Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/hML_DL0g6kYSYUFuPdJQKEuONUc.roa
File:                     hML_DL0g6kYSYUFuPdJQKEuONUc.roa (raw, json)
Hash identifier:          fGTc+S+9s9I7++Z7ndtheAsl1CfEIZzcmOsVDizuoCI=
Subject key identifier:   84:C2:FF:0C:BD:20:EA:46:12:61:41:6E:3D:D2:50:28:4B:8E:35:47
Certificate issuer:       /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial:       019A4A7C7AA8DFB86184D7726D31AA4D4DB5
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/hML_DL0g6kYSYUFuPdJQKEuONUc.roa
Signing time:             Mon 03 Nov 2025 16:11:03 +0000
ROA not before:           Mon 03 Nov 2025 16:11:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        87.254.29.0/24 maxlen: 24
                          217.25.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 16:49:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4a:7c:7a:a8:df:b8:61:84:d7:72:6d:31:aa:4d:4d:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
        Validity
            Not Before: Nov  3 16:11:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=84c2ff0cbd20ea461261416e3dd250284b8e3547
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:75:bf:5e:f8:a5:13:94:00:b9:77:8a:3e:a0:
                    f5:cc:89:ba:31:7d:d9:30:5f:82:95:14:19:cd:c2:
                    5d:58:61:86:88:a5:b3:26:71:03:ae:05:8e:c5:b0:
                    36:c0:bb:ad:7c:5e:0d:8e:d8:c4:b1:74:27:f2:4e:
                    fe:30:3d:0e:0d:bd:04:b4:57:78:59:ba:58:86:de:
                    31:33:99:11:13:2b:cc:f7:75:6d:e5:72:91:70:e0:
                    64:80:23:32:af:4b:7a:43:51:c2:11:84:51:07:2f:
                    49:1e:75:b6:70:ae:0c:70:ef:85:98:37:ec:c8:39:
                    ec:cd:60:ba:76:b4:75:ae:50:18:72:78:56:d2:89:
                    3c:7b:d6:f1:52:eb:ac:29:66:61:f8:64:a6:f7:71:
                    bf:20:86:d3:3b:96:ad:d6:9b:be:ef:10:aa:f4:10:
                    25:e9:e9:57:36:db:1b:3f:13:54:3d:33:f7:51:eb:
                    b9:c8:30:74:07:fd:73:88:83:63:8d:de:4c:f7:73:
                    41:97:c9:04:00:c6:86:a5:da:25:d7:3c:81:88:35:
                    d3:91:d4:75:2d:73:57:14:95:20:7f:87:60:72:60:
                    e1:1a:41:c4:9e:b3:42:2a:c4:2c:66:2f:9a:0c:1c:
                    19:47:52:c3:42:a1:3a:7f:e9:55:82:77:cd:95:2c:
                    ca:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:C2:FF:0C:BD:20:EA:46:12:61:41:6E:3D:D2:50:28:4B:8E:35:47
            X509v3 Authority Key Identifier:
                keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/hML_DL0g6kYSYUFuPdJQKEuONUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.29.0/24
                  217.25.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:b9:43:7b:f0:6d:d0:f0:02:bd:01:55:04:a1:49:cf:cf:d0:
         80:95:2c:52:ee:27:7b:ce:93:a3:dd:df:9b:90:0a:34:49:82:
         81:a0:e2:f0:ee:54:fc:04:05:d5:05:7b:3d:80:69:38:16:fc:
         21:ec:2d:36:ce:5c:c3:c7:e5:73:a7:dc:37:0e:e3:52:1d:b2:
         19:ff:5f:27:d1:2f:e4:e0:b6:e0:27:e9:d8:0c:e1:98:5d:20:
         62:ec:e7:6f:60:3a:1f:27:ff:a9:bd:eb:74:79:f4:da:8d:0c:
         4e:e2:7c:58:55:d2:5a:2b:c3:06:d1:4f:15:92:d4:74:d2:68:
         b0:02:e2:1b:cd:b9:56:23:ef:98:9e:ad:81:e8:20:3d:32:67:
         17:5a:9d:50:21:90:62:a6:79:28:05:75:b2:0d:f4:54:6c:4e:
         10:55:16:b6:64:d4:93:c2:dd:43:c5:81:94:36:eb:67:2d:64:
         66:ca:48:14:1c:a6:0e:31:ac:56:83:19:ec:d5:40:2f:b3:e7:
         27:55:1b:42:b5:ad:26:37:ed:7e:07:b7:b1:d1:0e:7a:ba:27:
         25:4e:d8:fe:15:b4:35:7a:d4:cc:92:ac:e2:2d:0b:52:a5:1d:
         4b:1f:52:76:a3:ff:e1:0a:11:7c:6d:8f:f1:c5:99:aa:94:b4:
         7c:51:06:e1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZpKfHqo37hhhNdybTGqTU21MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjUxMTAzMTYxMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGMyZmYwY2JkMjBlYTQ2MTI2MTQxNmUzZGQyNTAyODRiOGUzNTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXW/XvilE5QAuXeKPqD1zIm6MX3Z
MF+ClRQZzcJdWGGGiKWzJnEDrgWOxbA2wLutfF4NjtjEsXQn8k7+MD0ODb0EtFd4
WbpYht4xM5kREyvM93Vt5XKRcOBkgCMyr0t6Q1HCEYRRBy9JHnW2cK4McO+FmDfs
yDnszWC6drR1rlAYcnhW0ok8e9bxUuusKWZh+GSm93G/IIbTO5at1pu+7xCq9BAl
6elXNtsbPxNUPTP3Ueu5yDB0B/1ziINjjd5M93NBl8kEAMaGpdol1zyBiDXTkdR1
LXNXFJUgf4dgcmDhGkHEnrNCKsQsZi+aDBwZR1LDQqE6f+lVgnfNlSzK9wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFITC/wy9IOpGEmFBbj3SUChLjjVHMB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvaE1MX0RMMGc2a1lTWVVGdVBkSlFLRXVPTlVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV/4dAwQA
2RkDMA0GCSqGSIb3DQEBCwUAA4IBAQAruUN78G3Q8AK9AVUEoUnPz9CAlSxS7id7
zpOj3d+bkAo0SYKBoOLw7lT8BAXVBXs9gGk4Fvwh7C02zlzDx+Vzp9w3DuNSHbIZ
/18n0S/k4LbgJ+nYDOGYXSBi7OdvYDofJ/+pvet0efTajQxO4nxYVdJaK8MG0U8V
ktR00miwAuIbzblWI++Ynq2B6CA9MmcXWp1QIZBipnkoBXWyDfRUbE4QVRa2ZNST
wt1DxYGUNutnLWRmykgUHKYOMaxWgxns1UAvs+cnVRtCta0mN+1+B7ex0Q56uicl
Ttj+FbQ1etTMkqziLQtSpR1LH1J2o//hChF8bY/xxZmqlLR8UQbh
-----END CERTIFICATE-----