Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/HRQ3zVG8fQhstKqXqVzvaQOYW-8.roa
File:                     HRQ3zVG8fQhstKqXqVzvaQOYW-8.roa (raw, json)
Hash identifier:          J4bA2yn+4d47gpldTm1th3QAEiyAys+UIYmTMp8Fvck=
Subject key identifier:   1D:14:37:CD:51:BC:7D:08:6C:B4:AA:97:A9:5C:EF:69:03:98:5B:EF
Certificate issuer:       /CN=c98b825f36e9cc330315c940de800cbabce3397b
Certificate serial:       0196EDC236B7EEC8B2A3B5B13B740315C00D
Authority key identifier: C9:8B:82:5F:36:E9:CC:33:03:15:C9:40:DE:80:0C:BA:BC:E3:39:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yYuCXzbpzDMDFclA3oAMurzjOXs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/HRQ3zVG8fQhstKqXqVzvaQOYW-8.roa
Signing time:             Tue 20 May 2025 12:54:10 +0000
ROA not before:           Tue 20 May 2025 12:54:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49097
IP address blocks:        80.70.167.0/24 maxlen: 24
                          185.170.24.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/yYuCXzbpzDMDFclA3oAMurzjOXs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/yYuCXzbpzDMDFclA3oAMurzjOXs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yYuCXzbpzDMDFclA3oAMurzjOXs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ed:c2:36:b7:ee:c8:b2:a3:b5:b1:3b:74:03:15:c0:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c98b825f36e9cc330315c940de800cbabce3397b
        Validity
            Not Before: May 20 12:54:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d1437cd51bc7d086cb4aa97a95cef6903985bef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:5a:97:bf:b6:79:06:e7:3b:98:7e:2b:4b:d4:
                    c3:37:0a:81:48:75:a7:17:32:22:25:3a:25:9e:00:
                    ee:a6:75:f3:ad:42:10:61:af:3b:f7:f9:c4:a9:50:
                    c3:fa:15:de:93:7f:c8:85:28:12:c8:25:06:de:70:
                    a0:07:ed:cd:d9:85:6f:2f:fe:5f:16:46:3c:e5:60:
                    54:8f:d1:63:b1:f1:06:c7:46:e7:27:2f:56:a5:a9:
                    3d:31:25:1c:f4:4d:e7:51:6c:6c:cb:f6:ff:55:61:
                    dd:3b:2a:4a:dd:a1:74:bd:bf:6f:d5:72:ec:10:76:
                    d1:fc:fb:8f:d9:e4:c2:fb:10:c3:ad:0f:fe:2d:8c:
                    ed:a6:4b:1f:57:b2:d5:85:06:21:60:01:bc:8c:42:
                    ce:2b:c8:c3:16:70:77:c7:81:0c:73:e5:1f:6d:dc:
                    4a:50:56:58:c3:6a:87:d4:2a:8e:80:cf:0f:34:29:
                    f3:f2:bd:d2:28:10:54:22:f2:96:3a:1e:8d:98:6f:
                    ed:85:9c:19:be:7e:9f:38:18:ff:fb:4f:b0:94:a0:
                    33:5d:6b:f6:5d:15:5d:14:2f:e4:6f:54:bf:56:90:
                    53:2a:c6:f4:3c:2f:a7:62:d4:02:27:e7:f1:cc:c1:
                    8d:42:79:c5:60:34:50:d0:5c:11:6e:62:44:89:83:
                    17:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:14:37:CD:51:BC:7D:08:6C:B4:AA:97:A9:5C:EF:69:03:98:5B:EF
            X509v3 Authority Key Identifier:
