Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/tDMCrgNwzY4VdZX481VC0l7e5Po.roa
File:                     tDMCrgNwzY4VdZX481VC0l7e5Po.roa (raw, json)
Hash identifier:          0HFZh7soPzib3S5904j+38E8jSUeOf2CQ75FKSEswzg=
Subject key identifier:   B4:33:02:AE:03:70:CD:8E:15:75:95:F8:F3:55:42:D2:5E:DE:E4:FA
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019854A8CC9F58DC4169CA4AD6C0C926AA6E
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/tDMCrgNwzY4VdZX481VC0l7e5Po.roa
Signing time:             Tue 29 Jul 2025 05:30:05 +0000
ROA not before:           Tue 29 Jul 2025 05:30:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39855
IP address blocks:        45.144.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:54:a8:cc:9f:58:dc:41:69:ca:4a:d6:c0:c9:26:aa:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jul 29 05:30:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b43302ae0370cd8e157595f8f35542d25edee4fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:e4:07:d5:4a:15:5b:cb:76:5b:c7:89:2d:d0:
                    0e:44:a2:e1:35:de:7c:a6:f8:4b:9d:08:c8:88:87:
                    80:e1:14:79:4f:3d:5d:e6:86:61:05:85:ef:a3:f1:
                    42:a4:e9:6e:9b:bb:09:f6:42:51:f5:a5:f0:2c:0d:
                    13:35:7c:bb:61:80:f3:61:3e:83:32:d6:74:ed:25:
                    3c:27:b9:ec:ca:1d:03:a4:bb:ad:75:bc:c8:f9:52:
                    ef:f4:91:fb:16:69:8b:0d:07:67:2a:c8:cf:58:16:
                    f7:67:2a:9c:4c:7d:35:73:8f:bb:8d:89:bf:eb:e1:
                    00:7f:d4:03:44:90:cb:76:02:92:0e:b0:92:c5:34:
                    93:b4:0a:11:26:b4:46:99:40:bd:cc:9f:ec:32:32:
                    9b:c4:7e:43:96:4e:fc:5c:b3:db:b5:df:49:9c:03:
                    d6:b5:55:48:73:d5:fe:f5:06:89:cf:52:0f:ee:9d:
                    a7:ca:c0:f8:ce:e4:15:e3:66:f6:96:ba:2b:27:72:
                    d8:e0:21:27:7c:2b:3f:7c:0f:99:c8:e3:f7:0b:3a:
                    c9:7c:ea:15:21:8c:69:78:d9:9d:1e:d5:a9:23:ea:
                    70:9e:b4:95:10:20:c9:e5:cd:aa:06:5f:ab:fd:84:
                    b2:81:dd:2f:27:c0:4b:15:5d:35:59:dc:7c:97:48:
                    8e:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:33:02:AE:03:70:CD:8E:15:75:95:F8:F3:55:42:D2:5E:DE:E4:FA
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/tDMCrgNwzY4VdZX481VC0l7e5Po.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e3:b2:14:93:fb:36:48:60:13:7d:80:91:34:8d:79:3f:39:97:
         00:ab:b7:aa:89:52:ba:aa:00:45:cc:2a:cc:76:48:4c:2b:29:
         18:bd:a7:23:51:a6:90:f6:9b:e8:f2:f1:df:1b:1b:52:fa:af:
         07:eb:82:5d:7d:52:cd:63:c0:f7:15:46:be:09:15:3b:84:23:
         a0:a1:2d:2d:a1:a4:b2:9b:e4:a1:9e:fa:a9:e4:89:ad:39:32:
         a7:e7:10:32:c2:aa:96:d9:ca:da:84:9e:40:92:e2:74:91:b8:
         fd:9e:8b:26:8d:f3:4f:b0:43:df:f9:9a:90:62:10:dd:c1:b6:
         57:eb:df:d9:1b:a4:5d:d1:aa:d5:8d:e3:d6:b9:fe:ab:63:41:
         e3:3b:4c:08:82:59:ea:3c:2f:10:cc:68:da:3e:a9:ae:bf:40:
         4a:e5:de:61:d7:f6:bd:81:5a:c0:09:5a:50:94:b1:33:5d:13:
         8d:94:92:44:4f:11:10:97:60:ea:79:ba:f8:df:2d:dd:53:ce:
         74:18:f1:d6:bb:1a:a2:8a:4b:d8:24:d3:89:b8:6f:45:14:3e:
         63:25:76:2b:62:24:f3:e3:09:a6:f3:c3:61:f8:c8:2d:08:ed:
         54:37:64:86:fa:f5:4f:82:7a:aa:d9:4f:a4:95:fc:9e:28:91:
         9e:55:07:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhUqMyfWNxBacpK1sDJJqpuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwNzI5MDUzMDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDMzMDJhZTAzNzBjZDhlMTU3NTk1ZjhmMzU1NDJkMjVlZGVlNGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAruQH1UoVW8t2W8eJLdAORKLhNd58
pvhLnQjIiIeA4RR5Tz1d5oZhBYXvo/FCpOlum7sJ9kJR9aXwLA0TNXy7YYDzYT6D
MtZ07SU8J7nsyh0DpLutdbzI+VLv9JH7FmmLDQdnKsjPWBb3ZyqcTH01c4+7jYm/
6+EAf9QDRJDLdgKSDrCSxTSTtAoRJrRGmUC9zJ/sMjKbxH5Dlk78XLPbtd9JnAPW
tVVIc9X+9QaJz1IP7p2nysD4zuQV42b2lrorJ3LY4CEnfCs/fA+ZyOP3CzrJfOoV
IYxpeNmdHtWpI+pwnrSVECDJ5c2qBl+r/YSygd0vJ8BLFV01Wdx8l0iOSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLQzAq4DcM2OFXWV+PNVQtJe3uT6MB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvdERNQ3JnTnd6WTRWZFpYNDgxVkMwbDdlNVBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZDFMA0G
CSqGSIb3DQEBCwUAA4IBAQDjshST+zZIYBN9gJE0jXk/OZcAq7eqiVK6qgBFzCrM
dkhMKykYvacjUaaQ9pvo8vHfGxtS+q8H64JdfVLNY8D3FUa+CRU7hCOgoS0toaSy
m+Shnvqp5ImtOTKn5xAywqqW2crahJ5AkuJ0kbj9nosmjfNPsEPf+ZqQYhDdwbZX
69/ZG6Rd0arVjePWuf6rY0HjO0wIglnqPC8QzGjaPqmuv0BK5d5h1/a9gVrACVpQ
lLEzXRONlJJETxEQl2Dqebr43y3dU850GPHWuxqiikvYJNOJuG9FFD5jJXYrYiTz
4wmm88Nh+MgtCO1UN2SG+vVPgnqq2U+klfyeKJGeVQd9
-----END CERTIFICATE-----