Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/810c72-d416-4a14-8aca-a8faeeb7ee52/1/t0qPcPRjVDt7pBpmEOs0txskz9Y.roa
File:                     t0qPcPRjVDt7pBpmEOs0txskz9Y.roa (raw, json)
Hash identifier:          XD1Ri+rvAUqquChGrpBG2cA7FtrzDzcA4IhVajyPuaw=
Subject key identifier:   B7:4A:8F:70:F4:63:54:3B:7B:A4:1A:66:10:EB:34:B7:1B:24:CF:D6
Certificate issuer:       /CN=1c73a7fc304bc02d8074476d075db5cdcd2dabde
Certificate serial:       019A6D523EA35F4AF2C1435A41A75D03781C
Authority key identifier: 1C:73:A7:FC:30:4B:C0:2D:80:74:47:6D:07:5D:B5:CD:CD:2D:AB:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHOn_DBLwC2AdEdtB121zc0tq94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/810c72-d416-4a14-8aca-a8faeeb7ee52/1/t0qPcPRjVDt7pBpmEOs0txskz9Y.roa
Signing time:             Mon 10 Nov 2025 10:31:37 +0000
ROA not before:           Mon 10 Nov 2025 10:31:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198949
IP address blocks:        147.84.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/810c72-d416-4a14-8aca-a8faeeb7ee52/1/HHOn_DBLwC2AdEdtB121zc0tq94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/810c72-d416-4a14-8aca-a8faeeb7ee52/1/HHOn_DBLwC2AdEdtB121zc0tq94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHOn_DBLwC2AdEdtB121zc0tq94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:6d:52:3e:a3:5f:4a:f2:c1:43:5a:41:a7:5d:03:78:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c73a7fc304bc02d8074476d075db5cdcd2dabde
        Validity
            Not Before: Nov 10 10:31:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b74a8f70f463543b7ba41a6610eb34b71b24cfd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:94:89:9c:d2:dc:e7:e5:f4:ab:c4:9a:64:6d:
                    93:45:76:77:5f:c9:de:b5:68:b9:23:57:75:1c:e8:
                    d5:1e:58:e3:b6:8d:97:bb:ab:b5:d6:06:04:55:a4:
                    dd:ff:4a:f3:8e:e8:9b:a8:88:75:22:ed:1d:20:92:
                    b8:1e:cc:0a:39:ab:bb:ad:21:82:8a:97:b6:79:97:
                    06:91:65:f1:9f:22:5f:e3:83:45:93:9b:4d:ce:2f:
                    47:0f:05:41:72:07:a2:c9:b0:a8:1f:7d:d6:f2:40:
                    da:33:29:9f:e5:c7:38:6b:8e:49:6d:85:f3:f1:11:
                    2f:cd:84:be:7f:af:1a:46:7d:0e:4a:4d:79:75:d3:
                    85:13:ec:29:3e:e2:be:55:4d:4b:9d:3c:f6:5d:3f:
                    32:f9:fa:5b:79:ce:62:56:1d:ab:42:21:2b:88:96:
                    bd:1d:e2:02:3c:c9:1b:19:f9:89:ac:fb:22:20:73:
                    38:75:58:46:6d:72:1f:69:6a:4b:56:9c:6c:94:2c:
                    72:bc:a8:23:66:44:1c:b2:82:bc:e4:71:31:4d:d4:
                    c3:d4:5a:30:29:d4:1d:46:61:46:d2:c4:a5:bc:6f:
                    9b:d1:16:30:98:cc:44:7d:18:0b:1d:62:9f:00:1f:
                    b1:91:66:ba:c4:14:5f:87:66:ac:86:6d:bf:2f:20:
                    e1:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:4A:8F:70:F4:63:54:3B:7B:A4:1A:66:10:EB:34:B7:1B:24:CF:D6
            X509v3 Authority Key Identifier:
                keyid:1C:73:A7:FC:30:4B:C0:2D:80:74:47:6D:07:5D:B5:CD:CD:2D:AB:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHOn_DBLwC2AdEdtB121zc0tq94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/810c72-d416-4a14-8aca-a8faeeb7ee52/1/t0qPcPRjVDt7pBpmEOs0txskz9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/810c72-d416-4a14-8aca-a8faeeb7ee52/1/HHOn_DBLwC2AdEdtB121zc0tq94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.84.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a1:24:8e:ed:6f:8b:b6:25:09:ec:b4:ae:f3:4b:ca:54:20:b5:
         1d:2a:e9:73:88:9e:1b:42:ec:90:36:d0:ce:cc:17:76:84:3a:
         51:6c:30:f5:c8:9f:67:00:8e:c2:ae:5a:08:2a:68:f2:d0:fe:
         e4:1e:3e:b1:73:e9:c2:52:cb:ed:67:80:aa:53:d0:78:91:76:
         9e:77:54:b9:1a:73:f4:81:21:6e:0e:a7:ba:6d:d8:5d:d2:ce:
         f2:9f:f6:b1:fc:e5:0d:97:2a:91:1e:e0:a1:34:41:d7:f4:73:
         3d:d6:c3:1e:a3:05:51:22:c0:73:60:72:01:68:6e:76:4f:b3:
         a3:b8:05:b6:f2:b9:c8:3c:d0:43:98:00:27:bf:e2:88:b1:b1:
         ee:69:e1:a1:df:bd:b9:7b:6c:a3:60:6c:79:c4:0d:7b:65:5b:
         5b:ff:40:b1:c5:2b:2a:8a:ca:fc:f0:23:65:65:c1:bc:36:1f:
         32:09:c8:58:8a:fe:69:b5:65:24:d0:0e:ff:71:af:8d:ef:51:
         16:57:22:e2:25:3a:11:02:05:da:ba:0b:25:45:5b:87:39:b2:
         b2:3c:08:c1:11:8a:56:6f:d1:81:7c:08:d7:7c:55:9a:47:d7:
         73:cf:cc:cf:38:40:ce:ad:a8:5a:bc:ae:a9:96:ea:f2:ab:9d:
         bc:c9:90:c4
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZptUj6jX0rywUNaQaddA3gcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNzNhN2ZjMzA0YmMwMmQ4MDc0NDc2ZDA3NWRiNWNkY2Qy
ZGFiZGUwHhcNMjUxMTEwMTAzMTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzRhOGY3MGY0NjM1NDNiN2JhNDFhNjYxMGViMzRiNzFiMjRjZmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlpSJnNLc5+X0q8SaZG2TRXZ3X8ne
tWi5I1d1HOjVHljjto2Xu6u11gYEVaTd/0rzjuibqIh1Iu0dIJK4HswKOau7rSGC
ipe2eZcGkWXxnyJf44NFk5tNzi9HDwVBcgeiybCoH33W8kDaMymf5cc4a45JbYXz
8REvzYS+f68aRn0OSk15ddOFE+wpPuK+VU1LnTz2XT8y+fpbec5iVh2rQiEriJa9
HeICPMkbGfmJrPsiIHM4dVhGbXIfaWpLVpxslCxyvKgjZkQcsoK85HExTdTD1Fow
KdQdRmFG0sSlvG+b0RYwmMxEfRgLHWKfAB+xkWa6xBRfh2ashm2/LyDhnwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFLdKj3D0Y1Q7e6QaZhDrNLcbJM/WMB8GA1UdIwQY
MBaAFBxzp/wwS8AtgHRHbQddtc3NLaveMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhPbl9EQkx3QzJBZEVkdEIxMjF6YzB0cTk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy84MTBjNzItZDQxNi00YTE0LThhY2Et
YThmYWVlYjdlZTUyLzEvdDBxUGNQUmpWRHQ3cEJwbUVPczB0eHNrejlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy84MTBjNzItZDQxNi00YTE0LThhY2EtYThmYWVlYjdlZTUy
LzEvSEhPbl9EQkx3QzJBZEVkdEIxMjF6YzB0cTk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAk1QwDQYJ
KoZIhvcNAQELBQADggEBAKEkju1vi7YlCey0rvNLylQgtR0q6XOInhtC7JA20M7M
F3aEOlFsMPXIn2cAjsKuWggqaPLQ/uQePrFz6cJSy+1ngKpT0HiRdp53VLkac/SB
IW4Op7pt2F3SzvKf9rH85Q2XKpEe4KE0Qdf0cz3Wwx6jBVEiwHNgcgFobnZPs6O4
Bbbyucg80EOYACe/4oixse5p4aHfvbl7bKNgbHnEDXtlW1v/QLHFKyqKyvzwI2Vl
wbw2HzIJyFiK/mm1ZSTQDv9xr43vURZXIuIlOhECBdq6CyVFW4c5srI8CMERilZv
0YF8CNd8VZpH13PPzM84QM6tqFq8rqmW6vKrnbzJkMQ=
-----END CERTIFICATE-----