Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/6d7ecf-4b62-4367-9b50-064d7adf4be3/1/TxtjctBE9y0PWF8zo_okS-qYTI4.roa
File:                     TxtjctBE9y0PWF8zo_okS-qYTI4.roa (raw, json)
Hash identifier:          Oj72cOZ1BofKypsS5MIjd0Ikt1MzypuBmqQGRqlKa34=
Subject key identifier:   4F:1B:63:72:D0:44:F7:2D:0F:58:5F:33:A3:FA:24:4B:EA:98:4C:8E
Certificate issuer:       /CN=71d83fd8dabfe14b174cccd35b35b80713334ba5
Certificate serial:       0197C7451449829C5B317C4F24EAD849CE16
Authority key identifier: 71:D8:3F:D8:DA:BF:E1:4B:17:4C:CC:D3:5B:35:B8:07:13:33:4B:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cdg_2Nq_4UsXTMzTWzW4BxMzS6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/6d7ecf-4b62-4367-9b50-064d7adf4be3/1/TxtjctBE9y0PWF8zo_okS-qYTI4.roa
Signing time:             Tue 01 Jul 2025 18:34:42 +0000
ROA not before:           Tue 01 Jul 2025 18:34:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213556
IP address blocks:        78.41.59.0/24 maxlen: 24
                          103.152.1.0/24 maxlen: 24
                          2a14:4580::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/6d7ecf-4b62-4367-9b50-064d7adf4be3/1/cdg_2Nq_4UsXTMzTWzW4BxMzS6U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/6d7ecf-4b62-4367-9b50-064d7adf4be3/1/cdg_2Nq_4UsXTMzTWzW4BxMzS6U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cdg_2Nq_4UsXTMzTWzW4BxMzS6U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 14:07:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c7:45:14:49:82:9c:5b:31:7c:4f:24:ea:d8:49:ce:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71d83fd8dabfe14b174cccd35b35b80713334ba5
        Validity
            Not Before: Jul  1 18:34:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f1b6372d044f72d0f585f33a3fa244bea984c8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:cc:65:89:8e:47:e0:34:5e:ea:bd:06:0c:4e:
                    71:66:6a:78:39:97:40:a5:1b:1b:e0:9a:07:36:1a:
                    49:ee:f8:ac:fb:d5:c8:eb:ae:eb:46:03:00:59:e4:
                    ae:bf:34:84:f8:6c:db:e5:da:58:18:79:f8:ef:11:
                    ee:6d:6f:1a:45:2f:90:dd:8d:d6:e2:b3:bb:bf:01:
                    81:6a:77:aa:6c:bd:a9:a4:b8:4f:eb:33:50:74:09:
                    aa:39:06:c6:43:77:17:e9:1b:14:6c:32:59:8a:12:
                    89:8d:75:9e:26:6f:7c:97:86:e3:2f:62:e8:6c:b1:
                    17:47:82:f2:d4:f2:3a:e1:30:39:4d:29:98:f3:62:
                    fd:44:b3:64:fe:45:bb:35:53:78:a2:f9:d7:cb:6f:
                    03:75:86:f1:eb:2a:a7:db:8c:87:b2:e2:a7:1a:0d:
                    0d:2d:c9:5e:a0:7e:d0:ad:61:61:53:af:a3:62:a7:
                    21:dd:f1:61:1e:4e:ed:fe:e9:00:74:df:0f:77:e2:
                    4f:d4:9b:c6:16:7e:b9:d0:f8:98:ec:44:d5:46:70:
                    47:a8:4c:cc:88:92:2a:be:44:3e:06:f7:46:94:dc:
                    e8:81:aa:c0:e2:2b:e6:37:51:22:65:a9:d1:b7:2d:
                    94:44:d1:e2:52:a3:26:3e:b8:fa:56:9a:bf:04:6d:
                    60:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:1B:63:72:D0:44:F7:2D:0F:58:5F:33:A3:FA:24:4B:EA:98:4C:8E
            X509v3 Authority Key Identifier:
