Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/50fa7b-7561-47bb-b455-16d1f208f35d/1/TkIQjY_HGRncFjA-7Vmaxml1daE.roa
File:                     TkIQjY_HGRncFjA-7Vmaxml1daE.roa (raw, json)
Hash identifier:          6pVV5SuugNQdL8aBVoI94FeeC8YOJCFJlNBFFtEIsnY=
Subject key identifier:   4E:42:10:8D:8F:C7:19:19:DC:16:30:3E:ED:59:9A:C6:69:75:75:A1
Certificate issuer:       /CN=c66d45a24d1c785839fecabbe1b4731bc2417790
Certificate serial:       01975DA0F05982541215FA0BA7F30D3F6FAB
Authority key identifier: C6:6D:45:A2:4D:1C:78:58:39:FE:CA:BB:E1:B4:73:1B:C2:41:77:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm1Fok0ceFg5_sq74bRzG8JBd5A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/50fa7b-7561-47bb-b455-16d1f208f35d/1/TkIQjY_HGRncFjA-7Vmaxml1daE.roa
Signing time:             Wed 11 Jun 2025 06:15:17 +0000
ROA not before:           Wed 11 Jun 2025 06:15:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208485
IP address blocks:        195.5.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/50fa7b-7561-47bb-b455-16d1f208f35d/1/xm1Fok0ceFg5_sq74bRzG8JBd5A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/50fa7b-7561-47bb-b455-16d1f208f35d/1/xm1Fok0ceFg5_sq74bRzG8JBd5A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm1Fok0ceFg5_sq74bRzG8JBd5A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 10:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5d:a0:f0:59:82:54:12:15:fa:0b:a7:f3:0d:3f:6f:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d45a24d1c785839fecabbe1b4731bc2417790
        Validity
            Not Before: Jun 11 06:15:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e42108d8fc71919dc16303eed599ac6697575a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:31:a2:f9:63:95:5b:1c:ac:bb:45:6d:cd:7f:
                    e5:d4:7f:35:01:35:06:37:7f:5b:8e:05:ba:f9:37:
                    19:bf:a5:9e:f5:99:88:f9:ae:f8:3a:0f:99:ed:5c:
                    67:b5:95:25:e5:c9:35:3f:6c:bf:19:fb:37:fd:b2:
                    bd:b5:03:95:55:3d:65:fa:40:31:a0:64:19:58:af:
                    ca:64:d6:00:b5:a7:09:5e:71:53:f3:f6:e2:7c:1a:
                    5e:0a:c7:5c:33:95:95:25:e1:87:ea:98:f6:86:31:
                    eb:99:9a:dd:ed:97:90:d5:d0:e6:a5:e9:56:42:25:
                    9a:87:ab:af:de:4d:f7:bd:a0:45:9a:f2:3d:12:cd:
                    ab:8e:9e:30:6a:ad:79:08:cb:56:a0:51:cc:77:a6:
                    45:53:4e:75:58:58:97:83:8b:af:02:f4:ae:d4:5a:
                    29:28:f0:20:0d:97:69:d8:e4:ef:bc:1d:fc:b1:e0:
                    10:c0:89:4a:0a:87:04:fb:b3:5a:9d:71:b1:2e:52:
                    19:43:95:24:f6:c1:56:bb:45:92:af:c9:78:2b:16:
                    f1:2e:46:95:98:30:c0:6c:20:1c:d5:6b:a1:c3:63:
                    ce:36:1d:14:ce:85:10:54:23:5f:f6:d5:ac:35:27:
                    9c:02:cf:22:1b:e6:94:bf:78:a3:12:4e:5e:d5:12:
                    50:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:42:10:8D:8F:C7:19:19:DC:16:30:3E:ED:59:9A:C6:69:75:75:A1
            X509v3 Authority Key Identifier:
                keyid:C6:6D:45:A2:4D:1C:78:58:39:FE:CA:BB:E1:B4:73:1B:C2:41:77:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm1Fok0ceFg5_sq74bRzG8JBd5A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/50fa7b-7561-47bb-b455-16d1f208f35d/1/TkIQjY_HGRncFjA-7Vmaxml1daE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/50fa7b-7561-47bb-b455-16d1f208f35d/1/xm1Fok0ceFg5_sq74bRzG8JBd5A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.5.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:2f:80:a3:ee:0a:5a:5e:ca:d3:bd:e1:92:da:de:5f:67:ba:
         39:ad:1a:d8:04:31:a9:40:9e:97:c8:a6:66:1e:9d:34:a8:ea:
         3c:41:0c:c0:ac:df:a7:0e:fd:98:29:d0:f1:be:b9:19:45:f0:
         ed:6c:68:78:f6:09:b4:03:17:ef:9f:3a:71:3b:e0:5d:25:91:
         fb:7a:ef:d9:95:f2:68:aa:16:f4:82:1a:3b:3b:96:f9:94:e8:
         68:78:80:84:2e:72:1e:8a:7a:b2:c7:71:ef:76:f7:31:f5:08:
         ea:bf:d3:a9:b5:c9:40:94:f6:fb:71:3f:d8:e8:8b:28:73:04:
         ba:54:29:41:b5:a1:dc:19:b9:a8:92:53:0a:d3:82:80:21:87:
         9f:6c:17:9b:92:21:0b:47:c4:a3:fb:61:15:f2:c7:7d:cb:ad:
         24:0d:5b:bf:a3:73:20:14:79:03:88:4b:a0:26:72:0e:fe:0c:
         94:f1:fc:2e:f0:91:8a:76:36:04:60:ed:c2:64:0d:e1:82:1a:
         a0:c6:fa:d8:19:ef:8c:fe:4a:d1:3a:36:09:f5:24:f1:6d:6a:
         59:59:44:42:88:43:c2:dd:8d:9e:de:00:80:de:80:8e:b8:4d:
         12:b5:c0:15:17:39:f3:8f:4b:01:43:88:f2:17:0e:19:85:09:
         dd:1e:00:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZddoPBZglQSFfoLp/MNP2+rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ0NWEyNGQxYzc4NTgzOWZlY2FiYmUxYjQ3MzFiYzI0
MTc3OTAwHhcNMjUwNjExMDYxNTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTQyMTA4ZDhmYzcxOTE5ZGMxNjMwM2VlZDU5OWFjNjY5NzU3NWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDGi+WOVWxysu0VtzX/l1H81ATUG
N39bjgW6+TcZv6We9ZmI+a74Og+Z7VxntZUl5ck1P2y/Gfs3/bK9tQOVVT1l+kAx
oGQZWK/KZNYAtacJXnFT8/bifBpeCsdcM5WVJeGH6pj2hjHrmZrd7ZeQ1dDmpelW
QiWah6uv3k33vaBFmvI9Es2rjp4waq15CMtWoFHMd6ZFU051WFiXg4uvAvSu1Fop
KPAgDZdp2OTvvB38seAQwIlKCocE+7NanXGxLlIZQ5Uk9sFWu0WSr8l4KxbxLkaV
mDDAbCAc1Wuhw2PONh0UzoUQVCNf9tWsNSecAs8iG+aUv3ijEk5e1RJQxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE5CEI2PxxkZ3BYwPu1ZmsZpdXWhMB8GA1UdIwQY
MBaAFMZtRaJNHHhYOf7Ku+G0cxvCQXeQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0xRm9rMGNlRmc1X3NxNzRiUnpHOEpCZDVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS81MGZhN2ItNzU2MS00N2JiLWI0NTUt
MTZkMWYyMDhmMzVkLzEvVGtJUWpZX0hHUm5jRmpBLTdWbWF4bWwxZGFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS81MGZhN2ItNzU2MS00N2JiLWI0NTUtMTZkMWYyMDhmMzVk
LzEveG0xRm9rMGNlRmc1X3NxNzRiUnpHOEpCZDVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwVpMA0G
CSqGSIb3DQEBCwUAA4IBAQByL4Cj7gpaXsrTveGS2t5fZ7o5rRrYBDGpQJ6XyKZm
Hp00qOo8QQzArN+nDv2YKdDxvrkZRfDtbGh49gm0AxfvnzpxO+BdJZH7eu/ZlfJo
qhb0gho7O5b5lOhoeICELnIeinqyx3Hvdvcx9Qjqv9OptclAlPb7cT/Y6IsocwS6
VClBtaHcGbmoklMK04KAIYefbBebkiELR8Sj+2EV8sd9y60kDVu/o3MgFHkDiEug
JnIO/gyU8fwu8JGKdjYEYO3CZA3hghqgxvrYGe+M/krROjYJ9STxbWpZWURCiEPC
3Y2e3gCA3oCOuE0StcAVFznzj0sBQ4jyFw4ZhQndHgA/
-----END CERTIFICATE-----