Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/eb25b5-71ea-469d-9484-4ea6dfb2e5d3/1/tsEpNfREWif2pmmZMW8i8IMX_NA.roa
File:                     tsEpNfREWif2pmmZMW8i8IMX_NA.roa (raw, json)
Hash identifier:          Z317i+maC8qfR96UM+ggVrhs1/7gBs3PFnoiv0k12gI=
Subject key identifier:   B6:C1:29:35:F4:44:5A:27:F6:A6:69:99:31:6F:22:F0:83:17:FC:D0
Certificate issuer:       /CN=49af2153f02409a464e4d7461c802d4b8dd10dff
Certificate serial:       0198A89DAA8EF51D87511646935D213808F3
Authority key identifier: 49:AF:21:53:F0:24:09:A4:64:E4:D7:46:1C:80:2D:4B:8D:D1:0D:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sa8hU_AkCaRk5NdGHIAtS43RDf8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/eb25b5-71ea-469d-9484-4ea6dfb2e5d3/1/tsEpNfREWif2pmmZMW8i8IMX_NA.roa
Signing time:             Thu 14 Aug 2025 12:46:01 +0000
ROA not before:           Thu 14 Aug 2025 12:46:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15440
IP address blocks:        185.140.228.0/24 maxlen: 24
                          185.140.229.0/24 maxlen: 24
                          2a14:54c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/eb25b5-71ea-469d-9484-4ea6dfb2e5d3/1/Sa8hU_AkCaRk5NdGHIAtS43RDf8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/eb25b5-71ea-469d-9484-4ea6dfb2e5d3/1/Sa8hU_AkCaRk5NdGHIAtS43RDf8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sa8hU_AkCaRk5NdGHIAtS43RDf8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a8:9d:aa:8e:f5:1d:87:51:16:46:93:5d:21:38:08:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49af2153f02409a464e4d7461c802d4b8dd10dff
        Validity
            Not Before: Aug 14 12:46:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b6c12935f4445a27f6a66999316f22f08317fcd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:a2:9b:66:0c:25:00:0a:da:c0:8d:4c:4a:79:
                    e9:9d:f2:c5:05:9b:7b:b2:10:1a:e2:e3:0a:dc:2f:
                    50:b7:2a:4a:97:18:d6:ee:4b:ae:bd:fd:71:ee:e0:
                    14:d7:67:29:7e:0c:ac:7f:a4:81:b0:77:89:83:62:
                    b9:a8:f3:cf:64:5d:d6:2b:b1:d7:71:ca:db:0d:9a:
                    c4:ff:fc:0f:21:7b:aa:9c:48:6d:b0:34:4d:53:c5:
                    d2:fe:30:36:5d:d4:8d:8a:75:32:d3:c1:02:f7:b9:
                    87:d8:90:16:06:3c:b3:9b:bc:df:2b:ac:e1:0e:11:
                    6d:17:37:d4:25:ed:56:27:1b:35:b1:5a:f0:02:03:
                    74:9a:6f:88:bb:dc:62:de:94:15:4d:73:d9:6a:5c:
                    a8:0b:f8:33:cf:b5:a3:f7:3f:59:89:ac:2d:76:07:
                    ca:58:11:3a:3f:40:29:d7:d4:84:38:0c:b8:bb:f2:
                    5e:1d:ee:e4:99:a3:cd:99:2a:8e:e0:40:6e:a6:56:
                    e2:96:4d:76:a1:f0:04:50:03:08:37:32:6a:2a:2d:
                    23:83:00:5a:3e:bd:69:cc:32:37:3a:5c:f9:5b:27:
                    c6:0d:0c:53:64:e8:3f:45:fb:f7:8c:08:a4:21:b5:
                    e4:3a:c4:55:d3:69:67:d9:de:6d:b5:0e:9a:1d:e9:
                    31:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:C1:29:35:F4:44:5A:27:F6:A6:69:99:31:6F:22:F0:83:17:FC:D0
            X509v3 Authority Key Identifier:
                keyid:49:AF:21:53:F0:24:09:A4:64:E4:D7:46:1C:80:2D:4B:8D:D1:0D:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sa8hU_AkCaRk5NdGHIAtS43RDf8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/eb25b5-71ea-469d-9484-4ea6dfb2e5d3/1/tsEpNfREWif2pmmZMW8i8IMX_NA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/eb25b5-71ea-469d-9484-4ea6dfb2e5d3/1/Sa8hU_AkCaRk5NdGHIAtS43RDf8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.228.0/23
                IPv6:
                  2a14:54c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         20:63:7f:08:86:a9:60:fe:59:25:b8:01:f2:84:66:8e:b0:5a:
         93:1d:56:f6:26:70:4c:3c:f7:ef:a5:da:17:24:fd:1e:b1:22:
         76:9c:c0:bf:e1:9f:d8:19:64:14:a8:ef:39:af:5a:45:b1:91:
         86:c9:8a:bf:fe:c2:4e:fe:88:6c:dc:f8:ea:67:b2:85:72:62:
         34:9f:f5:db:c6:d7:91:30:11:fe:67:8b:b6:4e:8c:d3:84:e1:
         03:4a:4b:ef:b4:e1:0f:e2:2f:8c:5e:69:b0:2b:09:cf:86:b4:
         dc:4d:d3:42:d9:8c:e9:ec:89:1a:f6:90:7f:f0:3d:52:ee:5b:
         61:f6:3b:63:3b:d7:96:b9:83:2e:d3:65:a1:7a:fa:52:32:58:
         dd:7f:48:b7:fa:bb:ca:24:71:6b:e7:26:50:e8:e6:21:77:96:
         6e:50:dd:9f:d3:8d:e7:88:2b:97:63:2c:3d:f7:b6:48:71:18:
         2e:33:6e:c8:60:63:8d:93:ea:ba:80:11:bd:08:fd:11:84:01:
         3d:da:cc:20:61:62:23:61:5c:ce:43:3a:d8:d1:9f:72:3f:30:
         dc:1e:c0:4b:b5:c1:5c:42:3e:e5:d9:a4:f9:3e:51:99:b2:b1:
         e1:da:61:89:76:eb:af:65:9d:71:45:f4:ce:59:4e:a3:89:3c:
         90:7e:b4:fd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZionaqO9R2HURZGk10hOAjzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5YWYyMTUzZjAyNDA5YTQ2NGU0ZDc0NjFjODAyZDRiOGRk
MTBkZmYwHhcNMjUwODE0MTI0NjAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmMxMjkzNWY0NDQ1YTI3ZjZhNjY5OTkzMTZmMjJmMDgzMTdmY2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhaKbZgwlAArawI1MSnnpnfLFBZt7
shAa4uMK3C9QtypKlxjW7kuuvf1x7uAU12cpfgysf6SBsHeJg2K5qPPPZF3WK7HX
ccrbDZrE//wPIXuqnEhtsDRNU8XS/jA2XdSNinUy08EC97mH2JAWBjyzm7zfK6zh
DhFtFzfUJe1WJxs1sVrwAgN0mm+Iu9xi3pQVTXPZalyoC/gzz7Wj9z9ZiawtdgfK
WBE6P0Ap19SEOAy4u/JeHe7kmaPNmSqO4EBuplbilk12ofAEUAMINzJqKi0jgwBa
Pr1pzDI3Olz5WyfGDQxTZOg/Rfv3jAikIbXkOsRV02ln2d5ttQ6aHekxXQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLbBKTX0RFon9qZpmTFvIvCDF/zQMB8GA1UdIwQY
MBaAFEmvIVPwJAmkZOTXRhyALUuN0Q3/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2E4aFVfQWtDYVJrNU5kR0hJQXRTNDNSRGY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9lYjI1YjUtNzFlYS00NjlkLTk0ODQt
NGVhNmRmYjJlNWQzLzEvdHNFcE5mUkVXaWYycG1tWk1XOGk4SU1YX05BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9lYjI1YjUtNzFlYS00NjlkLTk0ODQtNGVhNmRmYjJlNWQz
LzEvU2E4aFVfQWtDYVJrNU5kR0hJQXRTNDNSRGY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuYzkMA0E
AgACMAcDBQMqFFTAMA0GCSqGSIb3DQEBCwUAA4IBAQAgY38Ihqlg/lkluAHyhGaO
sFqTHVb2JnBMPPfvpdoXJP0esSJ2nMC/4Z/YGWQUqO85r1pFsZGGyYq//sJO/ohs
3PjqZ7KFcmI0n/XbxteRMBH+Z4u2TozThOEDSkvvtOEP4i+MXmmwKwnPhrTcTdNC
2Yzp7Ika9pB/8D1S7lth9jtjO9eWuYMu02WhevpSMljdf0i3+rvKJHFr5yZQ6OYh
d5ZuUN2f043niCuXYyw997ZIcRguM27IYGONk+q6gBG9CP0RhAE92swgYWIjYVzO
QzrY0Z9yPzDcHsBLtcFcQj7l2aT5PlGZsrHh2mGJduuvZZ1xRfTOWU6jiTyQfrT9
-----END CERTIFICATE-----