Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/0a7eae-739c-42ea-940a-58366e98a9e6/1/tm-3rVf0ehgs47GKD5YmZeDML_k.roa
File:                     tm-3rVf0ehgs47GKD5YmZeDML_k.roa (raw, json)
Hash identifier:          aedX2HvF/sm/iXzrh2IiIlyk4l283LOsdtZCcAa/KWw=
Subject key identifier:   B6:6F:B7:AD:57:F4:7A:18:2C:E3:B1:8A:0F:96:26:65:E0:CC:2F:F9
Certificate issuer:       /CN=ecfb00381e733dc6e41d06db9ec8ddd311281bdd
Certificate serial:       01982D6F9AFD43655B85598E1822805EDCED
Authority key identifier: EC:FB:00:38:1E:73:3D:C6:E4:1D:06:DB:9E:C8:DD:D3:11:28:1B:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7PsAOB5zPcbkHQbbnsjd0xEoG90.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/0a7eae-739c-42ea-940a-58366e98a9e6/1/tm-3rVf0ehgs47GKD5YmZeDML_k.roa
Signing time:             Mon 21 Jul 2025 14:42:25 +0000
ROA not before:           Mon 21 Jul 2025 14:42:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205681
IP address blocks:        85.158.120.0/21 maxlen: 21
                          85.158.120.0/24 maxlen: 24
                          85.158.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/0a7eae-739c-42ea-940a-58366e98a9e6/1/7PsAOB5zPcbkHQbbnsjd0xEoG90.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/0a7eae-739c-42ea-940a-58366e98a9e6/1/7PsAOB5zPcbkHQbbnsjd0xEoG90.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7PsAOB5zPcbkHQbbnsjd0xEoG90.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 14:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2d:6f:9a:fd:43:65:5b:85:59:8e:18:22:80:5e:dc:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ecfb00381e733dc6e41d06db9ec8ddd311281bdd
        Validity
            Not Before: Jul 21 14:42:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b66fb7ad57f47a182ce3b18a0f962665e0cc2ff9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:3d:2c:3b:28:d2:48:b8:68:7c:3c:00:7f:b3:
                    2a:c9:d8:1f:8d:47:ff:5a:28:92:78:93:ac:8f:8f:
                    e1:96:a3:d6:97:93:9d:75:72:8a:ae:ce:3b:05:9c:
                    bf:14:e1:e6:7b:33:36:cf:f2:2c:3b:cb:4d:b3:d7:
                    0c:ad:b1:91:50:5c:80:dd:78:ae:d4:af:0b:d6:f6:
                    98:72:36:bd:74:98:a3:97:9b:ed:64:a3:f0:8e:5b:
                    de:b5:f0:f7:88:4d:17:a0:7a:2b:c0:e7:ae:d3:94:
                    a6:6e:2e:54:c2:05:be:d2:dc:02:25:3c:f8:37:71:
                    b0:c9:2d:d1:02:11:72:69:90:20:cc:2b:7f:eb:ed:
                    c8:8a:dc:d4:8d:e8:be:96:48:92:c3:5e:05:da:01:
                    6f:54:bd:c4:7e:f5:fa:e2:a1:50:13:74:f2:15:49:
                    a0:1c:97:55:89:54:95:f1:ae:2d:80:47:d0:c5:e5:
                    c3:6c:73:5f:9d:95:15:e3:d7:42:3d:53:43:19:08:
                    25:b8:50:32:8d:22:61:65:90:6c:54:80:bf:3a:be:
                    1b:28:d5:1b:d0:8a:52:ad:a7:d2:2a:a8:e9:90:eb:
                    3e:ae:5e:bb:84:fc:b2:17:a3:6c:c6:5d:0b:52:80:
                    38:95:c1:08:37:ca:34:d2:da:dd:e1:43:72:30:4e:
                    7e:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:6F:B7:AD:57:F4:7A:18:2C:E3:B1:8A:0F:96:26:65:E0:CC:2F:F9
