Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/25b47e-4079-4f21-911b-f389a5269fb2/1/TrfKChON90CRCXVKGdWD_lFGLCU.roa
File:                     TrfKChON90CRCXVKGdWD_lFGLCU.roa (raw, json)
Hash identifier:          GFMm+kc1nJBxOyEj3z/q6lfVZK3yETv8yRHloXoAgN8=
Subject key identifier:   4E:B7:CA:0A:13:8D:F7:40:91:09:75:4A:19:D5:83:FE:51:46:2C:25
Certificate issuer:       /CN=432efe16ec6c00fd45b5d918d9b172acd0a58d96
Certificate serial:       01963F5AB190D9FF3CFD044089912C7892F5
Authority key identifier: 43:2E:FE:16:EC:6C:00:FD:45:B5:D9:18:D9:B1:72:AC:D0:A5:8D:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qy7-FuxsAP1FtdkY2bFyrNCljZY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/25b47e-4079-4f21-911b-f389a5269fb2/1/TrfKChON90CRCXVKGdWD_lFGLCU.roa
Signing time:             Wed 16 Apr 2025 16:07:10 +0000
ROA not before:           Wed 16 Apr 2025 16:07:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39498
IP address blocks:        146.19.127.0/24 maxlen: 24
                          185.122.244.0/22 maxlen: 24
                          2a0d:6700::/29 maxlen: 31
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/25b47e-4079-4f21-911b-f389a5269fb2/1/Qy7-FuxsAP1FtdkY2bFyrNCljZY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/25b47e-4079-4f21-911b-f389a5269fb2/1/Qy7-FuxsAP1FtdkY2bFyrNCljZY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qy7-FuxsAP1FtdkY2bFyrNCljZY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3f:5a:b1:90:d9:ff:3c:fd:04:40:89:91:2c:78:92:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=432efe16ec6c00fd45b5d918d9b172acd0a58d96
        Validity
            Not Before: Apr 16 16:07:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4eb7ca0a138df7409109754a19d583fe51462c25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:82:a7:8e:2d:ce:f4:87:18:7d:1a:52:51:43:
                    c2:b5:aa:25:33:39:20:cd:43:70:17:03:20:a3:9d:
                    e9:d0:2c:63:c0:2e:0f:a5:ec:15:d1:f5:5e:0d:3f:
                    58:f0:c9:10:c8:e2:c0:f2:08:32:cf:8c:7f:1f:50:
                    4b:c4:36:42:52:da:a9:3f:f0:b0:4b:5b:58:32:03:
                    19:0e:99:7a:d0:5c:70:94:f1:f1:55:99:fb:ea:34:
                    6c:7b:03:fe:a6:57:c5:84:9d:e6:a0:d6:99:d8:21:
                    28:1d:92:9f:4e:a6:bc:1e:f2:8f:2c:d0:6e:e3:af:
                    78:fa:17:71:28:21:4e:b9:18:82:89:99:db:5d:3c:
                    d1:b6:67:51:e6:bd:a2:63:53:4f:7c:4a:f5:cd:6a:
                    45:f2:d6:a0:45:78:ad:f9:d0:b9:0f:ad:e2:42:04:
                    a5:a7:03:bb:a2:6b:55:54:c9:72:94:48:70:a5:07:
                    cb:85:85:d0:4e:5a:20:58:0f:52:50:98:28:4a:06:
                    06:cd:c7:31:fa:05:cd:03:a7:35:e3:e2:f2:1d:3a:
                    66:40:9f:da:10:06:a2:45:f7:d3:96:c9:ab:45:7a:
                    b4:00:e8:ca:b1:75:0b:86:f1:c2:7e:a2:d0:a3:57:
                    1f:56:19:1b:03:81:47:8b:f0:38:40:5b:d0:4d:47:
                    a3:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:B7:CA:0A:13:8D:F7:40:91:09:75:4A:19:D5:83:FE:51:46:2C:25
            X509v3 Authority Key Identifier:
