Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/hvWXw9pSYWBRtscDw-5IMgI7-FA.roa
File:                     hvWXw9pSYWBRtscDw-5IMgI7-FA.roa (raw, json)
Hash identifier:          BhyHGQbNXop99x91ViBr0+aLVp4sXvjDB2RoN4eQ5KU=
Subject key identifier:   86:F5:97:C3:DA:52:61:60:51:B6:C7:03:C3:EE:48:32:02:3B:F8:50
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       0198E7DDB922EBDDE9A410E9B50829F683CF
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/hvWXw9pSYWBRtscDw-5IMgI7-FA.roa
Signing time:             Tue 26 Aug 2025 19:32:04 +0000
ROA not before:           Tue 26 Aug 2025 19:32:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211072
IP address blocks:        194.67.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e7:dd:b9:22:eb:dd:e9:a4:10:e9:b5:08:29:f6:83:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Aug 26 19:32:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86f597c3da52616051b6c703c3ee4832023bf850
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:2f:74:0d:da:3e:bc:eb:c2:70:c1:df:b4:8e:
                    3d:fa:34:a8:fb:84:b5:7a:c9:8e:ae:c3:68:9a:4e:
                    21:a9:1c:f6:76:37:7c:e8:a0:b4:3e:37:9e:63:e8:
                    67:e0:92:41:49:6c:e4:be:f6:15:44:af:28:7e:70:
                    98:b0:f3:a7:86:ba:d1:e4:43:c6:ef:bb:c2:6b:8f:
                    4d:f3:0b:de:55:15:9a:af:a8:6c:2a:01:d0:e1:ea:
                    01:35:05:60:fd:b3:88:14:5c:0d:2c:a9:d0:eb:a7:
                    b0:50:b7:ae:03:9e:15:41:b1:1f:d5:10:91:5a:18:
                    2b:85:af:a6:49:5a:e2:a0:f1:a8:25:85:b5:67:2e:
                    7d:90:a7:6c:17:5c:c9:26:08:f1:be:f5:35:15:ea:
                    ab:64:53:24:a7:f6:3a:c9:58:ba:40:f7:bb:26:33:
                    63:ce:83:3e:65:a9:ed:fc:de:f7:2f:e0:8f:eb:b3:
                    52:74:75:19:59:ca:b3:d6:e5:ee:ba:c6:2d:f7:48:
                    7e:3b:6e:1a:9a:d6:bb:eb:7c:cc:cb:62:1b:97:8c:
                    c0:7c:fb:48:b4:bc:13:16:ff:19:f8:19:14:09:a9:
                    0d:5a:8a:f0:3b:ae:83:a7:ad:7d:c1:c7:18:b2:a7:
                    78:9e:05:f0:53:de:d8:5f:c7:95:4b:cf:92:03:f7:
                    b0:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:F5:97:C3:DA:52:61:60:51:B6:C7:03:C3:EE:48:32:02:3B:F8:50
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/hvWXw9pSYWBRtscDw-5IMgI7-FA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.67.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:37:2d:a9:21:44:d7:c4:9f:41:fc:e5:ff:5c:85:ad:d3:a3:
         29:e6:4e:53:d6:84:e6:12:aa:ae:00:54:ac:c9:ba:1f:3a:5a:
         ea:27:3c:36:e8:7c:2f:69:6a:bc:bd:9d:9c:1b:23:ef:d8:61:
         e2:3f:86:a5:47:a9:aa:ef:ad:3e:41:4b:c2:ed:7e:bf:14:1b:
         b3:17:f9:74:c2:3a:e4:de:36:1d:19:8c:ed:0c:53:7e:28:52:
         a7:ff:df:cc:fd:80:98:13:2d:71:9b:82:45:1c:de:ff:87:16:
         33:d6:45:09:31:25:72:d8:22:05:63:35:2b:97:fd:a3:21:ba:
         d9:03:ec:f9:cb:f6:63:6e:75:9f:d9:2f:3e:67:d5:d3:2a:4f:
         fc:83:80:02:ff:bc:07:60:0b:cb:b1:87:1d:c9:4a:b6:ae:09:
         ff:3e:89:23:5c:f7:f6:3c:f8:35:90:1a:5d:7a:9a:fd:3b:ab:
         3a:90:3e:7b:20:41:61:df:87:e5:4c:a3:6c:4c:58:e1:8f:48:
         70:52:41:2e:51:0e:c1:55:6f:9d:33:a7:55:57:46:00:7a:61:
         44:f6:2c:b1:2f:ef:d6:28:08:d3:f5:5e:c8:66:05:3e:68:6c:
         11:da:b6:ca:9e:70:ec:90:77:10:92:c8:d9:d2:85:dc:8f:0f:
         b4:8b:7f:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjn3bki693ppBDptQgp9oPPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwODI2MTkzMjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmY1OTdjM2RhNTI2MTYwNTFiNmM3MDNjM2VlNDgzMjAyM2JmODUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwC90Ddo+vOvCcMHftI49+jSo+4S1
esmOrsNomk4hqRz2djd86KC0PjeeY+hn4JJBSWzkvvYVRK8ofnCYsPOnhrrR5EPG
77vCa49N8wveVRWar6hsKgHQ4eoBNQVg/bOIFFwNLKnQ66ewULeuA54VQbEf1RCR
Whgrha+mSVrioPGoJYW1Zy59kKdsF1zJJgjxvvU1FeqrZFMkp/Y6yVi6QPe7JjNj
zoM+Zant/N73L+CP67NSdHUZWcqz1uXuusYt90h+O24amta763zMy2Ibl4zAfPtI
tLwTFv8Z+BkUCakNWorwO66Dp619wccYsqd4ngXwU97YX8eVS8+SA/ewdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIb1l8PaUmFgUbbHA8PuSDICO/hQMB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvaHZXWHc5cFNZV0JSdHNjRHctNUlNZ0k3LUZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkPBMA0G
CSqGSIb3DQEBCwUAA4IBAQCvNy2pIUTXxJ9B/OX/XIWt06Mp5k5T1oTmEqquAFSs
ybofOlrqJzw26HwvaWq8vZ2cGyPv2GHiP4alR6mq760+QUvC7X6/FBuzF/l0wjrk
3jYdGYztDFN+KFKn/9/M/YCYEy1xm4JFHN7/hxYz1kUJMSVy2CIFYzUrl/2jIbrZ
A+z5y/ZjbnWf2S8+Z9XTKk/8g4AC/7wHYAvLsYcdyUq2rgn/PokjXPf2PPg1kBpd
epr9O6s6kD57IEFh34flTKNsTFjhj0hwUkEuUQ7BVW+dM6dVV0YAemFE9iyxL+/W
KAjT9V7IZgU+aGwR2rbKnnDskHcQksjZ0oXcjw+0i38Y
-----END CERTIFICATE-----