Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/TsMqGpnQQjHuGL3FdBslUdeAKvY.roa
File:                     TsMqGpnQQjHuGL3FdBslUdeAKvY.roa (raw, json)
Hash identifier:          DEaP8k9U1AItP7rOLfEBvAFAOU0RBinFQ8qYt5HMQoo=
Subject key identifier:   4E:C3:2A:1A:99:D0:42:31:EE:18:BD:C5:74:1B:25:51:D7:80:2A:F6
Certificate issuer:       /CN=541fdc7a2f11a5766d3ad7bdf625ce5e119a8fdf
Certificate serial:       0197586B05F1FC4A8FE14FC8AC52F1042851
Authority key identifier: 54:1F:DC:7A:2F:11:A5:76:6D:3A:D7:BD:F6:25:CE:5E:11:9A:8F:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VB_cei8RpXZtOte99iXOXhGaj98.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/TsMqGpnQQjHuGL3FdBslUdeAKvY.roa
Signing time:             Tue 10 Jun 2025 05:58:18 +0000
ROA not before:           Tue 10 Jun 2025 05:58:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        185.101.168.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/VB_cei8RpXZtOte99iXOXhGaj98.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/VB_cei8RpXZtOte99iXOXhGaj98.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VB_cei8RpXZtOte99iXOXhGaj98.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Jun 2025 18:59:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:58:6b:05:f1:fc:4a:8f:e1:4f:c8:ac:52:f1:04:28:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=541fdc7a2f11a5766d3ad7bdf625ce5e119a8fdf
        Validity
            Not Before: Jun 10 05:58:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ec32a1a99d04231ee18bdc5741b2551d7802af6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:22:50:b6:2b:5f:c9:31:0b:a5:8a:22:18:8b:
                    f4:98:fc:0d:77:cb:f7:d8:6b:59:cb:67:99:2f:04:
                    43:bb:21:f4:8a:fd:b7:94:b6:1d:10:32:15:b3:1f:
                    b2:78:4a:9b:d0:99:28:47:fa:06:ef:75:9a:f6:f3:
                    2d:95:5e:25:50:43:ff:61:17:0b:9d:68:1a:26:e1:
                    9d:f4:eb:68:9b:c4:15:8a:d1:97:0d:3f:5b:31:b9:
                    37:a8:c1:ca:60:70:5b:ea:3e:56:92:c4:7b:a1:1a:
                    43:68:b8:58:fe:ba:e6:0c:f6:90:80:7d:fc:24:3b:
                    29:40:6f:5a:69:7e:f9:c4:3d:82:c4:53:6a:45:4d:
                    ad:cf:ed:28:cc:de:d0:a2:9d:04:7a:77:58:df:84:
                    df:89:be:30:eb:69:ca:34:b8:03:1c:ed:98:a9:73:
                    48:c6:12:1d:96:c1:23:96:26:12:a2:0b:c2:7b:e1:
                    99:01:fb:53:0d:e1:cc:d8:24:bf:07:bc:a5:1a:75:
                    dc:b2:1d:4e:ce:f0:2f:fd:21:0d:c8:b4:a9:68:da:
                    44:2e:d8:7a:3e:78:fe:48:e2:82:1a:7e:f6:c5:c8:
                    5b:e4:6b:4b:bb:fa:94:3e:40:ef:cf:17:07:5f:6f:
                    49:2f:e4:c3:06:a5:b2:8b:a4:0f:8d:4d:74:51:e2:
                    8c:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:C3:2A:1A:99:D0:42:31:EE:18:BD:C5:74:1B:25:51:D7:80:2A:F6
            X509v3 Authority Key Identifier:
                keyid:54:1F:DC:7A:2F:11:A5:76:6D:3A:D7:BD:F6:25:CE:5E:11:9A:8F:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VB_cei8RpXZtOte99iXOXhGaj98.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/TsMqGpnQQjHuGL3FdBslUdeAKvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/VB_cei8RpXZtOte99iXOXhGaj98.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.101.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         53:ed:7c:cc:bc:5d:d0:d6:e0:0e:89:1b:6f:e9:43:50:75:80:
         91:8d:93:d4:91:96:e7:c0:bf:5f:f5:ed:74:22:96:88:0e:65:
         63:e6:fc:a7:9f:40:21:8e:ec:24:6a:ab:0d:f6:d5:d5:ea:c9:
         be:01:cc:2d:f3:83:55:bc:21:05:d0:e4:ec:98:1e:79:d9:cf:
         b7:ac:67:9e:62:69:dd:9f:81:5f:df:4e:18:12:df:ea:be:72:
         b9:45:1f:4e:c3:b8:0e:cf:0d:0c:ce:10:29:24:33:55:7b:7e:
         e7:cd:90:c0:e0:59:4f:51:3b:2f:65:9b:6a:62:a2:3e:6b:ee:
         c5:c3:92:02:d2:89:06:ae:6e:d3:5f:ee:d2:7d:d3:cb:21:d0:
         d9:28:14:52:e3:21:3e:08:ca:64:c1:35:f2:43:d4:10:ad:93:
         36:75:31:b7:70:e1:20:ec:54:64:d5:3b:6b:3e:a1:ab:0b:b1:
         95:e2:37:43:24:1e:ea:b4:e8:7c:a8:03:3b:5a:6b:8a:0a:d6:
         7f:22:93:c8:ef:05:76:6d:5d:2c:9e:ea:2c:b3:52:a4:3c:3e:
         c8:3c:b2:bd:bd:3d:5e:2a:4a:3d:af:0e:e8:ee:1c:e3:dc:6c:
         9c:52:62:cf:e9:3f:b9:fd:13:5c:3f:c0:58:06:bc:85:7a:b0:
         54:43:d1:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdYawXx/EqP4U/IrFLxBChRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MWZkYzdhMmYxMWE1NzY2ZDNhZDdiZGY2MjVjZTVlMTE5
YThmZGYwHhcNMjUwNjEwMDU1ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWMzMmExYTk5ZDA0MjMxZWUxOGJkYzU3NDFiMjU1MWQ3ODAyYWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyiJQtitfyTELpYoiGIv0mPwNd8v3
2GtZy2eZLwRDuyH0iv23lLYdEDIVsx+yeEqb0JkoR/oG73Wa9vMtlV4lUEP/YRcL
nWgaJuGd9Otom8QVitGXDT9bMbk3qMHKYHBb6j5WksR7oRpDaLhY/rrmDPaQgH38
JDspQG9aaX75xD2CxFNqRU2tz+0ozN7Qop0EendY34Tfib4w62nKNLgDHO2YqXNI
xhIdlsEjliYSogvCe+GZAftTDeHM2CS/B7ylGnXcsh1OzvAv/SENyLSpaNpELth6
Pnj+SOKCGn72xchb5GtLu/qUPkDvzxcHX29JL+TDBqWyi6QPjU10UeKMJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE7DKhqZ0EIx7hi9xXQbJVHXgCr2MB8GA1UdIwQY
MBaAFFQf3HovEaV2bTrXvfYlzl4Rmo/fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkJfY2VpOFJwWFp0T3RlOTlpWE9YaEdhajk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC84ZmFkNjctYmI2Yi00NzczLWI4MWUt
YzkwMGE4OWYyMGYxLzEvVHNNcUdwblFRakh1R0wzRmRCc2xVZGVBS3ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC84ZmFkNjctYmI2Yi00NzczLWI4MWUtYzkwMGE4OWYyMGYx
LzEvVkJfY2VpOFJwWFp0T3RlOTlpWE9YaEdhajk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuWWoMA0G
CSqGSIb3DQEBCwUAA4IBAQBT7XzMvF3Q1uAOiRtv6UNQdYCRjZPUkZbnwL9f9e10
IpaIDmVj5vynn0AhjuwkaqsN9tXV6sm+Acwt84NVvCEF0OTsmB552c+3rGeeYmnd
n4Ff304YEt/qvnK5RR9Ow7gOzw0MzhApJDNVe37nzZDA4FlPUTsvZZtqYqI+a+7F
w5IC0okGrm7TX+7SfdPLIdDZKBRS4yE+CMpkwTXyQ9QQrZM2dTG3cOEg7FRk1Ttr
PqGrC7GV4jdDJB7qtOh8qAM7WmuKCtZ/IpPI7wV2bV0snuoss1KkPD7IPLK9vT1e
Kko9rw7o7hzj3GycUmLP6T+5/RNcP8BYBryFerBUQ9F6
-----END CERTIFICATE-----