Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/bfd0ff-845e-4e12-ac7c-588e0d923c15/1/tfQVIf0zNMfuGd1tpip3CLYwCts.roa
File:                     tfQVIf0zNMfuGd1tpip3CLYwCts.roa (raw, json)
Hash identifier:          +gDGXslGsdNWpAD47LvCZk6SPybHtwdwVZQN5l58KIQ=
Subject key identifier:   B5:F4:15:21:FD:33:34:C7:EE:19:DD:6D:A6:2A:77:08:B6:30:0A:DB
Certificate issuer:       /CN=dfd046af5edc11964096dc20f6af1de55d9c9030
Certificate serial:       01989D8F35548C04035094266070780DD5CF
Authority key identifier: DF:D0:46:AF:5E:DC:11:96:40:96:DC:20:F6:AF:1D:E5:5D:9C:90:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/39BGr17cEZZAltwg9q8d5V2ckDA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/bfd0ff-845e-4e12-ac7c-588e0d923c15/1/tfQVIf0zNMfuGd1tpip3CLYwCts.roa
Signing time:             Tue 12 Aug 2025 09:14:24 +0000
ROA not before:           Tue 12 Aug 2025 09:14:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200040
IP address blocks:        195.18.8.0/24 maxlen: 24
                          2a14:10c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/bfd0ff-845e-4e12-ac7c-588e0d923c15/1/39BGr17cEZZAltwg9q8d5V2ckDA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/bfd0ff-845e-4e12-ac7c-588e0d923c15/1/39BGr17cEZZAltwg9q8d5V2ckDA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/39BGr17cEZZAltwg9q8d5V2ckDA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:9d:8f:35:54:8c:04:03:50:94:26:60:70:78:0d:d5:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfd046af5edc11964096dc20f6af1de55d9c9030
        Validity
            Not Before: Aug 12 09:14:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b5f41521fd3334c7ee19dd6da62a7708b6300adb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:b4:3c:bf:11:3a:40:82:d4:5d:c6:b0:ee:fe:
                    43:55:79:da:7b:24:86:40:c0:b6:be:e1:b4:4b:d9:
                    6a:6a:a5:96:c1:20:b6:2f:44:01:59:76:be:6f:2d:
                    a2:dd:d4:da:3b:45:e2:9b:83:1e:ef:10:b5:4a:77:
                    80:fc:e3:8b:c5:5c:54:46:7a:17:31:1b:4f:05:d0:
                    4c:09:e9:73:84:67:c5:ae:53:4a:17:71:a5:98:c2:
                    82:bb:d3:43:44:26:2f:88:70:67:6f:61:b0:5b:97:
                    01:94:d8:a5:c3:63:0b:83:15:a0:a5:73:ec:6f:02:
                    ae:41:e4:43:07:e3:70:94:92:8a:40:e2:b8:18:ba:
                    ad:a9:93:4e:a2:42:08:c3:2f:13:2f:bf:43:4f:d7:
                    5a:85:14:5b:80:f8:6e:32:29:62:33:e4:d5:10:b5:
                    06:69:e6:c4:59:e2:c3:f1:7d:a8:6b:0d:b7:0f:96:
                    c7:e9:a3:03:c7:8c:90:dd:67:5d:60:81:33:9e:21:
                    71:32:2f:ca:70:48:1d:b5:33:2a:82:1c:d9:e8:fb:
                    41:19:de:c7:18:57:c3:35:c6:ce:c4:97:dd:8b:ca:
                    d6:67:fc:cc:fa:19:8c:6a:b8:88:fb:e2:7e:c5:e8:
                    19:e2:3e:04:e4:3b:ac:f0:0d:88:ad:fd:32:a7:2b:
                    5a:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:F4:15:21:FD:33:34:C7:EE:19:DD:6D:A6:2A:77:08:B6:30:0A:DB
            X509v3 Authority Key Identifier:
