Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5a0f81-31e2-4db2-8339-9241ff6ec3bf/1/HmvWFjOJ5QNe_0VBD7eTmwN-1XQ.roa
File:                     HmvWFjOJ5QNe_0VBD7eTmwN-1XQ.roa (raw, json)
Hash identifier:          StcAstNQR/UIdmTZ6Q1iuGPLcyfmxWT20PZ/h6s9A5g=
Subject key identifier:   1E:6B:D6:16:33:89:E5:03:5E:FF:45:41:0F:B7:93:9B:03:7E:D5:74
Certificate issuer:       /CN=4ce74cf63723c0269d5283b1065821af384a9a26
Certificate serial:       01990147F247AC01478E7DD53DC9D87667AA
Authority key identifier: 4C:E7:4C:F6:37:23:C0:26:9D:52:83:B1:06:58:21:AF:38:4A:9A:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TOdM9jcjwCadUoOxBlghrzhKmiY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5a0f81-31e2-4db2-8339-9241ff6ec3bf/1/HmvWFjOJ5QNe_0VBD7eTmwN-1XQ.roa
Signing time:             Sun 31 Aug 2025 17:58:36 +0000
ROA not before:           Sun 31 Aug 2025 17:58:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400897
IP address blocks:        188.227.196.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5a0f81-31e2-4db2-8339-9241ff6ec3bf/1/TOdM9jcjwCadUoOxBlghrzhKmiY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5a0f81-31e2-4db2-8339-9241ff6ec3bf/1/TOdM9jcjwCadUoOxBlghrzhKmiY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TOdM9jcjwCadUoOxBlghrzhKmiY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 21:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:01:47:f2:47:ac:01:47:8e:7d:d5:3d:c9:d8:76:67:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ce74cf63723c0269d5283b1065821af384a9a26
        Validity
            Not Before: Aug 31 17:58:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e6bd6163389e5035eff45410fb7939b037ed574
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ca:26:4d:a2:97:22:b5:f0:d2:33:52:bf:1b:
                    73:b9:fb:c4:60:49:cd:e2:b7:05:fc:b7:03:16:61:
                    27:97:22:bb:50:00:57:ba:7e:0e:ed:5e:e2:65:47:
                    91:29:3b:3a:a0:0b:9b:ea:bd:c6:f7:da:0d:92:99:
                    62:3d:2d:69:53:a6:4a:13:22:e1:c5:d7:f7:d1:f6:
                    6f:2c:ae:a7:08:98:38:50:b0:1b:a3:79:56:8f:ac:
                    09:fb:4e:0f:22:00:78:5f:e5:e6:f3:9e:17:91:a5:
                    ee:1a:80:30:46:7c:d2:37:2f:8e:c0:30:3a:c2:b5:
                    3f:b7:fa:9e:95:74:4d:18:5e:e8:4d:f4:d3:53:88:
                    93:46:cf:61:0c:6a:bd:71:33:b7:73:55:42:19:71:
                    6f:cd:3a:65:74:da:0d:b6:f9:2c:00:be:9c:b2:c2:
                    57:ae:36:8e:81:39:c4:2f:b4:73:5d:28:0d:86:ef:
                    e2:dd:fa:92:d8:ba:c6:31:cb:34:c0:4b:ec:5e:15:
                    a2:27:8e:43:99:4d:37:54:e4:c6:53:97:15:69:b7:
                    35:6f:43:18:7e:ed:37:fd:9f:67:ad:e5:db:a9:96:
                    8c:a4:73:79:44:70:51:c1:26:ba:af:1d:68:b7:c2:
                    84:e7:e1:91:76:a4:1e:88:6f:49:25:88:bf:eb:4f:
                    ee:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:6B:D6:16:33:89:E5:03:5E:FF:45:41:0F:B7:93:9B:03:7E:D5:74
            X509v3 Authority Key Identifier:
