Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/hbPHcAEispdJwHkapnpiUBSZVC8.roa
File:                     hbPHcAEispdJwHkapnpiUBSZVC8.roa (raw, json)
Hash identifier:          tlCAOs9e2guuKwicY1QVCukZZj7K6ro7uSLCMpD7J4c=
Subject key identifier:   85:B3:C7:70:01:22:B2:97:49:C0:79:1A:A6:7A:62:50:14:99:54:2F
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019A25276F7B46895FBE760EF16DB1F32011
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/hbPHcAEispdJwHkapnpiUBSZVC8.roa
Signing time:             Mon 27 Oct 2025 10:12:12 +0000
ROA not before:           Mon 27 Oct 2025 10:12:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210448
IP address blocks:        217.60.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 07 Nov 2025 14:56:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:25:27:6f:7b:46:89:5f:be:76:0e:f1:6d:b1:f3:20:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct 27 10:12:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85b3c7700122b29749c0791aa67a62501499542f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:68:cb:24:0b:dd:b2:8e:10:64:e6:5b:b1:63:
                    94:2c:0c:a9:b2:9d:1f:25:c6:08:61:bc:4a:58:bd:
                    c4:6f:e7:bb:52:ad:ed:31:23:06:92:97:82:75:98:
                    09:16:66:f2:6f:66:20:ee:f7:03:6f:b6:5f:fe:85:
                    bf:cd:14:c3:fc:e5:4c:ce:cf:de:fb:98:d6:4f:81:
                    c7:74:7b:f1:b5:b4:1d:0b:37:61:2b:9b:92:78:62:
                    3c:89:e3:8d:fe:2a:bf:f7:20:b9:ac:7b:26:e6:98:
                    5b:69:85:c6:2f:91:22:61:f2:f5:f2:44:a4:3c:4f:
                    73:14:42:8d:e4:87:c7:36:16:51:4b:ad:83:b9:52:
                    ba:0d:45:12:fc:cd:ac:ef:32:da:2f:51:42:fc:ed:
                    da:e3:da:9f:fc:59:65:58:6e:45:ca:a3:e2:04:0c:
                    c4:11:69:5e:de:af:5f:66:4c:89:e3:c9:8e:76:a4:
                    c8:f6:6b:60:ca:35:4d:7a:1f:62:20:f4:d5:f3:9c:
                    85:0b:71:8e:cd:a0:1f:5b:75:f5:10:0b:b5:0e:f8:
                    a2:38:eb:70:cc:c8:7c:a0:7c:b2:25:d2:c3:7f:0e:
                    96:dc:55:ce:bc:79:07:6d:4b:15:7c:1a:ad:c3:18:
                    f7:87:86:b2:15:da:ea:a3:a5:d6:d1:93:32:95:1e:
                    92:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:B3:C7:70:01:22:B2:97:49:C0:79:1A:A6:7A:62:50:14:99:54:2F
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/hbPHcAEispdJwHkapnpiUBSZVC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:95:86:75:0a:8a:50:c0:62:0f:f2:14:cc:30:00:02:57:a8:
         eb:55:77:82:12:dc:73:e5:f7:ee:89:38:17:82:3a:a5:cc:68:
         12:f2:6e:d2:d4:50:18:4e:2e:b8:d6:47:f8:3d:62:ac:93:d2:
         ba:36:f9:c6:b4:b3:0b:f3:5b:07:b4:47:ba:43:26:c7:6c:d7:
         9b:ed:97:44:96:b7:73:6b:58:d1:20:50:3f:ac:de:6d:ed:77:
         55:1c:2d:61:08:67:61:36:16:c6:b4:d5:04:4f:0b:68:c4:b4:
         95:14:e1:08:b6:7c:9b:55:1f:d1:ea:60:c1:cc:42:4c:04:fa:
         5d:28:ad:0f:e5:fb:8f:cc:29:ea:d1:3e:53:66:51:f8:56:85:
         ac:fe:72:02:ab:61:a6:57:ab:87:ca:6c:2f:31:1c:2b:16:ac:
         70:79:5b:d8:fb:a3:80:5e:f2:e6:76:28:7a:86:f8:c9:00:ae:
         4e:4a:b3:51:ac:f6:50:12:4f:5d:ab:fa:d6:03:9c:73:e2:e5:
         df:dc:ce:df:a0:cc:2d:ab:2d:4c:07:98:55:56:f2:0a:35:ba:
         66:f9:ff:5b:5d:94:b5:5b:cc:90:bb:29:c6:41:15:0a:ef:3f:
         70:5e:b6:e9:46:d6:fd:a4:10:21:77:10:ec:d9:3f:cd:3e:d9:
         f3:f0:f1:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZolJ297RolfvnYO8W2x8yARMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMDI3MTAxMjEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWIzYzc3MDAxMjJiMjk3NDljMDc5MWFhNjdhNjI1MDE0OTk1NDJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+GjLJAvdso4QZOZbsWOULAypsp0f
JcYIYbxKWL3Eb+e7Uq3tMSMGkpeCdZgJFmbyb2Yg7vcDb7Zf/oW/zRTD/OVMzs/e
+5jWT4HHdHvxtbQdCzdhK5uSeGI8ieON/iq/9yC5rHsm5phbaYXGL5EiYfL18kSk
PE9zFEKN5IfHNhZRS62DuVK6DUUS/M2s7zLaL1FC/O3a49qf/FllWG5FyqPiBAzE
EWle3q9fZkyJ48mOdqTI9mtgyjVNeh9iIPTV85yFC3GOzaAfW3X1EAu1DviiOOtw
zMh8oHyyJdLDfw6W3FXOvHkHbUsVfBqtwxj3h4ayFdrqo6XW0ZMylR6SsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIWzx3ABIrKXScB5GqZ6YlAUmVQvMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvaGJQSGNBRWlzcGRKd0hrYXBucGlVQlNaVkM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2TwNMA0G
CSqGSIb3DQEBCwUAA4IBAQAElYZ1CopQwGIP8hTMMAACV6jrVXeCEtxz5ffuiTgX
gjqlzGgS8m7S1FAYTi641kf4PWKsk9K6NvnGtLML81sHtEe6QybHbNeb7ZdElrdz
a1jRIFA/rN5t7XdVHC1hCGdhNhbGtNUETwtoxLSVFOEItnybVR/R6mDBzEJMBPpd
KK0P5fuPzCnq0T5TZlH4VoWs/nICq2GmV6uHymwvMRwrFqxweVvY+6OAXvLmdih6
hvjJAK5OSrNRrPZQEk9dq/rWA5xz4uXf3M7foMwtqy1MB5hVVvIKNbpm+f9bXZS1
W8yQuynGQRUK7z9wXrbpRtb9pBAhdxDs2T/NPtnz8PFg
-----END CERTIFICATE-----