Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/hu6bnuWMSsL69RaMbcsCphVrGVA.roa
File:                     hu6bnuWMSsL69RaMbcsCphVrGVA.roa (raw, json)
Hash identifier:          chRmAEdCMOw97cxZrDlcnZfGEAgcrPGAUTCYAilpK38=
Subject key identifier:   86:EE:9B:9E:E5:8C:4A:C2:FA:F5:16:8C:6D:CB:02:A6:15:6B:19:50
Certificate issuer:       /CN=70f9b16adf2fd31988859922b4457481dd7eef40
Certificate serial:       019A2C4D6DB3CB5488A7D5DF487D94BFD841
Authority key identifier: 70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/hu6bnuWMSsL69RaMbcsCphVrGVA.roa
Signing time:             Tue 28 Oct 2025 19:31:03 +0000
ROA not before:           Tue 28 Oct 2025 19:31:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44213
IP address blocks:        213.137.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 07:02:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2c:4d:6d:b3:cb:54:88:a7:d5:df:48:7d:94:bf:d8:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f9b16adf2fd31988859922b4457481dd7eef40
        Validity
            Not Before: Oct 28 19:31:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86ee9b9ee58c4ac2faf5168c6dcb02a6156b1950
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:ce:ba:2e:c8:da:09:6a:7f:de:67:33:ca:04:
                    8f:a1:0c:b8:09:6c:0b:cd:e5:55:e7:30:2f:c5:dc:
                    cb:d0:28:aa:42:4c:03:d0:30:11:9f:53:08:be:38:
                    33:f9:22:52:be:01:e9:82:df:8b:d8:be:41:d5:84:
                    5e:55:58:58:04:83:62:1a:18:f6:6d:f8:78:6a:91:
                    ab:59:77:c0:3f:ca:23:fe:9d:4e:52:ba:0c:98:81:
                    43:d6:36:46:d6:2b:e7:af:15:c8:c0:7d:d8:f8:69:
                    06:69:29:73:a2:f8:c5:48:fa:b7:2e:6a:2f:2c:29:
                    0b:81:77:b4:77:39:46:9c:0a:67:55:33:65:28:22:
                    96:98:d5:24:a2:cd:ae:c0:23:97:fb:ad:0b:97:d7:
                    e0:98:82:3f:92:7a:85:7c:84:40:08:6b:5a:1d:41:
                    fa:39:d5:ba:3e:4a:ef:31:c0:e3:3e:5c:98:d0:33:
                    0e:a1:03:fd:68:27:80:6d:a4:8d:e9:29:f0:55:ce:
                    aa:3c:63:8e:a1:a7:a7:ec:73:dc:81:35:a3:d6:6b:
                    7e:1b:4e:0f:c4:31:f5:51:ea:8c:93:6a:08:aa:e4:
                    4f:b0:ea:ad:1e:50:8d:bf:71:35:8c:ce:45:58:b1:
                    1e:13:49:4f:5e:bc:dc:08:a9:11:e9:8b:86:c9:e6:
                    d7:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:EE:9B:9E:E5:8C:4A:C2:FA:F5:16:8C:6D:CB:02:A6:15:6B:19:50
            X509v3 Authority Key Identifier:
                keyid:70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/hu6bnuWMSsL69RaMbcsCphVrGVA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.137.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:00:be:43:87:b7:21:08:f5:54:23:38:2a:b3:c3:6f:cc:be:
         ff:5e:82:7a:33:3a:35:99:35:95:e3:92:a2:6a:cb:0b:89:f6:
         ee:20:df:33:d3:6e:e4:ba:67:8a:07:82:5b:82:87:4a:aa:3c:
         b8:0f:4a:0f:7f:0e:95:de:12:44:8e:c8:17:8e:77:95:db:82:
         65:f0:b6:a1:10:b3:65:8d:31:65:b4:36:f2:57:db:33:5b:fc:
         40:18:00:02:e0:ee:2b:f2:16:6c:19:42:ee:8e:0d:28:36:95:
         70:8a:76:02:f5:cb:c4:ae:c6:96:5f:11:38:c7:ca:7b:13:bf:
         c8:39:42:46:ba:7b:b1:08:6a:53:85:cc:f5:0b:13:91:d8:f8:
         aa:e4:fe:e8:ff:01:eb:07:0b:35:99:20:a6:25:bc:1a:18:d5:
         a3:b2:4c:df:04:86:f3:08:2d:70:33:52:68:95:08:23:ae:d3:
         b6:c4:ad:a2:8e:e0:3b:97:3f:3e:6e:f6:75:3e:54:bf:c8:04:
         16:a2:53:50:1c:fc:a2:9c:ea:bd:89:c4:f7:4b:45:cb:d0:dd:
         cf:72:55:e4:da:22:6d:61:98:47:cc:5b:65:93:fe:d7:5c:17:
         07:f5:7b:38:f7:29:d3:2c:e2:c3:66:6a:6c:9f:a9:f7:b3:d1:
         16:aa:82:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZosTW2zy1SIp9XfSH2Uv9hBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjliMTZhZGYyZmQzMTk4ODg1OTkyMmI0NDU3NDgxZGQ3
ZWVmNDAwHhcNMjUxMDI4MTkzMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmVlOWI5ZWU1OGM0YWMyZmFmNTE2OGM2ZGNiMDJhNjE1NmIxOTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjM66LsjaCWp/3mczygSPoQy4CWwL
zeVV5zAvxdzL0CiqQkwD0DARn1MIvjgz+SJSvgHpgt+L2L5B1YReVVhYBINiGhj2
bfh4apGrWXfAP8oj/p1OUroMmIFD1jZG1ivnrxXIwH3Y+GkGaSlzovjFSPq3Lmov
LCkLgXe0dzlGnApnVTNlKCKWmNUkos2uwCOX+60Ll9fgmII/knqFfIRACGtaHUH6
OdW6PkrvMcDjPlyY0DMOoQP9aCeAbaSN6SnwVc6qPGOOoaen7HPcgTWj1mt+G04P
xDH1UeqMk2oIquRPsOqtHlCNv3E1jM5FWLEeE0lPXrzcCKkR6YuGyebXkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIbum57ljErC+vUWjG3LAqYVaxlQMB8GA1UdIwQY
MBaAFHD5sWrfL9MZiIWZIrRFdIHdfu9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUt
YmM2ZGI3MjQ4YWRkLzEvaHU2Ym51V01Tc0w2OVJhTWJjc0NwaFZyR1ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUtYmM2ZGI3MjQ4YWRk
LzEvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YlSMA0G
CSqGSIb3DQEBCwUAA4IBAQAeAL5Dh7chCPVUIzgqs8NvzL7/XoJ6Mzo1mTWV45Ki
assLifbuIN8z027kumeKB4JbgodKqjy4D0oPfw6V3hJEjsgXjneV24Jl8LahELNl
jTFltDbyV9szW/xAGAAC4O4r8hZsGULujg0oNpVwinYC9cvErsaWXxE4x8p7E7/I
OUJGunuxCGpThcz1CxOR2Piq5P7o/wHrBws1mSCmJbwaGNWjskzfBIbzCC1wM1Jo
lQgjrtO2xK2ijuA7lz8+bvZ1PlS/yAQWolNQHPyinOq9icT3S0XL0N3PclXk2iJt
YZhHzFtlk/7XXBcH9Xs49ynTLOLDZmpsn6n3s9EWqoLi
-----END CERTIFICATE-----