                keyid:4C:E7:4C:F6:37:23:C0:26:9D:52:83:B1:06:58:21:AF:38:4A:9A:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TOdM9jcjwCadUoOxBlghrzhKmiY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5a0f81-31e2-4db2-8339-9241ff6ec3bf/1/HmvWFjOJ5QNe_0VBD7eTmwN-1XQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5a0f81-31e2-4db2-8339-9241ff6ec3bf/1/TOdM9jcjwCadUoOxBlghrzhKmiY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.227.196.0/23

    Signature Algorithm: sha256WithRSAEncryption
         89:6a:05:0a:ba:64:80:1b:93:71:e7:1b:b0:9d:ae:59:8d:98:
         ec:29:50:4f:ed:c5:61:94:ac:0c:5e:9b:92:e7:91:db:1f:a9:
         6c:09:e5:52:92:ca:e5:0c:84:25:f0:6c:78:d0:69:5a:7b:1d:
         85:2c:6d:09:39:d7:87:30:df:84:f3:3b:50:97:8e:64:fc:1b:
         84:89:2c:95:db:7d:26:69:c5:f4:37:96:cd:82:74:63:94:1c:
         c5:f4:63:7e:af:d2:4f:61:21:48:aa:92:4c:7e:a1:8e:91:63:
         e2:4c:69:f9:be:9e:67:db:cb:02:e0:0e:cd:2d:5b:f1:e2:ff:
         1f:03:b4:cb:50:06:38:78:73:3c:49:c1:0f:a3:29:27:b1:b0:
         29:30:a4:c4:0f:ae:2f:ef:0c:01:ca:93:b4:33:cb:cd:6d:95:
         cf:1a:65:b9:3c:39:d1:90:b7:3a:ee:33:ff:67:ed:5b:d6:7a:
         91:23:17:3c:44:22:88:3f:7e:3c:46:d6:e6:6f:41:c3:87:98:
         f5:84:9b:58:ee:c0:32:c7:52:d7:33:d5:8f:0d:e1:bd:0a:77:
         c0:e5:54:8b:5f:aa:af:d8:70:50:ea:c6:11:f5:56:a1:ed:e6:
         1d:1f:c8:3d:ee:69:da:98:32:19:a7:81:f1:02:eb:37:58:e8:
         80:81:57:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkBR/JHrAFHjn3VPcnYdmeqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZTc0Y2Y2MzcyM2MwMjY5ZDUyODNiMTA2NTgyMWFmMzg0
YTlhMjYwHhcNMjUwODMxMTc1ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTZiZDYxNjMzODllNTAzNWVmZjQ1NDEwZmI3OTM5YjAzN2VkNTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMomTaKXIrXw0jNSvxtzufvEYEnN
4rcF/LcDFmEnlyK7UABXun4O7V7iZUeRKTs6oAub6r3G99oNkpliPS1pU6ZKEyLh
xdf30fZvLK6nCJg4ULAbo3lWj6wJ+04PIgB4X+Xm854XkaXuGoAwRnzSNy+OwDA6
wrU/t/qelXRNGF7oTfTTU4iTRs9hDGq9cTO3c1VCGXFvzTpldNoNtvksAL6cssJX
rjaOgTnEL7RzXSgNhu/i3fqS2LrGMcs0wEvsXhWiJ45DmU03VOTGU5cVabc1b0MY
fu03/Z9nreXbqZaMpHN5RHBRwSa6rx1ot8KE5+GRdqQeiG9JJYi/60/uEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB5r1hYzieUDXv9FQQ+3k5sDftV0MB8GA1UdIwQY
MBaAFEznTPY3I8AmnVKDsQZYIa84SpomMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVE9kTTlqY2p3Q2FkVW9PeEJsZ2hyemhLbWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81YTBmODEtMzFlMi00ZGIyLTgzMzkt
OTI0MWZmNmVjM2JmLzEvSG12V0ZqT0o1UU5lXzBWQkQ3ZVRtd04tMVhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81YTBmODEtMzFlMi00ZGIyLTgzMzktOTI0MWZmNmVjM2Jm
LzEvVE9kTTlqY2p3Q2FkVW9PeEJsZ2hyemhLbWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBvOPEMA0G
CSqGSIb3DQEBCwUAA4IBAQCJagUKumSAG5Nx5xuwna5ZjZjsKVBP7cVhlKwMXpuS
55HbH6lsCeVSksrlDIQl8Gx40Glaex2FLG0JOdeHMN+E8ztQl45k/BuEiSyV230m
acX0N5bNgnRjlBzF9GN+r9JPYSFIqpJMfqGOkWPiTGn5vp5n28sC4A7NLVvx4v8f
A7TLUAY4eHM8ScEPoyknsbApMKTED64v7wwBypO0M8vNbZXPGmW5PDnRkLc67jP/
Z+1b1nqRIxc8RCKIP348Rtbmb0HDh5j1hJtY7sAyx1LXM9WPDeG9CnfA5VSLX6qv
2HBQ6sYR9Vah7eYdH8g97mnamDIZp4HxAus3WOiAgVcd
-----END CERTIFICATE-----