Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/e8449a-a797-452b-bdfa-9c4211dda541/1/tfcLpKerdpFoXOb5QmMUPRfvX3g.roa
File:                     tfcLpKerdpFoXOb5QmMUPRfvX3g.roa (raw, json)
Hash identifier:          KomNoR2J4PlIML4Y+vVt+wvjHhv9BWoRwvkNwWbeubw=
Subject key identifier:   B5:F7:0B:A4:A7:AB:76:91:68:5C:E6:F9:42:63:14:3D:17:EF:5F:78
Certificate issuer:       /CN=455f545e2a94f051ceb8f80f446c1cb61c0e6c8e
Certificate serial:       01980809ADE9EFD6192D0DD04638773CF334
Authority key identifier: 45:5F:54:5E:2A:94:F0:51:CE:B8:F8:0F:44:6C:1C:B6:1C:0E:6C:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RV9UXiqU8FHOuPgPRGwcthwObI4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/e8449a-a797-452b-bdfa-9c4211dda541/1/tfcLpKerdpFoXOb5QmMUPRfvX3g.roa
Signing time:             Mon 14 Jul 2025 08:25:08 +0000
ROA not before:           Mon 14 Jul 2025 08:25:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25369
IP address blocks:        193.104.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/e8449a-a797-452b-bdfa-9c4211dda541/1/RV9UXiqU8FHOuPgPRGwcthwObI4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/e8449a-a797-452b-bdfa-9c4211dda541/1/RV9UXiqU8FHOuPgPRGwcthwObI4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RV9UXiqU8FHOuPgPRGwcthwObI4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:08:09:ad:e9:ef:d6:19:2d:0d:d0:46:38:77:3c:f3:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=455f545e2a94f051ceb8f80f446c1cb61c0e6c8e
        Validity
            Not Before: Jul 14 08:25:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b5f70ba4a7ab7691685ce6f94263143d17ef5f78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:e5:f6:60:b9:c8:fb:bf:97:b0:ce:57:6f:56:
                    ae:64:54:ec:85:e8:92:11:14:ea:ad:7f:96:20:41:
                    2f:a1:d0:cb:d5:8d:6f:f3:da:83:5f:8b:0f:f6:63:
                    63:cf:58:bc:72:f5:f6:97:89:45:81:9a:ed:af:68:
                    00:dc:50:dc:9b:2f:e3:9f:9c:6b:9e:ad:25:d4:e4:
                    ab:76:f8:ce:10:e0:53:7a:7f:55:c4:22:ce:1b:ed:
                    17:56:3b:63:d6:a8:8f:20:29:f1:1e:43:64:42:36:
                    53:de:2f:c8:3b:c0:6b:2a:2d:91:04:af:84:44:33:
                    7d:12:66:32:54:e4:50:a4:a2:7f:f7:51:ae:93:02:
                    aa:e2:4e:34:aa:72:f8:8b:fc:5e:32:34:4b:f8:51:
                    9b:e4:96:2d:05:47:09:91:f3:f0:07:32:4a:1c:33:
                    9c:61:52:f6:ea:0f:4a:ec:93:c7:47:f6:8f:0c:a4:
                    62:1e:92:cc:d2:9f:3a:05:72:f1:dc:93:c1:62:17:
                    14:5e:ff:bf:f9:09:f1:43:0b:91:de:d9:0c:c5:70:
                    75:b9:1c:ee:19:63:a2:e2:9a:e9:05:23:5a:50:07:
                    1d:79:ec:00:aa:c1:1f:8e:ab:d2:3b:e5:f4:d4:4b:
                    d7:e9:cd:6e:a8:f9:f2:df:0d:55:f0:f6:07:56:7f:
                    ed:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:F7:0B:A4:A7:AB:76:91:68:5C:E6:F9:42:63:14:3D:17:EF:5F:78
            X509v3 Authority Key Identifier:
                keyid:45:5F:54:5E:2A:94:F0:51:CE:B8:F8:0F:44:6C:1C:B6:1C:0E:6C:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RV9UXiqU8FHOuPgPRGwcthwObI4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/e8449a-a797-452b-bdfa-9c4211dda541/1/tfcLpKerdpFoXOb5QmMUPRfvX3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/e8449a-a797-452b-bdfa-9c4211dda541/1/RV9UXiqU8FHOuPgPRGwcthwObI4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:61:f5:0e:c4:19:23:81:66:d6:1b:c8:0c:ab:88:7f:4e:b8:
         ed:ee:6d:76:10:0c:dc:a2:12:9b:4c:79:f8:da:bf:dc:51:dc:
         c2:7f:9b:45:9b:76:ea:6d:94:a5:ca:1b:6f:24:53:32:84:6d:
         41:6b:ac:24:58:89:b4:51:e7:72:8e:f6:06:d5:6a:5c:f0:d8:
         e0:80:d0:af:73:61:de:74:56:7f:4a:10:d4:e9:77:9e:da:dc:
         63:75:55:33:41:75:b5:fd:5e:98:1d:0e:a8:46:14:74:7e:0d:
         6d:f4:9f:93:e3:3b:0f:64:94:f8:48:a6:96:ab:35:1a:2d:b7:
         86:19:ad:98:04:dd:c0:29:37:d7:28:f7:f3:49:5b:0a:e1:db:
         c4:3f:3d:06:b8:43:50:78:af:a2:3e:e8:d8:65:0b:80:9f:fa:
         71:7f:42:b2:36:73:fc:d1:68:45:a9:34:1f:29:3a:9a:80:37:
         c8:be:9d:3c:cd:19:f5:50:9a:4a:f3:af:81:e7:6f:f7:aa:c5:
         1d:c5:f9:b9:f1:72:06:47:f7:7b:f6:c2:49:93:24:ac:b0:e5:
         ce:60:bf:60:7d:c0:3d:61:6a:92:8a:f7:4e:22:92:76:62:c4:
         26:f0:a0:1a:54:1c:57:ae:9c:54:a6:d2:d1:b9:25:dd:a7:38:
         38:6f:6b:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgICa3p79YZLQ3QRjh3PPM0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1NWY1NDVlMmE5NGYwNTFjZWI4ZjgwZjQ0NmMxY2I2MWMw
ZTZjOGUwHhcNMjUwNzE0MDgyNTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWY3MGJhNGE3YWI3NjkxNjg1Y2U2Zjk0MjYzMTQzZDE3ZWY1Zjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyuX2YLnI+7+XsM5Xb1auZFTsheiS
ERTqrX+WIEEvodDL1Y1v89qDX4sP9mNjz1i8cvX2l4lFgZrtr2gA3FDcmy/jn5xr
nq0l1OSrdvjOEOBTen9VxCLOG+0XVjtj1qiPICnxHkNkQjZT3i/IO8BrKi2RBK+E
RDN9EmYyVORQpKJ/91GukwKq4k40qnL4i/xeMjRL+FGb5JYtBUcJkfPwBzJKHDOc
YVL26g9K7JPHR/aPDKRiHpLM0p86BXLx3JPBYhcUXv+/+QnxQwuR3tkMxXB1uRzu
GWOi4prpBSNaUAcdeewAqsEfjqvSO+X01EvX6c1uqPny3w1V8PYHVn/toQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLX3C6Snq3aRaFzm+UJjFD0X7194MB8GA1UdIwQY
MBaAFEVfVF4qlPBRzrj4D0RsHLYcDmyOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlY5VVhpcVU4RkhPdVBnUFJHd2N0aHdPYkk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9lODQ0OWEtYTc5Ny00NTJiLWJkZmEt
OWM0MjExZGRhNTQxLzEvdGZjTHBLZXJkcEZvWE9iNVFtTVVQUmZ2WDNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9lODQ0OWEtYTc5Ny00NTJiLWJkZmEtOWM0MjExZGRhNTQx
LzEvUlY5VVhpcVU4RkhPdVBnUFJHd2N0aHdPYkk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWg6MA0G
CSqGSIb3DQEBCwUAA4IBAQChYfUOxBkjgWbWG8gMq4h/Trjt7m12EAzcohKbTHn4
2r/cUdzCf5tFm3bqbZSlyhtvJFMyhG1Ba6wkWIm0UedyjvYG1Wpc8NjggNCvc2He
dFZ/ShDU6Xee2txjdVUzQXW1/V6YHQ6oRhR0fg1t9J+T4zsPZJT4SKaWqzUaLbeG
Ga2YBN3AKTfXKPfzSVsK4dvEPz0GuENQeK+iPujYZQuAn/pxf0KyNnP80WhFqTQf
KTqagDfIvp08zRn1UJpK86+B52/3qsUdxfm58XIGR/d79sJJkySssOXOYL9gfcA9
YWqSivdOIpJ2YsQm8KAaVBxXrpxUptLRuSXdpzg4b2ua
-----END CERTIFICATE-----