                keyid:DF:D0:46:AF:5E:DC:11:96:40:96:DC:20:F6:AF:1D:E5:5D:9C:90:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/39BGr17cEZZAltwg9q8d5V2ckDA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/bfd0ff-845e-4e12-ac7c-588e0d923c15/1/tfQVIf0zNMfuGd1tpip3CLYwCts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/bfd0ff-845e-4e12-ac7c-588e0d923c15/1/39BGr17cEZZAltwg9q8d5V2ckDA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.18.8.0/24
                IPv6:
                  2a14:10c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a0:a4:8d:0a:38:0b:e2:e5:fc:b7:36:53:85:47:90:dc:fb:06:
         cb:7f:6b:f4:b4:27:d3:f2:f1:2f:5d:83:09:c9:b8:6e:e3:f0:
         a4:ad:79:e7:84:c7:d6:c7:2e:4d:fd:3d:78:6b:4f:c2:93:18:
         06:7e:88:60:05:13:31:5d:3d:2d:eb:13:4e:97:8f:1f:61:c7:
         3d:45:e5:d7:5c:4e:aa:87:cd:ca:92:e1:bf:73:59:89:43:8c:
         16:42:f7:e4:fd:13:78:70:09:6f:a7:5a:c2:86:6d:ce:99:80:
         b4:4c:bc:27:f1:15:3a:26:3c:38:cc:f1:5c:9d:a5:d0:4f:64:
         7d:74:2e:a3:8f:66:fc:e4:27:41:71:b3:58:48:ef:ca:53:32:
         3a:61:22:16:98:14:48:1d:56:ff:8c:2b:f4:dd:80:a3:75:00:
         2a:a2:c6:6e:24:18:32:0b:1d:01:9f:3a:6a:fd:39:97:f6:64:
         08:cf:ed:66:d8:8c:b7:61:de:88:50:8e:73:85:f9:b4:1a:b1:
         10:46:32:80:41:8b:dd:a1:0e:69:b0:70:ea:4e:12:89:97:05:
         33:94:f7:0f:64:9d:1e:0a:ee:a5:45:ec:9c:6a:d4:40:b9:1c:
         fe:ca:bc:0c:de:ea:1e:57:22:74:72:77:92:33:63:de:87:c8:
         32:7d:e4:f9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZidjzVUjAQDUJQmYHB4DdXPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZDA0NmFmNWVkYzExOTY0MDk2ZGMyMGY2YWYxZGU1NWQ5
YzkwMzAwHhcNMjUwODEyMDkxNDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWY0MTUyMWZkMzMzNGM3ZWUxOWRkNmRhNjJhNzcwOGI2MzAwYWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsLQ8vxE6QILUXcaw7v5DVXnaeySG
QMC2vuG0S9lqaqWWwSC2L0QBWXa+by2i3dTaO0Xim4Me7xC1SneA/OOLxVxURnoX
MRtPBdBMCelzhGfFrlNKF3GlmMKCu9NDRCYviHBnb2GwW5cBlNilw2MLgxWgpXPs
bwKuQeRDB+NwlJKKQOK4GLqtqZNOokIIwy8TL79DT9dahRRbgPhuMiliM+TVELUG
aebEWeLD8X2oaw23D5bH6aMDx4yQ3WddYIEzniFxMi/KcEgdtTMqghzZ6PtBGd7H
GFfDNcbOxJfdi8rWZ/zM+hmMariI++J+xegZ4j4E5Dus8A2Irf0ypytaJwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLX0FSH9MzTH7hndbaYqdwi2MArbMB8GA1UdIwQY
MBaAFN/QRq9e3BGWQJbcIPavHeVdnJAwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzlCR3IxN2NFWlpBbHR3ZzlxOGQ1VjJja0RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9iZmQwZmYtODQ1ZS00ZTEyLWFjN2Mt
NTg4ZTBkOTIzYzE1LzEvdGZRVklmMHpOTWZ1R2QxdHBpcDNDTFl3Q3RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9iZmQwZmYtODQ1ZS00ZTEyLWFjN2MtNTg4ZTBkOTIzYzE1
LzEvMzlCR3IxN2NFWlpBbHR3ZzlxOGQ1VjJja0RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwxIIMA0E
AgACMAcDBQMqFBDAMA0GCSqGSIb3DQEBCwUAA4IBAQCgpI0KOAvi5fy3NlOFR5Dc
+wbLf2v0tCfT8vEvXYMJybhu4/CkrXnnhMfWxy5N/T14a0/CkxgGfohgBRMxXT0t
6xNOl48fYcc9ReXXXE6qh83KkuG/c1mJQ4wWQvfk/RN4cAlvp1rChm3OmYC0TLwn
8RU6Jjw4zPFcnaXQT2R9dC6jj2b85CdBcbNYSO/KUzI6YSIWmBRIHVb/jCv03YCj
dQAqosZuJBgyCx0Bnzpq/TmX9mQIz+1m2Iy3Yd6IUI5zhfm0GrEQRjKAQYvdoQ5p
sHDqThKJlwUzlPcPZJ0eCu6lReycatRAuRz+yrwM3uoeVyJ0cneSM2Peh8gyfeT5
-----END CERTIFICATE-----