Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/tf5eMpaN-dB7JpEuiaub_C6pmT4.roa
File:                     tf5eMpaN-dB7JpEuiaub_C6pmT4.roa (raw, json)
Hash identifier:          TA5w2D3l2GNjjPbNmkyAaXUJCRt0TMCFknLdlrWbdu8=
Subject key identifier:   B5:FE:5E:32:96:8D:F9:D0:7B:26:91:2E:89:AB:9B:FC:2E:A9:99:3E
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       01997B262F7147C9545924460FB052510818
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/tf5eMpaN-dB7JpEuiaub_C6pmT4.roa
Signing time:             Wed 24 Sep 2025 09:55:24 +0000
ROA not before:           Wed 24 Sep 2025 09:55:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56488
IP address blocks:        170.62.206.0/24 maxlen: 24
                          170.62.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7b:26:2f:71:47:c9:54:59:24:46:0f:b0:52:51:08:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Sep 24 09:55:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b5fe5e32968df9d07b26912e89ab9bfc2ea9993e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:12:13:9f:34:ad:f9:0d:f2:6f:08:31:3c:0e:
                    b0:32:7e:b6:92:52:4c:43:81:91:2d:a0:b3:bf:8a:
                    80:ca:3a:11:93:27:06:c4:0e:a5:01:b7:98:c5:13:
                    64:c2:e1:7f:8b:99:79:d4:6e:66:34:27:5e:78:8b:
                    75:89:47:26:de:62:d8:9a:eb:88:56:da:f4:50:f1:
                    82:24:e0:c1:68:30:38:7d:08:2b:86:22:8c:ef:8d:
                    7c:eb:3c:fe:c3:b4:42:07:73:17:3a:0a:f0:24:75:
                    68:b8:13:6d:24:06:7a:55:3d:7b:85:5b:7b:b2:fe:
                    9d:f1:aa:57:1a:82:f3:d9:d5:a5:57:5f:1a:a6:00:
                    8d:e6:85:2a:80:a2:0e:18:d1:0f:40:19:56:b5:d0:
                    4b:bc:e1:b1:fc:cf:22:a5:d1:d4:fa:f3:d9:3d:c1:
                    c9:ac:be:3f:8e:0e:29:a5:28:6a:58:bc:c1:cf:c0:
                    a3:b2:31:79:81:48:ab:a0:2c:a3:83:95:49:09:25:
                    9b:06:1b:ad:78:69:28:ca:e5:e9:6d:c7:09:4f:0a:
                    bc:b3:47:90:b9:6b:3d:ab:fc:ef:4d:c2:2c:1a:45:
                    15:10:18:58:de:6e:7b:d4:36:64:a0:04:02:4e:85:
                    5d:ce:65:1f:bb:bc:5b:b8:e3:5c:8d:e8:9b:2d:49:
                    80:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:FE:5E:32:96:8D:F9:D0:7B:26:91:2E:89:AB:9B:FC:2E:A9:99:3E
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/tf5eMpaN-dB7JpEuiaub_C6pmT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.62.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         17:a0:fa:f0:f6:35:67:fd:f5:2e:a4:83:7f:14:6d:2d:6b:02:
         c0:dc:88:d6:be:df:f0:a2:73:1d:be:4d:f4:98:9b:c8:f6:71:
         3e:cb:d7:72:05:04:47:3d:c9:18:d0:53:d8:ac:b3:28:0f:af:
         0d:78:23:04:d3:9f:31:e1:07:1c:c6:c7:34:56:f2:ef:5d:30:
         bd:31:f9:5c:b0:ab:4a:51:d0:24:b8:7a:3e:2a:57:69:ca:f6:
         87:eb:d4:3b:ee:09:31:59:09:af:0e:04:b2:b0:a2:b9:fd:60:
         96:f6:f6:5e:21:a4:42:e8:ff:83:e3:63:73:dd:7a:06:8d:04:
         f8:54:0d:54:bf:95:f6:08:e3:03:c3:15:c8:29:cb:46:ed:0a:
         0e:1f:8f:cf:a8:d4:96:16:11:88:d3:04:ab:b2:ae:92:d1:05:
         c0:a5:93:fe:d9:25:d1:ad:9e:19:35:eb:bb:5d:5b:e6:4c:b4:
         65:74:54:b4:27:5b:72:0a:5e:d8:1f:83:71:cf:a2:3b:bf:7b:
         78:8e:d9:1a:37:8f:9c:ad:20:e4:7d:c5:fa:f2:81:8b:df:3d:
         59:46:f4:b2:03:05:45:7d:12:f4:3c:ba:7a:84:a8:86:c0:a6:
         f7:66:61:be:9a:0f:fa:26:e5:99:60:fb:64:2b:25:d3:13:5e:
         24:0f:27:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl7Ji9xR8lUWSRGD7BSUQgYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwOTI0MDk1NTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWZlNWUzMjk2OGRmOWQwN2IyNjkxMmU4OWFiOWJmYzJlYTk5OTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5BITnzSt+Q3ybwgxPA6wMn62klJM
Q4GRLaCzv4qAyjoRkycGxA6lAbeYxRNkwuF/i5l51G5mNCdeeIt1iUcm3mLYmuuI
Vtr0UPGCJODBaDA4fQgrhiKM74186zz+w7RCB3MXOgrwJHVouBNtJAZ6VT17hVt7
sv6d8apXGoLz2dWlV18apgCN5oUqgKIOGNEPQBlWtdBLvOGx/M8ipdHU+vPZPcHJ
rL4/jg4ppShqWLzBz8CjsjF5gUiroCyjg5VJCSWbBhuteGkoyuXpbccJTwq8s0eQ
uWs9q/zvTcIsGkUVEBhY3m571DZkoAQCToVdzmUfu7xbuONcjeibLUmA9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLX+XjKWjfnQeyaRLomrm/wuqZk+MB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvdGY1ZU1wYU4tZEI3SnBFdWlhdWJfQzZwbVQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBqj7OMA0G
CSqGSIb3DQEBCwUAA4IBAQAXoPrw9jVn/fUupIN/FG0tawLA3IjWvt/wonMdvk30
mJvI9nE+y9dyBQRHPckY0FPYrLMoD68NeCME058x4Qccxsc0VvLvXTC9MflcsKtK
UdAkuHo+KldpyvaH69Q77gkxWQmvDgSysKK5/WCW9vZeIaRC6P+D42Nz3XoGjQT4
VA1Uv5X2COMDwxXIKctG7QoOH4/PqNSWFhGI0wSrsq6S0QXApZP+2SXRrZ4ZNeu7
XVvmTLRldFS0J1tyCl7YH4Nxz6I7v3t4jtkaN4+crSDkfcX68oGL3z1ZRvSyAwVF
fRL0PLp6hKiGwKb3ZmG+mg/6JuWZYPtkKyXTE14kDyeF
-----END CERTIFICATE-----