Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/dcd15e-eb12-4631-b220-0226d45a7532/1/Tq4R9IdG22N3vnBq8Qo-UFuJbpQ.roa
File:                     Tq4R9IdG22N3vnBq8Qo-UFuJbpQ.roa (raw, json)
Hash identifier:          af3sYHdNbdlvdprU3qi9kp0Nrk2mSxcsF15s0Xd+YhM=
Subject key identifier:   4E:AE:11:F4:87:46:DB:63:77:BE:70:6A:F1:0A:3E:50:5B:89:6E:94
Certificate issuer:       /CN=2181c5b3cb7eeb1e49582155a1918ec612f95ac6
Certificate serial:       01993273ABD5DD3E85615716AC25D91B3362
Authority key identifier: 21:81:C5:B3:CB:7E:EB:1E:49:58:21:55:A1:91:8E:C6:12:F9:5A:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYHFs8t-6x5JWCFVoZGOxhL5WsY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/dcd15e-eb12-4631-b220-0226d45a7532/1/Tq4R9IdG22N3vnBq8Qo-UFuJbpQ.roa
Signing time:             Wed 10 Sep 2025 07:07:45 +0000
ROA not before:           Wed 10 Sep 2025 07:07:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41960
IP address blocks:        185.60.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/dcd15e-eb12-4631-b220-0226d45a7532/1/IYHFs8t-6x5JWCFVoZGOxhL5WsY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/dcd15e-eb12-4631-b220-0226d45a7532/1/IYHFs8t-6x5JWCFVoZGOxhL5WsY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYHFs8t-6x5JWCFVoZGOxhL5WsY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:32:73:ab:d5:dd:3e:85:61:57:16:ac:25:d9:1b:33:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2181c5b3cb7eeb1e49582155a1918ec612f95ac6
        Validity
            Not Before: Sep 10 07:07:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4eae11f48746db6377be706af10a3e505b896e94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:bc:fb:68:31:ee:34:6b:ee:b1:aa:48:1d:cb:
                    21:41:00:61:19:bd:fd:9c:1e:eb:1c:06:4a:61:fd:
                    f7:86:76:cd:5d:21:9e:bc:2d:df:55:3a:1e:fe:3a:
                    95:06:0c:80:2a:ab:df:02:4d:13:51:f0:95:d3:fd:
                    b1:f5:8b:c8:c0:6b:7a:c1:d7:24:22:98:25:a6:63:
                    99:c2:e9:ac:06:48:11:1f:e0:2b:b6:7b:43:f0:26:
                    91:13:a5:a5:ca:9d:7c:bd:c9:1d:20:2c:c9:16:57:
                    68:de:b5:74:2b:1c:b7:cd:9c:35:c0:eb:14:75:90:
                    53:6c:fb:16:95:8d:a7:26:91:8c:5d:e4:88:92:09:
                    45:83:1b:1c:a7:d9:77:e7:38:3d:41:0e:e2:a2:85:
                    d5:45:4e:c3:ce:54:3f:d1:5c:40:bc:3c:07:8e:61:
                    ff:8a:36:39:29:de:0e:d8:fe:34:81:a7:f4:db:74:
                    b4:4f:72:bc:ce:ae:68:4e:1f:6a:17:2d:af:f6:f4:
                    33:ac:a1:78:61:a7:5f:57:b2:69:df:61:b8:d0:64:
                    f8:00:1e:b1:97:87:ce:39:ff:2b:be:27:cc:8d:bb:
                    39:fd:64:23:6d:63:af:f0:af:13:b8:c0:0b:4c:c0:
                    7b:3a:81:0b:f7:31:8a:c5:41:ff:d1:5e:94:59:c6:
                    9a:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:AE:11:F4:87:46:DB:63:77:BE:70:6A:F1:0A:3E:50:5B:89:6E:94
            X509v3 Authority Key Identifier:
