Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/81d94d-2e40-4546-8b89-804f17ec245e/1/tn_gy-6KAV5ZpTSqYbryoSs6AIA.roa
File:                     tn_gy-6KAV5ZpTSqYbryoSs6AIA.roa (raw, json)
Hash identifier:          tZ5/NhO61aB/g/lfOTBKTOhiuBSX3QMZ1HNoyXDOpwg=
Subject key identifier:   B6:7F:E0:CB:EE:8A:01:5E:59:A5:34:AA:61:BA:F2:A1:2B:3A:00:80
Certificate issuer:       /CN=0c17dae04476db1016caa43e3ed9bc6bd69f3975
Certificate serial:       0199753751E925BBF51DE18DD35151E1235A
Authority key identifier: 0C:17:DA:E0:44:76:DB:10:16:CA:A4:3E:3E:D9:BC:6B:D6:9F:39:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DBfa4ER22xAWyqQ-Ptm8a9afOXU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/81d94d-2e40-4546-8b89-804f17ec245e/1/tn_gy-6KAV5ZpTSqYbryoSs6AIA.roa
Signing time:             Tue 23 Sep 2025 06:16:23 +0000
ROA not before:           Tue 23 Sep 2025 06:16:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207436
IP address blocks:        185.124.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/81d94d-2e40-4546-8b89-804f17ec245e/1/DBfa4ER22xAWyqQ-Ptm8a9afOXU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/81d94d-2e40-4546-8b89-804f17ec245e/1/DBfa4ER22xAWyqQ-Ptm8a9afOXU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DBfa4ER22xAWyqQ-Ptm8a9afOXU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:75:37:51:e9:25:bb:f5:1d:e1:8d:d3:51:51:e1:23:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c17dae04476db1016caa43e3ed9bc6bd69f3975
        Validity
            Not Before: Sep 23 06:16:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b67fe0cbee8a015e59a534aa61baf2a12b3a0080
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:41:33:58:18:5f:15:91:84:14:83:13:c9:b0:
                    9c:83:16:1e:a8:c5:0d:1e:22:13:cb:73:16:f8:2a:
                    af:68:ac:56:60:1a:e1:09:8b:9e:38:55:06:1b:77:
                    fe:16:56:25:18:65:c1:f3:5d:fe:f0:0e:4b:cc:74:
                    ee:31:15:00:15:e6:77:d3:7b:8f:1f:d3:ab:6f:08:
                    75:cd:cf:a0:1b:34:5c:27:50:16:1a:40:00:25:09:
                    f3:7b:d5:0a:5c:e4:cf:ec:13:2a:a5:fb:7b:9b:e9:
                    62:83:7b:b7:ad:a7:2e:68:8a:06:30:3b:d2:7a:b0:
                    19:46:24:c8:3c:f4:41:c5:e2:87:5d:02:c8:f9:07:
                    dd:88:a7:b8:b5:e6:9b:c0:ba:eb:01:56:62:fd:82:
                    97:99:70:50:72:76:7e:b5:10:58:3c:e8:e0:7e:a1:
                    5d:69:b8:ab:ab:08:5a:08:38:db:de:eb:67:36:29:
                    cc:d5:ca:e7:c9:07:b2:48:fb:c9:c3:06:d5:9a:26:
                    12:c0:52:47:a1:8c:f8:a6:62:5f:fe:2b:cd:53:82:
                    93:2e:05:d7:23:0c:20:24:59:be:5b:f4:15:fd:00:
                    cc:e4:bc:02:1c:ac:d2:82:dc:cd:8d:d5:e9:c1:e0:
                    2d:22:e2:23:1e:9a:87:fd:f5:2d:4e:bd:4b:27:64:
                    68:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:7F:E0:CB:EE:8A:01:5E:59:A5:34:AA:61:BA:F2:A1:2B:3A:00:80
            X509v3 Authority Key Identifier:
                keyid:0C:17:DA:E0:44:76:DB:10:16:CA:A4:3E:3E:D9:BC:6B:D6:9F:39:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DBfa4ER22xAWyqQ-Ptm8a9afOXU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/81d94d-2e40-4546-8b89-804f17ec245e/1/tn_gy-6KAV5ZpTSqYbryoSs6AIA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/81d94d-2e40-4546-8b89-804f17ec245e/1/DBfa4ER22xAWyqQ-Ptm8a9afOXU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:2b:e9:79:16:de:51:9c:54:71:f1:83:3f:16:eb:e4:7e:6e:
         dc:1d:60:7a:b9:84:c9:78:16:18:49:50:2a:34:44:e8:52:c1:
         93:b2:2b:4c:c9:e4:1a:b4:74:bf:11:8a:0e:aa:75:36:b8:fe:
         f7:99:15:43:5d:58:e4:fd:2a:76:1c:e8:2e:4e:a4:3e:60:0c:
         05:3b:de:ab:40:ad:c8:c5:e2:3b:58:18:5e:0c:48:e3:71:95:
         7b:19:52:b6:86:63:e1:26:14:dd:55:a9:0a:ed:5c:2b:61:c9:
         ca:86:c5:fb:54:f9:8b:d0:54:a8:ad:19:de:90:5c:98:8c:f3:
         36:ab:68:61:7a:6b:39:f1:69:84:f9:7e:6b:d7:8c:32:60:05:
         bb:8b:61:d5:48:f4:8a:dd:c3:47:f7:a9:cb:5b:9b:dd:6a:e4:
         05:08:8e:dd:77:31:ff:bf:44:b9:32:07:20:fb:1f:e6:02:dd:
         dd:3c:b4:39:27:92:1a:74:9c:1a:50:de:ce:dd:39:04:b2:cf:
         18:8a:9d:23:42:e4:3c:58:36:1b:9f:41:e5:3c:2d:53:85:6d:
         fb:1d:2b:bc:52:70:ac:62:e2:d1:81:09:6f:b5:bd:50:24:a6:
         9f:61:41:2f:4b:49:5a:31:d6:9d:5e:8f:b3:aa:fe:52:0b:09:
         95:82:15:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl1N1HpJbv1HeGN01FR4SNaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMTdkYWUwNDQ3NmRiMTAxNmNhYTQzZTNlZDliYzZiZDY5
ZjM5NzUwHhcNMjUwOTIzMDYxNjIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjdmZTBjYmVlOGEwMTVlNTlhNTM0YWE2MWJhZjJhMTJiM2EwMDgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4kEzWBhfFZGEFIMTybCcgxYeqMUN
HiITy3MW+CqvaKxWYBrhCYueOFUGG3f+FlYlGGXB813+8A5LzHTuMRUAFeZ303uP
H9Orbwh1zc+gGzRcJ1AWGkAAJQnze9UKXOTP7BMqpft7m+lig3u3racuaIoGMDvS
erAZRiTIPPRBxeKHXQLI+QfdiKe4teabwLrrAVZi/YKXmXBQcnZ+tRBYPOjgfqFd
abirqwhaCDjb3utnNinM1crnyQeySPvJwwbVmiYSwFJHoYz4pmJf/ivNU4KTLgXX
IwwgJFm+W/QV/QDM5LwCHKzSgtzNjdXpweAtIuIjHpqH/fUtTr1LJ2Ro9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLZ/4MvuigFeWaU0qmG68qErOgCAMB8GA1UdIwQY
MBaAFAwX2uBEdtsQFsqkPj7ZvGvWnzl1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREJmYTRFUjIyeEFXeXFRLVB0bThhOWFmT1hVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi84MWQ5NGQtMmU0MC00NTQ2LThiODkt
ODA0ZjE3ZWMyNDVlLzEvdG5fZ3ktNktBVjVacFRTcVlicnlvU3M2QUlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi84MWQ5NGQtMmU0MC00NTQ2LThiODktODA0ZjE3ZWMyNDVl
LzEvREJmYTRFUjIyeEFXeXFRLVB0bThhOWFmT1hVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXxLMA0G
CSqGSIb3DQEBCwUAA4IBAQB0K+l5Ft5RnFRx8YM/Fuvkfm7cHWB6uYTJeBYYSVAq
NEToUsGTsitMyeQatHS/EYoOqnU2uP73mRVDXVjk/Sp2HOguTqQ+YAwFO96rQK3I
xeI7WBheDEjjcZV7GVK2hmPhJhTdVakK7VwrYcnKhsX7VPmL0FSorRnekFyYjPM2
q2hhems58WmE+X5r14wyYAW7i2HVSPSK3cNH96nLW5vdauQFCI7ddzH/v0S5Mgcg
+x/mAt3dPLQ5J5IadJwaUN7O3TkEss8Yip0jQuQ8WDYbn0HlPC1ThW37HSu8UnCs
YuLRgQlvtb1QJKafYUEvS0laMdadXo+zqv5SCwmVghX1
-----END CERTIFICATE-----