Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/TxR_ktOCFLa0KCExtOwrEroAOc0.roa
File:                     TxR_ktOCFLa0KCExtOwrEroAOc0.roa (raw, json)
Hash identifier:          tmuSuYVFBmkc0WpuIm5bIBHE9A4XBUxOgAjtVlVAqjs=
Subject key identifier:   4F:14:7F:92:D3:82:14:B6:B4:28:21:31:B4:EC:2B:12:BA:00:39:CD
Certificate issuer:       /CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
Certificate serial:       0196BA464844B29C54C46152871D7B81E282
Authority key identifier: 05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/TxR_ktOCFLa0KCExtOwrEroAOc0.roa
Signing time:             Sat 10 May 2025 12:58:10 +0000
ROA not before:           Sat 10 May 2025 12:58:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        188.209.128.0/24 maxlen: 24
                          188.209.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 15:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ba:46:48:44:b2:9c:54:c4:61:52:87:1d:7b:81:e2:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
        Validity
            Not Before: May 10 12:58:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f147f92d38214b6b4282131b4ec2b12ba0039cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:08:99:1b:31:52:ae:95:81:c8:a5:44:bb:57:
                    80:87:8e:ba:c5:f5:36:d3:04:41:b8:75:b8:ea:8e:
                    6d:25:bf:f0:ba:24:04:f9:2c:8c:b6:db:78:58:d0:
                    bf:44:81:ab:ee:33:65:80:ac:f4:5d:e7:c5:f0:d1:
                    ad:67:1f:d8:79:3b:7f:b7:61:6b:17:15:0b:6e:2a:
                    e8:7a:09:ba:7a:f7:cd:16:75:d3:d2:b0:59:87:f9:
                    e6:14:3f:32:6f:da:e3:0a:0d:d4:c9:be:bc:8d:17:
                    43:ea:12:77:fb:1f:30:97:27:01:58:31:e1:2f:55:
                    06:d6:ef:d0:36:cd:25:35:13:d0:bb:19:51:27:8d:
                    5e:45:c4:f2:fe:29:78:1c:13:50:c4:1f:2c:41:b3:
                    28:e4:a4:35:05:cd:33:12:18:f0:67:2f:d2:9b:c6:
                    88:bf:3d:20:fb:10:29:b7:a2:bd:61:0c:60:c7:05:
                    f1:b7:16:4e:76:e2:76:88:c8:31:ec:a7:ba:eb:0b:
                    a9:f9:ff:18:00:4e:c1:69:04:d5:37:b2:6f:56:e3:
                    63:a6:ba:aa:f6:35:8b:55:ee:b9:44:e4:16:26:99:
                    29:89:95:1c:8c:6e:e8:5a:44:cf:df:c1:27:89:a2:
                    86:6e:34:a8:45:e5:8f:ae:66:7d:06:ef:b5:ee:8e:
                    8b:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:14:7F:92:D3:82:14:B6:B4:28:21:31:B4:EC:2B:12:BA:00:39:CD
            X509v3 Authority Key Identifier:
                keyid:05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/TxR_ktOCFLa0KCExtOwrEroAOc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.209.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         16:6f:a9:2e:ba:5f:5a:f5:5a:d7:8e:1d:f0:87:3a:cd:6b:36:
         4f:fb:b7:76:ca:a8:e6:87:af:34:9c:f4:d6:89:b6:a6:c2:cd:
         3f:c4:0f:0a:57:d2:89:77:83:3c:15:aa:d2:d5:ae:ab:20:73:
         97:17:8f:b3:35:8f:95:eb:03:eb:ca:7d:90:12:0a:4b:07:71:
         4f:91:70:74:89:e5:d9:22:8b:8a:85:e0:12:45:89:96:b7:58:
         e8:25:4c:33:fb:b3:02:26:d2:7a:2a:d8:22:7c:c7:24:07:ed:
         48:e5:d8:34:58:79:25:68:a6:5d:09:a0:f0:03:03:cc:d5:28:
         bc:31:cf:a2:25:54:61:73:82:69:75:dd:82:1a:6d:2e:50:50:
         b7:a9:c2:b0:38:41:4e:98:0f:70:47:43:73:9c:79:ed:79:f8:
         0f:44:e9:b7:08:d6:79:96:21:d9:ba:9c:d8:ab:80:bd:b5:e8:
         3f:48:3c:5c:6d:05:c8:08:14:02:af:64:f7:93:77:2e:02:ca:
         31:43:e9:3c:53:9c:32:b2:a5:b3:58:87:bb:f0:1e:b5:4c:6d:
         3f:4c:29:12:93:77:ce:32:48:f9:71:1f:b4:85:ec:cd:cf:c8:
         a6:5b:1d:d0:1f:78:e8:79:7d:41:4c:9e:68:ac:00:c4:4b:96:
         81:8f:d5:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZa6RkhEspxUxGFShx17geKCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MWYyOTQ2MmU3YTdkYTdlYjVmNDVkYTc4NzNmMTRlNDAz
ZmUzYWIwHhcNMjUwNTEwMTI1ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjE0N2Y5MmQzODIxNGI2YjQyODIxMzFiNGVjMmIxMmJhMDAzOWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9QiZGzFSrpWByKVEu1eAh466xfU2
0wRBuHW46o5tJb/wuiQE+SyMttt4WNC/RIGr7jNlgKz0XefF8NGtZx/YeTt/t2Fr
FxULbiroegm6evfNFnXT0rBZh/nmFD8yb9rjCg3Uyb68jRdD6hJ3+x8wlycBWDHh
L1UG1u/QNs0lNRPQuxlRJ41eRcTy/il4HBNQxB8sQbMo5KQ1Bc0zEhjwZy/Sm8aI
vz0g+xApt6K9YQxgxwXxtxZOduJ2iMgx7Ke66wup+f8YAE7BaQTVN7JvVuNjprqq
9jWLVe65ROQWJpkpiZUcjG7oWkTP38EniaKGbjSoReWPrmZ9Bu+17o6LCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE8Uf5LTghS2tCghMbTsKxK6ADnNMB8GA1UdIwQY
MBaAFAUfKUYuen2n619F2nhz8U5AP+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEt
M2Y4YjU1ZGExYWM0LzEvVHhSX2t0T0NGTGEwS0NFeHRPd3JFcm9BT2MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEtM2Y4YjU1ZGExYWM0
LzEvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBvNGAMA0G
CSqGSIb3DQEBCwUAA4IBAQAWb6kuul9a9VrXjh3whzrNazZP+7d2yqjmh680nPTW
ibamws0/xA8KV9KJd4M8FarS1a6rIHOXF4+zNY+V6wPryn2QEgpLB3FPkXB0ieXZ
IouKheASRYmWt1joJUwz+7MCJtJ6KtgifMckB+1I5dg0WHklaKZdCaDwAwPM1Si8
Mc+iJVRhc4Jpdd2CGm0uUFC3qcKwOEFOmA9wR0NznHntefgPROm3CNZ5liHZupzY
q4C9teg/SDxcbQXICBQCr2T3k3cuAsoxQ+k8U5wysqWzWIe78B61TG0/TCkSk3fO
Mkj5cR+0hezNz8imWx3QH3joeX1BTJ5orADES5aBj9UW
-----END CERTIFICATE-----