                keyid:43:2E:FE:16:EC:6C:00:FD:45:B5:D9:18:D9:B1:72:AC:D0:A5:8D:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qy7-FuxsAP1FtdkY2bFyrNCljZY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/25b47e-4079-4f21-911b-f389a5269fb2/1/TrfKChON90CRCXVKGdWD_lFGLCU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/25b47e-4079-4f21-911b-f389a5269fb2/1/Qy7-FuxsAP1FtdkY2bFyrNCljZY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.127.0/24
                  185.122.244.0/22
                IPv6:
                  2a0d:6700::/29

    Signature Algorithm: sha256WithRSAEncryption
         63:d9:19:d8:11:d7:30:07:34:ae:f4:96:1a:bf:4f:11:3b:c2:
         4e:6f:b8:c8:42:77:0d:39:fb:d5:79:6a:39:f4:c9:e8:22:e8:
         14:90:c5:52:15:ce:72:e9:b6:b3:07:4e:4a:7e:f0:32:2b:b9:
         1c:ac:d7:99:32:0a:73:a8:39:0e:12:c8:9e:d5:64:b4:32:48:
         74:e0:78:29:95:f3:df:d4:18:9e:95:b2:c2:d3:82:a1:20:8f:
         ba:22:77:d0:a0:1e:f1:1d:c5:e2:c9:97:00:bc:db:b4:98:4f:
         f9:04:08:48:58:33:31:42:a2:63:56:80:68:2c:a6:7a:c8:b4:
         74:7f:16:4e:58:da:53:d3:fd:5d:26:c1:a3:63:26:9e:be:bf:
         c6:98:59:79:ab:7a:42:2f:ac:91:03:8e:6e:c5:70:e7:b1:1f:
         8c:1a:69:90:28:75:4f:39:16:45:64:dc:15:9f:d0:d2:a9:6d:
         cd:f6:c5:28:63:9f:f1:06:aa:fa:3e:cb:9d:66:ae:ca:2e:cf:
         78:b9:0d:11:97:a9:fc:1f:49:97:c5:fa:9b:eb:8b:58:81:3a:
         d1:0d:89:07:c2:b2:5e:e2:c7:4f:ec:f5:f9:37:b7:79:f0:7f:
         fe:c3:ad:34:fb:64:07:33:70:0b:c7:37:06:7f:e4:92:13:b6:
         5c:35:f8:09
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZY/WrGQ2f88/QRAiZEseJL1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMmVmZTE2ZWM2YzAwZmQ0NWI1ZDkxOGQ5YjE3MmFjZDBh
NThkOTYwHhcNMjUwNDE2MTYwNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWI3Y2EwYTEzOGRmNzQwOTEwOTc1NGExOWQ1ODNmZTUxNDYyYzI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA44Knji3O9IcYfRpSUUPCtaolMzkg
zUNwFwMgo53p0CxjwC4PpewV0fVeDT9Y8MkQyOLA8ggyz4x/H1BLxDZCUtqpP/Cw
S1tYMgMZDpl60FxwlPHxVZn76jRsewP+plfFhJ3moNaZ2CEoHZKfTqa8HvKPLNBu
4694+hdxKCFOuRiCiZnbXTzRtmdR5r2iY1NPfEr1zWpF8tagRXit+dC5D63iQgSl
pwO7omtVVMlylEhwpQfLhYXQTlogWA9SUJgoSgYGzccx+gXNA6c14+LyHTpmQJ/a
EAaiRffTlsmrRXq0AOjKsXULhvHCfqLQo1cfVhkbA4FHi/A4QFvQTUejOQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFE63ygoTjfdAkQl1ShnVg/5RRiwlMB8GA1UdIwQY
MBaAFEMu/hbsbAD9RbXZGNmxcqzQpY2WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXk3LUZ1eHNBUDFGdGRrWTJiRnlyTkNsalpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy8yNWI0N2UtNDA3OS00ZjIxLTkxMWIt
ZjM4OWE1MjY5ZmIyLzEvVHJmS0NoT045MENSQ1hWS0dkV0RfbEZHTENVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy8yNWI0N2UtNDA3OS00ZjIxLTkxMWItZjM4OWE1MjY5ZmIy
LzEvUXk3LUZ1eHNBUDFGdGRrWTJiRnlyTkNsalpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAkhN/AwQC
uXr0MA0EAgACMAcDBQMqDWcAMA0GCSqGSIb3DQEBCwUAA4IBAQBj2RnYEdcwBzSu
9JYav08RO8JOb7jIQncNOfvVeWo59MnoIugUkMVSFc5y6bazB05KfvAyK7kcrNeZ
MgpzqDkOEsie1WS0Mkh04HgplfPf1BielbLC04KhII+6InfQoB7xHcXiyZcAvNu0
mE/5BAhIWDMxQqJjVoBoLKZ6yLR0fxZOWNpT0/1dJsGjYyaevr/GmFl5q3pCL6yR
A45uxXDnsR+MGmmQKHVPORZFZNwVn9DSqW3N9sUoY5/xBqr6PsudZq7KLs94uQ0R
l6n8H0mXxfqb64tYgTrRDYkHwrJe4sdP7PX5N7d58H/+w600+2QHM3ALxzcGf+SS
E7ZcNfgJ
-----END CERTIFICATE-----