                keyid:C9:8B:82:5F:36:E9:CC:33:03:15:C9:40:DE:80:0C:BA:BC:E3:39:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yYuCXzbpzDMDFclA3oAMurzjOXs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/HRQ3zVG8fQhstKqXqVzvaQOYW-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/yYuCXzbpzDMDFclA3oAMurzjOXs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.70.167.0/24
                  185.170.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1f:d7:d6:9e:98:6f:c0:61:ee:7b:c6:78:d6:d2:14:45:42:46:
         df:e5:b4:c9:f4:2e:13:0c:66:d6:34:10:ff:30:25:2f:f9:1a:
         f4:9f:44:e4:2f:6c:03:49:3b:2d:e4:9a:8f:be:28:08:0a:8e:
         99:aa:8b:fd:dd:a3:f3:cd:4c:28:19:94:66:e7:dd:92:72:5a:
         73:a4:68:9b:5f:1c:f8:81:72:aa:36:f9:07:34:0f:18:77:0e:
         eb:ad:2c:83:34:6e:ce:85:a5:fc:13:4a:63:84:fd:ec:dd:f1:
         b0:25:d3:41:4f:b1:99:00:66:13:df:5b:f4:fd:93:f8:a1:0e:
         8c:72:cf:85:77:68:14:fe:99:5d:2e:5d:87:84:1f:ba:65:26:
         17:c0:47:aa:52:58:79:ed:96:b6:84:d3:8f:27:29:cd:e6:3c:
         d8:b4:ec:ca:ae:d3:f4:21:35:8f:60:62:8f:a9:0a:c1:9b:c2:
         c5:d6:bc:be:9f:3c:c2:30:5c:f5:3d:97:ac:f9:04:b5:a8:fd:
         5e:59:da:2b:fa:dd:1e:68:22:5d:1c:34:8b:e1:a4:76:f9:dd:
         de:4a:e5:0c:c5:6e:20:09:19:7d:78:2d:4b:79:ba:51:5d:fd:
         76:0b:f9:50:c9:a0:07:0a:a5:ef:a7:c6:87:c2:08:95:b7:9c:
         87:a9:51:6b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbtwja37siyo7WxO3QDFcANMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5OGI4MjVmMzZlOWNjMzMwMzE1Yzk0MGRlODAwY2JhYmNl
MzM5N2IwHhcNMjUwNTIwMTI1NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDE0MzdjZDUxYmM3ZDA4NmNiNGFhOTdhOTVjZWY2OTAzOTg1YmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1qXv7Z5Buc7mH4rS9TDNwqBSHWn
FzIiJTolngDupnXzrUIQYa879/nEqVDD+hXek3/IhSgSyCUG3nCgB+3N2YVvL/5f
FkY85WBUj9FjsfEGx0bnJy9Wpak9MSUc9E3nUWxsy/b/VWHdOypK3aF0vb9v1XLs
EHbR/PuP2eTC+xDDrQ/+LYztpksfV7LVhQYhYAG8jELOK8jDFnB3x4EMc+UfbdxK
UFZYw2qH1CqOgM8PNCnz8r3SKBBUIvKWOh6NmG/thZwZvn6fOBj/+0+wlKAzXWv2
XRVdFC/kb1S/VpBTKsb0PC+nYtQCJ+fxzMGNQnnFYDRQ0FwRbmJEiYMX1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB0UN81RvH0IbLSql6lc72kDmFvvMB8GA1UdIwQY
MBaAFMmLgl826cwzAxXJQN6ADLq84zl7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVl1Q1h6YnB6RE1ERmNsQTNvQU11cnpqT1hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9lYTM2MTQtZjA5MC00YTJiLTkzNTUt
Yjg5YTUxMWMzYmJkLzEvSFJRM3pWRzhmUWhzdEtxWHFWenZhUU9ZVy04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9lYTM2MTQtZjA5MC00YTJiLTkzNTUtYjg5YTUxMWMzYmJk
LzEveVl1Q1h6YnB6RE1ERmNsQTNvQU11cnpqT1hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUEanAwQC
uaoYMA0GCSqGSIb3DQEBCwUAA4IBAQAf19aemG/AYe57xnjW0hRFQkbf5bTJ9C4T
DGbWNBD/MCUv+Rr0n0TkL2wDSTst5JqPvigICo6Zqov93aPzzUwoGZRm592Sclpz
pGibXxz4gXKqNvkHNA8Ydw7rrSyDNG7OhaX8E0pjhP3s3fGwJdNBT7GZAGYT31v0
/ZP4oQ6Mcs+Fd2gU/pldLl2HhB+6ZSYXwEeqUlh57Za2hNOPJynN5jzYtOzKrtP0
ITWPYGKPqQrBm8LF1ry+nzzCMFz1PZes+QS1qP1eWdor+t0eaCJdHDSL4aR2+d3e
SuUMxW4gCRl9eC1LebpRXf12C/lQyaAHCqXvp8aHwgiVt5yHqVFr
-----END CERTIFICATE-----