Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/TK3Ff_vElGs7NhoVlh3hKgYdYvQ.roa
File:                     TK3Ff_vElGs7NhoVlh3hKgYdYvQ.roa (raw, json)
Hash identifier:          +Z2C0Rcj0+2DRQ5+/N8/NzPrnduPe18ukJIUkQcI+Ao=
Subject key identifier:   4C:AD:C5:7F:FB:C4:94:6B:3B:36:1A:15:96:1D:E1:2A:06:1D:62:F4
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019892F10171DC4D66CDF0567008BC50CA8B
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/TK3Ff_vElGs7NhoVlh3hKgYdYvQ.roa
Signing time:             Sun 10 Aug 2025 07:45:24 +0000
ROA not before:           Sun 10 Aug 2025 07:45:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213568
IP address blocks:        89.40.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:92:f1:01:71:dc:4d:66:cd:f0:56:70:08:bc:50:ca:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Aug 10 07:45:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4cadc57ffbc4946b3b361a15961de12a061d62f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:36:1b:9a:9e:6e:59:6a:84:10:86:b4:b4:5c:
                    c3:07:cc:f0:0a:c6:66:57:ab:a0:21:5e:8c:23:d9:
                    bd:2f:29:1c:59:f2:0f:92:01:d1:fd:44:f4:2f:e1:
                    63:56:ff:ec:d3:46:0c:5c:21:4f:d1:05:d8:20:65:
                    ce:61:78:7c:19:10:69:fb:40:66:0d:f3:a0:e8:b6:
                    a1:cd:87:5d:6a:fa:22:fe:3a:e5:ff:41:ff:db:d9:
                    9d:b3:c2:d0:cd:f3:2c:ee:2e:fc:9f:3a:03:d6:f8:
                    44:e9:99:5b:9c:20:80:1b:d2:6c:a2:bb:f7:bc:04:
                    7c:44:fb:29:87:34:4a:96:e7:c5:de:09:c3:9a:d7:
                    73:aa:c7:53:09:29:e1:7c:a5:a1:f5:13:9d:95:f9:
                    16:11:26:c7:3a:66:32:df:a2:b8:f1:77:ff:89:b3:
                    ee:3e:63:d0:b3:98:f2:a9:0f:10:49:4b:5b:3a:53:
                    67:f6:8c:f7:9c:c1:f4:aa:17:4d:cc:37:4a:d5:00:
                    0c:f3:c4:0b:32:d9:d9:cf:78:82:c2:58:2e:33:f0:
                    33:94:d8:95:d6:9a:d3:9c:11:b2:c4:87:57:b5:a3:
                    d8:e3:86:26:85:da:45:e8:7b:27:8c:2e:e9:d6:23:
                    dc:d0:67:67:51:6c:d8:43:09:20:93:b2:50:ee:f0:
                    09:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:AD:C5:7F:FB:C4:94:6B:3B:36:1A:15:96:1D:E1:2A:06:1D:62:F4
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/TK3Ff_vElGs7NhoVlh3hKgYdYvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.40.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:e0:44:85:94:4d:59:5f:d6:57:79:cd:a6:21:2a:79:e1:77:
         7e:19:ce:43:38:a2:1c:62:71:4c:3b:36:f4:a8:f9:d7:93:53:
         f0:26:c2:99:93:e1:1f:be:f0:50:7b:73:b7:eb:af:f3:6f:8d:
         57:a7:f5:7d:25:3e:c5:0a:ae:34:2b:de:87:90:ce:6e:cd:9e:
         e2:ee:e8:96:31:a0:0f:21:ae:89:d1:46:0b:af:5a:7e:ed:46:
         ca:d6:7f:74:29:9c:8a:5a:0a:74:a0:38:71:1a:c1:39:bd:4d:
         12:6d:71:cd:43:24:73:1b:66:03:e4:4e:90:78:5d:b4:76:54:
         39:28:77:eb:8a:c3:a1:f9:56:0e:50:89:c0:dc:7d:0f:0e:82:
         ef:c3:85:5f:7b:cb:a9:0f:6d:c2:8b:25:9a:24:ad:fb:92:4f:
         91:18:9a:9d:e6:80:e1:12:74:9c:e0:73:7a:cd:d5:49:3c:b0:
         ef:65:dd:4b:3e:5f:67:21:fa:69:49:82:72:db:f7:a6:3b:fe:
         fa:5e:3a:7a:95:a6:99:ba:34:73:b2:06:80:0e:2d:cf:ab:6e:
         41:30:15:4a:0c:41:10:59:7b:65:57:46:1c:c7:56:a9:ea:f8:
         73:80:de:f5:80:bc:a4:90:2c:06:07:5e:95:61:eb:b4:19:53:
         28:6c:46:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiS8QFx3E1mzfBWcAi8UMqLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwODEwMDc0NTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2FkYzU3ZmZiYzQ5NDZiM2IzNjFhMTU5NjFkZTEyYTA2MWQ2MmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAizYbmp5uWWqEEIa0tFzDB8zwCsZm
V6ugIV6MI9m9LykcWfIPkgHR/UT0L+FjVv/s00YMXCFP0QXYIGXOYXh8GRBp+0Bm
DfOg6LahzYddavoi/jrl/0H/29mds8LQzfMs7i78nzoD1vhE6ZlbnCCAG9Jsorv3
vAR8RPsphzRKlufF3gnDmtdzqsdTCSnhfKWh9ROdlfkWESbHOmYy36K48Xf/ibPu
PmPQs5jyqQ8QSUtbOlNn9oz3nMH0qhdNzDdK1QAM88QLMtnZz3iCwlguM/AzlNiV
1prTnBGyxIdXtaPY44YmhdpF6HsnjC7p1iPc0GdnUWzYQwkgk7JQ7vAJAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEytxX/7xJRrOzYaFZYd4SoGHWL0MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvVEszRmZfdkVsR3M3TmhvVmxoM2hLZ1lkWXZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWShGMA0G
CSqGSIb3DQEBCwUAA4IBAQAR4ESFlE1ZX9ZXec2mISp54Xd+Gc5DOKIcYnFMOzb0
qPnXk1PwJsKZk+EfvvBQe3O366/zb41Xp/V9JT7FCq40K96HkM5uzZ7i7uiWMaAP
Ia6J0UYLr1p+7UbK1n90KZyKWgp0oDhxGsE5vU0SbXHNQyRzG2YD5E6QeF20dlQ5
KHfrisOh+VYOUInA3H0PDoLvw4Vfe8upD23CiyWaJK37kk+RGJqd5oDhEnSc4HN6
zdVJPLDvZd1LPl9nIfppSYJy2/emO/76Xjp6laaZujRzsgaADi3Pq25BMBVKDEEQ
WXtlV0Ycx1ap6vhzgN71gLykkCwGB16VYeu0GVMobEaT
-----END CERTIFICATE-----