Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/tWNAblpSIHBRwstDjrx69LZTG3c.roa
File:                     tWNAblpSIHBRwstDjrx69LZTG3c.roa (raw, json)
Hash identifier:          TOR0ePLyq2A8fQRU7qwOgqkqVyE2uNZxjRQtXz0qxQ0=
Subject key identifier:   B5:63:40:6E:5A:52:20:70:51:C2:CB:43:8E:BC:7A:F4:B6:53:1B:77
Certificate issuer:       /CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
Certificate serial:       0198AA0756B34C6FC72BBD02A3FACE6A3960
Authority key identifier: 5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/tWNAblpSIHBRwstDjrx69LZTG3c.roa
Signing time:             Thu 14 Aug 2025 19:21:04 +0000
ROA not before:           Thu 14 Aug 2025 19:21:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        91.200.253.0/24 maxlen: 24
                          114.69.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 00:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:aa:07:56:b3:4c:6f:c7:2b:bd:02:a3:fa:ce:6a:39:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
        Validity
            Not Before: Aug 14 19:21:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b563406e5a52207051c2cb438ebc7af4b6531b77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:e1:70:3b:c7:55:70:de:53:48:02:d1:ed:6f:
                    01:5b:9e:9b:fe:f2:ff:e1:b8:bb:1a:b3:a5:d1:38:
                    e8:30:13:8b:96:63:5a:e6:ed:43:54:26:56:21:60:
                    a8:a5:56:04:88:d1:20:89:2f:23:b4:8c:01:30:d5:
                    a0:41:ef:11:4f:a7:0e:52:ec:13:a5:88:eb:b6:5f:
                    8d:d5:83:0f:fc:11:7f:8c:7a:9a:db:d0:88:34:d1:
                    b1:51:1b:4f:ce:43:31:15:14:94:2b:b0:44:b2:01:
                    80:70:5e:a0:48:94:d6:5d:5d:7e:ff:5d:48:e4:f0:
                    d8:6e:a5:ef:13:11:3a:4f:32:b3:1c:98:da:28:b6:
                    48:70:14:ef:c8:6e:95:35:6b:4f:2d:35:08:8b:a4:
                    45:bf:8e:3d:a9:8f:86:cd:c5:82:50:10:79:78:cf:
                    e3:e3:59:8b:ca:e4:3e:84:2a:7a:41:05:59:45:d6:
                    eb:1a:ad:a9:30:3a:85:70:d9:a7:9e:88:a2:77:c8:
                    44:9c:8a:f1:1c:56:b8:66:f8:94:cc:38:51:f2:08:
                    12:9d:9f:3a:29:cc:13:ba:c6:3c:91:32:cb:73:68:
                    07:97:ed:f1:17:03:ff:8e:8f:92:a6:e6:c2:d3:db:
                    cb:bf:d5:5e:d8:c8:be:7f:db:6d:6e:14:da:b9:77:
                    1c:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:63:40:6E:5A:52:20:70:51:C2:CB:43:8E:BC:7A:F4:B6:53:1B:77
            X509v3 Authority Key Identifier:
                keyid:5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/tWNAblpSIHBRwstDjrx69LZTG3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.253.0/24
                  114.69.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:12:f1:2b:81:3d:2b:09:5b:82:e3:86:e7:47:3e:89:cf:af:
         49:fd:54:e1:04:77:68:30:77:72:c5:f3:f8:1f:46:fa:69:1c:
         69:c6:2c:fe:6c:b4:4f:b9:28:85:50:12:1d:9d:ea:52:9f:6e:
         75:0b:84:96:de:db:aa:d3:44:80:3b:ce:c0:2f:ed:da:5c:e4:
         11:25:29:54:05:bb:68:76:15:0f:f7:3e:43:e8:8d:45:db:07:
         49:06:0a:ce:de:6b:7c:92:70:11:ee:0f:f3:e0:2a:25:69:67:
         fe:a0:81:c0:50:b8:7c:f2:6e:9f:ac:35:f9:b7:01:60:bd:1d:
         32:6b:a1:3d:91:28:93:8a:24:6a:82:93:3a:69:55:98:e4:b0:
         78:cf:bd:b1:0d:74:10:42:d2:dc:40:9b:18:da:24:ab:86:95:
         d7:fb:7c:54:1e:e4:ba:5b:60:07:ef:f6:7a:46:5e:47:24:a1:
         28:13:55:04:72:49:87:89:19:9c:58:df:53:30:d9:24:8f:60:
         81:25:a8:d0:d7:cc:1d:ad:1a:16:0c:1a:97:5b:f0:7f:a4:57:
         85:94:70:f1:f0:d7:64:f5:11:1e:14:48:82:65:49:59:a7:94:
         b8:d6:ed:fe:51:4c:d4:92:69:e3:6d:ca:a8:07:9b:e5:05:d1:
         42:0b:7f:91
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZiqB1azTG/HK70Co/rOajlgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDZmNmQyOTliY2RlYzczZDEzZjJkODQyZmMxZGY0YmMx
ZWUyZDMwHhcNMjUwODE0MTkyMTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTYzNDA2ZTVhNTIyMDcwNTFjMmNiNDM4ZWJjN2FmNGI2NTMxYjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+FwO8dVcN5TSALR7W8BW56b/vL/
4bi7GrOl0TjoMBOLlmNa5u1DVCZWIWCopVYEiNEgiS8jtIwBMNWgQe8RT6cOUuwT
pYjrtl+N1YMP/BF/jHqa29CINNGxURtPzkMxFRSUK7BEsgGAcF6gSJTWXV1+/11I
5PDYbqXvExE6TzKzHJjaKLZIcBTvyG6VNWtPLTUIi6RFv449qY+GzcWCUBB5eM/j
41mLyuQ+hCp6QQVZRdbrGq2pMDqFcNmnnoiid8hEnIrxHFa4ZviUzDhR8ggSnZ86
KcwTusY8kTLLc2gHl+3xFwP/jo+SpubC09vLv9Ve2Mi+f9ttbhTauXccMwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLVjQG5aUiBwUcLLQ468evS2Uxt3MB8GA1UdIwQY
MBaAFF3W9tKZvN7HPRPy2EL8HfS8HuLTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYt
NTFmNWZmODFjMTE3LzEvdFdOQWJscFNJSEJSd3N0RGpyeDY5TFpURzNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYtNTFmNWZmODFjMTE3
LzEvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8j9AwQA
ckX1MA0GCSqGSIb3DQEBCwUAA4IBAQAHEvErgT0rCVuC44bnRz6Jz69J/VThBHdo
MHdyxfP4H0b6aRxpxiz+bLRPuSiFUBIdnepSn251C4SW3tuq00SAO87AL+3aXOQR
JSlUBbtodhUP9z5D6I1F2wdJBgrO3mt8knAR7g/z4ColaWf+oIHAULh88m6frDX5
twFgvR0ya6E9kSiTiiRqgpM6aVWY5LB4z72xDXQQQtLcQJsY2iSrhpXX+3xUHuS6
W2AH7/Z6Rl5HJKEoE1UEckmHiRmcWN9TMNkkj2CBJajQ18wdrRoWDBqXW/B/pFeF
lHDx8Ndk9REeFEiCZUlZp5S41u3+UUzUkmnjbcqoB5vlBdFCC3+R
-----END CERTIFICATE-----