Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/TKHVPCgKWgmlRhWEubfTc_2iNdo.roa
File:                     TKHVPCgKWgmlRhWEubfTc_2iNdo.roa (raw, json)
Hash identifier:          kNRIFdkqpRBsn7JG22+KFQspfd2argAfeCH1zb4/CE4=
Subject key identifier:   4C:A1:D5:3C:28:0A:5A:09:A5:46:15:84:B9:B7:D3:73:FD:A2:35:DA
Certificate issuer:       /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial:       01993A0CB82908F5B7007FD131B8CB122F08
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/TKHVPCgKWgmlRhWEubfTc_2iNdo.roa
Signing time:             Thu 11 Sep 2025 18:32:16 +0000
ROA not before:           Thu 11 Sep 2025 18:32:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214238
IP address blocks:        2.58.124.0/24 maxlen: 24
                          2.58.125.0/24 maxlen: 24
                          2.58.126.0/24 maxlen: 24
                          45.150.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:3a:0c:b8:29:08:f5:b7:00:7f:d1:31:b8:cb:12:2f:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
        Validity
            Not Before: Sep 11 18:32:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ca1d53c280a5a09a5461584b9b7d373fda235da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:05:cc:58:6e:35:cd:cf:97:40:60:8d:8e:3c:
                    72:04:1d:51:d4:77:90:2f:90:60:19:d1:71:74:52:
                    fa:5a:86:b0:8d:d4:76:5e:2b:74:d9:25:fe:fc:11:
                    ef:1c:0e:91:11:c6:3a:85:d7:31:4d:63:5f:95:c6:
                    f3:6a:eb:83:bb:9b:e5:b1:0d:a0:f6:c6:87:90:1c:
                    31:93:a9:cb:a9:77:2e:12:81:6d:d4:7a:31:76:25:
                    a8:5a:45:6b:5c:e8:3a:34:9f:0f:72:1e:25:89:f0:
                    d4:76:64:81:0e:80:8b:a6:dc:ee:8a:43:87:96:ea:
                    33:bb:3b:22:68:65:87:7d:a1:b7:99:ef:5a:7a:b3:
                    ef:70:82:1b:28:44:1e:13:08:05:0a:4b:7c:e1:5d:
                    29:63:d4:83:34:08:c6:77:a8:3c:f0:18:02:eb:de:
                    7d:cb:ce:7c:be:5d:c6:0f:77:6a:73:f4:48:b1:a2:
                    5c:51:3c:ad:9a:8f:ac:5e:3c:00:8e:03:da:17:6b:
                    be:09:51:d0:04:6e:ff:be:f8:32:32:02:4d:7e:b2:
                    37:10:91:2c:7c:98:1c:b6:bf:58:73:cb:79:6f:9b:
                    51:9a:38:44:b5:24:7e:09:a8:f6:22:37:e3:09:fb:
                    ce:f9:ac:16:76:c4:a4:67:ab:75:c4:5a:69:78:65:
                    43:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:A1:D5:3C:28:0A:5A:09:A5:46:15:84:B9:B7:D3:73:FD:A2:35:DA
            X509v3 Authority Key Identifier:
                keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/TKHVPCgKWgmlRhWEubfTc_2iNdo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.124.0-2.58.126.255
                  45.150.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:7c:2c:a5:59:90:08:8e:20:3e:30:cc:34:85:b7:b3:f2:f8:
         4d:f7:c2:9a:45:7e:6e:9a:b2:7a:9e:a0:56:43:a7:9e:1c:e6:
         06:35:97:39:3e:98:ed:6e:9a:33:b1:6e:b6:1d:86:f0:fc:7c:
         e2:35:9e:88:c6:53:f2:83:b7:9e:3b:c4:6f:ea:ef:d6:3d:63:
         00:7a:94:e8:9c:ce:2d:ae:a4:d8:6c:c5:05:66:9c:b7:df:11:
         e0:18:93:37:06:01:0d:ba:2f:a2:f0:fc:e8:c1:b0:64:cf:2d:
         c1:5f:0e:c0:dc:9a:b0:d4:5a:93:4e:a0:58:13:f2:47:e1:08:
         6a:7a:dd:63:ac:22:67:11:4a:13:7e:d0:d2:9f:e7:72:80:84:
         45:2a:bd:5e:8a:1b:41:66:ae:1a:7d:81:6a:f6:5e:c1:bf:f5:
         fd:eb:56:a0:c1:37:8a:ab:2f:51:13:f2:cd:9f:c0:49:15:91:
         a1:1d:9d:5b:ba:49:58:bf:20:3f:1b:d5:66:f9:0f:ca:9f:a0:
         fe:d7:03:a6:c5:c1:68:0b:0b:23:f2:60:b8:9d:79:46:f7:22:
         42:44:58:1d:34:1d:56:27:19:d2:63:3e:2e:71:85:76:a2:e1:
         59:1f:ec:10:27:9f:51:40:32:a9:56:d6:2d:fd:63:c5:0b:ab:
         cd:36:71:fe
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZk6DLgpCPW3AH/RMbjLEi8IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjUwOTExMTgzMjE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2ExZDUzYzI4MGE1YTA5YTU0NjE1ODRiOWI3ZDM3M2ZkYTIzNWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8gXMWG41zc+XQGCNjjxyBB1R1HeQ
L5BgGdFxdFL6WoawjdR2Xit02SX+/BHvHA6REcY6hdcxTWNflcbzauuDu5vlsQ2g
9saHkBwxk6nLqXcuEoFt1HoxdiWoWkVrXOg6NJ8Pch4lifDUdmSBDoCLptzuikOH
luozuzsiaGWHfaG3me9aerPvcIIbKEQeEwgFCkt84V0pY9SDNAjGd6g88BgC6959
y858vl3GD3dqc/RIsaJcUTytmo+sXjwAjgPaF2u+CVHQBG7/vvgyMgJNfrI3EJEs
fJgctr9Yc8t5b5tRmjhEtSR+Caj2IjfjCfvO+awWdsSkZ6t1xFppeGVDdQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFEyh1TwoCloJpUYVhLm303P9ojXaMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvVEtIVlBDZ0tXZ21sUmhXRXViZlRjXzJpTmRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAICOnwD
BAACOn4DBAAtlm8wDQYJKoZIhvcNAQELBQADggEBAGN8LKVZkAiOID4wzDSFt7Py
+E33wppFfm6asnqeoFZDp54c5gY1lzk+mO1umjOxbrYdhvD8fOI1nojGU/KDt547
xG/q79Y9YwB6lOiczi2upNhsxQVmnLffEeAYkzcGAQ26L6Lw/OjBsGTPLcFfDsDc
mrDUWpNOoFgT8kfhCGp63WOsImcRShN+0NKf53KAhEUqvV6KG0Fmrhp9gWr2XsG/
9f3rVqDBN4qrL1ET8s2fwEkVkaEdnVu6SVi/ID8b1Wb5D8qfoP7XA6bFwWgLCyPy
YLideUb3IkJEWB00HVYnGdJjPi5xhXai4Vkf7BAnn1FAMqlW1i39Y8ULq802cf4=
-----END CERTIFICATE-----