                keyid:71:D8:3F:D8:DA:BF:E1:4B:17:4C:CC:D3:5B:35:B8:07:13:33:4B:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cdg_2Nq_4UsXTMzTWzW4BxMzS6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6d7ecf-4b62-4367-9b50-064d7adf4be3/1/TxtjctBE9y0PWF8zo_okS-qYTI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6d7ecf-4b62-4367-9b50-064d7adf4be3/1/cdg_2Nq_4UsXTMzTWzW4BxMzS6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.41.59.0/24
                  103.152.1.0/24
                IPv6:
                  2a14:4580::/29

    Signature Algorithm: sha256WithRSAEncryption
         3f:98:c6:2e:42:60:38:cb:f2:30:2f:a5:8c:03:5d:aa:a4:e4:
         4e:43:2e:a2:e0:97:36:5b:bc:f2:eb:6d:2f:de:cb:56:be:e4:
         95:f0:e7:22:91:e4:ce:6f:07:3c:64:21:29:3d:90:da:9b:9f:
         03:18:14:97:12:0e:77:94:0b:70:cf:90:de:5e:8f:e4:50:05:
         d4:db:0f:e2:f8:65:0d:5b:e6:7c:11:1b:c7:8e:5a:f8:52:0b:
         85:dd:99:5b:df:f9:ae:8f:ec:cb:43:1b:34:e0:98:c2:75:74:
         78:39:bb:7b:9d:21:7f:9d:d6:d0:d7:e2:30:41:14:17:44:a4:
         80:10:ee:47:8c:bc:27:2a:d4:81:2f:58:b4:08:94:3d:c1:8c:
         20:3e:59:33:1b:8d:7b:d5:b0:2c:6e:63:96:c6:df:a5:97:74:
         f0:64:30:2a:f7:38:67:88:3f:04:fd:7c:b6:84:32:f4:f2:93:
         b6:5a:b6:33:4b:5f:cf:28:16:58:7c:51:be:33:d2:2b:10:8d:
         28:7a:37:55:b6:5a:f1:d4:ea:a9:99:8b:c4:b8:fd:e6:b4:74:
         65:48:2a:44:9d:9a:ff:2b:c6:d0:ae:41:f2:51:71:12:2c:b1:
         42:c9:28:06:cc:f7:4b:e6:06:3a:43:86:30:cd:7f:0a:64:10:
         86:7d:f2:c6
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZfHRRRJgpxbMXxPJOrYSc4WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxZDgzZmQ4ZGFiZmUxNGIxNzRjY2NkMzViMzViODA3MTMz
MzRiYTUwHhcNMjUwNzAxMTgzNDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjFiNjM3MmQwNDRmNzJkMGY1ODVmMzNhM2ZhMjQ0YmVhOTg0YzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMxliY5H4DRe6r0GDE5xZmp4OZdA
pRsb4JoHNhpJ7vis+9XI667rRgMAWeSuvzSE+Gzb5dpYGHn47xHubW8aRS+Q3Y3W
4rO7vwGBaneqbL2ppLhP6zNQdAmqOQbGQ3cX6RsUbDJZihKJjXWeJm98l4bjL2Lo
bLEXR4Ly1PI64TA5TSmY82L9RLNk/kW7NVN4ovnXy28DdYbx6yqn24yHsuKnGg0N
LcleoH7QrWFhU6+jYqch3fFhHk7t/ukAdN8Pd+JP1JvGFn650PiY7ETVRnBHqEzM
iJIqvkQ+BvdGlNzogarA4ivmN1EiZanRty2URNHiUqMmPrj6Vpq/BG1gywIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFE8bY3LQRPctD1hfM6P6JEvqmEyOMB8GA1UdIwQY
MBaAFHHYP9jav+FLF0zM01s1uAcTM0ulMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2RnXzJOcV80VXNYVE16VFd6VzRCeE16UzZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny82ZDdlY2YtNGI2Mi00MzY3LTliNTAt
MDY0ZDdhZGY0YmUzLzEvVHh0amN0QkU5eTBQV0Y4em9fb2tTLXFZVEk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny82ZDdlY2YtNGI2Mi00MzY3LTliNTAtMDY0ZDdhZGY0YmUz
LzEvY2RnXzJOcV80VXNYVE16VFd6VzRCeE16UzZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQATik7AwQA
Z5gBMA0EAgACMAcDBQMqFEWAMA0GCSqGSIb3DQEBCwUAA4IBAQA/mMYuQmA4y/Iw
L6WMA12qpOROQy6i4Jc2W7zy620v3stWvuSV8OcikeTObwc8ZCEpPZDam58DGBSX
Eg53lAtwz5DeXo/kUAXU2w/i+GUNW+Z8ERvHjlr4UguF3Zlb3/muj+zLQxs04JjC
dXR4Obt7nSF/ndbQ1+IwQRQXRKSAEO5HjLwnKtSBL1i0CJQ9wYwgPlkzG4171bAs
bmOWxt+ll3TwZDAq9zhniD8E/Xy2hDL08pO2WrYzS1/PKBZYfFG+M9IrEI0oejdV
tlrx1OqpmYvEuP3mtHRlSCpEnZr/K8bQrkHyUXESLLFCySgGzPdL5gY6Q4YwzX8K
ZBCGffLG
-----END CERTIFICATE-----