Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/tkv4eB640kj-LoRn67cojbzMAxA.roa
File:                     tkv4eB640kj-LoRn67cojbzMAxA.roa (raw, json)
Hash identifier:          1XWkZeOPHz0G+f5HoG2RieKKed9lLcxprXcsbhFEyOk=
Subject key identifier:   B6:4B:F8:78:1E:B8:D2:48:FE:2E:84:67:EB:B7:28:8D:BC:CC:03:10
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       019965900E449C11C91DC5A667F24BA0942E
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/tkv4eB640kj-LoRn67cojbzMAxA.roa
Signing time:             Sat 20 Sep 2025 05:19:23 +0000
ROA not before:           Sat 20 Sep 2025 05:19:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62240
IP address blocks:        188.119.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:65:90:0e:44:9c:11:c9:1d:c5:a6:67:f2:4b:a0:94:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Sep 20 05:19:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b64bf8781eb8d248fe2e8467ebb7288dbccc0310
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:3a:e4:95:b7:0f:fd:07:ef:3c:d1:ae:d0:50:
                    e6:1f:d5:9a:93:f4:af:d0:e3:26:b3:28:c5:25:b0:
                    3e:ec:4a:99:35:49:29:cf:9f:29:c7:f6:33:a3:d6:
                    11:c7:e2:52:87:45:5b:5d:41:28:d5:5e:79:36:57:
                    72:6a:82:6a:66:73:d6:c6:71:88:d9:6e:85:4e:18:
                    b9:95:0a:19:90:95:22:5b:7d:98:5d:06:77:c4:18:
                    2c:64:39:c9:f9:14:e6:aa:74:19:78:a0:b5:fb:0a:
                    8e:ad:4a:38:d7:ae:8d:95:26:76:00:57:93:de:4b:
                    98:49:4b:a6:ea:63:a7:7f:a0:78:73:11:c6:70:79:
                    db:cf:98:58:ab:8f:ae:12:86:16:05:50:f1:6a:4b:
                    14:fd:8c:a9:2f:37:dd:7a:3b:90:4d:ce:61:48:22:
                    64:88:63:05:7e:0d:9c:53:0c:0b:d5:0f:c6:cf:1e:
                    31:66:30:88:3a:62:f2:fd:f5:ec:8e:ba:ae:f9:6c:
                    ed:f9:bc:76:8e:2b:f7:0f:e6:c5:6a:52:96:b4:4f:
                    d7:6e:48:61:7b:8e:d8:25:cb:13:1c:d4:13:50:8e:
                    64:a8:af:4a:b7:fd:93:4f:14:34:80:f9:bc:33:50:
                    93:82:05:42:12:05:80:37:c6:cb:e3:f7:8c:ec:00:
                    6d:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:4B:F8:78:1E:B8:D2:48:FE:2E:84:67:EB:B7:28:8D:BC:CC:03:10
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/tkv4eB640kj-LoRn67cojbzMAxA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.119.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:10:d0:23:f6:f5:a8:38:59:9c:12:be:7f:b0:1a:16:4d:0f:
         fe:c4:14:29:4c:77:27:0f:4d:d3:8e:d0:58:06:3f:43:b0:7d:
         56:88:4c:29:58:c2:99:d6:37:ea:41:06:d8:02:aa:f1:bf:f7:
         dd:32:24:12:02:29:66:3e:9a:50:be:e8:51:38:6f:e4:6a:a4:
         c4:f8:6a:87:57:4d:3a:f0:4b:d2:15:c2:4d:e6:b8:4b:04:e9:
         e9:3c:a2:aa:2a:de:44:8b:ab:81:8a:05:51:ab:ed:de:b2:65:
         cc:db:b8:8d:6c:62:0a:25:b4:af:94:82:3b:f9:84:51:44:65:
         56:b3:cd:eb:7e:d8:61:eb:cc:d5:6d:f3:67:07:52:9d:88:53:
         92:c6:9a:fb:ca:ca:93:14:d5:6c:dd:95:ac:e6:18:c6:84:a1:
         8d:33:72:16:c9:ad:df:e5:66:15:0e:eb:ba:4c:fe:fc:bd:be:
         ff:11:2b:55:06:89:b9:ba:6c:a9:be:bf:23:88:b2:f9:e2:ad:
         6d:0a:4e:b9:bb:b5:ae:85:df:39:94:26:78:34:6c:de:7c:99:
         11:19:bc:2d:3a:ec:7d:48:49:9b:68:c0:e4:ce:c8:25:11:54:
         09:8c:01:85:ae:20:d9:9b:b7:15:ea:f3:ea:01:9f:63:02:8f:
         e8:28:d2:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZllkA5EnBHJHcWmZ/JLoJQuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjUwOTIwMDUxOTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjRiZjg3ODFlYjhkMjQ4ZmUyZTg0NjdlYmI3Mjg4ZGJjY2MwMzEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsTrklbcP/QfvPNGu0FDmH9Wak/Sv
0OMmsyjFJbA+7EqZNUkpz58px/Yzo9YRx+JSh0VbXUEo1V55NldyaoJqZnPWxnGI
2W6FThi5lQoZkJUiW32YXQZ3xBgsZDnJ+RTmqnQZeKC1+wqOrUo4166NlSZ2AFeT
3kuYSUum6mOnf6B4cxHGcHnbz5hYq4+uEoYWBVDxaksU/YypLzfdejuQTc5hSCJk
iGMFfg2cUwwL1Q/Gzx4xZjCIOmLy/fXsjrqu+Wzt+bx2jiv3D+bFalKWtE/Xbkhh
e47YJcsTHNQTUI5kqK9Kt/2TTxQ0gPm8M1CTggVCEgWAN8bL4/eM7ABtcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLZL+HgeuNJI/i6EZ+u3KI28zAMQMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvdGt2NGVCNjQwa2otTG9SbjY3Y29qYnpNQXhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvHd6MA0G
CSqGSIb3DQEBCwUAA4IBAQAYENAj9vWoOFmcEr5/sBoWTQ/+xBQpTHcnD03TjtBY
Bj9DsH1WiEwpWMKZ1jfqQQbYAqrxv/fdMiQSAilmPppQvuhROG/kaqTE+GqHV006
8EvSFcJN5rhLBOnpPKKqKt5Ei6uBigVRq+3esmXM27iNbGIKJbSvlII7+YRRRGVW
s83rfthh68zVbfNnB1KdiFOSxpr7ysqTFNVs3ZWs5hjGhKGNM3IWya3f5WYVDuu6
TP78vb7/EStVBom5umypvr8jiLL54q1tCk65u7Wuhd85lCZ4NGzefJkRGbwtOux9
SEmbaMDkzsglEVQJjAGFriDZm7cV6vPqAZ9jAo/oKNIc
-----END CERTIFICATE-----