Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/TfyeRFd3VCbgM2FKibZFqgYPaDw.roa
File:                     TfyeRFd3VCbgM2FKibZFqgYPaDw.roa (raw, json)
Hash identifier:          /rru2Z/Tk7Ps+KGw08oWifW+xfVigUyNIXVBHMyf3JY=
Subject key identifier:   4D:FC:9E:44:57:77:54:26:E0:33:61:4A:89:B6:45:AA:06:0F:68:3C
Certificate issuer:       /CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
Certificate serial:       01996282317DD7A19307670DA0A5DDA50BB1
Authority key identifier: 8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/TfyeRFd3VCbgM2FKibZFqgYPaDw.roa
Signing time:             Fri 19 Sep 2025 15:05:23 +0000
ROA not before:           Fri 19 Sep 2025 15:05:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     10753
IP address blocks:        5.102.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 17:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:62:82:31:7d:d7:a1:93:07:67:0d:a0:a5:dd:a5:0b:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
        Validity
            Not Before: Sep 19 15:05:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4dfc9e4457775426e033614a89b645aa060f683c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:f2:db:7e:e3:33:b6:cf:0e:36:dc:45:d4:de:
                    d4:ee:81:d8:6b:fb:23:36:c2:76:50:7c:b0:78:aa:
                    a0:df:7e:31:34:0e:68:4d:39:bf:a3:b0:75:ff:fb:
                    37:09:a8:b3:90:0d:ef:42:c4:54:76:8f:5a:0f:c0:
                    db:41:64:23:d7:55:df:04:5e:8f:71:f2:3d:ac:75:
                    44:0f:49:28:6d:f9:bf:73:0f:98:85:cf:ac:3c:ed:
                    87:95:d7:05:1c:8e:96:8d:85:7d:80:bb:23:d3:65:
                    84:cb:51:ff:bc:e9:7f:c4:26:9c:e8:54:47:6f:9f:
                    37:b6:04:e9:d8:00:ca:bd:fb:04:48:b6:6e:1f:02:
                    88:f4:d6:27:13:35:73:40:0c:e8:ed:09:6b:ea:24:
                    aa:92:3d:26:f6:33:36:da:43:4f:7f:1c:f9:89:87:
                    2f:14:52:fc:bb:61:de:99:07:02:98:d1:b2:d4:7d:
                    a5:5a:1f:45:eb:db:ed:c0:d1:2d:b5:f6:44:92:70:
                    f4:50:c7:cf:d4:db:98:a9:ea:05:26:cb:d5:36:2d:
                    32:91:be:d1:c5:9c:fe:d0:9a:b6:8d:e4:8b:f5:95:
                    50:16:e3:2f:a6:64:0f:f8:0b:15:5a:df:61:55:e7:
                    21:ab:b9:e5:9e:7e:fa:49:8e:a2:3f:bb:88:f7:8c:
                    f2:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:FC:9E:44:57:77:54:26:E0:33:61:4A:89:B6:45:AA:06:0F:68:3C
            X509v3 Authority Key Identifier:
                keyid:8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/TfyeRFd3VCbgM2FKibZFqgYPaDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:fe:4b:bc:11:ae:11:9a:f1:52:3c:a8:17:e5:6a:5a:97:33:
         8e:41:5e:33:68:3e:74:02:c2:df:45:3f:2f:94:06:79:a2:e2:
         59:19:a7:c8:67:e0:bf:9d:8d:ff:53:3b:2d:a0:6f:d7:35:4e:
         6e:f1:71:90:f1:9a:2e:83:e7:00:52:02:0e:e6:9e:b9:9a:4b:
         ce:14:02:00:0a:9c:cf:67:ea:da:00:48:ce:e4:1a:aa:9c:12:
         b9:86:f3:37:94:b8:a6:99:ac:a3:7e:29:67:e3:9c:3c:d5:b4:
         6b:c3:0b:84:4e:21:48:36:5e:5d:3d:e9:48:bb:08:ec:49:39:
         ec:91:3e:b8:21:5e:f3:76:d2:53:62:56:3c:bf:00:96:54:66:
         f5:57:4c:62:18:07:96:17:3a:8f:ad:19:60:eb:bc:7f:97:36:
         43:83:31:3d:d0:ae:54:cc:e4:a5:8f:a6:c8:65:af:aa:18:4d:
         6c:03:68:de:2f:00:e2:07:67:3e:6d:15:3d:14:a5:77:4e:26:
         43:b7:55:83:1a:07:47:9a:5f:ae:7d:b7:81:6c:c8:65:f0:be:
         b9:dc:7a:57:01:e3:11:30:51:20:fe:10:26:53:4c:97:07:52:
         d5:87:f2:37:3a:d1:02:c8:8d:aa:6e:41:fb:9f:7f:08:4d:a5:
         c6:b0:c5:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZligjF916GTB2cNoKXdpQuxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZGY3NmM1NGI5ZTY5MzVjMzBhOWI0YzliYTkzMDlhYzQ3
MGVjMDIwHhcNMjUwOTE5MTUwNTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGZjOWU0NDU3Nzc1NDI2ZTAzMzYxNGE4OWI2NDVhYTA2MGY2ODNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofLbfuMzts8ONtxF1N7U7oHYa/sj
NsJ2UHyweKqg334xNA5oTTm/o7B1//s3CaizkA3vQsRUdo9aD8DbQWQj11XfBF6P
cfI9rHVED0kobfm/cw+Yhc+sPO2HldcFHI6WjYV9gLsj02WEy1H/vOl/xCac6FRH
b583tgTp2ADKvfsESLZuHwKI9NYnEzVzQAzo7Qlr6iSqkj0m9jM22kNPfxz5iYcv
FFL8u2HemQcCmNGy1H2lWh9F69vtwNEttfZEknD0UMfP1NuYqeoFJsvVNi0ykb7R
xZz+0Jq2jeSL9ZVQFuMvpmQP+AsVWt9hVechq7nlnn76SY6iP7uI94zyqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE38nkRXd1Qm4DNhSom2RaoGD2g8MB8GA1UdIwQY
MBaAFIvfdsVLnmk1wwqbTJupMJrEcOwCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgt
OGQyMTg2NjUwMjdkLzEvVGZ5ZVJGZDNWQ2JnTTJGS2liWkZxZ1lQYUR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgtOGQyMTg2NjUwMjdk
LzEvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABWYnMA0G
CSqGSIb3DQEBCwUAA4IBAQAO/ku8Ea4RmvFSPKgX5WpalzOOQV4zaD50AsLfRT8v
lAZ5ouJZGafIZ+C/nY3/UzstoG/XNU5u8XGQ8Zoug+cAUgIO5p65mkvOFAIACpzP
Z+raAEjO5BqqnBK5hvM3lLimmayjfiln45w81bRrwwuETiFINl5dPelIuwjsSTns
kT64IV7zdtJTYlY8vwCWVGb1V0xiGAeWFzqPrRlg67x/lzZDgzE90K5UzOSlj6bI
Za+qGE1sA2jeLwDiB2c+bRU9FKV3TiZDt1WDGgdHml+ufbeBbMhl8L653HpXAeMR
MFEg/hAmU0yXB1LVh/I3OtECyI2qbkH7n38ITaXGsMUC
-----END CERTIFICATE-----