Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/4a2e97-2570-478b-b9bc-5ebb6378009e/1/tC4kEyILNSgq-4HRu62K07yIvGs.roa
File:                     tC4kEyILNSgq-4HRu62K07yIvGs.roa (raw, json)
Hash identifier:          gjkW2opUlQbptSUKgUELQ123yLms5Q+buV+jgPY3PiY=
Subject key identifier:   B4:2E:24:13:22:0B:35:28:2A:FB:81:D1:BB:AD:8A:D3:BC:88:BC:6B
Certificate issuer:       /CN=e292c8c779b6ed6ede72a8cf11490ef6d7a9e921
Certificate serial:       019A4B548AD28D10C9D12B64926A5F949ADE
Authority key identifier: E2:92:C8:C7:79:B6:ED:6E:DE:72:A8:CF:11:49:0E:F6:D7:A9:E9:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4pLIx3m27W7ecqjPEUkO9tep6SE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/4a2e97-2570-478b-b9bc-5ebb6378009e/1/tC4kEyILNSgq-4HRu62K07yIvGs.roa
Signing time:             Mon 03 Nov 2025 20:07:03 +0000
ROA not before:           Mon 03 Nov 2025 20:07:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        95.128.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/4a2e97-2570-478b-b9bc-5ebb6378009e/1/4pLIx3m27W7ecqjPEUkO9tep6SE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/4a2e97-2570-478b-b9bc-5ebb6378009e/1/4pLIx3m27W7ecqjPEUkO9tep6SE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4pLIx3m27W7ecqjPEUkO9tep6SE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4b:54:8a:d2:8d:10:c9:d1:2b:64:92:6a:5f:94:9a:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e292c8c779b6ed6ede72a8cf11490ef6d7a9e921
        Validity
            Not Before: Nov  3 20:07:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b42e2413220b35282afb81d1bbad8ad3bc88bc6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:40:bc:44:3f:ff:18:96:6f:57:67:bd:6b:1f:
                    e7:f2:b9:c4:73:5c:6f:0c:73:e3:d5:49:5d:ef:e4:
                    29:96:2d:9e:a2:1e:ec:f4:5e:36:5b:ea:a5:25:61:
                    aa:7c:35:4f:c0:38:03:43:21:e8:f8:99:1e:81:5c:
                    b5:be:8e:be:47:8c:a0:7e:f1:8a:73:d9:f8:51:70:
                    ef:3f:38:7f:5e:79:2e:08:56:43:f6:60:d2:b2:bc:
                    b2:6b:a1:d2:91:ed:30:ab:05:07:e4:b8:58:56:d9:
                    f0:30:11:59:90:cc:05:a1:f7:43:07:09:21:1d:aa:
                    07:58:51:c7:54:5e:44:17:07:35:6c:b4:ed:61:61:
                    0b:5d:f0:33:19:58:c4:56:75:0d:a7:d3:a1:4e:be:
                    09:7b:e9:eb:3e:47:a7:fe:d7:32:1f:a5:7c:9a:a8:
                    c3:9c:a3:f0:2d:78:4f:78:7e:01:41:aa:52:b4:c0:
                    73:f7:1d:c2:b9:8c:ad:bf:bd:c0:20:30:0d:a3:fc:
                    9d:4f:40:a9:a0:43:fc:f0:90:9c:d1:5c:27:fc:52:
                    b7:14:10:cc:6f:c7:da:c4:1a:63:59:93:a2:40:ce:
                    a9:29:2a:69:d7:ad:36:9f:56:d4:a6:f6:2b:ca:99:
                    69:36:a7:2b:b1:44:fb:19:89:10:3a:91:c8:96:ff:
                    28:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:2E:24:13:22:0B:35:28:2A:FB:81:D1:BB:AD:8A:D3:BC:88:BC:6B
            X509v3 Authority Key Identifier:
                keyid:E2:92:C8:C7:79:B6:ED:6E:DE:72:A8:CF:11:49:0E:F6:D7:A9:E9:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4pLIx3m27W7ecqjPEUkO9tep6SE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/4a2e97-2570-478b-b9bc-5ebb6378009e/1/tC4kEyILNSgq-4HRu62K07yIvGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/4a2e97-2570-478b-b9bc-5ebb6378009e/1/4pLIx3m27W7ecqjPEUkO9tep6SE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:36:aa:53:61:53:e5:e5:9e:a8:0f:7a:c3:66:58:b5:92:b3:
         46:04:d3:e6:c6:8c:fd:a6:76:9f:ad:37:25:19:49:31:ef:49:
         bc:36:6c:f9:d1:b9:1a:91:31:84:c8:da:57:98:07:45:ea:68:
         4a:a6:5d:b9:ea:9b:bb:14:af:e0:85:17:16:8e:04:60:84:95:
         a1:4e:b8:63:3f:ac:0c:55:ae:2d:f1:59:c6:b0:82:7e:03:6c:
         ce:c5:38:72:c8:7a:cb:25:02:b2:f8:f4:44:c5:ec:e0:b1:8a:
         13:60:35:56:6a:88:5c:d3:9c:77:09:d9:ab:68:d9:20:56:90:
         8f:4a:63:11:2e:ac:bb:49:20:8e:ee:0e:07:1d:9f:bb:e7:23:
         c1:a6:49:1d:bd:e4:01:3b:d1:7f:f5:6d:e5:41:20:c3:f9:ff:
         39:0d:1f:c2:04:79:18:a0:a7:5d:e8:c1:52:d1:83:54:0f:e7:
         81:2c:2f:03:b7:51:24:31:59:0d:eb:7f:65:40:fb:ba:93:b1:
         37:cf:d7:74:3e:a2:bf:94:c8:4a:17:85:24:74:73:ff:e2:f5:
         a9:c4:86:cf:62:f7:65:49:cd:a2:18:c0:6b:44:91:46:f6:20:
         9e:80:90:3c:ff:5b:7f:2b:ae:fe:07:37:63:d3:e6:b8:43:10:
         cc:48:ad:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpLVIrSjRDJ0StkkmpflJreMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyOTJjOGM3NzliNmVkNmVkZTcyYThjZjExNDkwZWY2ZDdh
OWU5MjEwHhcNMjUxMTAzMjAwNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDJlMjQxMzIyMGIzNTI4MmFmYjgxZDFiYmFkOGFkM2JjODhiYzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0UC8RD//GJZvV2e9ax/n8rnEc1xv
DHPj1Uld7+Qpli2eoh7s9F42W+qlJWGqfDVPwDgDQyHo+JkegVy1vo6+R4ygfvGK
c9n4UXDvPzh/XnkuCFZD9mDSsryya6HSke0wqwUH5LhYVtnwMBFZkMwFofdDBwkh
HaoHWFHHVF5EFwc1bLTtYWELXfAzGVjEVnUNp9OhTr4Je+nrPken/tcyH6V8mqjD
nKPwLXhPeH4BQapStMBz9x3CuYytv73AIDANo/ydT0CpoEP88JCc0Vwn/FK3FBDM
b8faxBpjWZOiQM6pKSpp1602n1bUpvYryplpNqcrsUT7GYkQOpHIlv8oiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLQuJBMiCzUoKvuB0butitO8iLxrMB8GA1UdIwQY
MBaAFOKSyMd5tu1u3nKozxFJDvbXqekhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHBMSXgzbTI3VzdlY3FqUEVVa085dGVwNlNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC80YTJlOTctMjU3MC00NzhiLWI5YmMt
NWViYjYzNzgwMDllLzEvdEM0a0V5SUxOU2dxLTRIUnU2MkswN3lJdkdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC80YTJlOTctMjU3MC00NzhiLWI5YmMtNWViYjYzNzgwMDll
LzEvNHBMSXgzbTI3VzdlY3FqUEVVa085dGVwNlNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4DDMA0G
CSqGSIb3DQEBCwUAA4IBAQAFNqpTYVPl5Z6oD3rDZli1krNGBNPmxoz9pnafrTcl
GUkx70m8Nmz50bkakTGEyNpXmAdF6mhKpl256pu7FK/ghRcWjgRghJWhTrhjP6wM
Va4t8VnGsIJ+A2zOxThyyHrLJQKy+PRExezgsYoTYDVWaohc05x3CdmraNkgVpCP
SmMRLqy7SSCO7g4HHZ+75yPBpkkdveQBO9F/9W3lQSDD+f85DR/CBHkYoKdd6MFS
0YNUD+eBLC8Dt1EkMVkN639lQPu6k7E3z9d0PqK/lMhKF4UkdHP/4vWpxIbPYvdl
Sc2iGMBrRJFG9iCegJA8/1t/K67+Bzdj0+a4QxDMSK2Z
-----END CERTIFICATE-----