Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/25b47e-4079-4f21-911b-f389a5269fb2/1/TyDlQY0--7dqqa7hSxcdPHHA3k8.roa
File:                     TyDlQY0--7dqqa7hSxcdPHHA3k8.roa (raw, json)
Hash identifier:          FDPgCRRVSr9ns/UDWv1/DVuyWSkU4YS2bgao5MAg8Wk=
Subject key identifier:   4F:20:E5:41:8D:3E:FB:B7:6A:A9:AE:E1:4B:17:1D:3C:71:C0:DE:4F
Certificate issuer:       /CN=432efe16ec6c00fd45b5d918d9b172acd0a58d96
Certificate serial:       0198C223D219B053DFB0D30109D312FE4523
Authority key identifier: 43:2E:FE:16:EC:6C:00:FD:45:B5:D9:18:D9:B1:72:AC:D0:A5:8D:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qy7-FuxsAP1FtdkY2bFyrNCljZY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/25b47e-4079-4f21-911b-f389a5269fb2/1/TyDlQY0--7dqqa7hSxcdPHHA3k8.roa
Signing time:             Tue 19 Aug 2025 11:43:04 +0000
ROA not before:           Tue 19 Aug 2025 11:43:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47675
IP address blocks:        185.122.244.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/25b47e-4079-4f21-911b-f389a5269fb2/1/Qy7-FuxsAP1FtdkY2bFyrNCljZY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/25b47e-4079-4f21-911b-f389a5269fb2/1/Qy7-FuxsAP1FtdkY2bFyrNCljZY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qy7-FuxsAP1FtdkY2bFyrNCljZY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c2:23:d2:19:b0:53:df:b0:d3:01:09:d3:12:fe:45:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=432efe16ec6c00fd45b5d918d9b172acd0a58d96
        Validity
            Not Before: Aug 19 11:43:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f20e5418d3efbb76aa9aee14b171d3c71c0de4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:fc:b5:76:40:0a:cb:b9:b1:bb:27:93:f6:32:
                    c0:8e:21:e9:b0:51:1f:03:7f:fa:21:1f:83:c4:ba:
                    7e:10:bc:63:e7:14:23:71:ee:2a:2b:61:1e:75:e7:
                    a5:48:ec:f0:98:69:55:30:51:5a:83:5b:4c:cc:ba:
                    c9:d0:3c:21:21:65:9f:67:ef:02:24:b7:33:4b:25:
                    77:fe:ba:82:1b:dc:1a:56:c9:14:24:69:83:c4:da:
                    41:9b:e8:07:43:d4:2f:b4:2b:12:51:01:83:27:bf:
                    46:43:a1:1b:bd:7a:68:d8:1f:1d:72:3a:e7:d7:09:
                    4a:0d:9e:ab:39:c1:3d:f8:cb:42:be:be:c8:b9:6c:
                    d5:6f:96:f5:e4:58:cf:66:8a:a8:50:cc:48:e9:df:
                    f9:d7:43:c7:3c:2c:ee:31:3e:ee:bb:35:d2:ca:97:
                    9c:94:a1:2c:42:ac:c1:33:88:97:7b:68:6c:14:a5:
                    e6:ec:5a:22:e1:cc:d0:cd:d2:f6:3d:68:0f:86:fa:
                    b2:7e:90:82:30:98:44:92:f5:e7:91:1e:bf:bb:ab:
                    ee:bc:e0:d0:e2:43:3e:3f:fc:ec:5d:5a:1a:9a:63:
                    3f:d9:21:74:35:dd:80:b6:9c:d8:e3:51:4d:6c:39:
                    93:05:a1:08:7e:7f:4d:72:07:a8:74:82:66:95:e7:
                    cd:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:20:E5:41:8D:3E:FB:B7:6A:A9:AE:E1:4B:17:1D:3C:71:C0:DE:4F
            X509v3 Authority Key Identifier:
                keyid:43:2E:FE:16:EC:6C:00:FD:45:B5:D9:18:D9:B1:72:AC:D0:A5:8D:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qy7-FuxsAP1FtdkY2bFyrNCljZY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/25b47e-4079-4f21-911b-f389a5269fb2/1/TyDlQY0--7dqqa7hSxcdPHHA3k8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/25b47e-4079-4f21-911b-f389a5269fb2/1/Qy7-FuxsAP1FtdkY2bFyrNCljZY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.122.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:de:c9:53:ec:f4:51:fd:14:16:1f:e1:df:48:08:be:7f:11:
         50:ff:dc:8d:b6:e9:f9:97:bc:5b:5a:eb:e2:87:03:ca:11:c5:
         61:08:c4:31:32:bc:be:be:cd:fc:51:7e:3f:92:0b:2a:32:62:
         12:c0:89:06:ad:e9:3d:0b:c1:ed:9e:8e:db:c3:fd:7f:78:d1:
         a9:f8:33:4b:2f:79:b6:ef:b2:82:ab:1b:19:b9:41:79:47:c3:
         a0:e5:f8:b6:4e:92:c2:9a:40:6d:e6:61:6f:82:b3:a0:f4:03:
         6f:11:66:0c:ec:a3:59:a4:43:8c:cf:ca:19:12:4c:76:c8:ff:
         57:86:37:38:0d:62:62:20:70:9b:aa:f6:53:19:b1:5f:2c:a7:
         9f:bf:df:72:b0:ca:e4:98:18:34:80:84:6a:c4:fa:cc:fe:ff:
         45:53:dd:1f:1f:0e:de:35:88:4e:67:94:13:24:1e:3c:bd:f2:
         9c:37:93:8f:8c:e7:4b:d5:56:45:f5:a0:23:50:8f:fd:37:05:
         4b:ee:bf:90:a9:c1:74:92:0c:41:cf:8f:bd:45:ec:de:75:9f:
         40:d5:fe:c4:4a:76:54:d7:57:e1:dd:e4:fd:72:54:ed:36:9e:
         ca:18:3d:54:ff:65:e7:cb:0b:3d:c6:11:13:1e:94:6d:e4:8e:
         1f:f4:9a:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjCI9IZsFPfsNMBCdMS/kUjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMmVmZTE2ZWM2YzAwZmQ0NWI1ZDkxOGQ5YjE3MmFjZDBh
NThkOTYwHhcNMjUwODE5MTE0MzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjIwZTU0MThkM2VmYmI3NmFhOWFlZTE0YjE3MWQzYzcxYzBkZTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfy1dkAKy7mxuyeT9jLAjiHpsFEf
A3/6IR+DxLp+ELxj5xQjce4qK2EedeelSOzwmGlVMFFag1tMzLrJ0DwhIWWfZ+8C
JLczSyV3/rqCG9waVskUJGmDxNpBm+gHQ9QvtCsSUQGDJ79GQ6EbvXpo2B8dcjrn
1wlKDZ6rOcE9+MtCvr7IuWzVb5b15FjPZoqoUMxI6d/510PHPCzuMT7uuzXSypec
lKEsQqzBM4iXe2hsFKXm7Foi4czQzdL2PWgPhvqyfpCCMJhEkvXnkR6/u6vuvODQ
4kM+P/zsXVoammM/2SF0Nd2AtpzY41FNbDmTBaEIfn9NcgeodIJmlefNvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE8g5UGNPvu3aqmu4UsXHTxxwN5PMB8GA1UdIwQY
MBaAFEMu/hbsbAD9RbXZGNmxcqzQpY2WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXk3LUZ1eHNBUDFGdGRrWTJiRnlyTkNsalpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy8yNWI0N2UtNDA3OS00ZjIxLTkxMWIt
ZjM4OWE1MjY5ZmIyLzEvVHlEbFFZMC0tN2RxcWE3aFN4Y2RQSEhBM2s4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy8yNWI0N2UtNDA3OS00ZjIxLTkxMWItZjM4OWE1MjY5ZmIy
LzEvUXk3LUZ1eHNBUDFGdGRrWTJiRnlyTkNsalpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXr0MA0G
CSqGSIb3DQEBCwUAA4IBAQAJ3slT7PRR/RQWH+HfSAi+fxFQ/9yNtun5l7xbWuvi
hwPKEcVhCMQxMry+vs38UX4/kgsqMmISwIkGrek9C8Htno7bw/1/eNGp+DNLL3m2
77KCqxsZuUF5R8Og5fi2TpLCmkBt5mFvgrOg9ANvEWYM7KNZpEOMz8oZEkx2yP9X
hjc4DWJiIHCbqvZTGbFfLKefv99ysMrkmBg0gIRqxPrM/v9FU90fHw7eNYhOZ5QT
JB48vfKcN5OPjOdL1VZF9aAjUI/9NwVL7r+QqcF0kgxBz4+9RezedZ9A1f7ESnZU
11fh3eT9clTtNp7KGD1U/2Xnyws9xhETHpRt5I4f9Jor
-----END CERTIFICATE-----