Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/614e5c-299b-4fd4-a0bc-af1cc2317e39/1/H-luNIooxpaPFael1QMBE9cTc2Q.roa
File:                     H-luNIooxpaPFael1QMBE9cTc2Q.roa (raw, json)
Hash identifier:          8PAzKkQGy3uQODeK1TdyR0ZOhf0X+RsaaEkCZwpxl6k=
Subject key identifier:   1F:E9:6E:34:8A:28:C6:96:8F:15:A7:A5:D5:03:01:13:D7:13:73:64
Certificate issuer:       /CN=feb84d9f8f9e33156589a5ebf722203a899e0a51
Certificate serial:       0195F7E6244034B1F48DD68483B0D7DD71D9
Authority key identifier: FE:B8:4D:9F:8F:9E:33:15:65:89:A5:EB:F7:22:20:3A:89:9E:0A:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_rhNn4-eMxVliaXr9yIgOomeClE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/614e5c-299b-4fd4-a0bc-af1cc2317e39/1/H-luNIooxpaPFael1QMBE9cTc2Q.roa
Signing time:             Wed 02 Apr 2025 19:06:49 +0000
ROA not before:           Wed 02 Apr 2025 19:06:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        195.210.100.0/22 maxlen: 22
                          195.210.116.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/614e5c-299b-4fd4-a0bc-af1cc2317e39/1/_rhNn4-eMxVliaXr9yIgOomeClE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/614e5c-299b-4fd4-a0bc-af1cc2317e39/1/_rhNn4-eMxVliaXr9yIgOomeClE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_rhNn4-eMxVliaXr9yIgOomeClE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 10:01:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f7:e6:24:40:34:b1:f4:8d:d6:84:83:b0:d7:dd:71:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=feb84d9f8f9e33156589a5ebf722203a899e0a51
        Validity
            Not Before: Apr  2 19:06:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1fe96e348a28c6968f15a7a5d5030113d7137364
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:61:5d:f2:1c:e5:58:47:4b:67:e2:24:45:41:
                    d5:98:3d:39:3a:39:5f:e7:b5:1f:b4:84:ef:c2:36:
                    8d:41:0b:cf:95:57:99:28:35:37:e1:35:fb:63:9a:
                    83:64:1c:51:9b:dd:b4:2a:2b:0e:c3:88:1d:5a:c3:
                    10:72:0d:91:53:99:04:6c:e3:d5:24:a5:2c:d8:5f:
                    ea:74:13:a1:a4:b5:d6:5a:45:f3:9b:8d:83:07:75:
                    d2:48:3b:77:8f:54:d6:93:8a:1d:db:96:e6:e8:df:
                    40:be:a1:75:5a:9d:a0:08:8a:f0:f8:2c:73:f4:a8:
                    fb:6f:ea:09:83:34:c1:39:58:bc:e1:64:3c:4c:f6:
                    84:63:c7:60:86:0a:5d:3d:54:89:0e:66:da:a7:29:
                    5d:7d:96:33:37:7d:07:c6:81:d3:5f:74:fb:3f:5e:
                    fb:7f:00:d7:37:ad:25:ca:da:33:d4:2c:d4:e3:29:
                    c9:4a:0d:b8:3f:fc:23:91:6f:d8:4f:3b:47:2c:75:
                    35:45:c4:ce:fb:d7:b3:22:ff:08:87:21:6e:2a:23:
                    02:35:3b:c6:a1:05:99:fe:7c:68:3a:d6:b7:66:ef:
                    f3:bc:1c:4d:f3:e6:3e:ff:a0:5a:03:9d:78:c9:92:
                    d9:6a:4b:a2:42:f4:d4:1e:92:52:59:46:7e:55:2f:
                    9f:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:E9:6E:34:8A:28:C6:96:8F:15:A7:A5:D5:03:01:13:D7:13:73:64
            X509v3 Authority Key Identifier:
                keyid:FE:B8:4D:9F:8F:9E:33:15:65:89:A5:EB:F7:22:20:3A:89:9E:0A:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_rhNn4-eMxVliaXr9yIgOomeClE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/614e5c-299b-4fd4-a0bc-af1cc2317e39/1/H-luNIooxpaPFael1QMBE9cTc2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/614e5c-299b-4fd4-a0bc-af1cc2317e39/1/_rhNn4-eMxVliaXr9yIgOomeClE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.210.100.0/22
                  195.210.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         38:bb:38:91:05:10:7d:0d:3a:14:1d:5d:49:58:67:f5:e6:25:
         9a:44:08:83:79:1a:31:a4:43:2d:82:9f:1d:02:7e:b6:4f:1e:
         ca:a3:09:93:0e:d7:9b:cd:97:9f:da:42:f4:5c:1a:a2:82:4c:
         c9:0a:6f:09:8d:41:ee:50:9c:9c:eb:1f:67:6b:6c:54:33:51:
         8f:82:4b:31:65:3a:20:ee:93:6c:b4:d2:d5:3c:13:22:00:60:
         9e:7d:be:e9:17:99:1a:e3:eb:01:35:a0:29:59:33:0b:44:77:
         ff:9e:8f:bb:b1:9d:b2:e0:c8:91:13:3e:5f:0a:d5:44:39:15:
         e1:30:4e:f6:84:37:fa:ab:b1:7c:a1:3b:32:b6:36:37:68:7a:
         1a:a5:19:08:09:27:9b:c9:78:3c:c7:c6:45:71:45:22:09:f0:
         e1:70:37:c1:b3:26:05:4b:0c:1d:77:19:cb:40:ae:39:0d:43:
         7a:47:97:57:1b:6d:fd:93:32:cc:81:9d:1f:3c:87:3d:54:bf:
         72:87:9a:25:0a:90:f2:5c:bc:f6:e4:fa:3e:e1:0d:ee:ba:50:
         64:ea:3c:56:0d:0b:e1:a4:fb:6b:df:0a:93:ac:34:a5:b6:c9:
         6b:79:f2:55:6b:1c:3f:69:ab:72:77:48:db:a0:bd:32:c8:2f:
         a9:2b:24:96
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZX35iRANLH0jdaEg7DX3XHZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYjg0ZDlmOGY5ZTMzMTU2NTg5YTVlYmY3MjIyMDNhODk5
ZTBhNTEwHhcNMjUwNDAyMTkwNjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmU5NmUzNDhhMjhjNjk2OGYxNWE3YTVkNTAzMDExM2Q3MTM3MzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGFd8hzlWEdLZ+IkRUHVmD05Ojlf
57UftITvwjaNQQvPlVeZKDU34TX7Y5qDZBxRm920KisOw4gdWsMQcg2RU5kEbOPV
JKUs2F/qdBOhpLXWWkXzm42DB3XSSDt3j1TWk4od25bm6N9AvqF1Wp2gCIrw+Cxz
9Kj7b+oJgzTBOVi84WQ8TPaEY8dghgpdPVSJDmbapyldfZYzN30HxoHTX3T7P177
fwDXN60lytoz1CzU4ynJSg24P/wjkW/YTztHLHU1RcTO+9ezIv8IhyFuKiMCNTvG
oQWZ/nxoOta3Zu/zvBxN8+Y+/6BaA514yZLZakuiQvTUHpJSWUZ+VS+fqQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB/pbjSKKMaWjxWnpdUDARPXE3NkMB8GA1UdIwQY
MBaAFP64TZ+PnjMVZYml6/ciIDqJngpRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3JoTm40LWVNeFZsaWFYcjl5SWdPb21lQ2xFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82MTRlNWMtMjk5Yi00ZmQ0LWEwYmMt
YWYxY2MyMzE3ZTM5LzEvSC1sdU5Jb294cGFQRmFlbDFRTUJFOWNUYzJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82MTRlNWMtMjk5Yi00ZmQ0LWEwYmMtYWYxY2MyMzE3ZTM5
LzEvX3JoTm40LWVNeFZsaWFYcjl5SWdPb21lQ2xFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCw9JkAwQC
w9J0MA0GCSqGSIb3DQEBCwUAA4IBAQA4uziRBRB9DToUHV1JWGf15iWaRAiDeRox
pEMtgp8dAn62Tx7KowmTDtebzZef2kL0XBqigkzJCm8JjUHuUJyc6x9na2xUM1GP
gksxZTog7pNstNLVPBMiAGCefb7pF5ka4+sBNaApWTMLRHf/no+7sZ2y4MiREz5f
CtVEORXhME72hDf6q7F8oTsytjY3aHoapRkICSebyXg8x8ZFcUUiCfDhcDfBsyYF
SwwddxnLQK45DUN6R5dXG239kzLMgZ0fPIc9VL9yh5olCpDyXLz25Po+4Q3uulBk
6jxWDQvhpPtr3wqTrDSltslrefJVaxw/aatyd0jboL0yyC+pKySW
-----END CERTIFICATE-----