Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/Hld29G1DWYar_V03vvNEEAXl32I.roa
File:                     Hld29G1DWYar_V03vvNEEAXl32I.roa (raw, json)
Hash identifier:          g5H45h/y6fGU8XE9r1rX3k8z88V8C5urUpMK18n0TuA=
Subject key identifier:   1E:57:76:F4:6D:43:59:86:AB:FD:5D:37:BE:F3:44:10:05:E5:DF:62
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       019706097EE12234CC42860C5086E8194337
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/Hld29G1DWYar_V03vvNEEAXl32I.roa
Signing time:             Sun 25 May 2025 06:02:55 +0000
ROA not before:           Sun 25 May 2025 06:02:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20326
IP address blocks:        82.163.96.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 09:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:06:09:7e:e1:22:34:cc:42:86:0c:50:86:e8:19:43:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: May 25 06:02:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e5776f46d435986abfd5d37bef3441005e5df62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:4f:f2:18:bb:18:b4:66:d2:c0:19:4a:88:7d:
                    3a:67:bc:8e:b0:d6:30:21:8b:92:4f:93:ef:1a:3e:
                    2e:f2:4b:97:4d:be:ea:fe:1c:ec:a2:cb:27:d3:a5:
                    35:1e:59:de:03:60:b7:0a:ad:2f:61:48:5a:85:50:
                    13:a1:3d:45:1f:5f:e1:db:a1:c3:c4:de:d1:0d:5a:
                    75:d1:cd:9b:c4:51:40:49:80:23:ce:ec:80:24:be:
                    bd:14:c6:31:97:6e:16:d6:bb:6c:c8:fb:02:e0:9e:
                    7e:cd:f8:2c:c0:be:a6:5d:e0:9f:4b:32:5b:52:fd:
                    bf:24:76:43:d8:6d:08:48:79:a1:06:23:1f:4f:ec:
                    d8:97:54:1d:ec:e1:ac:5e:b7:40:28:a6:9d:d9:db:
                    57:1f:e2:35:b6:39:dc:6a:85:a7:e5:ed:d9:7b:e3:
                    ef:54:ea:20:3d:21:ed:f2:95:a6:a9:93:00:5c:c2:
                    96:1c:63:5e:4b:38:19:9c:f4:6f:15:a3:07:63:62:
                    89:6d:87:98:46:cf:e9:c8:c5:52:b1:a2:bd:fd:51:
                    8a:45:8f:76:e0:c0:8a:64:fc:f5:7b:ab:39:a5:df:
                    05:93:64:80:a5:92:39:bd:0b:53:c1:e5:43:ee:22:
                    9f:82:a7:5f:1e:3d:3b:c7:d1:25:37:11:de:2e:0f:
                    cf:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:57:76:F4:6D:43:59:86:AB:FD:5D:37:BE:F3:44:10:05:E5:DF:62
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/Hld29G1DWYar_V03vvNEEAXl32I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.163.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         94:ff:5e:62:f7:82:aa:1b:b2:21:51:98:3d:5a:39:3c:66:6b:
         43:58:f7:9b:91:ae:b2:12:ee:6f:b9:10:ac:f6:d2:42:26:b1:
         6c:42:c0:5f:31:7b:78:ef:07:8f:7a:f1:c8:e3:f1:e4:4f:aa:
         42:6e:36:cd:07:05:21:5f:7b:6a:02:09:0f:72:89:14:54:47:
         a1:05:c8:84:d6:cd:db:ef:dc:1c:7e:82:0f:a1:4b:1f:de:8d:
         80:52:98:60:90:f8:d5:14:b7:4c:8a:a6:ac:7a:68:74:1b:c1:
         09:08:6e:80:e9:e9:31:1b:00:82:f5:02:e5:87:ad:ed:87:d7:
         eb:8c:20:22:6e:00:9c:88:bf:bc:23:99:fc:2b:ce:c8:cf:46:
         96:be:ac:d1:23:a3:b4:b0:8d:c0:b7:b4:c4:65:d1:c9:3d:a1:
         54:68:31:f2:11:ee:bd:6c:91:70:26:c0:af:07:7a:8c:9e:1a:
         91:a7:ee:8b:de:75:df:84:f6:62:18:be:04:a3:1b:9e:60:1e:
         9c:da:ef:de:59:9f:90:e9:84:ea:72:84:90:f2:02:a0:e4:5e:
         8e:43:7e:7c:32:5c:e5:e0:47:3b:03:31:b5:15:10:e4:b8:87:
         f6:92:dc:18:c3:8a:3b:f0:74:ee:fb:50:ca:71:fa:25:5e:6f:
         94:21:f7:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcGCX7hIjTMQoYMUIboGUM3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjUwNTI1MDYwMjU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTU3NzZmNDZkNDM1OTg2YWJmZDVkMzdiZWYzNDQxMDA1ZTVkZjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyU/yGLsYtGbSwBlKiH06Z7yOsNYw
IYuST5PvGj4u8kuXTb7q/hzsossn06U1HlneA2C3Cq0vYUhahVAToT1FH1/h26HD
xN7RDVp10c2bxFFASYAjzuyAJL69FMYxl24W1rtsyPsC4J5+zfgswL6mXeCfSzJb
Uv2/JHZD2G0ISHmhBiMfT+zYl1Qd7OGsXrdAKKad2dtXH+I1tjncaoWn5e3Ze+Pv
VOogPSHt8pWmqZMAXMKWHGNeSzgZnPRvFaMHY2KJbYeYRs/pyMVSsaK9/VGKRY92
4MCKZPz1e6s5pd8Fk2SApZI5vQtTweVD7iKfgqdfHj07x9ElNxHeLg/PgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB5XdvRtQ1mGq/1dN77zRBAF5d9iMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvSGxkMjlHMURXWWFyX1YwM3Z2TkVFQVhsMzJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDUqNgMA0G
CSqGSIb3DQEBCwUAA4IBAQCU/15i94KqG7IhUZg9Wjk8ZmtDWPebka6yEu5vuRCs
9tJCJrFsQsBfMXt47wePevHI4/HkT6pCbjbNBwUhX3tqAgkPcokUVEehBciE1s3b
79wcfoIPoUsf3o2AUphgkPjVFLdMiqasemh0G8EJCG6A6ekxGwCC9QLlh63th9fr
jCAibgCciL+8I5n8K87Iz0aWvqzRI6O0sI3At7TEZdHJPaFUaDHyEe69bJFwJsCv
B3qMnhqRp+6L3nXfhPZiGL4EoxueYB6c2u/eWZ+Q6YTqcoSQ8gKg5F6OQ358Mlzl
4Ec7AzG1FRDkuIf2ktwYw4o78HTu+1DKcfolXm+UIffz
-----END CERTIFICATE-----