Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/d19549-31b8-4a1e-b6d5-6a17e21ca6c7/1/TcSp7o6uwH24irSRe8iMFLsbk94.roa
File:                     TcSp7o6uwH24irSRe8iMFLsbk94.roa (raw, json)
Hash identifier:          c25HUD+HppjHQuOQwqciQrtoVauED60d+2+faqqkKIY=
Subject key identifier:   4D:C4:A9:EE:8E:AE:C0:7D:B8:8A:B4:91:7B:C8:8C:14:BB:1B:93:DE
Certificate issuer:       /CN=908ed2657b03448da28bc248c2f7ec4973da6e3b
Certificate serial:       019A2E30D39A40A9F7CE82CD11444C2EC5F8
Authority key identifier: 90:8E:D2:65:7B:03:44:8D:A2:8B:C2:48:C2:F7:EC:49:73:DA:6E:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kI7SZXsDRI2ii8JIwvfsSXPabjs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/d19549-31b8-4a1e-b6d5-6a17e21ca6c7/1/TcSp7o6uwH24irSRe8iMFLsbk94.roa
Signing time:             Wed 29 Oct 2025 04:19:03 +0000
ROA not before:           Wed 29 Oct 2025 04:19:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39686
IP address blocks:        185.125.236.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/d19549-31b8-4a1e-b6d5-6a17e21ca6c7/1/kI7SZXsDRI2ii8JIwvfsSXPabjs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/d19549-31b8-4a1e-b6d5-6a17e21ca6c7/1/kI7SZXsDRI2ii8JIwvfsSXPabjs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kI7SZXsDRI2ii8JIwvfsSXPabjs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2e:30:d3:9a:40:a9:f7:ce:82:cd:11:44:4c:2e:c5:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=908ed2657b03448da28bc248c2f7ec4973da6e3b
        Validity
            Not Before: Oct 29 04:19:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4dc4a9ee8eaec07db88ab4917bc88c14bb1b93de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:67:f1:34:83:78:bc:9e:1d:8f:f6:12:ae:a5:
                    63:51:2e:1a:f8:fc:05:55:eb:95:b8:15:d6:03:dd:
                    b6:99:19:1b:9e:45:21:b7:08:0e:eb:10:0d:df:9c:
                    c7:45:c1:f7:c4:59:4f:4d:6f:ef:73:6e:f2:d0:c0:
                    fe:26:ac:b9:a1:a9:1c:41:93:da:9c:13:bf:de:fe:
                    11:39:10:72:e9:eb:a7:f9:0f:43:04:bc:c3:62:b5:
                    85:1c:0c:8d:de:5a:d3:2b:78:34:35:1e:a2:13:d8:
                    72:95:c7:17:84:be:3c:d0:a7:dc:4e:ee:28:97:fc:
                    82:70:88:ab:f9:92:79:0c:65:38:eb:bf:61:7b:71:
                    2d:ba:aa:03:7c:f0:0b:24:81:2e:a3:63:bc:95:a1:
                    8e:08:2a:26:ed:b4:18:29:e9:15:91:3b:84:56:59:
                    95:07:84:6f:16:31:a7:5b:06:42:c3:21:31:2d:95:
                    8e:d6:25:a6:ca:67:a4:20:36:9b:7d:2d:56:a6:5c:
                    7e:ac:e9:60:fb:54:c3:6c:84:4b:15:f7:dd:04:46:
                    e9:53:79:c5:f7:73:bf:52:09:c6:d8:c5:18:17:d2:
                    46:ab:1b:ed:00:6b:2f:c9:9d:9c:0a:d6:ad:a8:ca:
                    cc:a9:7c:01:1d:c7:f0:e1:90:b7:23:7d:e4:72:0c:
                    e3:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:C4:A9:EE:8E:AE:C0:7D:B8:8A:B4:91:7B:C8:8C:14:BB:1B:93:DE
            X509v3 Authority Key Identifier:
                keyid:90:8E:D2:65:7B:03:44:8D:A2:8B:C2:48:C2:F7:EC:49:73:DA:6E:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kI7SZXsDRI2ii8JIwvfsSXPabjs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/d19549-31b8-4a1e-b6d5-6a17e21ca6c7/1/TcSp7o6uwH24irSRe8iMFLsbk94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/d19549-31b8-4a1e-b6d5-6a17e21ca6c7/1/kI7SZXsDRI2ii8JIwvfsSXPabjs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.125.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         37:6e:f0:16:a6:72:10:0f:d0:d5:ea:a6:82:99:e6:23:16:89:
         c1:c7:aa:91:f1:51:91:bf:4a:cb:cc:80:90:4a:c6:2f:0f:d9:
         a8:8c:4e:de:62:aa:30:72:e9:bc:d9:99:44:67:8a:14:24:4e:
         31:4c:04:01:c9:f1:95:4d:4d:f2:bb:04:ea:59:e4:ed:d5:04:
         e2:a6:f2:bf:b7:41:3d:08:f6:2f:f8:76:0c:f2:cf:4c:dc:09:
         1d:8e:b9:9e:25:1b:ab:f2:e6:49:87:3e:10:20:1c:d4:70:95:
         2b:a7:38:cd:e8:b9:fb:ce:18:ff:2c:e6:22:21:b7:47:1b:80:
         18:c0:82:e2:78:80:2e:14:09:45:b1:ed:1b:5d:fc:26:9f:e0:
         61:26:22:3c:cf:70:c7:d5:ea:34:1e:94:af:99:b6:dc:92:2a:
         a6:32:e4:ca:05:2a:c8:ad:2f:dd:bd:81:aa:8e:dc:9c:da:b6:
         68:27:56:2a:ef:1f:72:7e:e3:42:de:6b:f6:5f:a7:ac:63:58:
         ed:b9:27:17:2d:77:57:ee:ce:8d:17:0f:4f:89:e0:2b:ae:d9:
         a3:11:b9:47:7c:b3:2b:52:da:89:8a:dd:05:a7:b2:e9:b7:d2:
         6f:3e:97:ff:8d:76:3b:f5:50:2b:82:1b:ab:c1:ac:80:7c:48:
         54:7f:4e:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZouMNOaQKn3zoLNEURMLsX4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwOGVkMjY1N2IwMzQ0OGRhMjhiYzI0OGMyZjdlYzQ5NzNk
YTZlM2IwHhcNMjUxMDI5MDQxOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGM0YTllZThlYWVjMDdkYjg4YWI0OTE3YmM4OGMxNGJiMWI5M2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGfxNIN4vJ4dj/YSrqVjUS4a+PwF
VeuVuBXWA922mRkbnkUhtwgO6xAN35zHRcH3xFlPTW/vc27y0MD+Jqy5oakcQZPa
nBO/3v4RORBy6eun+Q9DBLzDYrWFHAyN3lrTK3g0NR6iE9hylccXhL480KfcTu4o
l/yCcIir+ZJ5DGU4679he3EtuqoDfPALJIEuo2O8laGOCCom7bQYKekVkTuEVlmV
B4RvFjGnWwZCwyExLZWO1iWmymekIDabfS1Wplx+rOlg+1TDbIRLFffdBEbpU3nF
93O/UgnG2MUYF9JGqxvtAGsvyZ2cCtatqMrMqXwBHcfw4ZC3I33kcgzjOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE3Eqe6OrsB9uIq0kXvIjBS7G5PeMB8GA1UdIwQY
MBaAFJCO0mV7A0SNoovCSML37Elz2m47MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0k3U1pYc0RSSTJpaThKSXd2ZnNTWFBhYmpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9kMTk1NDktMzFiOC00YTFlLWI2ZDUt
NmExN2UyMWNhNmM3LzEvVGNTcDdvNnV3SDI0aXJTUmU4aU1GTHNiazk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9kMTk1NDktMzFiOC00YTFlLWI2ZDUtNmExN2UyMWNhNmM3
LzEva0k3U1pYc0RSSTJpaThKSXd2ZnNTWFBhYmpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuX3sMA0G
CSqGSIb3DQEBCwUAA4IBAQA3bvAWpnIQD9DV6qaCmeYjFonBx6qR8VGRv0rLzICQ
SsYvD9mojE7eYqowcum82ZlEZ4oUJE4xTAQByfGVTU3yuwTqWeTt1QTipvK/t0E9
CPYv+HYM8s9M3AkdjrmeJRur8uZJhz4QIBzUcJUrpzjN6Ln7zhj/LOYiIbdHG4AY
wILieIAuFAlFse0bXfwmn+BhJiI8z3DH1eo0HpSvmbbckiqmMuTKBSrIrS/dvYGq
jtyc2rZoJ1Yq7x9yfuNC3mv2X6esY1jtuScXLXdX7s6NFw9PieArrtmjEblHfLMr
UtqJit0Fp7Lpt9JvPpf/jXY79VArghurwayAfEhUf062
-----END CERTIFICATE-----