                keyid:21:81:C5:B3:CB:7E:EB:1E:49:58:21:55:A1:91:8E:C6:12:F9:5A:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYHFs8t-6x5JWCFVoZGOxhL5WsY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/dcd15e-eb12-4631-b220-0226d45a7532/1/Tq4R9IdG22N3vnBq8Qo-UFuJbpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/dcd15e-eb12-4631-b220-0226d45a7532/1/IYHFs8t-6x5JWCFVoZGOxhL5WsY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.60.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:7d:81:1a:a7:fa:fb:ad:d2:83:9e:82:4a:fb:5f:11:a7:6d:
         3e:a7:7b:62:b5:93:42:fd:dc:d8:19:2c:57:98:6c:0c:06:c2:
         b3:de:dd:24:7c:19:ea:1d:5f:0e:98:bf:bf:38:12:37:75:1a:
         02:d9:3e:0e:2a:0d:60:53:5a:9b:c8:a2:b1:6f:f1:fb:58:2f:
         82:81:3e:cd:5b:0d:14:35:ca:b5:11:d5:7d:81:d5:92:40:6d:
         2f:30:18:bf:9c:6f:a8:ee:b9:e6:fe:7c:c6:a9:02:73:d6:a0:
         d8:00:5c:1a:e3:5d:3d:87:a2:c3:74:d4:3a:12:38:fe:39:93:
         ad:e2:d7:14:c5:80:0b:02:f8:e9:93:7b:7b:7b:45:5f:b7:ba:
         99:73:46:71:5a:7d:23:ee:06:cf:e2:95:f5:4c:9c:a4:0b:48:
         e5:63:ee:e0:43:5a:6c:12:8f:1e:bf:ad:33:fa:22:e1:3e:19:
         18:31:9c:62:2c:a8:c7:2e:96:4f:9b:c0:58:20:99:f2:3b:12:
         1d:e4:0b:39:dd:c4:b4:fd:d1:49:15:09:fc:95:58:02:8a:44:
         4e:ca:2a:3c:d3:e9:70:3b:ce:47:4c:b3:31:0e:4c:b9:c9:a5:
         b5:e7:b2:a6:67:33:ba:34:d3:25:0f:bb:19:0c:9d:3a:30:c4:
         9c:ee:4b:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkyc6vV3T6FYVcWrCXZGzNiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxODFjNWIzY2I3ZWViMWU0OTU4MjE1NWExOTE4ZWM2MTJm
OTVhYzYwHhcNMjUwOTEwMDcwNzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWFlMTFmNDg3NDZkYjYzNzdiZTcwNmFmMTBhM2U1MDViODk2ZTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7z7aDHuNGvusapIHcshQQBhGb39
nB7rHAZKYf33hnbNXSGevC3fVToe/jqVBgyAKqvfAk0TUfCV0/2x9YvIwGt6wdck
IpglpmOZwumsBkgRH+ArtntD8CaRE6Wlyp18vckdICzJFldo3rV0Kxy3zZw1wOsU
dZBTbPsWlY2nJpGMXeSIkglFgxscp9l35zg9QQ7iooXVRU7DzlQ/0VxAvDwHjmH/
ijY5Kd4O2P40gaf023S0T3K8zq5oTh9qFy2v9vQzrKF4YadfV7Jp32G40GT4AB6x
l4fOOf8rvifMjbs5/WQjbWOv8K8TuMALTMB7OoEL9zGKxUH/0V6UWcaa5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE6uEfSHRttjd75wavEKPlBbiW6UMB8GA1UdIwQY
MBaAFCGBxbPLfuseSVghVaGRjsYS+VrGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVlIRnM4dC02eDVKV0NGVm9aR094aEw1V3NZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9kY2QxNWUtZWIxMi00NjMxLWIyMjAt
MDIyNmQ0NWE3NTMyLzEvVHE0UjlJZEcyMk4zdm5CcThRby1VRnVKYnBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9kY2QxNWUtZWIxMi00NjMxLWIyMjAtMDIyNmQ0NWE3NTMy
LzEvSVlIRnM4dC02eDVKV0NGVm9aR094aEw1V3NZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTyfMA0G
CSqGSIb3DQEBCwUAA4IBAQDRfYEap/r7rdKDnoJK+18Rp20+p3titZNC/dzYGSxX
mGwMBsKz3t0kfBnqHV8OmL+/OBI3dRoC2T4OKg1gU1qbyKKxb/H7WC+CgT7NWw0U
Ncq1EdV9gdWSQG0vMBi/nG+o7rnm/nzGqQJz1qDYAFwa4109h6LDdNQ6Ejj+OZOt
4tcUxYALAvjpk3t7e0Vft7qZc0ZxWn0j7gbP4pX1TJykC0jlY+7gQ1psEo8ev60z
+iLhPhkYMZxiLKjHLpZPm8BYIJnyOxId5As53cS0/dFJFQn8lVgCikROyio80+lw
O85HTLMxDky5yaW157KmZzO6NNMlD7sZDJ06MMSc7ktj
-----END CERTIFICATE-----