Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/9c4a77-0c7e-494c-a231-bf1e99c0cf3f/1/TonV6li5yUkoZ-CnaxO8HKBagJ8.roa
File:                     TonV6li5yUkoZ-CnaxO8HKBagJ8.roa (raw, json)
Hash identifier:          XnEwLGsQ6FECYx0FnlaZRoMgPrGS5ObC7JCUywQQ//c=
Subject key identifier:   4E:89:D5:EA:58:B9:C9:49:28:67:E0:A7:6B:13:BC:1C:A0:5A:80:9F
Certificate issuer:       /CN=3d82f1fce008bcc725ddbbe7067451dd82059307
Certificate serial:       0197ACAC8BCFAD552DF14E21B7BAC1B47D6A
Authority key identifier: 3D:82:F1:FC:E0:08:BC:C7:25:DD:BB:E7:06:74:51:DD:82:05:93:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PYLx_OAIvMcl3bvnBnRR3YIFkwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/9c4a77-0c7e-494c-a231-bf1e99c0cf3f/1/TonV6li5yUkoZ-CnaxO8HKBagJ8.roa
Signing time:             Thu 26 Jun 2025 14:37:58 +0000
ROA not before:           Thu 26 Jun 2025 14:37:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39686
IP address blocks:        185.165.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/9c4a77-0c7e-494c-a231-bf1e99c0cf3f/1/PYLx_OAIvMcl3bvnBnRR3YIFkwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/9c4a77-0c7e-494c-a231-bf1e99c0cf3f/1/PYLx_OAIvMcl3bvnBnRR3YIFkwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PYLx_OAIvMcl3bvnBnRR3YIFkwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 20:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ac:ac:8b:cf:ad:55:2d:f1:4e:21:b7:ba:c1:b4:7d:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d82f1fce008bcc725ddbbe7067451dd82059307
        Validity
            Not Before: Jun 26 14:37:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e89d5ea58b9c9492867e0a76b13bc1ca05a809f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c0:ce:ea:4a:90:f7:86:3a:64:fe:23:a1:31:
                    39:12:db:2c:29:9f:5b:ab:ad:03:30:90:08:f6:5a:
                    ed:eb:41:82:bb:a3:4c:40:21:9a:f3:60:42:bd:d7:
                    8e:51:30:fd:48:8d:de:82:c8:11:c0:eb:9a:64:e3:
                    87:97:45:25:47:3b:79:8b:56:43:0d:93:b6:be:cc:
                    08:bf:54:33:13:b9:4d:b9:06:7c:fc:71:83:94:07:
                    0f:a4:92:e9:a6:75:ac:17:ec:af:90:2b:0f:fb:40:
                    a9:4c:4d:4a:12:e6:4f:98:95:9a:02:a7:c3:a5:f4:
                    1a:1e:48:3f:ff:3b:c9:d0:4f:b6:cf:29:48:b6:df:
                    a7:1d:86:62:75:4b:77:2c:e1:b0:0f:5d:66:67:97:
                    f2:63:16:fa:b0:84:0c:1f:ca:24:6c:c6:5e:72:35:
                    a8:ed:cf:0e:f0:b6:0a:3e:79:0b:51:0b:e1:a2:ae:
                    19:86:04:a3:d8:45:c3:bc:bb:f8:d9:80:1d:d2:8e:
                    6c:ce:c6:0a:32:61:09:0d:c5:c5:ff:3e:1a:c0:d1:
                    e0:3b:3a:6d:f6:b6:85:21:34:8b:b3:c7:ac:ee:e7:
                    df:9c:82:27:bd:a2:cf:64:50:68:6c:73:01:c7:f2:
                    00:b8:a1:4e:8a:e7:13:b2:6d:68:05:45:70:a6:e0:
                    18:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:89:D5:EA:58:B9:C9:49:28:67:E0:A7:6B:13:BC:1C:A0:5A:80:9F
            X509v3 Authority Key Identifier:
                keyid:3D:82:F1:FC:E0:08:BC:C7:25:DD:BB:E7:06:74:51:DD:82:05:93:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PYLx_OAIvMcl3bvnBnRR3YIFkwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/9c4a77-0c7e-494c-a231-bf1e99c0cf3f/1/TonV6li5yUkoZ-CnaxO8HKBagJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/9c4a77-0c7e-494c-a231-bf1e99c0cf3f/1/PYLx_OAIvMcl3bvnBnRR3YIFkwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:e0:19:a1:d5:bb:73:1b:14:29:f7:f1:32:c9:f0:d9:13:93:
         9c:49:bd:dc:54:7d:25:17:9a:db:1b:23:01:7c:b1:aa:c7:95:
         ce:e5:85:5f:15:c3:c5:b8:71:b7:cb:2a:7d:0d:7c:71:2b:06:
         76:00:d8:4d:59:62:f8:49:c5:34:6a:f3:64:d6:46:dd:fa:94:
         ec:d2:6d:dd:13:d4:23:cf:ad:83:a6:39:da:79:bd:8c:2f:64:
         7b:e0:99:56:03:1f:b5:b6:0c:81:d6:2d:98:0f:ae:43:84:94:
         28:fc:44:2b:01:de:f8:fb:fb:16:ee:23:62:b3:d0:49:46:04:
         5e:ef:84:dc:bd:32:8f:aa:a5:8f:05:fb:4c:79:38:58:12:01:
         61:ec:70:3c:5b:00:0d:21:92:8c:fa:9e:e6:72:2d:10:f4:f7:
         2b:44:f5:97:23:7a:dd:dc:0a:11:30:d1:2d:f0:44:cb:2b:e0:
         a9:04:0e:0a:09:99:97:64:c8:c4:47:db:e5:a6:d6:20:7e:4f:
         97:b9:af:c0:85:74:17:9c:af:c9:35:1b:a5:5c:7b:7f:f5:f8:
         53:e7:b6:ad:83:44:7d:16:76:59:ae:52:f6:43:67:8c:03:54:
         8b:8a:c2:7b:31:50:c2:0c:cf:b7:72:d1:55:3c:d6:c6:15:dc:
         58:4f:ba:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZesrIvPrVUt8U4ht7rBtH1qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkODJmMWZjZTAwOGJjYzcyNWRkYmJlNzA2NzQ1MWRkODIw
NTkzMDcwHhcNMjUwNjI2MTQzNzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTg5ZDVlYTU4YjljOTQ5Mjg2N2UwYTc2YjEzYmMxY2EwNWE4MDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8DO6kqQ94Y6ZP4joTE5EtssKZ9b
q60DMJAI9lrt60GCu6NMQCGa82BCvdeOUTD9SI3egsgRwOuaZOOHl0UlRzt5i1ZD
DZO2vswIv1QzE7lNuQZ8/HGDlAcPpJLppnWsF+yvkCsP+0CpTE1KEuZPmJWaAqfD
pfQaHkg//zvJ0E+2zylItt+nHYZidUt3LOGwD11mZ5fyYxb6sIQMH8okbMZecjWo
7c8O8LYKPnkLUQvhoq4ZhgSj2EXDvLv42YAd0o5szsYKMmEJDcXF/z4awNHgOzpt
9raFITSLs8es7uffnIInvaLPZFBobHMBx/IAuKFOiucTsm1oBUVwpuAYcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE6J1epYuclJKGfgp2sTvBygWoCfMB8GA1UdIwQY
MBaAFD2C8fzgCLzHJd275wZ0Ud2CBZMHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFlMeF9PQUl2TWNsM2J2bkJuUlIzWUlGa3djLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi85YzRhNzctMGM3ZS00OTRjLWEyMzEt
YmYxZTk5YzBjZjNmLzEvVG9uVjZsaTV5VWtvWi1DbmF4TzhIS0JhZ0o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi85YzRhNzctMGM3ZS00OTRjLWEyMzEtYmYxZTk5YzBjZjNm
LzEvUFlMeF9PQUl2TWNsM2J2bkJuUlIzWUlGa3djLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaXDMA0G
CSqGSIb3DQEBCwUAA4IBAQCM4Bmh1btzGxQp9/EyyfDZE5OcSb3cVH0lF5rbGyMB
fLGqx5XO5YVfFcPFuHG3yyp9DXxxKwZ2ANhNWWL4ScU0avNk1kbd+pTs0m3dE9Qj
z62Dpjnaeb2ML2R74JlWAx+1tgyB1i2YD65DhJQo/EQrAd74+/sW7iNis9BJRgRe
74TcvTKPqqWPBftMeThYEgFh7HA8WwANIZKM+p7mci0Q9PcrRPWXI3rd3AoRMNEt
8ETLK+CpBA4KCZmXZMjER9vlptYgfk+Xua/AhXQXnK/JNRulXHt/9fhT57atg0R9
FnZZrlL2Q2eMA1SLisJ7MVDCDM+3ctFVPNbGFdxYT7q+
-----END CERTIFICATE-----