Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/eb0d91-708c-4910-84f9-323486ca0540/1/_TKV-DpdXmei2SR3rrnjoUIFNqQ.roa
File:                     _TKV-DpdXmei2SR3rrnjoUIFNqQ.roa (raw, json)
Hash identifier:          R5raBHMEiNG8zclHwaLQB17jXPqQeZzFe9QNn7MrSYM=
Subject key identifier:   FD:32:95:F8:3A:5D:5E:67:A2:D9:24:77:AE:B9:E3:A1:42:05:36:A4
Certificate issuer:       /CN=f5f0f07ca0a6b4cb2c159e9045974503ae288581
Certificate serial:       0199CDD47A06B24F6498AFD95E96C54A5A94
Authority key identifier: F5:F0:F0:7C:A0:A6:B4:CB:2C:15:9E:90:45:97:45:03:AE:28:85:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9fDwfKCmtMssFZ6QRZdFA64ohYE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/eb0d91-708c-4910-84f9-323486ca0540/1/_TKV-DpdXmei2SR3rrnjoUIFNqQ.roa
Signing time:             Fri 10 Oct 2025 11:14:38 +0000
ROA not before:           Fri 10 Oct 2025 11:14:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57795
IP address blocks:        185.157.144.0/22 maxlen: 22
                          2a07:a740::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/eb0d91-708c-4910-84f9-323486ca0540/1/9fDwfKCmtMssFZ6QRZdFA64ohYE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/eb0d91-708c-4910-84f9-323486ca0540/1/9fDwfKCmtMssFZ6QRZdFA64ohYE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9fDwfKCmtMssFZ6QRZdFA64ohYE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:cd:d4:7a:06:b2:4f:64:98:af:d9:5e:96:c5:4a:5a:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5f0f07ca0a6b4cb2c159e9045974503ae288581
        Validity
            Not Before: Oct 10 11:14:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fd3295f83a5d5e67a2d92477aeb9e3a1420536a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:a9:55:bd:a4:ed:ec:ee:ef:6c:a5:26:a8:6f:
                    8b:a6:46:77:67:e1:c1:7c:51:2c:03:ac:3f:4f:f1:
                    0c:dc:87:67:0f:a7:f9:1d:c7:49:38:8b:15:ed:f7:
                    e2:67:bf:4a:cb:a3:08:9c:ab:65:88:c2:f0:3e:80:
                    be:53:2a:11:2f:78:5d:57:b5:8d:e4:a6:42:78:31:
                    ad:54:c2:d9:f6:70:d5:12:3e:ce:f9:96:ef:a3:f2:
                    92:8b:94:b7:24:12:c9:f3:8f:55:86:dc:d5:c7:98:
                    15:08:fb:d7:2a:6b:db:10:11:c7:5c:2c:e7:1f:d7:
                    70:5d:86:1e:f4:89:b6:d6:75:40:51:97:d1:7b:e5:
                    65:df:a4:61:53:be:ee:b8:60:8e:45:94:5c:57:b5:
                    ed:95:45:2f:cf:12:24:e3:30:3f:62:ef:5e:7f:ee:
                    b0:c9:2f:d1:ec:ae:4e:1c:36:31:2e:0f:a7:57:0c:
                    76:7b:f5:0a:fa:b8:24:ff:f4:2b:cd:33:a3:82:a4:
                    35:50:86:93:5a:70:ba:2a:05:25:4f:5e:70:e4:5f:
                    33:1f:a1:70:4d:ff:f3:e2:92:29:52:58:1e:96:73:
                    21:56:8d:30:f3:81:ed:53:a2:41:49:70:4d:e8:95:
                    29:ab:1e:75:d6:7f:00:57:2f:a9:4d:5b:86:ed:85:
                    34:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:32:95:F8:3A:5D:5E:67:A2:D9:24:77:AE:B9:E3:A1:42:05:36:A4
            X509v3 Authority Key Identifier:
                keyid:F5:F0:F0:7C:A0:A6:B4:CB:2C:15:9E:90:45:97:45:03:AE:28:85:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9fDwfKCmtMssFZ6QRZdFA64ohYE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/eb0d91-708c-4910-84f9-323486ca0540/1/_TKV-DpdXmei2SR3rrnjoUIFNqQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/eb0d91-708c-4910-84f9-323486ca0540/1/9fDwfKCmtMssFZ6QRZdFA64ohYE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.157.144.0/22
                IPv6:
                  2a07:a740::/29

    Signature Algorithm: sha256WithRSAEncryption
         45:39:d4:b7:fc:36:de:e3:55:e3:0a:dc:5f:fd:5e:c5:7f:e3:
         51:c0:ca:b1:96:5d:c4:c0:77:de:9c:a3:bb:7e:b1:c9:6f:e1:
         87:fe:9a:1c:1e:11:b2:0e:04:12:46:39:b1:31:23:4b:c1:51:
         b8:04:ad:96:52:8e:7d:5d:86:5a:46:ce:96:4e:eb:c3:50:9e:
         e2:eb:1e:a5:94:32:65:ca:9c:be:e5:7e:4e:21:1c:14:50:41:
         61:c4:ce:bc:7b:1b:1f:be:d5:80:d4:3a:66:de:fd:44:e3:0a:
         cb:30:71:5e:ad:33:4d:f8:3a:f1:0b:6e:fd:11:34:4f:b2:31:
         88:9c:68:ad:21:df:55:d8:a0:30:77:cf:cc:85:28:7c:05:35:
         65:1f:78:5b:a9:36:3a:6c:72:3f:e4:71:98:df:ca:fe:84:3b:
         a7:a0:be:b5:53:65:56:9c:19:7b:1d:28:15:d0:2f:d7:4b:ef:
         57:7e:75:35:64:7f:eb:6b:30:ed:aa:d5:ce:fa:6f:f0:b5:3a:
         c6:9e:56:91:23:24:fe:49:c1:fc:29:92:1d:7a:f1:49:b4:14:
         32:91:6f:e3:8a:24:0a:11:6c:cc:82:93:bd:a2:40:7a:ba:28:
         fc:3a:ea:75:5f:59:b2:3b:9c:4d:2b:d3:d3:7d:38:bc:31:83:
         30:17:96:3f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZnN1HoGsk9kmK/ZXpbFSlqUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZjBmMDdjYTBhNmI0Y2IyYzE1OWU5MDQ1OTc0NTAzYWUy
ODg1ODEwHhcNMjUxMDEwMTExNDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDMyOTVmODNhNWQ1ZTY3YTJkOTI0NzdhZWI5ZTNhMTQyMDUzNmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy6lVvaTt7O7vbKUmqG+LpkZ3Z+HB
fFEsA6w/T/EM3IdnD6f5HcdJOIsV7ffiZ79Ky6MInKtliMLwPoC+UyoRL3hdV7WN
5KZCeDGtVMLZ9nDVEj7O+Zbvo/KSi5S3JBLJ849VhtzVx5gVCPvXKmvbEBHHXCzn
H9dwXYYe9Im21nVAUZfRe+Vl36RhU77uuGCORZRcV7XtlUUvzxIk4zA/Yu9ef+6w
yS/R7K5OHDYxLg+nVwx2e/UK+rgk//QrzTOjgqQ1UIaTWnC6KgUlT15w5F8zH6Fw
Tf/z4pIpUlgelnMhVo0w84HtU6JBSXBN6JUpqx511n8AVy+pTVuG7YU0TQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFP0ylfg6XV5notkkd66546FCBTakMB8GA1UdIwQY
MBaAFPXw8HygprTLLBWekEWXRQOuKIWBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWZEd2ZLQ210TXNzRlo2UVJaZEZBNjRvaFlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9lYjBkOTEtNzA4Yy00OTEwLTg0Zjkt
MzIzNDg2Y2EwNTQwLzEvX1RLVi1EcGRYbWVpMlNSM3JybmpvVUlGTnFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9lYjBkOTEtNzA4Yy00OTEwLTg0ZjktMzIzNDg2Y2EwNTQw
LzEvOWZEd2ZLQ210TXNzRlo2UVJaZEZBNjRvaFlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZ2QMA0E
AgACMAcDBQMqB6dAMA0GCSqGSIb3DQEBCwUAA4IBAQBFOdS3/Dbe41XjCtxf/V7F
f+NRwMqxll3EwHfenKO7frHJb+GH/pocHhGyDgQSRjmxMSNLwVG4BK2WUo59XYZa
Rs6WTuvDUJ7i6x6llDJlypy+5X5OIRwUUEFhxM68exsfvtWA1Dpm3v1E4wrLMHFe
rTNN+DrxC279ETRPsjGInGitId9V2KAwd8/MhSh8BTVlH3hbqTY6bHI/5HGY38r+
hDunoL61U2VWnBl7HSgV0C/XS+9XfnU1ZH/razDtqtXO+m/wtTrGnlaRIyT+ScH8
KZIdevFJtBQykW/jiiQKEWzMgpO9okB6uij8Oup1X1myO5xNK9PTfTi8MYMwF5Y/
-----END CERTIFICATE-----