Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/tqUDRlao_iD7xRHSdwTxQg781nQ.roa
File:                     tqUDRlao_iD7xRHSdwTxQg781nQ.roa (raw, json)
Hash identifier:          NDxRIRIwnCHT+nw1dInn41CtCLPIcIwpMWSstLv1XaI=
Subject key identifier:   B6:A5:03:46:56:A8:FE:20:FB:C5:11:D2:77:04:F1:42:0E:FC:D6:74
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       01989E7F133F27C022F15B45A0D9516B6E1F
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/tqUDRlao_iD7xRHSdwTxQg781nQ.roa
Signing time:             Tue 12 Aug 2025 13:36:24 +0000
ROA not before:           Tue 12 Aug 2025 13:36:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47377
IP address blocks:        45.150.116.0/22 maxlen: 24
                          185.51.54.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 07:01:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:9e:7f:13:3f:27:c0:22:f1:5b:45:a0:d9:51:6b:6e:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Aug 12 13:36:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b6a5034656a8fe20fbc511d27704f1420efcd674
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:cd:7e:a6:73:79:b3:a0:8f:01:ed:dd:52:08:
                    b5:95:91:b0:7a:4a:0c:03:eb:00:1c:dd:12:e1:7b:
                    94:56:72:e5:5e:33:85:37:a2:50:da:a6:77:e2:01:
                    e7:70:fe:b6:04:43:69:b4:c8:24:60:43:31:1a:7f:
                    11:0b:38:da:06:1d:89:d2:f8:e4:04:4c:90:f6:5a:
                    e7:5d:25:ef:26:06:af:29:40:8c:41:9b:96:26:6d:
                    bc:b0:f8:29:98:b5:f6:ff:ba:75:e0:c2:f4:b9:7b:
                    72:14:e6:a6:6c:f5:08:de:34:93:07:6e:76:25:1d:
                    b4:a8:ad:f1:19:95:a8:23:6e:38:3f:e8:c4:ec:75:
                    d1:e0:f1:e9:3f:49:98:02:ad:b7:5f:00:4b:0f:ff:
                    2f:d4:f9:dd:01:de:d6:47:b1:5d:d8:03:19:51:cd:
                    ad:71:fd:6c:fe:25:f4:ca:d1:79:dc:11:14:a8:76:
                    ee:c5:8d:8b:f3:b8:b2:67:29:e0:24:fc:ab:45:50:
                    43:64:1c:ae:da:95:e7:15:9d:f0:27:79:0d:43:c8:
                    0d:d2:87:aa:7c:17:61:2d:ad:46:8d:12:a4:a0:5a:
                    53:8c:57:30:c7:1f:84:5a:59:f6:f4:98:71:e3:f3:
                    de:0b:63:b3:c1:cf:13:78:8f:01:3f:f4:d6:7c:d2:
                    d4:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:A5:03:46:56:A8:FE:20:FB:C5:11:D2:77:04:F1:42:0E:FC:D6:74
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/tqUDRlao_iD7xRHSdwTxQg781nQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.116.0/22
                  185.51.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3b:de:8c:76:63:c3:74:fd:64:96:e7:29:ed:f5:bd:81:a2:69:
         45:ed:cd:97:07:74:e4:55:b9:8a:c2:76:a3:1e:a7:4c:69:a2:
         ac:58:48:05:25:40:f5:4b:c5:4a:22:1b:63:71:17:46:cd:c2:
         fe:e2:1f:ff:30:49:a0:ee:17:0a:62:b2:8c:3b:44:bc:72:ba:
         8c:ca:0d:d0:14:f6:e4:ad:a3:af:ec:f9:07:b7:57:5e:44:f0:
         4f:3f:77:3f:36:d7:a2:d6:fe:97:25:29:dd:67:81:e6:70:de:
         21:ad:36:c0:20:33:7d:43:78:8d:0b:49:8d:5e:da:69:06:5a:
         8b:a7:ee:fd:03:82:dc:78:02:51:1f:f8:dd:a9:3e:47:6e:25:
         d7:5c:78:de:9f:47:cb:3b:de:0b:40:cc:6f:e7:25:8e:2d:e9:
         ed:05:2e:3b:3e:cc:29:22:f7:ac:b0:ae:4f:3b:2c:4f:71:3a:
         13:1a:b2:17:f7:a6:7d:0a:f2:5d:31:36:d9:0a:1d:37:fe:aa:
         6a:07:47:a0:77:c0:98:97:51:ec:98:2e:11:0c:0a:51:30:7b:
         db:12:38:b1:44:04:b2:5c:69:d1:4a:de:89:d7:04:19:9c:2c:
         40:14:23:ee:0b:43:1e:b9:bf:24:a4:7b:e1:f7:a9:2a:b6:0d:
         61:0d:73:b9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZiefxM/J8Ai8VtFoNlRa24fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwODEyMTMzNjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmE1MDM0NjU2YThmZTIwZmJjNTExZDI3NzA0ZjE0MjBlZmNkNjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwM1+pnN5s6CPAe3dUgi1lZGwekoM
A+sAHN0S4XuUVnLlXjOFN6JQ2qZ34gHncP62BENptMgkYEMxGn8RCzjaBh2J0vjk
BEyQ9lrnXSXvJgavKUCMQZuWJm28sPgpmLX2/7p14ML0uXtyFOambPUI3jSTB252
JR20qK3xGZWoI244P+jE7HXR4PHpP0mYAq23XwBLD/8v1PndAd7WR7Fd2AMZUc2t
cf1s/iX0ytF53BEUqHbuxY2L87iyZyngJPyrRVBDZByu2pXnFZ3wJ3kNQ8gN0oeq
fBdhLa1GjRKkoFpTjFcwxx+EWln29Jhx4/PeC2Ozwc8TeI8BP/TWfNLUvQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLalA0ZWqP4g+8UR0ncE8UIO/NZ0MB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvdHFVRFJsYW9faUQ3eFJIU2R3VHhRZzc4MW5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLZZ0AwQB
uTM2MA0GCSqGSIb3DQEBCwUAA4IBAQA73ox2Y8N0/WSW5ynt9b2BomlF7c2XB3Tk
VbmKwnajHqdMaaKsWEgFJUD1S8VKIhtjcRdGzcL+4h//MEmg7hcKYrKMO0S8crqM
yg3QFPbkraOv7PkHt1deRPBPP3c/Ntei1v6XJSndZ4HmcN4hrTbAIDN9Q3iNC0mN
XtppBlqLp+79A4LceAJRH/jdqT5HbiXXXHjen0fLO94LQMxv5yWOLentBS47Pswp
IvessK5POyxPcToTGrIX96Z9CvJdMTbZCh03/qpqB0egd8CYl1HsmC4RDApRMHvb
EjixRASyXGnRSt6J1wQZnCxAFCPuC0Meub8kpHvh96kqtg1hDXO5
-----END CERTIFICATE-----