Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/T7kgW_5EwwUhIeFW8gtzAVhIz8Q.roa
File:                     T7kgW_5EwwUhIeFW8gtzAVhIz8Q.roa (raw, json)
Hash identifier:          dVpfa9kLKz935DXRg7JVZpu0iEEcHjCsEcl18sZgaiA=
Subject key identifier:   4F:B9:20:5B:FE:44:C3:05:21:21:E1:56:F2:0B:73:01:58:48:CF:C4
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019A34D238254A536F94D7473825A7804EF9
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/T7kgW_5EwwUhIeFW8gtzAVhIz8Q.roa
Signing time:             Thu 30 Oct 2025 11:13:03 +0000
ROA not before:           Thu 30 Oct 2025 11:13:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204629
IP address blocks:        94.198.46.0/24 maxlen: 24
                          185.244.228.0/22 maxlen: 22
                          2a0a:e9c5::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:34:d2:38:25:4a:53:6f:94:d7:47:38:25:a7:80:4e:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Oct 30 11:13:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4fb9205bfe44c3052121e156f20b73015848cfc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:0f:e1:fa:24:c9:52:48:20:ee:d4:3b:0d:c5:
                    7a:cc:4a:ce:b5:fd:73:e2:c5:c8:c3:81:1d:32:5a:
                    c2:72:12:70:49:25:49:db:b1:a9:24:84:80:15:eb:
                    d2:86:5c:d6:a4:f3:70:91:dd:8f:f4:48:b1:d2:18:
                    7f:3c:c1:29:26:4d:fc:c3:22:79:65:34:67:b9:c3:
                    c6:76:de:0a:38:29:43:63:46:50:89:e9:cc:96:62:
                    bd:e6:91:1b:9b:04:91:2d:40:c6:6c:74:d7:3d:38:
                    c2:86:3a:63:4a:06:ae:07:9e:03:29:c3:a9:1e:18:
                    a4:10:a1:00:69:e1:59:26:b0:5c:37:5c:28:67:79:
                    f9:9b:d5:72:31:f4:ac:82:2d:1d:90:79:a0:a5:cf:
                    e7:00:53:29:44:7c:be:0a:ce:10:a0:72:ad:bc:58:
                    83:04:7e:c3:4e:9d:68:38:27:eb:73:63:60:9e:3c:
                    03:f3:ee:65:2c:04:da:90:c2:b7:a6:b4:13:25:b6:
                    9f:ef:7f:4d:3b:84:2b:9f:f6:44:07:ee:70:10:76:
                    4e:4e:54:07:f1:47:44:c2:70:10:68:00:bc:1c:08:
                    9f:b6:6b:0a:f1:54:76:19:93:a9:d0:bd:e1:87:f4:
                    c0:33:f4:16:1b:22:fe:35:db:55:f4:de:6a:13:2c:
                    dd:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:B9:20:5B:FE:44:C3:05:21:21:E1:56:F2:0B:73:01:58:48:CF:C4
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/T7kgW_5EwwUhIeFW8gtzAVhIz8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.198.46.0/24
                  185.244.228.0/22
                IPv6:
                  2a0a:e9c5::/32

    Signature Algorithm: sha256WithRSAEncryption
         2b:b6:e4:7e:44:db:87:40:73:52:c6:1d:f7:e2:99:56:a0:10:
         ad:21:a1:c1:b0:92:d3:c5:f7:a3:dc:6b:b2:4f:40:fa:5f:06:
         bc:06:74:cd:8e:d2:b4:25:40:4e:a2:64:01:f1:6d:10:6c:bd:
         ac:38:56:00:6e:07:36:1e:fc:45:c5:51:06:ea:75:65:5b:25:
         a4:04:e5:fd:90:c8:73:c9:64:a2:02:e8:8c:9e:14:1a:9e:36:
         7e:a4:96:f4:0d:a1:50:d2:3a:b1:f0:7b:13:8b:4e:38:f6:d2:
         02:52:e4:f9:1e:10:d3:b0:0a:19:eb:42:c4:ca:e7:39:9b:e4:
         4c:27:58:88:62:93:98:58:cd:3b:d9:4f:14:b0:0a:89:da:79:
         88:f1:27:a3:8c:2e:9f:9a:ea:be:04:8b:c1:86:16:99:59:b1:
         22:9c:b2:42:7a:d3:c1:c8:54:ab:f6:bd:46:a5:e3:53:22:f3:
         ee:bd:dc:37:eb:a4:af:52:d9:7e:3f:35:59:6a:03:d5:4c:fc:
         54:1d:d8:56:06:70:c3:77:5c:8a:60:7d:45:e1:a7:26:c2:59:
         c5:ef:84:b2:fe:6f:cb:d7:ff:d9:3a:2a:95:8c:b9:4c:bc:ee:
         b3:a9:11:ca:4b:ac:12:36:94:17:b2:77:22:21:a6:af:54:0f:
         d9:85:1f:92
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZo00jglSlNvlNdHOCWngE75MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUxMDMwMTExMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmI5MjA1YmZlNDRjMzA1MjEyMWUxNTZmMjBiNzMwMTU4NDhjZmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQ/h+iTJUkgg7tQ7DcV6zErOtf1z
4sXIw4EdMlrCchJwSSVJ27GpJISAFevShlzWpPNwkd2P9Eix0hh/PMEpJk38wyJ5
ZTRnucPGdt4KOClDY0ZQienMlmK95pEbmwSRLUDGbHTXPTjChjpjSgauB54DKcOp
HhikEKEAaeFZJrBcN1woZ3n5m9VyMfSsgi0dkHmgpc/nAFMpRHy+Cs4QoHKtvFiD
BH7DTp1oOCfrc2NgnjwD8+5lLATakMK3prQTJbaf739NO4Qrn/ZEB+5wEHZOTlQH
8UdEwnAQaAC8HAiftmsK8VR2GZOp0L3hh/TAM/QWGyL+NdtV9N5qEyzdhwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFE+5IFv+RMMFISHhVvILcwFYSM/EMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvVDdrZ1dfNUV3d1VoSWVGVzhndHpBVmhJejhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAXsYuAwQC
ufTkMA0EAgACMAcDBQAqCunFMA0GCSqGSIb3DQEBCwUAA4IBAQArtuR+RNuHQHNS
xh334plWoBCtIaHBsJLTxfej3GuyT0D6Xwa8BnTNjtK0JUBOomQB8W0QbL2sOFYA
bgc2HvxFxVEG6nVlWyWkBOX9kMhzyWSiAuiMnhQanjZ+pJb0DaFQ0jqx8HsTi044
9tICUuT5HhDTsAoZ60LEyuc5m+RMJ1iIYpOYWM072U8UsAqJ2nmI8SejjC6fmuq+
BIvBhhaZWbEinLJCetPByFSr9r1GpeNTIvPuvdw366SvUtl+PzVZagPVTPxUHdhW
BnDDd1yKYH1F4acmwlnF74Sy/m/L1//ZOiqVjLlMvO6zqRHKS6wSNpQXsnciIaav
VA/ZhR+S
-----END CERTIFICATE-----