Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/e4GzdbRUaA8HrWQj3PBgqpSWMXg.roa
File:                     e4GzdbRUaA8HrWQj3PBgqpSWMXg.roa (raw, json)
Hash identifier:          DKWInXOs450Qw6ODBMLCvNh8CoKDSS0/D1RtuyPhGIM=
Subject key identifier:   7B:81:B3:75:B4:54:68:0F:07:AD:64:23:DC:F0:60:AA:94:96:31:78
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019744EEC282395D09347F8E33EA9D857792
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/e4GzdbRUaA8HrWQj3PBgqpSWMXg.roa
Signing time:             Fri 06 Jun 2025 11:09:47 +0000
ROA not before:           Fri 06 Jun 2025 11:09:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198338
IP address blocks:        185.105.116.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:44:ee:c2:82:39:5d:09:34:7f:8e:33:ea:9d:85:77:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jun  6 11:09:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7b81b375b454680f07ad6423dcf060aa94963178
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:cf:85:17:49:36:ea:ef:c7:34:a1:e2:ab:f7:
                    b1:81:e3:20:92:d3:de:2d:58:78:26:29:39:1c:ee:
                    49:4b:95:bc:d5:a2:8b:99:cb:92:b1:e3:32:a3:87:
                    5f:c5:4a:ae:ee:c3:5c:eb:e5:8a:c3:fa:01:b7:a8:
                    c9:80:ce:6e:9c:a3:56:c3:2f:65:85:52:39:b9:3f:
                    d6:7f:f7:85:8b:50:96:d0:d1:60:f4:c4:a3:dd:b0:
                    5e:31:85:a5:9b:73:1d:8f:b0:d5:97:80:61:ad:9e:
                    86:24:47:be:9f:ca:e1:26:73:31:b7:cf:5e:8c:cf:
                    a1:1e:9b:2f:ab:5a:29:28:62:b8:95:6a:25:5a:69:
                    15:1a:ff:51:87:42:4b:9d:6c:36:3f:c4:b7:52:90:
                    67:56:e3:48:a2:0c:13:6a:71:d9:93:be:c7:7d:8a:
                    1a:e2:e3:c3:89:b2:4b:04:e1:10:39:aa:64:2d:a1:
                    a8:b9:ce:35:f5:0e:0e:e5:1b:0e:b7:f8:1e:43:db:
                    ed:2e:07:f7:5c:8b:dd:ec:e2:e3:49:35:51:e3:bb:
                    42:8c:56:3a:3a:01:50:e1:26:94:df:97:bc:09:31:
                    56:c5:3e:b0:92:0e:e2:fb:ca:ce:a9:76:c3:21:69:
                    b5:c5:bf:48:04:a2:49:cc:2b:9a:fd:1b:bd:37:59:
                    2b:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:81:B3:75:B4:54:68:0F:07:AD:64:23:DC:F0:60:AA:94:96:31:78
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/e4GzdbRUaA8HrWQj3PBgqpSWMXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.105.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         01:c2:02:bb:de:35:40:8d:8f:82:58:b2:70:ca:c8:dc:d1:50:
         6c:af:1c:24:c6:ef:56:21:2e:8e:0a:35:e0:1f:3f:27:24:a5:
         e3:7f:59:07:d8:63:25:1b:50:d4:45:d9:1c:89:3b:b0:8c:13:
         a3:44:e5:59:d2:72:a2:8a:eb:44:4d:a9:3a:0b:95:49:77:56:
         23:ee:9d:73:52:1e:e1:74:b4:8c:31:61:cf:28:53:0a:2a:5c:
         61:13:d2:56:91:ec:44:a3:2a:d0:0c:3f:a3:81:9a:02:af:69:
         90:96:bc:b3:93:f1:0d:7e:36:61:04:36:a2:6c:f6:44:d7:ce:
         8b:27:27:6d:1d:b1:95:5b:42:0d:82:99:88:eb:74:ae:56:01:
         cd:30:ac:9d:dc:70:60:a4:71:e9:12:d2:f4:63:f4:e8:63:24:
         22:13:68:53:d5:cd:93:4b:a9:ff:79:9a:20:36:9b:17:21:e5:
         84:d7:36:b2:9b:2e:b4:c2:b9:ea:03:83:8a:28:bc:e4:ff:c6:
         1e:3b:c6:62:75:9d:c6:d3:c2:50:d8:58:99:f8:6e:83:6b:6c:
         45:de:a9:4a:1c:b2:6d:32:c8:85:ec:ee:37:ce:c8:31:c7:43:
         77:b6:6e:8d:b2:82:af:a3:ab:79:e9:2f:dc:fd:bc:6b:8c:27:
         db:86:c0:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdE7sKCOV0JNH+OM+qdhXeSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwNjA2MTEwOTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjgxYjM3NWI0NTQ2ODBmMDdhZDY0MjNkY2YwNjBhYTk0OTYzMTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3c+FF0k26u/HNKHiq/exgeMgktPe
LVh4Jik5HO5JS5W81aKLmcuSseMyo4dfxUqu7sNc6+WKw/oBt6jJgM5unKNWwy9l
hVI5uT/Wf/eFi1CW0NFg9MSj3bBeMYWlm3Mdj7DVl4BhrZ6GJEe+n8rhJnMxt89e
jM+hHpsvq1opKGK4lWolWmkVGv9Rh0JLnWw2P8S3UpBnVuNIogwTanHZk77HfYoa
4uPDibJLBOEQOapkLaGouc419Q4O5RsOt/geQ9vtLgf3XIvd7OLjSTVR47tCjFY6
OgFQ4SaU35e8CTFWxT6wkg7i+8rOqXbDIWm1xb9IBKJJzCua/Ru9N1kr6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHuBs3W0VGgPB61kI9zwYKqUljF4MB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvZTRHemRiUlVhQThIcldRajNQQmdxcFNXTVhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWl0MA0G
CSqGSIb3DQEBCwUAA4IBAQABwgK73jVAjY+CWLJwysjc0VBsrxwkxu9WIS6OCjXg
Hz8nJKXjf1kH2GMlG1DURdkciTuwjBOjROVZ0nKiiutETak6C5VJd1Yj7p1zUh7h
dLSMMWHPKFMKKlxhE9JWkexEoyrQDD+jgZoCr2mQlryzk/ENfjZhBDaibPZE186L
JydtHbGVW0INgpmI63SuVgHNMKyd3HBgpHHpEtL0Y/ToYyQiE2hT1c2TS6n/eZog
NpsXIeWE1zaymy60wrnqA4OKKLzk/8YeO8ZidZ3G08JQ2FiZ+G6Da2xF3qlKHLJt
MsiF7O43zsgxx0N3tm6NsoKvo6t56S/c/bxrjCfbhsA0
-----END CERTIFICATE-----