Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/Tw5aKM0vcJqUI67SyMoNNUSxr2Q.roa
File:                     Tw5aKM0vcJqUI67SyMoNNUSxr2Q.roa (raw, json)
Hash identifier:          CvKDfyFepLTOTEUFwmczGqKF9po6en0HBqHIs/X++BE=
Subject key identifier:   4F:0E:5A:28:CD:2F:70:9A:94:23:AE:D2:C8:CA:0D:35:44:B1:AF:64
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       01988027F99B996E624A4D1B09DCAB4F10F7
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/Tw5aKM0vcJqUI67SyMoNNUSxr2Q.roa
Signing time:             Wed 06 Aug 2025 16:12:40 +0000
ROA not before:           Wed 06 Aug 2025 16:12:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25288
IP address blocks:        195.138.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 Aug 2025 08:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:80:27:f9:9b:99:6e:62:4a:4d:1b:09:dc:ab:4f:10:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Aug  6 16:12:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f0e5a28cd2f709a9423aed2c8ca0d3544b1af64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:97:f7:e2:30:fd:be:74:f3:8f:5a:d3:d7:ee:
                    8f:be:9f:fc:8d:44:c0:09:f9:5d:a7:b5:ad:78:0d:
                    87:b8:47:94:5a:df:21:31:25:0f:a4:8a:5c:a1:b5:
                    a3:82:b6:de:d1:d6:4f:cd:3d:78:c0:bd:2a:09:30:
                    6e:54:9f:8a:1c:0e:f7:32:01:30:2a:8d:0d:94:3f:
                    99:a1:ea:41:05:19:e3:d0:23:b6:28:44:f5:7f:75:
                    6b:09:28:76:29:32:6c:90:96:09:c3:c3:84:b7:a3:
                    8c:c1:62:9e:33:2b:77:7f:5f:8a:06:e8:cf:cc:76:
                    16:30:c7:58:8a:c8:0d:98:fc:13:33:54:7a:9d:5f:
                    c4:03:57:e3:f6:a9:74:5a:ed:52:a3:e9:84:20:f4:
                    45:ad:62:88:28:d4:34:3e:2d:7d:d6:02:a7:ac:6d:
                    29:ef:d1:9f:e9:32:98:e1:a7:32:cf:f1:02:31:4d:
                    9a:bc:57:12:17:a5:f6:6e:eb:07:ef:c6:1f:e3:37:
                    4b:86:09:83:f7:8f:9e:24:3c:15:40:0a:4b:71:65:
                    5d:ef:58:69:67:2d:c2:84:7f:1b:dc:35:99:a1:bc:
                    e0:9e:80:b0:13:a0:db:70:2c:0d:ec:80:64:1d:c7:
                    b6:73:db:55:42:33:f3:2d:23:3e:03:75:94:8e:43:
                    67:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:0E:5A:28:CD:2F:70:9A:94:23:AE:D2:C8:CA:0D:35:44:B1:AF:64
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/Tw5aKM0vcJqUI67SyMoNNUSxr2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.138.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:b1:74:28:e6:7c:de:14:1a:d4:ce:f7:81:06:ae:e9:b3:42:
         16:fc:2f:47:da:c2:35:eb:7b:37:89:b9:34:e2:26:7c:ab:51:
         eb:d7:be:c6:dd:ca:4a:be:c1:0e:34:28:25:8a:36:c6:d2:e4:
         bf:37:7e:56:eb:96:b2:03:98:c5:23:28:00:ab:ed:f9:4e:39:
         f9:c9:f2:1c:3f:3e:6b:c0:55:c7:e2:41:d9:18:40:35:be:e2:
         72:bc:85:23:5b:d3:0c:72:9c:b8:36:20:ff:25:5c:fc:c2:f0:
         f5:66:81:96:37:03:6c:c3:a4:cd:80:d4:dd:22:d4:a8:6e:b7:
         1d:47:6d:cc:9f:57:1c:c0:11:3d:2c:30:75:fb:6e:8a:eb:76:
         e5:08:b8:15:dc:8a:bf:9b:0d:60:7b:70:90:c2:1f:62:f3:65:
         77:e0:bb:d6:91:d2:5a:fa:42:6d:9b:2a:7d:7e:b7:50:f5:85:
         50:7e:ed:eb:f9:b1:a5:24:c6:1e:47:b6:18:b3:b4:f6:75:2b:
         65:93:a5:1f:c9:df:ab:86:8e:6d:76:d3:52:d3:b4:64:f8:e5:
         79:31:fe:35:92:f9:d8:fb:7a:36:3c:3e:20:0d:c4:ca:d3:2c:
         0e:69:32:2b:88:bf:b7:af:08:c7:b3:34:08:d0:a7:45:c9:38:
         a8:78:d6:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiAJ/mbmW5iSk0bCdyrTxD3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjUwODA2MTYxMjQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjBlNWEyOGNkMmY3MDlhOTQyM2FlZDJjOGNhMGQzNTQ0YjFhZjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJf34jD9vnTzj1rT1+6Pvp/8jUTA
Cfldp7WteA2HuEeUWt8hMSUPpIpcobWjgrbe0dZPzT14wL0qCTBuVJ+KHA73MgEw
Ko0NlD+ZoepBBRnj0CO2KET1f3VrCSh2KTJskJYJw8OEt6OMwWKeMyt3f1+KBujP
zHYWMMdYisgNmPwTM1R6nV/EA1fj9ql0Wu1So+mEIPRFrWKIKNQ0Pi191gKnrG0p
79Gf6TKY4acyz/ECMU2avFcSF6X2busH78Yf4zdLhgmD94+eJDwVQApLcWVd71hp
Zy3ChH8b3DWZobzgnoCwE6DbcCwN7IBkHce2c9tVQjPzLSM+A3WUjkNncwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE8OWijNL3CalCOu0sjKDTVEsa9kMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvVHc1YUtNMHZjSnFVSTY3U3lNb05OVVN4cjJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4p0MA0G
CSqGSIb3DQEBCwUAA4IBAQBtsXQo5nzeFBrUzveBBq7ps0IW/C9H2sI163s3ibk0
4iZ8q1Hr177G3cpKvsEONCglijbG0uS/N35W65ayA5jFIygAq+35Tjn5yfIcPz5r
wFXH4kHZGEA1vuJyvIUjW9MMcpy4NiD/JVz8wvD1ZoGWNwNsw6TNgNTdItSobrcd
R23Mn1ccwBE9LDB1+26K63blCLgV3Iq/mw1ge3CQwh9i82V34LvWkdJa+kJtmyp9
frdQ9YVQfu3r+bGlJMYeR7YYs7T2dStlk6Ufyd+rho5tdtNS07Rk+OV5Mf41kvnY
+3o2PD4gDcTK0ywOaTIriL+3rwjHszQI0KdFyTioeNbd
-----END CERTIFICATE-----