Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/hmCWYHAx_l1n1SYpS9jRT3uM0iI.roa
File:                     hmCWYHAx_l1n1SYpS9jRT3uM0iI.roa (raw, json)
Hash identifier:          2xccex4c5TiEuZ5rxVkKqjI8A2nitz/9qzZXBxsXe9E=
Subject key identifier:   86:60:96:60:70:31:FE:5D:67:D5:26:29:4B:D8:D1:4F:7B:8C:D2:22
Certificate issuer:       /CN=1c4e6a1d3cc1e4f3dc01ab96c94196b9c49d2916
Certificate serial:       0198A4B72C406F362F6E2A322B22769DB2F4
Authority key identifier: 1C:4E:6A:1D:3C:C1:E4:F3:DC:01:AB:96:C9:41:96:B9:C4:9D:29:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HE5qHTzB5PPcAauWyUGWucSdKRY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/hmCWYHAx_l1n1SYpS9jRT3uM0iI.roa
Signing time:             Wed 13 Aug 2025 18:35:24 +0000
ROA not before:           Wed 13 Aug 2025 18:35:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205899
IP address blocks:        194.88.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/HE5qHTzB5PPcAauWyUGWucSdKRY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/HE5qHTzB5PPcAauWyUGWucSdKRY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HE5qHTzB5PPcAauWyUGWucSdKRY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Aug 2025 21:01:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a4:b7:2c:40:6f:36:2f:6e:2a:32:2b:22:76:9d:b2:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c4e6a1d3cc1e4f3dc01ab96c94196b9c49d2916
        Validity
            Not Before: Aug 13 18:35:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=866096607031fe5d67d526294bd8d14f7b8cd222
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:dd:d3:c6:de:27:73:0e:88:48:34:dc:5e:ef:
                    07:71:ae:b1:5b:9e:42:61:cd:35:2e:fe:5a:ed:cb:
                    4d:c4:f3:24:6b:27:ac:75:01:47:b8:3b:57:61:8a:
                    72:c4:ad:b0:6b:60:fe:a7:21:a3:0e:dd:cf:62:f2:
                    05:d2:3f:a9:5a:68:43:89:d3:ec:3e:7c:cd:e4:82:
                    a6:05:de:43:22:0a:10:a4:a7:4b:22:76:e1:40:09:
                    62:a4:93:ee:ed:40:a5:ea:aa:34:92:29:95:54:eb:
                    58:e2:c7:37:24:0f:b5:49:77:2e:35:af:ab:32:a2:
                    4f:12:bc:49:23:59:a7:c9:c8:27:c5:e4:d2:6f:2e:
                    15:cd:87:4f:3b:32:59:d6:64:19:10:eb:d9:ef:60:
                    c5:ec:99:7f:10:16:f8:a3:52:92:fe:81:85:23:9d:
                    03:6b:79:36:5b:b2:f0:43:ac:aa:c0:a0:e2:46:d4:
                    02:77:b4:66:5e:2e:df:82:1f:8f:10:fa:e7:e4:00:
                    41:0f:6f:c2:97:36:9a:d5:00:41:bb:df:88:d9:5c:
                    a8:c6:e1:51:4c:5f:81:9b:b7:7f:ce:df:28:06:0e:
                    df:35:2c:7f:91:96:ec:f1:19:a5:4e:f1:e4:5d:87:
                    9b:06:f5:3f:0d:ed:3b:7a:44:d8:ef:bc:e3:3b:d1:
                    aa:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:60:96:60:70:31:FE:5D:67:D5:26:29:4B:D8:D1:4F:7B:8C:D2:22
            X509v3 Authority Key Identifier:
                keyid:1C:4E:6A:1D:3C:C1:E4:F3:DC:01:AB:96:C9:41:96:B9:C4:9D:29:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HE5qHTzB5PPcAauWyUGWucSdKRY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/hmCWYHAx_l1n1SYpS9jRT3uM0iI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/HE5qHTzB5PPcAauWyUGWucSdKRY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.88.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:b3:eb:cf:a4:4a:15:22:86:32:03:90:12:02:14:68:ea:23:
         fe:47:8c:ea:b0:81:3f:a5:7e:14:d7:e7:2f:40:aa:67:6a:a8:
         8f:43:00:82:3d:ff:fa:fe:90:8c:23:e5:8b:c5:79:c7:e8:97:
         b4:8a:32:46:e2:8b:9b:eb:f5:1e:74:56:12:99:35:72:ae:c4:
         b4:92:10:b9:6e:05:6d:c7:a2:c0:7f:a0:2f:ae:7d:c5:05:24:
         55:ba:d7:73:21:59:5b:67:45:03:09:7a:07:3c:41:d4:81:72:
         03:13:73:ec:cf:87:86:9b:ed:4d:87:b8:19:87:1a:e9:2b:b6:
         c2:ab:6b:97:3a:7f:a3:20:5a:91:5f:81:bf:5f:eb:a3:cf:9a:
         67:20:ab:67:46:b6:01:64:81:d2:5a:2d:cc:e6:19:db:51:cd:
         4f:1f:62:86:f6:b5:83:74:2f:67:3c:32:38:e3:37:4a:ea:55:
         7a:75:b8:ef:8b:ee:9d:79:a7:20:7c:c8:73:5a:9a:f4:e7:1e:
         6d:da:a9:4b:f4:31:77:71:75:b7:c8:55:87:58:b2:aa:4b:4a:
         20:a7:1a:c9:b8:af:11:b6:1b:42:19:61:c1:cc:21:8f:b7:14:
         b3:8c:7b:10:a9:27:d2:21:ca:47:64:44:59:67:3a:c6:9f:01:
         4f:83:68:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiktyxAbzYvbioyKyJ2nbL0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNGU2YTFkM2NjMWU0ZjNkYzAxYWI5NmM5NDE5NmI5YzQ5
ZDI5MTYwHhcNMjUwODEzMTgzNTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjYwOTY2MDcwMzFmZTVkNjdkNTI2Mjk0YmQ4ZDE0ZjdiOGNkMjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlt3Txt4ncw6ISDTcXu8Hca6xW55C
Yc01Lv5a7ctNxPMkayesdQFHuDtXYYpyxK2wa2D+pyGjDt3PYvIF0j+pWmhDidPs
PnzN5IKmBd5DIgoQpKdLInbhQAlipJPu7UCl6qo0kimVVOtY4sc3JA+1SXcuNa+r
MqJPErxJI1mnycgnxeTSby4VzYdPOzJZ1mQZEOvZ72DF7Jl/EBb4o1KS/oGFI50D
a3k2W7LwQ6yqwKDiRtQCd7RmXi7fgh+PEPrn5ABBD2/Clzaa1QBBu9+I2VyoxuFR
TF+Bm7d/zt8oBg7fNSx/kZbs8RmlTvHkXYebBvU/De07ekTY77zjO9GqNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZglmBwMf5dZ9UmKUvY0U97jNIiMB8GA1UdIwQY
MBaAFBxOah08weTz3AGrlslBlrnEnSkWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEU1cUhUekI1UFBjQWF1V3lVR1d1Y1NkS1JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi85NmIxMTctZmQzYi00Zjc0LWIzYmYt
MWE0MmY2MzJjMzA3LzEvaG1DV1lIQXhfbDFuMVNZcFM5alJUM3VNMGlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi85NmIxMTctZmQzYi00Zjc0LWIzYmYtMWE0MmY2MzJjMzA3
LzEvSEU1cUhUekI1UFBjQWF1V3lVR1d1Y1NkS1JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwljoMA0G
CSqGSIb3DQEBCwUAA4IBAQAys+vPpEoVIoYyA5ASAhRo6iP+R4zqsIE/pX4U1+cv
QKpnaqiPQwCCPf/6/pCMI+WLxXnH6Je0ijJG4oub6/UedFYSmTVyrsS0khC5bgVt
x6LAf6Avrn3FBSRVutdzIVlbZ0UDCXoHPEHUgXIDE3Psz4eGm+1Nh7gZhxrpK7bC
q2uXOn+jIFqRX4G/X+ujz5pnIKtnRrYBZIHSWi3M5hnbUc1PH2KG9rWDdC9nPDI4
4zdK6lV6dbjvi+6deacgfMhzWpr05x5t2qlL9DF3cXW3yFWHWLKqS0ogpxrJuK8R
thtCGWHBzCGPtxSzjHsQqSfSIcpHZERZZzrGnwFPg2hy
-----END CERTIFICATE-----