Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/tFTfuySubfSrRVHUhxYeF1u80Zs.roa
File:                     tFTfuySubfSrRVHUhxYeF1u80Zs.roa (raw, json)
Hash identifier:          fQsA3U2f82hs7Bti4LUoQIz7rVn7qpzt4RTZ9jhDkSk=
Subject key identifier:   B4:54:DF:BB:24:AE:6D:F4:AB:45:51:D4:87:16:1E:17:5B:BC:D1:9B
Certificate issuer:       /CN=d3abf8f4cdf8963a182da0cdf908c38447fa7a09
Certificate serial:       019885BB0D0E4CBB67B4CC7F9DAFED4DD9F1
Authority key identifier: D3:AB:F8:F4:CD:F8:96:3A:18:2D:A0:CD:F9:08:C3:84:47:FA:7A:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/06v49M34ljoYLaDN-QjDhEf6egk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/tFTfuySubfSrRVHUhxYeF1u80Zs.roa
Signing time:             Thu 07 Aug 2025 18:11:24 +0000
ROA not before:           Thu 07 Aug 2025 18:11:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50673
IP address blocks:        185.146.216.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/06v49M34ljoYLaDN-QjDhEf6egk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/06v49M34ljoYLaDN-QjDhEf6egk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/06v49M34ljoYLaDN-QjDhEf6egk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 Aug 2025 13:24:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:85:bb:0d:0e:4c:bb:67:b4:cc:7f:9d:af:ed:4d:d9:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3abf8f4cdf8963a182da0cdf908c38447fa7a09
        Validity
            Not Before: Aug  7 18:11:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b454dfbb24ae6df4ab4551d487161e175bbcd19b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:f0:45:4c:14:be:1e:2b:76:48:96:cc:8e:2c:
                    fe:e9:75:d5:70:c8:20:d8:c4:8f:7b:e2:2c:ee:d4:
                    cd:21:09:cc:fb:27:a5:55:38:6f:60:d6:4e:5f:84:
                    2c:c8:2b:91:f3:8f:bd:ea:3c:49:8c:15:2d:78:24:
                    4d:df:ef:e4:50:37:ae:20:ea:54:28:9b:03:25:ce:
                    46:83:64:06:2e:97:e9:3b:d5:80:27:44:96:fc:71:
                    81:82:01:13:d4:c6:c2:19:a1:e8:cb:cd:dc:21:af:
                    43:f3:e1:9a:31:85:22:9f:83:43:0f:23:66:f8:92:
                    f4:5e:b0:e9:fd:38:db:6b:3d:81:ea:b7:23:2e:b2:
                    1f:d1:10:3c:96:21:b7:1b:84:b4:27:4d:29:49:34:
                    5e:2f:7e:1b:6e:e0:1c:f9:03:91:3d:34:19:c6:7b:
                    5d:33:ea:42:02:cc:5e:b4:b3:87:3d:bf:21:35:75:
                    7c:ee:00:05:de:d9:82:0d:b0:a1:cb:cb:b3:3d:4c:
                    84:09:7b:0e:2d:cf:d5:b0:56:58:bc:d4:5f:7f:50:
                    46:e6:6a:36:ea:f2:95:20:45:c6:d9:6b:8b:39:69:
                    fd:39:68:0a:a4:7c:94:3a:ee:cd:ac:62:92:b6:f0:
                    6a:57:cd:34:d4:16:93:18:2e:5a:14:62:c0:bb:05:
                    77:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:54:DF:BB:24:AE:6D:F4:AB:45:51:D4:87:16:1E:17:5B:BC:D1:9B
            X509v3 Authority Key Identifier:
                keyid:D3:AB:F8:F4:CD:F8:96:3A:18:2D:A0:CD:F9:08:C3:84:47:FA:7A:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/06v49M34ljoYLaDN-QjDhEf6egk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/tFTfuySubfSrRVHUhxYeF1u80Zs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/06v49M34ljoYLaDN-QjDhEf6egk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b5:16:5b:a1:47:f2:b7:63:93:78:27:e1:35:57:80:89:32:c4:
         04:54:4c:fc:ea:b1:f1:b7:f3:ca:4f:92:9d:95:97:63:2b:7d:
         c9:3b:4f:77:98:79:87:8c:1e:54:18:f0:71:26:ac:aa:61:d4:
         f9:f5:c2:98:c4:70:5c:b0:ca:8a:bd:06:d0:5c:a5:31:94:73:
         3a:05:08:cf:1d:12:60:c8:83:5e:00:3e:d5:0d:b0:f1:92:40:
         d9:bd:81:97:8e:02:25:b2:0b:9e:57:dd:fc:d6:b0:49:f1:de:
         43:0c:8d:d4:d7:dd:a0:50:00:70:d8:26:24:47:d8:42:32:1c:
         7c:01:73:9c:a0:1f:95:6d:b3:c7:51:ba:b8:4c:be:58:fa:c3:
         82:d5:7c:73:fa:79:da:37:68:0a:1c:1b:53:d9:e2:72:de:25:
         86:8a:4c:cc:06:85:1b:28:94:80:70:8d:dd:e6:e9:96:1b:0f:
         5a:51:61:02:d1:97:d1:c9:ed:fd:31:00:b6:d9:92:a7:27:c7:
         b1:c7:03:8a:8e:5c:ae:3f:66:ff:92:2d:f9:a8:0e:65:2e:62:
         d5:2e:10:90:09:e0:59:36:57:6f:0b:e4:cd:85:ea:e7:f2:a5:
         bb:b7:70:55:e1:81:49:2a:c4:54:a9:c3:7f:d1:d9:28:95:b6:
         1d:81:82:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiFuw0OTLtntMx/na/tTdnxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYWJmOGY0Y2RmODk2M2ExODJkYTBjZGY5MDhjMzg0NDdm
YTdhMDkwHhcNMjUwODA3MTgxMTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDU0ZGZiYjI0YWU2ZGY0YWI0NTUxZDQ4NzE2MWUxNzViYmNkMTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvBFTBS+Hit2SJbMjiz+6XXVcMgg
2MSPe+Is7tTNIQnM+yelVThvYNZOX4QsyCuR84+96jxJjBUteCRN3+/kUDeuIOpU
KJsDJc5Gg2QGLpfpO9WAJ0SW/HGBggET1MbCGaHoy83cIa9D8+GaMYUin4NDDyNm
+JL0XrDp/Tjbaz2B6rcjLrIf0RA8liG3G4S0J00pSTReL34bbuAc+QORPTQZxntd
M+pCAsxetLOHPb8hNXV87gAF3tmCDbChy8uzPUyECXsOLc/VsFZYvNRff1BG5mo2
6vKVIEXG2WuLOWn9OWgKpHyUOu7NrGKStvBqV8001BaTGC5aFGLAuwV3vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLRU37skrm30q0VR1IcWHhdbvNGbMB8GA1UdIwQY
MBaAFNOr+PTN+JY6GC2gzfkIw4RH+noJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDZ2NDlNMzRsam9ZTGFETi1RakRoRWY2ZWdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8yNmQxOTMtNDBjMi00MTdiLWJkNTIt
NWMxMGJkYjg2NmUwLzEvdEZUZnV5U3ViZlNyUlZIVWh4WWVGMXU4MFpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8yNmQxOTMtNDBjMi00MTdiLWJkNTItNWMxMGJkYjg2NmUw
LzEvMDZ2NDlNMzRsam9ZTGFETi1RakRoRWY2ZWdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZLYMA0G
CSqGSIb3DQEBCwUAA4IBAQC1FluhR/K3Y5N4J+E1V4CJMsQEVEz86rHxt/PKT5Kd
lZdjK33JO093mHmHjB5UGPBxJqyqYdT59cKYxHBcsMqKvQbQXKUxlHM6BQjPHRJg
yINeAD7VDbDxkkDZvYGXjgIlsgueV9381rBJ8d5DDI3U192gUABw2CYkR9hCMhx8
AXOcoB+VbbPHUbq4TL5Y+sOC1Xxz+nnaN2gKHBtT2eJy3iWGikzMBoUbKJSAcI3d
5umWGw9aUWEC0ZfRye39MQC22ZKnJ8exxwOKjlyuP2b/ki35qA5lLmLVLhCQCeBZ
NldvC+TNhern8qW7t3BV4YFJKsRUqcN/0dkolbYdgYL9
-----END CERTIFICATE-----