Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/HH7LiS3U3uopaZw4Q2ypSb4mHCU.roa
File:                     HH7LiS3U3uopaZw4Q2ypSb4mHCU.roa (raw, json)
Hash identifier:          g8QkQGvHJtb9sSJ+GjbOOdCXOEktOE2F1fhBHqBOKls=
Subject key identifier:   1C:7E:CB:89:2D:D4:DE:EA:29:69:9C:38:43:6C:A9:49:BE:26:1C:25
Certificate issuer:       /CN=0bf543e23e29fb03748d0939726f30fe9affa19e
Certificate serial:       019A25F3751C673B00D0DAEDB9D2C5ECB860
Authority key identifier: 0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/HH7LiS3U3uopaZw4Q2ypSb4mHCU.roa
Signing time:             Mon 27 Oct 2025 13:55:03 +0000
ROA not before:           Mon 27 Oct 2025 13:55:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49824
IP address blocks:        45.12.24.0/24 maxlen: 24
                          45.12.25.0/24 maxlen: 24
                          45.12.26.0/24 maxlen: 24
                          193.38.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:25:f3:75:1c:67:3b:00:d0:da:ed:b9:d2:c5:ec:b8:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bf543e23e29fb03748d0939726f30fe9affa19e
        Validity
            Not Before: Oct 27 13:55:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c7ecb892dd4deea29699c38436ca949be261c25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:01:c2:3b:ba:04:f0:ce:cc:3a:d1:74:14:36:
                    9e:c6:45:97:ba:c5:45:e8:42:d8:f6:2d:fc:12:d4:
                    97:13:f1:10:38:45:7c:ff:f7:16:f5:3f:3d:ab:3d:
                    70:d8:cf:06:7c:35:63:e6:20:fd:87:a7:d0:63:df:
                    3c:a2:8f:24:0a:6c:7e:a9:5a:ae:44:15:0d:8c:1c:
                    b9:7d:09:73:0d:46:82:e9:d7:81:6e:96:3f:93:3e:
                    e8:a9:92:c1:05:77:99:57:f1:06:54:fe:2e:e8:9d:
                    0c:55:03:9b:14:4a:cc:ec:97:ca:1c:63:42:2b:eb:
                    05:db:7c:84:93:a5:e9:53:76:af:fb:bd:29:f2:40:
                    b5:dc:0f:7e:c8:bd:3f:8c:4f:c5:2d:71:66:52:51:
                    cf:b0:8f:59:3c:60:f0:49:28:ce:ff:db:3f:50:71:
                    24:50:84:7e:57:aa:7c:35:d6:24:42:da:6b:fa:e0:
                    63:97:92:32:e4:c8:4b:73:f9:7a:3e:83:ea:10:8d:
                    74:d9:78:70:73:e7:01:5b:26:72:c8:d5:5a:7d:bf:
                    1f:aa:37:e2:f2:60:58:e0:46:59:de:dd:07:cf:7e:
                    3e:ad:8b:a4:5c:b8:ff:71:ce:b8:54:79:79:b4:94:
                    7e:66:51:4b:b3:a8:84:05:0d:db:bd:0a:1d:30:fa:
                    15:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:7E:CB:89:2D:D4:DE:EA:29:69:9C:38:43:6C:A9:49:BE:26:1C:25
            X509v3 Authority Key Identifier:
                keyid:0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/HH7LiS3U3uopaZw4Q2ypSb4mHCU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.24.0-45.12.26.255
                  193.38.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:b7:c4:03:0b:40:93:10:35:e8:d6:99:26:e3:2b:bb:a2:61:
         9f:7f:a3:25:a1:6e:c0:29:cf:4a:17:70:6d:84:4b:7d:cd:57:
         87:cd:81:b9:6d:89:93:17:73:e7:7e:8b:12:47:8d:64:07:57:
         28:23:05:92:6e:6e:7d:f5:38:99:ea:00:0e:02:3d:e9:4f:4d:
         d8:1e:fa:a5:e7:92:ee:16:d0:b7:65:7a:21:24:40:c7:85:b7:
         13:04:2a:8b:f7:dd:1e:e3:19:43:48:06:0a:71:92:5d:32:9a:
         5b:cc:ad:76:11:22:1f:bd:c6:a3:0d:91:b1:53:58:21:2f:20:
         13:9e:8f:bf:24:fb:b9:83:6e:54:49:71:c4:f5:c3:e9:df:ed:
         e3:45:dd:40:3e:a8:dc:25:51:58:0b:46:e7:e3:11:f4:df:0f:
         7e:c0:30:04:81:00:af:cc:a4:59:c5:2c:1d:20:a9:ea:54:07:
         88:5d:92:97:98:1a:36:3e:8b:70:15:6a:a3:e4:91:5d:a1:9b:
         b1:3f:5d:e2:35:42:8c:98:2d:94:c0:2b:9d:a9:23:a4:43:76:
         3b:51:04:08:c5:40:c3:d7:97:8b:e4:a1:18:0b:4f:1a:36:0f:
         23:eb:bd:d7:2e:cb:30:52:f9:eb:04:74:da:32:f7:c6:a3:98:
         de:97:7d:54
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZol83UcZzsA0NrtudLF7LhgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZjU0M2UyM2UyOWZiMDM3NDhkMDkzOTcyNmYzMGZlOWFm
ZmExOWUwHhcNMjUxMDI3MTM1NTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzdlY2I4OTJkZDRkZWVhMjk2OTljMzg0MzZjYTk0OWJlMjYxYzI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwHCO7oE8M7MOtF0FDaexkWXusVF
6ELY9i38EtSXE/EQOEV8//cW9T89qz1w2M8GfDVj5iD9h6fQY988oo8kCmx+qVqu
RBUNjBy5fQlzDUaC6deBbpY/kz7oqZLBBXeZV/EGVP4u6J0MVQObFErM7JfKHGNC
K+sF23yEk6XpU3av+70p8kC13A9+yL0/jE/FLXFmUlHPsI9ZPGDwSSjO/9s/UHEk
UIR+V6p8NdYkQtpr+uBjl5Iy5MhLc/l6PoPqEI102Xhwc+cBWyZyyNVafb8fqjfi
8mBY4EZZ3t0Hz34+rYukXLj/cc64VHl5tJR+ZlFLs6iEBQ3bvQodMPoVTwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFBx+y4kt1N7qKWmcOENsqUm+JhwlMB8GA1UdIwQY
MBaAFAv1Q+I+KfsDdI0JOXJvMP6a/6GeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMt
YTM1ZmM0MzhkNGNhLzEvSEg3TGlTM1UzdW9wYVp3NFEyeXBTYjRtSENVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMtYTM1ZmM0MzhkNGNh
LzEvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAMtDBgD
BAAtDBoDBADBJv8wDQYJKoZIhvcNAQELBQADggEBABm3xAMLQJMQNejWmSbjK7ui
YZ9/oyWhbsApz0oXcG2ES33NV4fNgbltiZMXc+d+ixJHjWQHVygjBZJubn31OJnq
AA4CPelPTdge+qXnku4W0LdleiEkQMeFtxMEKov33R7jGUNIBgpxkl0ymlvMrXYR
Ih+9xqMNkbFTWCEvIBOej78k+7mDblRJccT1w+nf7eNF3UA+qNwlUVgLRufjEfTf
D37AMASBAK/MpFnFLB0gqepUB4hdkpeYGjY+i3AVaqPkkV2hm7E/XeI1QoyYLZTA
K52pI6RDdjtRBAjFQMPXl4vkoRgLTxo2DyPrvdcuyzBS+esEdNoy98ajmN6XfVQ=
-----END CERTIFICATE-----