Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/TKBPQon04rYAhP4X9cU-tUEetrg.roa
File:                     TKBPQon04rYAhP4X9cU-tUEetrg.roa (raw, json)
Hash identifier:          /AA2s0tS5WTloz8NFQB5jII0MJO7Q2yuaillrSQPLGw=
Subject key identifier:   4C:A0:4F:42:89:F4:E2:B6:00:84:FE:17:F5:C5:3E:B5:41:1E:B6:B8
Certificate issuer:       /CN=d1de124e0f8adb4e7d9576ceae325f668dd224b1
Certificate serial:       0198BFB36EB04CF42D55CB7D5D3026EC7873
Authority key identifier: D1:DE:12:4E:0F:8A:DB:4E:7D:95:76:CE:AE:32:5F:66:8D:D2:24:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/TKBPQon04rYAhP4X9cU-tUEetrg.roa
Signing time:             Tue 19 Aug 2025 00:21:04 +0000
ROA not before:           Tue 19 Aug 2025 00:21:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.140.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 00:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:bf:b3:6e:b0:4c:f4:2d:55:cb:7d:5d:30:26:ec:78:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1de124e0f8adb4e7d9576ceae325f668dd224b1
        Validity
            Not Before: Aug 19 00:21:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ca04f4289f4e2b60084fe17f5c53eb5411eb6b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:e8:63:e8:d5:67:a9:93:16:d7:21:f3:21:4c:
                    30:b8:08:e5:5b:15:51:af:b1:75:9f:1c:21:bb:2e:
                    12:2d:b7:30:17:60:bc:7a:67:d3:1d:d3:b1:b9:77:
                    e0:80:89:99:28:d0:8b:20:aa:bb:58:f9:65:cc:e0:
                    d3:54:5e:b0:3e:43:1c:42:9e:e0:c5:43:78:fe:f5:
                    9c:6f:37:b2:c5:d2:22:2f:dd:b1:0b:1f:4b:c8:bc:
                    29:7e:d0:c2:7b:8f:2c:37:6c:4f:2c:e4:d6:af:68:
                    0a:b5:19:33:28:40:c0:a5:f3:eb:44:3c:78:7d:ca:
                    b4:24:3d:cf:35:2b:69:2c:43:a5:1a:0b:d6:25:c8:
                    0c:58:f5:90:5a:87:ab:72:63:db:61:11:76:4f:b3:
                    d7:34:f7:a6:3d:a6:4b:77:bf:86:61:b4:e1:e8:32:
                    11:d8:b0:d6:b9:75:a2:9e:c7:a5:c4:e5:93:ac:28:
                    9a:6e:4e:37:a0:cb:89:d9:28:7f:ae:e5:7f:72:7a:
                    f2:96:82:5a:f3:2d:99:2c:98:0d:4d:d1:72:ba:30:
                    77:d2:b0:88:50:5d:ca:b0:81:25:3a:42:fe:10:66:
                    f7:61:c3:79:7f:34:fe:e0:3e:8c:2c:9e:26:4c:3c:
                    d6:4c:96:27:d5:aa:c7:96:b6:0e:6e:be:e4:57:5a:
                    0f:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:A0:4F:42:89:F4:E2:B6:00:84:FE:17:F5:C5:3E:B5:41:1E:B6:B8
            X509v3 Authority Key Identifier:
                keyid:D1:DE:12:4E:0F:8A:DB:4E:7D:95:76:CE:AE:32:5F:66:8D:D2:24:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/TKBPQon04rYAhP4X9cU-tUEetrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:35:ed:d5:1b:7a:c6:52:32:60:ae:af:84:24:f6:3b:17:3b:
         fe:c3:c3:37:a2:19:c4:8d:7f:57:91:25:c5:38:54:42:fe:1e:
         25:07:7f:80:70:d0:cb:dc:5b:a8:bb:f1:45:43:fc:f1:ac:6d:
         bf:5a:55:3b:75:36:38:4a:52:d7:53:02:11:79:29:7c:7c:7b:
         2b:c9:c3:d2:a0:71:bd:98:8e:ec:b9:ec:0b:df:53:e6:20:9a:
         b9:c7:b0:64:1d:e5:5e:f9:4f:57:93:35:c7:a7:37:e3:8b:4a:
         6a:5f:e6:a1:f6:99:51:08:6a:60:36:3c:c4:11:a2:3b:f0:f7:
         a3:16:9d:59:5a:82:44:6b:11:dc:b2:8f:f6:cf:16:3c:ab:9f:
         c0:eb:60:9f:85:d6:3d:d0:98:ea:35:29:5a:fc:5c:ff:b1:44:
         5b:c1:83:0f:2b:4f:1d:4d:61:14:11:9b:c1:41:34:09:5f:b6:
         c7:36:0e:91:4d:ca:68:89:8c:d6:5a:c6:1d:48:7e:7b:c0:5b:
         a7:6a:b0:94:40:71:fa:0b:33:98:79:fa:d4:19:f7:fa:73:3b:
         14:8c:b9:60:ac:f1:75:ea:35:94:86:dc:c3:d0:dd:15:4b:4e:
         d6:0b:da:6a:87:cc:e4:45:16:b1:dc:13:28:cf:d8:86:30:91:
         8c:05:a8:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZi/s26wTPQtVct9XTAm7HhzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZGUxMjRlMGY4YWRiNGU3ZDk1NzZjZWFlMzI1ZjY2OGRk
MjI0YjEwHhcNMjUwODE5MDAyMTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2EwNGY0Mjg5ZjRlMmI2MDA4NGZlMTdmNWM1M2ViNTQxMWViNmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnOhj6NVnqZMW1yHzIUwwuAjlWxVR
r7F1nxwhuy4SLbcwF2C8emfTHdOxuXfggImZKNCLIKq7WPllzODTVF6wPkMcQp7g
xUN4/vWcbzeyxdIiL92xCx9LyLwpftDCe48sN2xPLOTWr2gKtRkzKEDApfPrRDx4
fcq0JD3PNStpLEOlGgvWJcgMWPWQWoercmPbYRF2T7PXNPemPaZLd7+GYbTh6DIR
2LDWuXWinselxOWTrCiabk43oMuJ2Sh/ruV/cnryloJa8y2ZLJgNTdFyujB30rCI
UF3KsIElOkL+EGb3YcN5fzT+4D6MLJ4mTDzWTJYn1arHlrYObr7kV1oPcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEygT0KJ9OK2AIT+F/XFPrVBHra4MB8GA1UdIwQY
MBaAFNHeEk4PittOfZV2zq4yX2aN0iSxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGQ0U1RnLUsyMDU5bFhiT3JqSmZabzNTSkxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9hYmUxMzQtMDA5My00NjUyLTkwNTct
NGY0YzliMzQzZTkwLzEvVEtCUFFvbjA0cllBaFA0WDljVS10VUVldHJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9hYmUxMzQtMDA5My00NjUyLTkwNTctNGY0YzliMzQzZTkw
LzEvMGQ0U1RnLUsyMDU5bFhiT3JqSmZabzNTSkxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYz3MA0G
CSqGSIb3DQEBCwUAA4IBAQCDNe3VG3rGUjJgrq+EJPY7Fzv+w8M3ohnEjX9XkSXF
OFRC/h4lB3+AcNDL3Fuou/FFQ/zxrG2/WlU7dTY4SlLXUwIReSl8fHsrycPSoHG9
mI7suewL31PmIJq5x7BkHeVe+U9XkzXHpzfji0pqX+ah9plRCGpgNjzEEaI78Pej
Fp1ZWoJEaxHcso/2zxY8q5/A62CfhdY90JjqNSla/Fz/sURbwYMPK08dTWEUEZvB
QTQJX7bHNg6RTcpoiYzWWsYdSH57wFunarCUQHH6CzOYefrUGff6czsUjLlgrPF1
6jWUhtzD0N0VS07WC9pqh8zkRRax3BMoz9iGMJGMBaie
-----END CERTIFICATE-----