Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/35faed-c2d7-4cb9-97f5-df6f20dcb94b/1/HxZU0iTvv354MAx-YYeydPcZNIw.roa
File:                     HxZU0iTvv354MAx-YYeydPcZNIw.roa (raw, json)
Hash identifier:          ZmBmkbINPjgbF7Kx8488Fp1UyAG+oYkTQNgORCAbrMc=
Subject key identifier:   1F:16:54:D2:24:EF:BF:7E:78:30:0C:7E:61:87:B2:74:F7:19:34:8C
Certificate issuer:       /CN=37af48131ecd9dca3def2b2de788f15060627755
Certificate serial:       019A7275DB1C75DC9ED1DF388727585DE7E3
Authority key identifier: 37:AF:48:13:1E:CD:9D:CA:3D:EF:2B:2D:E7:88:F1:50:60:62:77:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N69IEx7Nnco97yst54jxUGBid1U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/35faed-c2d7-4cb9-97f5-df6f20dcb94b/1/HxZU0iTvv354MAx-YYeydPcZNIw.roa
Signing time:             Tue 11 Nov 2025 10:28:37 +0000
ROA not before:           Tue 11 Nov 2025 10:28:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        185.227.208.0/22 maxlen: 22
                          2a00:7400::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/35faed-c2d7-4cb9-97f5-df6f20dcb94b/1/N69IEx7Nnco97yst54jxUGBid1U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/35faed-c2d7-4cb9-97f5-df6f20dcb94b/1/N69IEx7Nnco97yst54jxUGBid1U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N69IEx7Nnco97yst54jxUGBid1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:72:75:db:1c:75:dc:9e:d1:df:38:87:27:58:5d:e7:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37af48131ecd9dca3def2b2de788f15060627755
        Validity
            Not Before: Nov 11 10:28:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f1654d224efbf7e78300c7e6187b274f719348c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:c7:52:e8:8c:15:97:57:6b:1d:8e:a2:7f:2e:
                    33:a4:0b:36:84:9d:02:b7:ca:d9:05:55:64:e7:d4:
                    69:8c:23:ca:af:77:cd:86:34:5f:8a:65:5d:89:9a:
                    0b:55:94:4a:55:34:68:8c:1e:a3:65:54:92:ce:c6:
                    f2:ae:f4:06:5c:34:ed:d1:f0:7c:53:c1:b9:6c:21:
                    3b:7e:5d:4a:e5:e4:92:b3:3f:dd:bd:53:13:09:75:
                    da:c3:c4:14:69:6a:8b:5c:f8:cc:6c:69:ad:1f:23:
                    ac:d0:7a:32:8d:e3:50:93:6b:ed:1c:8d:8d:5b:5e:
                    e5:76:0d:85:11:e3:34:22:21:33:51:d5:07:45:6f:
                    b6:8f:a9:65:2f:a0:27:a9:01:37:65:e8:61:c7:c7:
                    27:ea:2f:5d:1a:78:0e:ae:69:a3:2f:7b:42:0d:1d:
                    c1:6b:66:cf:67:a5:59:51:d9:67:52:4d:db:c7:f1:
                    d7:2f:0d:db:f9:85:37:fd:f2:4b:88:47:04:8f:f8:
                    b9:be:e6:71:b7:96:53:49:8c:13:3a:de:91:4e:4d:
                    04:b7:52:e8:72:62:44:b8:0a:50:ed:9c:67:33:13:
                    7d:de:f8:35:2b:f3:8b:82:09:4a:19:4c:47:75:6a:
                    ea:f0:54:ba:45:db:d3:e3:32:07:49:16:59:b5:f0:
                    6f:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:16:54:D2:24:EF:BF:7E:78:30:0C:7E:61:87:B2:74:F7:19:34:8C
            X509v3 Authority Key Identifier:
                keyid:37:AF:48:13:1E:CD:9D:CA:3D:EF:2B:2D:E7:88:F1:50:60:62:77:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N69IEx7Nnco97yst54jxUGBid1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/35faed-c2d7-4cb9-97f5-df6f20dcb94b/1/HxZU0iTvv354MAx-YYeydPcZNIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/35faed-c2d7-4cb9-97f5-df6f20dcb94b/1/N69IEx7Nnco97yst54jxUGBid1U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.227.208.0/22
                IPv6:
                  2a00:7400::/32

    Signature Algorithm: sha256WithRSAEncryption
         7c:5e:67:2d:30:f7:f3:a2:d9:13:14:c1:cf:7e:4b:ba:3d:65:
         84:2f:ad:24:8f:da:5a:a8:91:2f:d6:1c:ac:ff:c3:d0:9b:3e:
         3e:be:fe:c6:f9:00:b7:3a:94:61:1f:e5:c1:35:67:1e:88:d4:
         45:36:dd:ff:64:43:44:d7:21:f0:2f:e5:83:2a:5e:e8:72:a1:
         c3:be:b8:6a:39:fa:8e:2a:bd:41:06:07:93:a4:6d:b7:d1:62:
         f4:88:ba:14:0d:10:f5:a0:43:d9:10:8c:19:bb:48:a7:7f:83:
         fc:2d:c6:27:06:83:62:75:9b:30:22:a6:9b:fe:cc:5f:c4:3c:
         b8:cb:ac:77:e4:94:08:b0:7f:d8:47:de:44:e7:e9:9e:92:c3:
         f9:be:65:b8:63:01:fa:8f:a8:af:0a:c1:7a:d2:58:fb:43:a5:
         6c:94:38:5b:58:72:1a:32:98:cb:3e:0b:84:35:53:ae:b2:e8:
         28:aa:73:5f:d0:f1:dc:b0:d8:c2:c8:e8:b3:01:93:8b:99:82:
         b9:4c:0e:28:b6:0a:9b:e9:21:09:b5:81:4b:6d:9d:33:48:e0:
         b4:2b:78:cb:8d:57:c1:e3:8e:0f:98:97:e7:4d:3e:30:c7:84:
         84:40:f4:8e:34:e7:81:7d:bf:37:89:c3:da:5d:47:9c:b0:d6:
         29:9f:ce:2e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZpyddscddye0d84hydYXefjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3YWY0ODEzMWVjZDlkY2EzZGVmMmIyZGU3ODhmMTUwNjA2
Mjc3NTUwHhcNMjUxMTExMTAyODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjE2NTRkMjI0ZWZiZjdlNzgzMDBjN2U2MTg3YjI3NGY3MTkzNDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuMdS6IwVl1drHY6ify4zpAs2hJ0C
t8rZBVVk59RpjCPKr3fNhjRfimVdiZoLVZRKVTRojB6jZVSSzsbyrvQGXDTt0fB8
U8G5bCE7fl1K5eSSsz/dvVMTCXXaw8QUaWqLXPjMbGmtHyOs0HoyjeNQk2vtHI2N
W17ldg2FEeM0IiEzUdUHRW+2j6llL6AnqQE3Zehhx8cn6i9dGngOrmmjL3tCDR3B
a2bPZ6VZUdlnUk3bx/HXLw3b+YU3/fJLiEcEj/i5vuZxt5ZTSYwTOt6RTk0Et1Lo
cmJEuApQ7ZxnMxN93vg1K/OLgglKGUxHdWrq8FS6RdvT4zIHSRZZtfBvQwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB8WVNIk779+eDAMfmGHsnT3GTSMMB8GA1UdIwQY
MBaAFDevSBMezZ3KPe8rLeeI8VBgYndVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjY5SUV4N05uY285N3lzdDU0anhVR0JpZDFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi8zNWZhZWQtYzJkNy00Y2I5LTk3ZjUt
ZGY2ZjIwZGNiOTRiLzEvSHhaVTBpVHZ2MzU0TUF4LVlZZXlkUGNaTkl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi8zNWZhZWQtYzJkNy00Y2I5LTk3ZjUtZGY2ZjIwZGNiOTRi
LzEvTjY5SUV4N05uY285N3lzdDU0anhVR0JpZDFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuePQMA0E
AgACMAcDBQAqAHQAMA0GCSqGSIb3DQEBCwUAA4IBAQB8XmctMPfzotkTFMHPfku6
PWWEL60kj9paqJEv1hys/8PQmz4+vv7G+QC3OpRhH+XBNWceiNRFNt3/ZENE1yHw
L+WDKl7ocqHDvrhqOfqOKr1BBgeTpG230WL0iLoUDRD1oEPZEIwZu0inf4P8LcYn
BoNidZswIqab/sxfxDy4y6x35JQIsH/YR95E5+meksP5vmW4YwH6j6ivCsF60lj7
Q6VslDhbWHIaMpjLPguENVOusugoqnNf0PHcsNjCyOizAZOLmYK5TA4otgqb6SEJ
tYFLbZ0zSOC0K3jLjVfB444PmJfnTT4wx4SEQPSONOeBfb83icPaXUecsNYpn84u
-----END CERTIFICATE-----