Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/tWgxekly7bQX70uzUYCzzPGJXs0.roa
File:                     tWgxekly7bQX70uzUYCzzPGJXs0.roa (raw, json)
Hash identifier:          6/COonMRY4Vn23zty22GWVjAcqQp6yXy3HHv7ZIXe5Q=
Subject key identifier:   B5:68:31:7A:49:72:ED:B4:17:EF:4B:B3:51:80:B3:CC:F1:89:5E:CD
Certificate issuer:       /CN=de12eb9c75d359d25137b5ef4e176f5eeb6c4342
Certificate serial:       019977947BEA96CB4E95BD33A78B0E50C5F6
Authority key identifier: DE:12:EB:9C:75:D3:59:D2:51:37:B5:EF:4E:17:6F:5E:EB:6C:43:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3hLrnHXTWdJRN7XvThdvXutsQ0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/tWgxekly7bQX70uzUYCzzPGJXs0.roa
Signing time:             Tue 23 Sep 2025 17:17:23 +0000
ROA not before:           Tue 23 Sep 2025 17:17:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197450
IP address blocks:        192.109.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/3hLrnHXTWdJRN7XvThdvXutsQ0I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/3hLrnHXTWdJRN7XvThdvXutsQ0I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3hLrnHXTWdJRN7XvThdvXutsQ0I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:77:94:7b:ea:96:cb:4e:95:bd:33:a7:8b:0e:50:c5:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de12eb9c75d359d25137b5ef4e176f5eeb6c4342
        Validity
            Not Before: Sep 23 17:17:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b568317a4972edb417ef4bb35180b3ccf1895ecd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:be:6a:8b:81:ab:93:9c:30:65:a3:a0:36:c9:
                    f7:a8:f0:c2:74:06:6f:8b:eb:8b:60:3e:94:2e:92:
                    5a:11:ea:58:31:e3:1d:4e:11:23:bd:da:c9:27:a3:
                    55:2d:bc:50:d7:2a:99:b1:50:6d:fe:57:f1:de:14:
                    68:27:c8:a6:d7:59:11:ca:98:88:0c:86:78:d1:c2:
                    97:be:88:08:a0:af:76:6f:cd:c2:63:da:76:27:4e:
                    ac:aa:bb:4c:40:b7:74:e0:09:a8:cf:c8:87:28:e3:
                    ac:c7:47:4b:34:99:c8:14:4e:79:a3:cb:73:3a:3b:
                    1c:31:81:51:73:48:28:49:5e:b4:41:43:e5:b1:21:
                    83:59:55:d0:4a:49:05:c1:bb:7d:29:be:25:28:86:
                    98:05:f0:cd:cb:3d:ce:50:26:80:69:85:7d:02:10:
                    b9:11:ad:f9:76:65:ff:79:cb:60:93:82:e4:ba:be:
                    09:5b:c3:16:9d:ec:7f:b3:df:a8:9e:01:bb:12:a9:
                    44:79:0e:05:bc:82:30:ed:32:8f:5f:86:d8:70:f9:
                    11:93:65:77:15:42:7d:73:8e:72:80:8f:9f:c3:74:
                    cd:cd:73:ce:4e:ae:f8:8a:cd:74:de:ee:65:4f:4f:
                    27:ef:f9:dc:73:ad:29:0d:28:58:fb:d1:f4:fc:b4:
                    41:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:68:31:7A:49:72:ED:B4:17:EF:4B:B3:51:80:B3:CC:F1:89:5E:CD
            X509v3 Authority Key Identifier:
                keyid:DE:12:EB:9C:75:D3:59:D2:51:37:B5:EF:4E:17:6F:5E:EB:6C:43:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3hLrnHXTWdJRN7XvThdvXutsQ0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/tWgxekly7bQX70uzUYCzzPGJXs0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/3hLrnHXTWdJRN7XvThdvXutsQ0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:53:a7:47:f5:61:84:f3:20:b7:e9:db:b7:e8:9e:5d:59:31:
         0c:76:0d:56:84:63:1c:ee:1d:ac:98:4f:82:97:35:55:ae:2b:
         45:42:ab:a7:2c:30:2d:69:a9:3d:36:d7:5a:2a:b6:be:87:fb:
         77:9e:62:bf:a1:ed:c6:c0:88:47:b7:3b:c1:84:da:9b:09:1b:
         95:9f:7c:58:ae:3d:1f:f6:d6:8a:de:06:c2:f7:7e:5f:2f:a0:
         32:4b:90:91:ac:9f:f1:af:1f:60:59:f9:97:32:3b:5d:de:6d:
         03:11:43:86:d4:74:4b:d4:be:78:8c:69:89:d7:2b:55:c9:5c:
         0b:41:de:cc:66:54:a8:67:af:da:a1:10:60:92:a7:9f:4b:7f:
         6a:32:18:ba:f5:0c:6d:30:2c:bc:ef:11:e8:35:1b:cc:0b:ff:
         a6:f7:00:c1:64:ac:f7:fa:f5:95:9f:3a:4f:fb:a7:ed:02:5d:
         24:85:c0:4c:c9:16:e0:36:fa:c2:3d:87:c9:e0:07:b7:8e:04:
         9c:c7:4c:45:83:d0:bf:d4:98:39:28:11:58:fb:bb:86:da:03:
         5f:98:be:8e:63:51:7c:a4:63:79:60:a9:de:a6:c8:62:d8:4f:
         0f:be:03:d3:81:39:67:e9:eb:80:b0:97:f0:71:f6:8f:3a:f2:
         7e:4a:b7:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl3lHvqlstOlb0zp4sOUMX2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlMTJlYjljNzVkMzU5ZDI1MTM3YjVlZjRlMTc2ZjVlZWI2
YzQzNDIwHhcNMjUwOTIzMTcxNzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTY4MzE3YTQ5NzJlZGI0MTdlZjRiYjM1MTgwYjNjY2YxODk1ZWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr5qi4Grk5wwZaOgNsn3qPDCdAZv
i+uLYD6ULpJaEepYMeMdThEjvdrJJ6NVLbxQ1yqZsVBt/lfx3hRoJ8im11kRypiI
DIZ40cKXvogIoK92b83CY9p2J06sqrtMQLd04Amoz8iHKOOsx0dLNJnIFE55o8tz
OjscMYFRc0goSV60QUPlsSGDWVXQSkkFwbt9Kb4lKIaYBfDNyz3OUCaAaYV9AhC5
Ea35dmX/ectgk4Lkur4JW8MWnex/s9+ongG7EqlEeQ4FvIIw7TKPX4bYcPkRk2V3
FUJ9c45ygI+fw3TNzXPOTq74is103u5lT08n7/ncc60pDShY+9H0/LRBTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLVoMXpJcu20F+9Ls1GAs8zxiV7NMB8GA1UdIwQY
MBaAFN4S65x101nSUTe1704Xb17rbENCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2hMcm5IWFRXZEpSTjdYdlRoZHZYdXRzUTBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC8yNjlhMDQtNzdiNC00ZWU3LWIxNjQt
YzE2Nzg3MjcyMDQ5LzEvdFdneGVrbHk3YlFYNzB1elVZQ3p6UEdKWHMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC8yNjlhMDQtNzdiNC00ZWU3LWIxNjQtYzE2Nzg3MjcyMDQ5
LzEvM2hMcm5IWFRXZEpSTjdYdlRoZHZYdXRzUTBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwG2KMA0G
CSqGSIb3DQEBCwUAA4IBAQC3U6dH9WGE8yC36du36J5dWTEMdg1WhGMc7h2smE+C
lzVVritFQqunLDAtaak9NtdaKra+h/t3nmK/oe3GwIhHtzvBhNqbCRuVn3xYrj0f
9taK3gbC935fL6AyS5CRrJ/xrx9gWfmXMjtd3m0DEUOG1HRL1L54jGmJ1ytVyVwL
Qd7MZlSoZ6/aoRBgkqefS39qMhi69QxtMCy87xHoNRvMC/+m9wDBZKz3+vWVnzpP
+6ftAl0khcBMyRbgNvrCPYfJ4Ae3jgScx0xFg9C/1Jg5KBFY+7uG2gNfmL6OY1F8
pGN5YKnepshi2E8PvgPTgTln6euAsJfwcfaPOvJ+Srel
-----END CERTIFICATE-----