            X509v3 Authority Key Identifier:
                keyid:EC:FB:00:38:1E:73:3D:C6:E4:1D:06:DB:9E:C8:DD:D3:11:28:1B:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7PsAOB5zPcbkHQbbnsjd0xEoG90.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/0a7eae-739c-42ea-940a-58366e98a9e6/1/tm-3rVf0ehgs47GKD5YmZeDML_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/0a7eae-739c-42ea-940a-58366e98a9e6/1/7PsAOB5zPcbkHQbbnsjd0xEoG90.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.120.0/21

    Signature Algorithm: sha256WithRSAEncryption
         5f:b1:73:d6:39:26:7b:0e:63:a7:e2:a5:0a:26:08:91:94:7f:
         15:86:48:c6:07:fe:5f:fc:7e:e8:37:a7:58:83:0b:34:22:17:
         a7:ac:7e:7b:ca:47:bb:cf:18:db:0d:e3:a3:dd:07:78:5e:e3:
         81:a6:0d:d6:96:ef:25:cd:69:99:7e:ba:78:b5:35:51:df:ec:
         a3:7c:f4:df:79:85:57:54:d1:33:1d:7c:7d:f4:c3:83:70:ad:
         68:35:c2:3b:f0:fc:92:87:e4:b7:70:bd:3f:44:be:50:52:2c:
         69:25:de:56:23:45:f1:b1:2d:0f:5a:58:a8:b6:44:55:a0:4a:
         78:2f:78:db:7d:2a:73:2f:4b:53:a2:60:62:5a:ce:f0:2f:2a:
         ec:53:d7:3e:fa:e3:f8:bf:5d:1c:44:1d:aa:b7:7f:f4:36:dc:
         e7:d5:da:99:6d:e5:72:f4:6d:18:e1:16:e3:02:f7:31:c7:10:
         2b:a4:56:ed:f7:35:48:37:ce:75:49:bb:e3:d6:86:8a:b7:22:
         42:3e:ed:e3:48:82:43:0e:36:e3:60:37:3f:88:40:f7:4b:20:
         0b:16:15:bc:16:cc:26:56:ec:ad:20:42:4a:65:25:7b:c1:d2:
         2e:6b:7f:ce:cd:25:ac:79:9e:cb:f1:c3:01:18:52:4f:fc:59:
         42:9b:76:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgtb5r9Q2VbhVmOGCKAXtztMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjZmIwMDM4MWU3MzNkYzZlNDFkMDZkYjllYzhkZGQzMTEy
ODFiZGQwHhcNMjUwNzIxMTQ0MjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjZmYjdhZDU3ZjQ3YTE4MmNlM2IxOGEwZjk2MjY2NWUwY2MyZmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtz0sOyjSSLhofDwAf7MqydgfjUf/
WiiSeJOsj4/hlqPWl5OddXKKrs47BZy/FOHmezM2z/IsO8tNs9cMrbGRUFyA3Xiu
1K8L1vaYcja9dJijl5vtZKPwjlvetfD3iE0XoHorwOeu05Smbi5UwgW+0twCJTz4
N3GwyS3RAhFyaZAgzCt/6+3IitzUjei+lkiSw14F2gFvVL3EfvX64qFQE3TyFUmg
HJdViVSV8a4tgEfQxeXDbHNfnZUV49dCPVNDGQgluFAyjSJhZZBsVIC/Or4bKNUb
0IpSrafSKqjpkOs+rl67hPyyF6Nsxl0LUoA4lcEIN8o00trd4UNyME5+YQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLZvt61X9HoYLOOxig+WJmXgzC/5MB8GA1UdIwQY
MBaAFOz7ADgecz3G5B0G257I3dMRKBvdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1BzQU9CNXpQY2JrSFFiYm5zamQweEVvRzkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8wYTdlYWUtNzM5Yy00MmVhLTk0MGEt
NTgzNjZlOThhOWU2LzEvdG0tM3JWZjBlaGdzNDdHS0Q1WW1aZURNTF9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8wYTdlYWUtNzM5Yy00MmVhLTk0MGEtNTgzNjZlOThhOWU2
LzEvN1BzQU9CNXpQY2JrSFFiYm5zamQweEVvRzkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDVZ54MA0G
CSqGSIb3DQEBCwUAA4IBAQBfsXPWOSZ7DmOn4qUKJgiRlH8VhkjGB/5f/H7oN6dY
gws0IhenrH57yke7zxjbDeOj3Qd4XuOBpg3Wlu8lzWmZfrp4tTVR3+yjfPTfeYVX
VNEzHXx99MODcK1oNcI78PySh+S3cL0/RL5QUixpJd5WI0XxsS0PWliotkRVoEp4
L3jbfSpzL0tTomBiWs7wLyrsU9c++uP4v10cRB2qt3/0Ntzn1dqZbeVy9G0Y4Rbj
AvcxxxArpFbt9zVIN851Sbvj1oaKtyJCPu3jSIJDDjbjYDc/iED3SyALFhW8Fswm
VuytIEJKZSV7wdIua3/OzSWseZ7L8cMBGFJP/FlCm3bk
-----END CERTIFICATE-----