Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/32be63-eb23-4505-abe0-e0f6e315f5b8/1/tR9T-2FvtEGouyPVT6CL-0oJmZs.roa
File:                     tR9T-2FvtEGouyPVT6CL-0oJmZs.roa (raw, json)
Hash identifier:          oiTzhXBQqy2Mz5Nqrcv/ZCMdCONRk6F6wZpQ15vc3o0=
Subject key identifier:   B5:1F:53:FB:61:6F:B4:41:A8:BB:23:D5:4F:A0:8B:FB:4A:09:99:9B
Certificate issuer:       /CN=86790ecdb86ac6faa2bcc7eeb20d274cfa4650b0
Certificate serial:       01989865EED26052D7DBD1632F89D4458DCC
Authority key identifier: 86:79:0E:CD:B8:6A:C6:FA:A2:BC:C7:EE:B2:0D:27:4C:FA:46:50:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hnkOzbhqxvqivMfusg0nTPpGULA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/32be63-eb23-4505-abe0-e0f6e315f5b8/1/tR9T-2FvtEGouyPVT6CL-0oJmZs.roa
Signing time:             Mon 11 Aug 2025 09:11:13 +0000
ROA not before:           Mon 11 Aug 2025 09:11:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201399
IP address blocks:        128.127.176.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/32be63-eb23-4505-abe0-e0f6e315f5b8/1/hnkOzbhqxvqivMfusg0nTPpGULA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/32be63-eb23-4505-abe0-e0f6e315f5b8/1/hnkOzbhqxvqivMfusg0nTPpGULA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hnkOzbhqxvqivMfusg0nTPpGULA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 17:19:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:98:65:ee:d2:60:52:d7:db:d1:63:2f:89:d4:45:8d:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86790ecdb86ac6faa2bcc7eeb20d274cfa4650b0
        Validity
            Not Before: Aug 11 09:11:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b51f53fb616fb441a8bb23d54fa08bfb4a09999b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:71:a8:07:05:94:9f:89:2e:7b:f5:bb:0d:53:
                    fa:07:0f:28:92:0e:d1:b3:1e:bc:25:23:f9:b5:ca:
                    73:99:ee:63:0b:51:80:6b:ad:64:08:85:66:03:be:
                    6a:0c:c8:e6:d3:89:df:f4:85:2a:69:bd:54:fa:17:
                    94:11:95:68:4f:38:58:8e:e7:a1:08:be:8b:fb:67:
                    55:be:6b:86:fc:e5:27:20:30:c8:b4:82:bd:f4:39:
                    6c:72:a3:f7:a5:42:c3:6c:2e:bd:f0:1d:f3:f7:3d:
                    ae:6a:38:df:cf:ad:54:52:b6:f5:5c:fe:20:07:31:
                    c1:c8:41:72:78:4f:f9:df:17:5d:5f:ee:50:c2:ca:
                    e4:20:2d:47:32:68:b6:f4:7d:5c:ab:0b:6f:92:ab:
                    07:02:48:98:70:48:b5:8c:46:44:14:0e:fc:99:f7:
                    a5:f6:26:a0:68:bf:c8:fe:d7:1c:fc:23:c6:05:61:
                    08:1c:69:7a:64:79:32:69:2e:af:bd:b4:42:13:4e:
                    ad:08:88:3e:c2:fa:45:be:af:b8:b9:62:f6:42:78:
                    64:26:52:60:f9:72:be:bd:18:30:2a:ca:39:00:f3:
                    f5:52:8c:65:86:6a:0a:0a:2d:c6:07:27:3e:df:d2:
                    ab:91:43:74:75:29:f1:80:c3:55:0b:54:1d:83:12:
                    44:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:1F:53:FB:61:6F:B4:41:A8:BB:23:D5:4F:A0:8B:FB:4A:09:99:9B
            X509v3 Authority Key Identifier:
                keyid:86:79:0E:CD:B8:6A:C6:FA:A2:BC:C7:EE:B2:0D:27:4C:FA:46:50:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hnkOzbhqxvqivMfusg0nTPpGULA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/32be63-eb23-4505-abe0-e0f6e315f5b8/1/tR9T-2FvtEGouyPVT6CL-0oJmZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/32be63-eb23-4505-abe0-e0f6e315f5b8/1/hnkOzbhqxvqivMfusg0nTPpGULA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.127.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:41:64:3c:27:23:1c:31:ea:95:d6:06:ec:38:ae:d2:e0:2a:
         55:8d:51:6e:7e:2c:8b:23:87:b0:49:5a:d4:24:35:f6:e1:48:
         93:3c:ae:79:3f:03:23:6d:13:f5:2b:4b:12:7c:4e:05:50:d4:
         be:63:2d:b3:76:91:82:21:09:06:09:9c:db:16:eb:96:ac:eb:
         c4:ab:b7:e7:f4:04:a3:4f:aa:f9:2e:02:22:e5:1e:ed:49:91:
         d6:ef:d4:51:73:31:7e:cc:4e:c2:98:2b:e2:4e:d6:20:7f:1f:
         3b:60:5f:5d:e4:4f:30:4a:c6:03:55:e6:d4:08:fb:51:d7:bb:
         58:2c:fc:66:ed:d4:8f:0b:d7:3e:0a:58:4a:7a:d8:b3:d2:97:
         21:07:eb:4b:11:b4:63:fc:24:0d:2d:29:fa:64:b7:55:3b:2d:
         a3:5a:64:44:f2:f7:5e:c4:eb:45:b0:88:e8:d1:b8:a9:4d:a7:
         27:e4:14:3e:d8:bc:a0:e5:52:2c:ff:ee:95:e9:bf:be:3c:73:
         fb:6f:6f:bf:0a:ac:a8:1f:fb:e4:e0:b0:f4:c6:54:53:93:2d:
         a5:ec:a1:28:f8:3e:84:c0:c1:e7:ef:f6:df:d3:d4:2e:b5:d3:
         4c:70:2a:c7:61:08:f0:35:a5:d0:3a:6a:5f:4e:43:8f:23:db:
         61:23:6c:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiYZe7SYFLX29FjL4nURY3MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2NzkwZWNkYjg2YWM2ZmFhMmJjYzdlZWIyMGQyNzRjZmE0
NjUwYjAwHhcNMjUwODExMDkxMTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTFmNTNmYjYxNmZiNDQxYThiYjIzZDU0ZmEwOGJmYjRhMDk5OTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXGoBwWUn4kue/W7DVP6Bw8okg7R
sx68JSP5tcpzme5jC1GAa61kCIVmA75qDMjm04nf9IUqab1U+heUEZVoTzhYjueh
CL6L+2dVvmuG/OUnIDDItIK99DlscqP3pULDbC698B3z9z2uajjfz61UUrb1XP4g
BzHByEFyeE/53xddX+5QwsrkIC1HMmi29H1cqwtvkqsHAkiYcEi1jEZEFA78mfel
9iagaL/I/tcc/CPGBWEIHGl6ZHkyaS6vvbRCE06tCIg+wvpFvq+4uWL2QnhkJlJg
+XK+vRgwKso5APP1UoxlhmoKCi3GByc+39KrkUN0dSnxgMNVC1QdgxJE3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLUfU/thb7RBqLsj1U+gi/tKCZmbMB8GA1UdIwQY
MBaAFIZ5Ds24asb6orzH7rINJ0z6RlCwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaG5rT3piaHF4dnFpdk1mdXNnMG5UUHBHVUxBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi8zMmJlNjMtZWIyMy00NTA1LWFiZTAt
ZTBmNmUzMTVmNWI4LzEvdFI5VC0yRnZ0RUdvdXlQVlQ2Q0wtMG9KbVpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi8zMmJlNjMtZWIyMy00NTA1LWFiZTAtZTBmNmUzMTVmNWI4
LzEvaG5rT3piaHF4dnFpdk1mdXNnMG5UUHBHVUxBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCgH+wMA0G
CSqGSIb3DQEBCwUAA4IBAQAAQWQ8JyMcMeqV1gbsOK7S4CpVjVFufiyLI4ewSVrU
JDX24UiTPK55PwMjbRP1K0sSfE4FUNS+Yy2zdpGCIQkGCZzbFuuWrOvEq7fn9ASj
T6r5LgIi5R7tSZHW79RRczF+zE7CmCviTtYgfx87YF9d5E8wSsYDVebUCPtR17tY
LPxm7dSPC9c+ClhKetiz0pchB+tLEbRj/CQNLSn6ZLdVOy2jWmRE8vdexOtFsIjo
0bipTacn5BQ+2Lyg5VIs/+6V6b++PHP7b2+/CqyoH/vk4LD0xlRTky2l7KEo+D6E
wMHn7/bf09QutdNMcCrHYQjwNaXQOmpfTkOPI9thI2wk
-----END CERTIFICATE-----