Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d96688-2d98-4634-86db-b35a0a1453fb/1/hPSG-Jdcz29OBANRkLWHEzWA5Kk.roa
File:                     hPSG-Jdcz29OBANRkLWHEzWA5Kk.roa (raw, json)
Hash identifier:          U4NiT3zb8/Cvex2X+6FLghtEgLR1KuWHLdqLp8Ppbzc=
Subject key identifier:   84:F4:86:F8:97:5C:CF:6F:4E:04:03:51:90:B5:87:13:35:80:E4:A9
Certificate issuer:       /CN=003b2c3871069002ad0b2f42b0cbf5e92e3be4b3
Certificate serial:       0199B3BFE1B2166594C167995B61C71CF754
Authority key identifier: 00:3B:2C:38:71:06:90:02:AD:0B:2F:42:B0:CB:F5:E9:2E:3B:E4:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ADssOHEGkAKtCy9CsMv16S475LM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d96688-2d98-4634-86db-b35a0a1453fb/1/hPSG-Jdcz29OBANRkLWHEzWA5Kk.roa
Signing time:             Sun 05 Oct 2025 09:42:00 +0000
ROA not before:           Sun 05 Oct 2025 09:42:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61254
IP address blocks:        45.152.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d96688-2d98-4634-86db-b35a0a1453fb/1/ADssOHEGkAKtCy9CsMv16S475LM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d96688-2d98-4634-86db-b35a0a1453fb/1/ADssOHEGkAKtCy9CsMv16S475LM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ADssOHEGkAKtCy9CsMv16S475LM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 Oct 2025 03:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b3:bf:e1:b2:16:65:94:c1:67:99:5b:61:c7:1c:f7:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=003b2c3871069002ad0b2f42b0cbf5e92e3be4b3
        Validity
            Not Before: Oct  5 09:42:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=84f486f8975ccf6f4e04035190b587133580e4a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:91:ee:3c:6b:67:ee:4b:45:fe:1b:06:64:b2:
                    70:65:7e:d2:24:dd:eb:46:a8:98:8a:f5:fc:8c:54:
                    63:7e:6f:3e:a5:34:0d:05:ae:c0:5e:a9:87:05:5a:
                    29:8b:46:5b:4e:6d:3f:10:05:18:02:0e:8c:b8:cd:
                    40:3c:c8:c5:76:e6:99:2a:55:51:65:7d:dd:93:e3:
                    2a:67:ad:a3:bd:a1:b1:28:35:02:26:7e:1f:e8:17:
                    59:10:33:30:34:54:cf:35:e3:87:e4:d1:b4:0c:e0:
                    58:d7:a6:eb:02:c1:1d:d8:9a:c0:98:c7:64:e9:b8:
                    e8:ec:62:40:b2:fb:9c:ef:c5:a9:2c:59:1f:89:14:
                    b4:46:7a:61:c1:9b:19:fc:33:0b:32:f0:dd:cc:c8:
                    59:c0:93:d2:de:3b:8e:ce:cb:e0:b3:c8:79:9c:b4:
                    2b:fa:c6:4a:5e:f5:df:6e:3d:5b:a3:14:44:73:72:
                    4e:3c:1d:a1:3d:bd:f7:85:78:cc:46:e3:40:50:33:
                    ef:cc:b7:3c:f0:7a:06:a6:7e:7b:eb:6a:ab:e7:b9:
                    f9:15:a8:a8:f5:23:9a:e6:0a:54:4e:70:c7:d0:28:
                    be:28:f4:e7:fc:5a:9c:8f:da:38:96:a9:c5:a5:d5:
                    96:99:c2:0e:6d:69:d6:3f:e9:ab:2a:2f:2c:92:d4:
                    b9:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:F4:86:F8:97:5C:CF:6F:4E:04:03:51:90:B5:87:13:35:80:E4:A9
            X509v3 Authority Key Identifier:
                keyid:00:3B:2C:38:71:06:90:02:AD:0B:2F:42:B0:CB:F5:E9:2E:3B:E4:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ADssOHEGkAKtCy9CsMv16S475LM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d96688-2d98-4634-86db-b35a0a1453fb/1/hPSG-Jdcz29OBANRkLWHEzWA5Kk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d96688-2d98-4634-86db-b35a0a1453fb/1/ADssOHEGkAKtCy9CsMv16S475LM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:ce:60:21:1a:98:49:ba:72:c8:20:c1:ba:02:53:53:13:5e:
         42:e4:c5:18:42:a9:a1:ce:88:32:11:c1:6c:72:33:2b:f9:f7:
         41:17:9a:93:7d:32:f2:bd:02:64:28:62:47:28:57:b6:4b:68:
         e4:ac:fa:5d:e1:14:85:74:11:f8:0a:4a:03:b6:d1:3d:2c:91:
         e5:48:88:d1:0f:3b:09:a8:03:a2:d5:b6:a8:fa:b9:23:8e:0e:
         2d:b6:b0:e5:0c:b8:ff:00:e1:cc:7b:bb:b6:28:85:0a:c3:85:
         b5:5b:7f:62:b3:7c:65:20:db:65:1f:b4:7f:a8:4e:8c:4b:a9:
         10:fa:82:cc:e5:43:c5:db:bf:3e:0f:9a:09:ed:09:78:77:2b:
         e7:a4:89:47:06:42:f5:14:67:cf:7f:71:4c:90:86:7a:7f:0c:
         8e:2a:41:77:aa:d8:ea:8e:97:95:19:5c:fe:e9:f2:c8:15:65:
         e0:b4:4a:94:0b:f0:74:e0:3c:d9:04:ff:5b:a5:d0:6a:ee:49:
         40:c0:5c:ac:24:cb:10:cb:3e:68:d3:40:cf:ff:a4:90:09:44:
         db:fb:0c:66:78:df:6e:2a:f1:16:14:82:2d:12:6e:d7:15:25:
         e6:c4:00:62:59:b4:07:6d:7b:03:ec:6a:e9:42:31:ee:c2:fb:
         cc:31:6e:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmzv+GyFmWUwWeZW2HHHPdUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwM2IyYzM4NzEwNjkwMDJhZDBiMmY0MmIwY2JmNWU5MmUz
YmU0YjMwHhcNMjUxMDA1MDk0MjAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGY0ODZmODk3NWNjZjZmNGUwNDAzNTE5MGI1ODcxMzM1ODBlNGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZHuPGtn7ktF/hsGZLJwZX7SJN3r
RqiYivX8jFRjfm8+pTQNBa7AXqmHBVopi0ZbTm0/EAUYAg6MuM1APMjFduaZKlVR
ZX3dk+MqZ62jvaGxKDUCJn4f6BdZEDMwNFTPNeOH5NG0DOBY16brAsEd2JrAmMdk
6bjo7GJAsvuc78WpLFkfiRS0RnphwZsZ/DMLMvDdzMhZwJPS3juOzsvgs8h5nLQr
+sZKXvXfbj1boxREc3JOPB2hPb33hXjMRuNAUDPvzLc88HoGpn5762qr57n5Faio
9SOa5gpUTnDH0Ci+KPTn/Fqcj9o4lqnFpdWWmcIObWnWP+mrKi8sktS53wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIT0hviXXM9vTgQDUZC1hxM1gOSpMB8GA1UdIwQY
MBaAFAA7LDhxBpACrQsvQrDL9ekuO+SzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQURzc09IRUdrQUt0Q3k5Q3NNdjE2UzQ3NUxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kOTY2ODgtMmQ5OC00NjM0LTg2ZGIt
YjM1YTBhMTQ1M2ZiLzEvaFBTRy1KZGN6MjlPQkFOUmtMV0hFeldBNUtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kOTY2ODgtMmQ5OC00NjM0LTg2ZGItYjM1YTBhMTQ1M2Zi
LzEvQURzc09IRUdrQUt0Q3k5Q3NNdjE2UzQ3NUxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZgWMA0G
CSqGSIb3DQEBCwUAA4IBAQAOzmAhGphJunLIIMG6AlNTE15C5MUYQqmhzogyEcFs
cjMr+fdBF5qTfTLyvQJkKGJHKFe2S2jkrPpd4RSFdBH4CkoDttE9LJHlSIjRDzsJ
qAOi1bao+rkjjg4ttrDlDLj/AOHMe7u2KIUKw4W1W39is3xlINtlH7R/qE6MS6kQ
+oLM5UPF278+D5oJ7Ql4dyvnpIlHBkL1FGfPf3FMkIZ6fwyOKkF3qtjqjpeVGVz+
6fLIFWXgtEqUC/B04DzZBP9bpdBq7klAwFysJMsQyz5o00DP/6SQCUTb+wxmeN9u
KvEWFIItEm7XFSXmxABiWbQHbXsD7GrpQjHuwvvMMW7A
-----END CERTIFICATE-----