Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/H483yn_45PJhLIfnjTSg1hh74jw.roa
File:                     H483yn_45PJhLIfnjTSg1hh74jw.roa (raw, json)
Hash identifier:          IQhbVl93hO/R+sL91cMpkOW4IcT062x+sUMgcvF3EyA=
Subject key identifier:   1F:8F:37:CA:7F:F8:E4:F2:61:2C:87:E7:8D:34:A0:D6:18:7B:E2:3C
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019A2557CFD713BE65D1D784FFFF9975BBF3
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/H483yn_45PJhLIfnjTSg1hh74jw.roa
Signing time:             Mon 27 Oct 2025 11:05:03 +0000
ROA not before:           Mon 27 Oct 2025 11:05:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135402
IP address blocks:        178.253.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:25:57:cf:d7:13:be:65:d1:d7:84:ff:ff:99:75:bb:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Oct 27 11:05:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f8f37ca7ff8e4f2612c87e78d34a0d6187be23c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:bf:33:c0:26:7e:19:75:ee:b6:9e:1b:2c:78:
                    46:de:11:5f:ee:a0:c9:5d:33:8e:a6:45:2e:d1:96:
                    2a:04:cc:73:8b:ad:cd:ef:84:10:2d:66:d7:66:54:
                    43:ef:4f:d5:ad:2a:41:b3:00:74:d0:d6:c7:f8:23:
                    0d:47:96:30:0a:7d:66:96:b9:20:d9:ad:bd:f3:2b:
                    48:78:23:da:f2:3b:7a:d5:85:40:29:68:3c:b9:cb:
                    b5:b8:35:11:46:e4:04:c9:6d:f9:ac:93:b2:2e:66:
                    74:a1:a8:17:f1:db:b7:c7:ea:08:c7:fd:05:c9:a1:
                    c4:22:ac:db:60:ed:69:91:58:e6:5f:a4:71:2c:5c:
                    3d:49:da:08:be:63:5e:ec:93:da:2f:51:e5:17:74:
                    7d:2a:23:11:36:84:6f:79:c5:65:a7:c6:f1:f4:b8:
                    3d:a1:c6:d5:61:6d:ef:39:dc:f9:9a:7c:b6:c6:89:
                    59:44:20:fd:a8:d2:df:1f:f7:63:91:9f:b4:44:6a:
                    96:88:63:84:4a:9a:71:5f:a9:7f:ea:b6:c7:c7:07:
                    6d:24:4a:c0:5a:22:7e:4b:8e:32:f2:a6:00:ec:ff:
                    75:50:5e:9c:d5:02:4e:f9:f5:11:d2:af:a0:b3:3b:
                    1d:ee:25:e6:28:12:ef:f3:f4:ac:43:02:87:9a:81:
                    af:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:8F:37:CA:7F:F8:E4:F2:61:2C:87:E7:8D:34:A0:D6:18:7B:E2:3C
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/H483yn_45PJhLIfnjTSg1hh74jw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:d0:5b:66:0e:46:11:9c:59:de:a8:c6:a2:25:82:62:af:45:
         74:dd:b3:31:78:9a:7f:07:dd:b9:40:f0:5e:b4:f1:7a:b4:18:
         25:0a:e7:5e:6f:8a:0d:0e:b5:19:6a:c4:77:21:a2:b7:f4:84:
         5a:4b:d6:d0:37:82:b2:f6:20:29:ae:e3:cb:44:64:84:ce:87:
         8a:35:fb:e1:e0:ea:d5:47:57:38:6a:ac:45:ad:c6:b3:ad:d7:
         21:ed:6a:92:5f:bf:2e:cc:98:e6:bd:be:7b:c1:3a:db:9c:cd:
         71:b2:88:eb:ef:a5:4e:3a:91:ed:a8:7e:ea:d1:e3:8e:f2:5c:
         89:30:eb:2c:52:ed:62:1f:7f:ed:3c:47:81:0d:8a:25:e5:2a:
         46:fb:33:f7:12:12:5f:94:31:75:15:3e:69:2b:11:a3:0a:58:
         19:00:df:82:b8:dd:8e:5f:93:e3:8a:fc:5f:9e:7d:b4:4a:af:
         e4:0d:1c:0f:01:c9:ea:ec:d7:d0:66:c8:78:8c:f1:c0:1e:5e:
         32:22:a4:f8:27:f6:9c:d7:bc:aa:3a:d6:03:31:d1:e4:ca:50:
         87:f8:49:73:24:dd:6d:29:39:8d:ff:2d:d8:0c:ea:4c:82:60:
         b7:63:b5:41:dd:e7:bb:58:27:d8:ba:22:38:e0:61:4a:d7:a2:
         a1:de:be:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZolV8/XE75l0deE//+ZdbvzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUxMDI3MTEwNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjhmMzdjYTdmZjhlNGYyNjEyYzg3ZTc4ZDM0YTBkNjE4N2JlMjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqr8zwCZ+GXXutp4bLHhG3hFf7qDJ
XTOOpkUu0ZYqBMxzi63N74QQLWbXZlRD70/VrSpBswB00NbH+CMNR5YwCn1mlrkg
2a298ytIeCPa8jt61YVAKWg8ucu1uDURRuQEyW35rJOyLmZ0oagX8du3x+oIx/0F
yaHEIqzbYO1pkVjmX6RxLFw9SdoIvmNe7JPaL1HlF3R9KiMRNoRvecVlp8bx9Lg9
ocbVYW3vOdz5mny2xolZRCD9qNLfH/djkZ+0RGqWiGOESppxX6l/6rbHxwdtJErA
WiJ+S44y8qYA7P91UF6c1QJO+fUR0q+gszsd7iXmKBLv8/SsQwKHmoGvsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+PN8p/+OTyYSyH5400oNYYe+I8MB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvSDQ4M3luXzQ1UEpoTElmbmpUU2cxaGg3NGp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv3gMA0G
CSqGSIb3DQEBCwUAA4IBAQCL0FtmDkYRnFneqMaiJYJir0V03bMxeJp/B925QPBe
tPF6tBglCudeb4oNDrUZasR3IaK39IRaS9bQN4Ky9iApruPLRGSEzoeKNfvh4OrV
R1c4aqxFrcazrdch7WqSX78uzJjmvb57wTrbnM1xsojr76VOOpHtqH7q0eOO8lyJ
MOssUu1iH3/tPEeBDYol5SpG+zP3EhJflDF1FT5pKxGjClgZAN+CuN2OX5Pjivxf
nn20Sq/kDRwPAcnq7NfQZsh4jPHAHl4yIqT4J/ac17yqOtYDMdHkylCH+ElzJN1t
KTmN/y3YDOpMgmC3Y7VB3ee7WCfYuiI44GFK16Kh3r4Y
-----END CERTIFICATE-----