Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/d045ca-c1f7-4ed9-afdb-090c46e9f2ed/1/0HqlbKdQQOK20VPAmPUPyQddTXs.roa
File:                     0HqlbKdQQOK20VPAmPUPyQddTXs.roa (raw, json)
Hash identifier:          aRBFmT811p8OCKoTireOuzqal/+u+Ljk+6nGgNDmrp4=
Subject key identifier:   D0:7A:A5:6C:A7:50:40:E2:B6:D1:53:C0:98:F5:0F:C9:07:5D:4D:7B
Certificate issuer:       /CN=dc94bb69453f139a60029e22db0fb3424a906cee
Certificate serial:       01992F72472E4DE03A2E3EB8DF78F8394CFF
Authority key identifier: DC:94:BB:69:45:3F:13:9A:60:02:9E:22:DB:0F:B3:42:4A:90:6C:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JS7aUU_E5pgAp4i2w-zQkqQbO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/d045ca-c1f7-4ed9-afdb-090c46e9f2ed/1/0HqlbKdQQOK20VPAmPUPyQddTXs.roa
Signing time:             Tue 09 Sep 2025 17:07:22 +0000
ROA not before:           Tue 09 Sep 2025 17:07:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28917
IP address blocks:        178.255.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/d045ca-c1f7-4ed9-afdb-090c46e9f2ed/1/3JS7aUU_E5pgAp4i2w-zQkqQbO4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/d045ca-c1f7-4ed9-afdb-090c46e9f2ed/1/3JS7aUU_E5pgAp4i2w-zQkqQbO4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JS7aUU_E5pgAp4i2w-zQkqQbO4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Sep 2025 20:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:2f:72:47:2e:4d:e0:3a:2e:3e:b8:df:78:f8:39:4c:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc94bb69453f139a60029e22db0fb3424a906cee
        Validity
            Not Before: Sep  9 17:07:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d07aa56ca75040e2b6d153c098f50fc9075d4d7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:e5:db:ad:9d:f0:8a:51:a0:dc:17:32:1d:89:
                    64:d6:38:a8:0b:64:ce:71:78:72:83:82:80:ff:98:
                    d6:67:3c:2f:d9:51:6b:9f:8f:b7:8c:da:6a:43:12:
                    e5:7d:ff:76:ab:69:81:72:aa:99:82:7d:0f:1e:21:
                    96:fb:3b:13:6a:ab:55:06:58:ad:fe:7e:31:c0:dc:
                    36:da:06:27:2a:83:33:f3:65:39:72:e1:07:c1:8a:
                    1b:13:43:39:97:ec:66:de:9c:d9:bd:7e:8f:d1:ff:
                    c0:cd:48:60:4c:17:1c:3a:83:ac:21:a5:bc:96:02:
                    ad:5d:f2:32:a6:58:ba:87:9f:04:71:8b:0f:ed:eb:
                    eb:ad:d1:ee:d9:52:e6:1b:11:7b:f0:d7:05:1b:4a:
                    8d:b4:60:66:c9:76:da:b3:ee:0c:93:6d:75:42:b5:
                    d8:c5:a9:50:51:79:d7:7f:89:00:f2:47:84:25:19:
                    27:58:b3:a1:c4:c7:4f:7d:06:7c:9c:dc:84:aa:66:
                    46:fa:df:12:e3:81:24:d7:c9:43:60:44:7e:2b:04:
                    ba:b2:66:fb:05:20:e8:d9:e2:40:5f:13:4e:b0:d9:
                    32:05:1e:dd:3a:15:f2:d0:94:31:91:4f:4f:ed:c7:
                    dc:8a:9e:8b:f9:21:fa:65:1e:ab:fc:d7:9b:d6:3c:
                    71:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:7A:A5:6C:A7:50:40:E2:B6:D1:53:C0:98:F5:0F:C9:07:5D:4D:7B
            X509v3 Authority Key Identifier:
                keyid:DC:94:BB:69:45:3F:13:9A:60:02:9E:22:DB:0F:B3:42:4A:90:6C:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JS7aUU_E5pgAp4i2w-zQkqQbO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/d045ca-c1f7-4ed9-afdb-090c46e9f2ed/1/0HqlbKdQQOK20VPAmPUPyQddTXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/d045ca-c1f7-4ed9-afdb-090c46e9f2ed/1/3JS7aUU_E5pgAp4i2w-zQkqQbO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.255.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:24:4c:4e:33:a9:ed:9f:12:3d:6d:91:d1:24:7a:70:89:8d:
         8c:05:f5:28:33:b2:83:d9:e2:b3:c0:a6:cf:cd:5c:4c:e7:23:
         05:61:8a:d6:53:61:68:2b:99:46:55:b2:64:fd:3e:df:d5:16:
         ee:1f:01:86:d5:96:ae:d7:c8:e1:49:29:2d:f7:29:af:42:76:
         0a:b6:1b:3b:4d:4b:67:6f:e1:85:7d:41:ef:45:d6:ef:9e:c3:
         ae:ea:6c:0a:c3:90:d0:3d:26:71:db:dd:e0:b2:ab:4f:2c:f8:
         5c:36:a9:05:44:7d:49:4b:c4:93:fd:56:b5:0e:0a:ea:15:e4:
         b0:e6:0f:1d:90:6c:b9:b2:ca:60:40:e5:24:f5:07:16:ce:c1:
         bb:de:4a:78:bc:8d:95:22:51:78:61:cb:3b:5c:47:b5:19:d0:
         84:ca:8c:95:ef:e0:b7:73:2b:26:f2:e9:3f:4c:8b:dc:02:d5:
         49:31:b6:fd:c0:71:26:bf:31:c5:88:74:a5:eb:2e:20:4a:d0:
         43:ec:ff:b5:ea:a0:f3:e1:e1:c7:d6:3f:79:b2:30:10:9b:93:
         e9:41:44:5a:07:2c:c6:9b:4a:cd:ab:9a:9c:17:87:9a:a9:35:
         4f:38:c2:5d:fa:70:c8:f9:86:ec:46:b1:d4:6c:66:ca:00:75:
         15:20:86:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkvckcuTeA6Lj6433j4OUz/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjOTRiYjY5NDUzZjEzOWE2MDAyOWUyMmRiMGZiMzQyNGE5
MDZjZWUwHhcNMjUwOTA5MTcwNzIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDdhYTU2Y2E3NTA0MGUyYjZkMTUzYzA5OGY1MGZjOTA3NWQ0ZDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+uXbrZ3wilGg3BcyHYlk1jioC2TO
cXhyg4KA/5jWZzwv2VFrn4+3jNpqQxLlff92q2mBcqqZgn0PHiGW+zsTaqtVBlit
/n4xwNw22gYnKoMz82U5cuEHwYobE0M5l+xm3pzZvX6P0f/AzUhgTBccOoOsIaW8
lgKtXfIypli6h58EcYsP7evrrdHu2VLmGxF78NcFG0qNtGBmyXbas+4Mk211QrXY
xalQUXnXf4kA8keEJRknWLOhxMdPfQZ8nNyEqmZG+t8S44Ek18lDYER+KwS6smb7
BSDo2eJAXxNOsNkyBR7dOhXy0JQxkU9P7cfcip6L+SH6ZR6r/Neb1jxxKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNB6pWynUEDittFTwJj1D8kHXU17MB8GA1UdIwQY
MBaAFNyUu2lFPxOaYAKeItsPs0JKkGzuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0pTN2FVVV9FNXBnQXA0aTJ3LXpRa3FRYk80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9kMDQ1Y2EtYzFmNy00ZWQ5LWFmZGIt
MDkwYzQ2ZTlmMmVkLzEvMEhxbGJLZFFRT0syMFZQQW1QVVB5UWRkVFhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9kMDQ1Y2EtYzFmNy00ZWQ5LWFmZGItMDkwYzQ2ZTlmMmVk
LzEvM0pTN2FVVV9FNXBnQXA0aTJ3LXpRa3FRYk80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv+2MA0G
CSqGSIb3DQEBCwUAA4IBAQC5JExOM6ntnxI9bZHRJHpwiY2MBfUoM7KD2eKzwKbP
zVxM5yMFYYrWU2FoK5lGVbJk/T7f1RbuHwGG1Zau18jhSSkt9ymvQnYKths7TUtn
b+GFfUHvRdbvnsOu6mwKw5DQPSZx293gsqtPLPhcNqkFRH1JS8ST/Va1DgrqFeSw
5g8dkGy5sspgQOUk9QcWzsG73kp4vI2VIlF4Ycs7XEe1GdCEyoyV7+C3cysm8uk/
TIvcAtVJMbb9wHEmvzHFiHSl6y4gStBD7P+16qDz4eHH1j95sjAQm5PpQURaByzG
m0rNq5qcF4eaqTVPOMJd+nDI+YbsRrHUbGbKAHUVIIZs
-----END CERTIFICATE-----