Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/HQIobtONI1G40MS_8ITqTez4Rko.roa
File:                     HQIobtONI1G40MS_8ITqTez4Rko.roa (raw, json)
Hash identifier:          AlFPXCJjSmf2aSomPDGJ7WLLpUe0E+Zr2L8hqxbR0NM=
Subject key identifier:   1D:02:28:6E:D3:8D:23:51:B8:D0:C4:BF:F0:84:EA:4D:EC:F8:46:4A
Certificate issuer:       /CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
Certificate serial:       01974B9E57F923974F71C886E1B587D617FA
Authority key identifier: D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/HQIobtONI1G40MS_8ITqTez4Rko.roa
Signing time:             Sat 07 Jun 2025 18:19:17 +0000
ROA not before:           Sat 07 Jun 2025 18:19:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        185.219.188.0/24 maxlen: 24
                          185.219.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 20:59:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:4b:9e:57:f9:23:97:4f:71:c8:86:e1:b5:87:d6:17:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
        Validity
            Not Before: Jun  7 18:19:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d02286ed38d2351b8d0c4bff084ea4decf8464a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:82:4d:fa:29:7e:e6:3b:7a:f4:9e:df:87:f2:
                    91:98:10:c7:36:68:48:ae:53:c9:86:cf:de:28:74:
                    b4:b7:b0:91:ed:98:c1:80:b9:bb:d8:22:40:12:6f:
                    e4:69:a1:5e:c8:b1:23:1d:d1:ab:b3:57:21:ad:68:
                    05:9d:0d:f0:23:a2:fa:76:02:3e:b8:ed:7d:ab:a5:
                    31:05:38:0c:eb:52:5d:48:f5:9b:99:66:b5:34:19:
                    78:1f:70:30:e9:b9:e0:c9:0b:8f:eb:10:30:0c:0d:
                    05:8d:c0:9a:96:d8:9b:f5:3c:00:46:e1:72:8d:88:
                    86:48:dd:f2:63:0e:20:4a:55:a2:43:d2:2c:08:cd:
                    48:05:4c:62:5c:9d:be:01:e5:16:d7:d1:54:53:04:
                    c1:a0:5a:30:40:11:a7:b3:40:c4:15:52:80:a2:63:
                    90:07:05:1a:81:25:18:95:b9:a6:da:da:9f:10:40:
                    61:98:1f:bb:c3:52:00:52:6d:24:91:a4:43:c6:e9:
                    5c:8c:a9:3f:44:01:8e:7e:f4:15:14:52:14:d4:f7:
                    45:19:8f:e7:c1:82:41:07:6c:7a:51:10:60:e7:d1:
                    62:26:6f:90:e5:b8:a0:8a:e2:96:94:b4:9e:57:e0:
                    18:84:5a:24:de:41:08:f9:a4:cf:e7:14:31:d9:b1:
                    e4:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:02:28:6E:D3:8D:23:51:B8:D0:C4:BF:F0:84:EA:4D:EC:F8:46:4A
            X509v3 Authority Key Identifier:
                keyid:D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/HQIobtONI1G40MS_8ITqTez4Rko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.188.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c4:73:a7:0d:7e:b0:5c:04:5a:ff:26:89:1e:ad:6e:88:7e:bf:
         35:a8:06:95:ba:e3:61:9a:d1:f5:d4:3e:c8:29:ae:08:d3:d8:
         44:10:8c:6e:50:e0:a7:32:57:94:85:a9:68:a4:5d:b4:42:ce:
         b4:9e:a0:91:a4:c3:b3:ee:68:59:cb:00:30:db:87:05:eb:a8:
         c5:6c:39:2d:0f:7f:72:48:1c:7f:27:c9:39:62:6b:07:e3:47:
         80:fa:a2:6c:62:0c:2c:c9:1c:30:e9:c7:27:14:59:b3:6b:95:
         f9:54:4e:a1:ea:de:ec:f2:4c:79:1b:36:96:10:12:0e:1f:a0:
         e0:0d:a3:07:3d:82:1d:e3:1b:38:1c:03:36:3c:4a:e4:8e:3b:
         0b:65:a9:8f:15:53:60:17:d1:d3:a9:6d:52:5b:95:85:13:f4:
         58:3d:15:a1:7f:12:c3:90:de:1d:d5:89:a1:67:73:1e:48:cd:
         0a:33:14:a5:68:4e:11:56:e3:58:9a:a8:8d:f9:85:6e:39:61:
         7d:35:c6:06:9e:6e:dc:c9:7d:5d:6c:20:8b:c9:59:dd:02:e6:
         b5:87:44:af:06:79:39:ba:83:8c:a0:77:8d:73:a0:05:0a:2f:
         45:0c:67:26:8c:f5:0c:d2:a8:3a:0f:7c:cc:63:e0:52:6f:dd:
         af:58:92:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdLnlf5I5dPcciG4bWH1hf6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YWEzZmJjNzhlMzEyMjkxNTdjNzhiNmQyM2E2NWViMmUz
NTNkY2UwHhcNMjUwNjA3MTgxOTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDAyMjg2ZWQzOGQyMzUxYjhkMGM0YmZmMDg0ZWE0ZGVjZjg0NjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4JN+il+5jt69J7fh/KRmBDHNmhI
rlPJhs/eKHS0t7CR7ZjBgLm72CJAEm/kaaFeyLEjHdGrs1chrWgFnQ3wI6L6dgI+
uO19q6UxBTgM61JdSPWbmWa1NBl4H3Aw6bngyQuP6xAwDA0FjcCaltib9TwARuFy
jYiGSN3yYw4gSlWiQ9IsCM1IBUxiXJ2+AeUW19FUUwTBoFowQBGns0DEFVKAomOQ
BwUagSUYlbmm2tqfEEBhmB+7w1IAUm0kkaRDxulcjKk/RAGOfvQVFFIU1PdFGY/n
wYJBB2x6URBg59FiJm+Q5bigiuKWlLSeV+AYhFok3kEI+aTP5xQx2bHkGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB0CKG7TjSNRuNDEv/CE6k3s+EZKMB8GA1UdIwQY
MBaAFNaqP7x44xIpFXx4ttI6ZesuNT3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2Mt
ODI3NmM4YWFjNTBlLzEvSFFJb2J0T05JMUc0ME1TXzhJVHFUZXo0UmtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2MtODI3NmM4YWFjNTBl
LzEvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBudu8MA0G
CSqGSIb3DQEBCwUAA4IBAQDEc6cNfrBcBFr/JokerW6Ifr81qAaVuuNhmtH11D7I
Ka4I09hEEIxuUOCnMleUhalopF20Qs60nqCRpMOz7mhZywAw24cF66jFbDktD39y
SBx/J8k5YmsH40eA+qJsYgwsyRww6ccnFFmza5X5VE6h6t7s8kx5GzaWEBIOH6Dg
DaMHPYId4xs4HAM2PErkjjsLZamPFVNgF9HTqW1SW5WFE/RYPRWhfxLDkN4d1Ymh
Z3MeSM0KMxSlaE4RVuNYmqiN+YVuOWF9NcYGnm7cyX1dbCCLyVndAua1h0SvBnk5
uoOMoHeNc6AFCi9FDGcmjPUM0qg6D3zMY+BSb92vWJKU
-----END CERTIFICATE-----