbTU/CJSbkc
pQSRSVDmcdaNWOVhaD4SMvwApYeEvbgvwDQLtON6lEEvBVtV14njLEMtfvZsAXqw
Qu5CRwkclGudW85cUWUUSKUOGre1ZaIdvqDezfDb2R0nXpgzgeW1s/WNlsWWJeat
xY1WWgeu3XJemWMgQfbxzbLTxAQu3QuwnS0ofOzd3NZdNj++apDh20ywLqzePTV9
MvYz+szc1+CaPLpXYnzYO4DxN5/I1tPIpEQVs0tMLVAVDCsaLpx4snTN7yzAohym
ulK0iBpsBGV6LvioEU/ta1tLh7SaxuGXZZiA2c47U1GFNtxAL/zaVzS9EwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB4Zfz7PKNkBp2HKOBTtTl6+YoxVMB8GA1UdIwQY
MBaAFA6R3hdDegAl/R7eEPcQ8XowgLOrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHBIZUYwTjZBQ1g5SHQ0UTl4RHhlakNBczZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9iYWVmNTctYzQ4NC00NTIzLWIxNGUt
ODhlYmJmOTk3ODBiLzEvSGhsX1BzOG8yUUduWWNvNEZPMU9YcjVpakZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9iYWVmNTctYzQ4NC00NTIzLWIxNGUtODhlYmJmOTk3ODBi
LzEvRHBIZUYwTjZBQ1g5SHQ0UTl4RHhlakNBczZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuc98MA0E
AgACMAcDBQMqCyNAMA0GCSqGSIb3DQEBCwUAA4IBAQBOEq3BJZtNSnAmJVaBaSut
4VeuWYHmdASfN3CK/TCkPxjyMfR6RExS0b6yN0KBivoGdO+30mpCw8C7FecpZlyb
BWkkXwQDMvtxrPgJQmiqKa5neeaJb0yl6IY55kWdwnzy6JoCz7UeN2nRKTjco9o7
FO/20oNp0pOWjMCZABSCbo5EZ02GEiNIh3l3p8HatShPKGfK6Mq+z6Uj8FFBiHZ+
Gx1/+W1Y3rxPWLePL43BD5iHEX1S4NJCGWoGTcu6hD9OkorTHxbbiAo+rKRMUtlV
ugrd2yaXdD3ea69TSCal2A2MedUIU+8ScU8QDeYCiovCdbMddhUsT0eGFtLfzrCg
-----END CERTIFICATE-----