Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/480d36-d1fd-4eeb-b9b8-c52dfb289843/1/HqvZQvxiyKL1MboaLwDryLqqUFg.roa
File:                     HqvZQvxiyKL1MboaLwDryLqqUFg.roa (raw, json)
Hash identifier:          mT+u/6z5BYwjN/Vy/gZNBZTVxwODTZlmFaA5Aqiy6/E=
Subject key identifier:   1E:AB:D9:42:FC:62:C8:A2:F5:31:BA:1A:2F:00:EB:C8:BA:AA:50:58
Certificate issuer:       /CN=7e64fca773e99f6adc81aa3ce5c63623ee2b1dd7
Certificate serial:       019A2A01D4650B7CFC3D44A0750709AE8C77
Authority key identifier: 7E:64:FC:A7:73:E9:9F:6A:DC:81:AA:3C:E5:C6:36:23:EE:2B:1D:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fmT8p3Ppn2rcgao85cY2I-4rHdc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/480d36-d1fd-4eeb-b9b8-c52dfb289843/1/HqvZQvxiyKL1MboaLwDryLqqUFg.roa
Signing time:             Tue 28 Oct 2025 08:49:14 +0000
ROA not before:           Tue 28 Oct 2025 08:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56811
IP address blocks:        91.227.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/480d36-d1fd-4eeb-b9b8-c52dfb289843/1/fmT8p3Ppn2rcgao85cY2I-4rHdc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/480d36-d1fd-4eeb-b9b8-c52dfb289843/1/fmT8p3Ppn2rcgao85cY2I-4rHdc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fmT8p3Ppn2rcgao85cY2I-4rHdc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 05:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2a:01:d4:65:0b:7c:fc:3d:44:a0:75:07:09:ae:8c:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e64fca773e99f6adc81aa3ce5c63623ee2b1dd7
        Validity
            Not Before: Oct 28 08:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1eabd942fc62c8a2f531ba1a2f00ebc8baaa5058
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:73:26:5f:cf:5c:c3:20:fb:f1:9f:03:1a:3c:
                    7c:3f:72:0e:05:74:58:fa:16:0f:f0:38:12:d7:09:
                    1d:20:84:54:40:45:70:d7:20:24:9f:87:b6:c5:67:
                    db:b9:22:f0:5f:9a:d9:41:24:60:69:1d:7b:2b:32:
                    b0:4d:aa:5c:c8:2b:b3:4b:3c:7e:8a:cc:ec:3a:02:
                    f6:5a:71:72:6a:0c:c6:43:41:9e:c6:ba:5e:ce:52:
                    78:59:00:f4:d9:21:9e:7e:12:b7:3d:2f:e5:ca:40:
                    f8:dd:8b:1b:b5:d2:25:17:c6:d8:c0:51:f8:aa:e0:
                    88:8e:ed:60:95:c7:11:7a:23:f2:c6:e4:2f:0e:31:
                    15:9b:a6:48:28:d9:53:f6:d9:73:51:5f:92:88:68:
                    c7:f2:63:3b:dd:12:fc:aa:5b:fc:3b:af:1a:fc:5a:
                    98:db:eb:11:d6:6a:71:4d:2b:a3:28:61:d2:4e:bf:
                    1a:bb:d8:0c:d0:23:b1:1e:3e:88:c6:dc:06:ce:1e:
                    e9:14:a0:4b:ce:1c:c3:2e:e2:66:3a:86:78:76:2e:
                    77:fb:ec:5d:2d:f3:ed:46:e0:d0:ae:96:a2:e9:ee:
                    8d:02:16:83:ac:61:0e:b4:2a:95:70:b3:3c:b1:70:
                    3d:d7:28:7b:f4:3a:31:d8:7c:79:29:09:bf:32:8a:
                    94:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:AB:D9:42:FC:62:C8:A2:F5:31:BA:1A:2F:00:EB:C8:BA:AA:50:58
            X509v3 Authority Key Identifier:
                keyid:7E:64:FC:A7:73:E9:9F:6A:DC:81:AA:3C:E5:C6:36:23:EE:2B:1D:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fmT8p3Ppn2rcgao85cY2I-4rHdc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/480d36-d1fd-4eeb-b9b8-c52dfb289843/1/HqvZQvxiyKL1MboaLwDryLqqUFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/480d36-d1fd-4eeb-b9b8-c52dfb289843/1/fmT8p3Ppn2rcgao85cY2I-4rHdc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:da:8f:f6:91:95:40:31:7d:0f:f0:83:63:b7:b6:40:c3:24:
         c8:11:21:63:d8:35:52:69:66:18:b8:0d:7d:2b:ba:50:4d:8d:
         8f:90:06:59:44:97:e4:59:c1:b5:40:0a:cb:77:0e:9b:e5:25:
         b3:c8:b9:7f:22:1d:18:9a:93:c8:12:c0:91:b0:ae:7a:a7:5c:
         a4:f1:a2:50:e4:42:0c:60:f2:1f:e5:eb:01:5d:32:e3:f9:71:
         23:22:72:df:98:95:6f:81:92:fa:e2:f6:db:6f:4d:58:da:58:
         d4:12:30:a6:80:9a:29:f1:85:7d:aa:29:8a:01:ff:c2:22:3a:
         90:30:18:35:2f:be:0b:cd:b6:8d:62:7b:07:89:92:80:28:5b:
         a6:08:ca:6d:c9:2c:f4:97:54:86:0d:6d:cb:e7:b7:24:54:5a:
         56:44:a2:a7:89:9a:51:e3:73:87:6c:1f:a2:86:95:28:5b:c6:
         4a:fc:4f:cf:df:72:c9:e7:db:0d:2e:17:9b:b5:de:33:56:7f:
         64:dd:71:94:4b:38:90:8a:75:f5:31:6b:0c:01:25:23:9f:80:
         45:94:e9:ba:32:ba:74:d6:55:41:82:5f:b4:3e:0f:5a:ed:e7:
         5d:a3:e5:07:cb:3e:14:11:e9:51:86:35:e6:47:64:43:47:6a:
         1f:c3:ae:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoqAdRlC3z8PUSgdQcJrox3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlNjRmY2E3NzNlOTlmNmFkYzgxYWEzY2U1YzYzNjIzZWUy
YjFkZDcwHhcNMjUxMDI4MDg0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWFiZDk0MmZjNjJjOGEyZjUzMWJhMWEyZjAwZWJjOGJhYWE1MDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXMmX89cwyD78Z8DGjx8P3IOBXRY
+hYP8DgS1wkdIIRUQEVw1yAkn4e2xWfbuSLwX5rZQSRgaR17KzKwTapcyCuzSzx+
iszsOgL2WnFyagzGQ0GexrpezlJ4WQD02SGefhK3PS/lykD43YsbtdIlF8bYwFH4
quCIju1glccReiPyxuQvDjEVm6ZIKNlT9tlzUV+SiGjH8mM73RL8qlv8O68a/FqY
2+sR1mpxTSujKGHSTr8au9gM0COxHj6IxtwGzh7pFKBLzhzDLuJmOoZ4di53++xd
LfPtRuDQrpai6e6NAhaDrGEOtCqVcLM8sXA91yh79Dox2Hx5KQm/MoqU6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB6r2UL8Ysii9TG6Gi8A68i6qlBYMB8GA1UdIwQY
MBaAFH5k/Kdz6Z9q3IGqPOXGNiPuKx3XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZm1UOHAzUHBuMnJjZ2FvODVjWTJJLTRySGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC80ODBkMzYtZDFmZC00ZWViLWI5Yjgt
YzUyZGZiMjg5ODQzLzEvSHF2WlF2eGl5S0wxTWJvYUx3RHJ5THFxVUZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC80ODBkMzYtZDFmZC00ZWViLWI5YjgtYzUyZGZiMjg5ODQz
LzEvZm1UOHAzUHBuMnJjZ2FvODVjWTJJLTRySGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+P/MA0G
CSqGSIb3DQEBCwUAA4IBAQAm2o/2kZVAMX0P8INjt7ZAwyTIESFj2DVSaWYYuA19
K7pQTY2PkAZZRJfkWcG1QArLdw6b5SWzyLl/Ih0YmpPIEsCRsK56p1yk8aJQ5EIM
YPIf5esBXTLj+XEjInLfmJVvgZL64vbbb01Y2ljUEjCmgJop8YV9qimKAf/CIjqQ
MBg1L74LzbaNYnsHiZKAKFumCMptySz0l1SGDW3L57ckVFpWRKKniZpR43OHbB+i
hpUoW8ZK/E/P33LJ59sNLhebtd4zVn9k3XGUSziQinX1MWsMASUjn4BFlOm6Mrp0
1lVBgl+0Pg9a7eddo+UHyz4UEelRhjXmR2RDR2ofw65T
-----END CERTIFICATE-----