Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/T-WQUbMA2opCoWmz9iIpBVDop7w.roa
File:                     T-WQUbMA2opCoWmz9iIpBVDop7w.roa (raw, json)
Hash identifier:          LxZzYTsPv2oZVsXtK1M9TpzKZjJLXQwZ4LXrHPlJD7Y=
Subject key identifier:   4F:E5:90:51:B3:00:DA:8A:42:A1:69:B3:F6:22:29:05:50:E8:A7:BC
Certificate issuer:       /CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
Certificate serial:       01982468D11CAD1206896D6CA307DCDA2F4D
Authority key identifier: 05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/T-WQUbMA2opCoWmz9iIpBVDop7w.roa
Signing time:             Sat 19 Jul 2025 20:38:25 +0000
ROA not before:           Sat 19 Jul 2025 20:38:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63023
IP address blocks:        188.209.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:24:68:d1:1c:ad:12:06:89:6d:6c:a3:07:dc:da:2f:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
        Validity
            Not Before: Jul 19 20:38:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4fe59051b300da8a42a169b3f622290550e8a7bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:33:57:1d:51:28:9c:1b:74:e8:16:e8:a8:de:
                    90:5e:4c:70:b5:96:65:b5:51:47:1d:5f:90:ef:b6:
                    36:52:0b:f9:52:ca:4e:7d:d7:e5:87:ec:18:93:36:
                    70:70:89:b0:4b:32:14:b2:80:ae:c5:66:df:10:4b:
                    f5:d4:64:3f:2f:c2:c3:59:90:cd:e4:b2:21:20:dd:
                    77:1b:dd:c5:70:77:4c:08:0e:be:d8:4e:41:18:9e:
                    bc:cb:35:d6:5e:bd:be:9f:cd:f8:b6:92:85:fc:72:
                    ea:c5:00:04:79:26:07:20:36:14:22:38:06:fe:87:
                    b1:ba:14:aa:0c:6d:28:df:b3:ad:b7:d6:4f:5f:04:
                    d7:14:38:df:ef:46:dc:fe:0b:b7:be:8b:6a:76:14:
                    e0:11:10:20:42:db:66:73:cc:52:cc:11:e0:c8:ea:
                    ca:b9:57:7f:1b:8b:0a:50:88:de:f2:9a:54:32:02:
                    72:bf:19:e6:2c:52:57:aa:3a:f9:c8:f3:29:42:a2:
                    bb:b4:08:5a:0c:fa:a3:a8:f8:9e:23:25:05:50:a1:
                    93:ef:0a:38:da:78:b4:33:93:41:90:40:fe:e4:c1:
                    16:6f:b5:7e:e7:79:bd:b4:e9:36:aa:f7:f3:84:d0:
                    ab:9d:9b:d8:56:2d:ae:68:3d:e0:bd:29:a5:b5:5d:
                    78:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:E5:90:51:B3:00:DA:8A:42:A1:69:B3:F6:22:29:05:50:E8:A7:BC
            X509v3 Authority Key Identifier:
                keyid:05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/T-WQUbMA2opCoWmz9iIpBVDop7w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.209.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:7f:2c:5c:8f:5c:f7:27:32:9c:36:dc:72:43:32:21:0c:0f:
         46:bd:16:4c:20:05:f2:cf:e7:33:e0:65:f3:af:29:c9:ae:13:
         39:26:24:39:a5:d3:03:01:02:c3:a5:c6:52:9c:de:40:67:fa:
         cb:17:b1:5e:51:f2:27:a0:e9:6e:aa:dc:b4:33:dd:e4:8b:3a:
         10:e3:62:55:2b:25:c8:4d:0b:41:d7:11:9a:cc:64:34:b9:c1:
         a2:23:bb:2a:df:4e:ac:21:fb:c8:5c:0e:25:11:e2:b9:ac:78:
         69:e2:56:66:81:54:d9:c0:7b:b6:b2:8b:ac:cc:33:69:6c:8a:
         83:e3:08:02:57:f4:c9:2a:aa:85:62:2d:18:f6:f2:54:5c:d6:
         b4:26:a8:72:e3:bc:97:74:db:8f:f3:31:86:ed:cf:de:99:20:
         d2:93:a7:20:56:9b:32:0b:34:4d:e2:e6:71:29:be:1d:a2:cc:
         1b:7f:e7:27:dd:51:9a:a6:71:21:c6:df:dc:34:6b:d5:47:95:
         df:6c:b8:f5:f1:8c:9e:0e:de:5b:5c:62:b9:ab:07:16:1c:ab:
         fc:83:bf:29:50:e2:2b:d5:00:ec:f6:34:49:36:93:9e:31:45:
         c4:0a:cd:15:ee:8d:11:5b:e1:aa:88:21:28:69:8a:11:88:16:
         68:b2:57:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgkaNEcrRIGiW1sowfc2i9NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MWYyOTQ2MmU3YTdkYTdlYjVmNDVkYTc4NzNmMTRlNDAz
ZmUzYWIwHhcNMjUwNzE5MjAzODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmU1OTA1MWIzMDBkYThhNDJhMTY5YjNmNjIyMjkwNTUwZThhN2JjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4DNXHVEonBt06BboqN6QXkxwtZZl
tVFHHV+Q77Y2Ugv5UspOfdflh+wYkzZwcImwSzIUsoCuxWbfEEv11GQ/L8LDWZDN
5LIhIN13G93FcHdMCA6+2E5BGJ68yzXWXr2+n834tpKF/HLqxQAEeSYHIDYUIjgG
/oexuhSqDG0o37Ott9ZPXwTXFDjf70bc/gu3votqdhTgERAgQttmc8xSzBHgyOrK
uVd/G4sKUIje8ppUMgJyvxnmLFJXqjr5yPMpQqK7tAhaDPqjqPieIyUFUKGT7wo4
2ni0M5NBkED+5MEWb7V+53m9tOk2qvfzhNCrnZvYVi2uaD3gvSmltV141wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE/lkFGzANqKQqFps/YiKQVQ6Ke8MB8GA1UdIwQY
MBaAFAUfKUYuen2n619F2nhz8U5AP+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEt
M2Y4YjU1ZGExYWM0LzEvVC1XUVViTUEyb3BDb1dtejlpSXBCVkRvcDd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEtM2Y4YjU1ZGExYWM0
LzEvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNGAMA0G
CSqGSIb3DQEBCwUAA4IBAQB0fyxcj1z3JzKcNtxyQzIhDA9GvRZMIAXyz+cz4GXz
rynJrhM5JiQ5pdMDAQLDpcZSnN5AZ/rLF7FeUfInoOluqty0M93kizoQ42JVKyXI
TQtB1xGazGQ0ucGiI7sq306sIfvIXA4lEeK5rHhp4lZmgVTZwHu2souszDNpbIqD
4wgCV/TJKqqFYi0Y9vJUXNa0Jqhy47yXdNuP8zGG7c/emSDSk6cgVpsyCzRN4uZx
Kb4doswbf+cn3VGapnEhxt/cNGvVR5XfbLj18YyeDt5bXGK5qwcWHKv8g78pUOIr
1QDs9jRJNpOeMUXECs0V7o0RW+GqiCEoaYoRiBZosldx
-----END CERTIFICATE-----