Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/TbpQUASdO1h_alKJ2-zRdVEYu3M.roa
File:                     TbpQUASdO1h_alKJ2-zRdVEYu3M.roa (raw, json)
Hash identifier:          otfGKPwTZ7JFKJ9WUBwwaS6//IC4O/juTLewKhzIlbY=
Subject key identifier:   4D:BA:50:50:04:9D:3B:58:7F:6A:52:89:DB:EC:D1:75:51:18:BB:73
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       0197C704FE7BB5F9E22E8852E957576C9E24
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/TbpQUASdO1h_alKJ2-zRdVEYu3M.roa
Signing time:             Tue 01 Jul 2025 17:24:42 +0000
ROA not before:           Tue 01 Jul 2025 17:24:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201341
IP address blocks:        2a06:fe43::/32 maxlen: 32
                          2a11:1440::/29 maxlen: 29
                          2a11:e800::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c7:04:fe:7b:b5:f9:e2:2e:88:52:e9:57:57:6c:9e:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Jul  1 17:24:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4dba5050049d3b587f6a5289dbecd1755118bb73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:80:23:03:80:32:a8:1f:f5:52:45:c6:a9:6b:
                    b2:c3:cf:50:27:a8:10:64:e8:e7:08:e5:2c:41:1a:
                    d2:b9:65:1a:ed:89:a7:45:78:14:92:62:a6:95:e2:
                    26:5f:90:57:2b:0b:d4:98:30:10:d5:24:f5:f9:9e:
                    58:9b:a3:bf:c2:54:f2:7e:db:47:63:fc:35:f5:b7:
                    3e:4b:df:07:d2:09:96:45:b3:fa:35:02:1d:41:22:
                    95:58:d6:de:e4:08:25:c6:b6:75:88:ac:e4:43:9f:
                    7c:5c:f2:dd:06:c8:48:d9:4a:90:e6:bb:f7:5f:ba:
                    3a:6f:d1:f0:c5:44:55:ce:b2:bf:b9:c7:c6:8c:f5:
                    8f:f9:d8:75:4c:c9:e8:3f:48:62:ef:5f:ab:e4:90:
                    c7:0c:43:6b:87:20:f3:c0:77:6e:15:9b:d5:21:56:
                    e4:19:50:a6:61:12:78:82:9f:e8:bb:77:34:65:81:
                    d5:1e:93:d8:f4:81:7b:60:2f:27:e8:3f:60:9c:a4:
                    bb:02:e5:a0:9c:ff:db:64:bd:7d:cb:fd:91:b1:aa:
                    55:e2:ce:b3:4e:a0:9e:a2:ec:1b:92:a4:f2:0d:53:
                    08:93:c7:40:cd:49:16:71:ae:c4:1d:52:14:5c:69:
                    01:f4:ec:4c:42:ce:b7:8c:df:8b:15:00:2e:ab:dc:
                    dc:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:BA:50:50:04:9D:3B:58:7F:6A:52:89:DB:EC:D1:75:51:18:BB:73
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/TbpQUASdO1h_alKJ2-zRdVEYu3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:fe43::/32
                  2a11:1440::/29
                  2a11:e800::/29

    Signature Algorithm: sha256WithRSAEncryption
         19:51:e8:43:aa:69:77:33:cd:c9:4e:22:b3:53:59:75:48:62:
         43:8f:0c:05:57:97:b5:47:7f:22:b8:0d:ae:86:fd:d6:0b:e7:
         d6:72:be:27:38:86:de:d9:82:00:85:7c:18:e0:aa:81:ae:9c:
         e2:5b:15:3b:c8:10:2d:b8:23:83:1d:a0:0b:37:34:2a:a0:76:
         e3:a6:a9:ee:13:7e:ed:3d:76:8e:55:8b:3a:f1:9e:1f:f6:90:
         7b:39:ff:7b:df:9a:a8:18:47:71:f8:be:47:90:c7:c1:69:94:
         b1:cf:d0:bd:8f:24:09:55:ae:ff:e2:9d:91:66:bf:ed:e1:a2:
         2f:00:88:0a:d4:85:32:51:4d:9b:2a:c9:2d:53:6d:6a:8d:ed:
         db:74:eb:e7:77:5c:e1:ca:74:54:c8:37:fd:9c:22:19:24:81:
         2f:0e:d9:3c:36:54:55:bd:b1:e5:37:bf:65:26:46:5f:34:a7:
         93:da:5b:67:26:71:f6:8e:ab:3a:be:2e:b3:1f:c4:fb:0a:28:
         c7:3b:94:ce:0c:16:ea:3c:4a:40:ce:b5:f9:39:df:39:4c:84:
         da:5b:55:d7:43:ca:38:40:ca:d2:d2:e7:9c:51:dc:86:fa:65:
         3b:72:d7:64:bc:87:1f:a1:c2:28:1e:51:c5:c9:9a:53:4a:1c:
         ad:7b:c9:bd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZfHBP57tfniLohS6VdXbJ4kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjUwNzAxMTcyNDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGJhNTA1MDA0OWQzYjU4N2Y2YTUyODlkYmVjZDE3NTUxMThiYjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYAjA4AyqB/1UkXGqWuyw89QJ6gQ
ZOjnCOUsQRrSuWUa7YmnRXgUkmKmleImX5BXKwvUmDAQ1ST1+Z5Ym6O/wlTyfttH
Y/w19bc+S98H0gmWRbP6NQIdQSKVWNbe5AglxrZ1iKzkQ598XPLdBshI2UqQ5rv3
X7o6b9HwxURVzrK/ucfGjPWP+dh1TMnoP0hi71+r5JDHDENrhyDzwHduFZvVIVbk
GVCmYRJ4gp/ou3c0ZYHVHpPY9IF7YC8n6D9gnKS7AuWgnP/bZL19y/2RsapV4s6z
TqCeouwbkqTyDVMIk8dAzUkWca7EHVIUXGkB9OxMQs63jN+LFQAuq9zcAwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFE26UFAEnTtYf2pSidvs0XVRGLtzMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvVGJwUVVBU2RPMWhfYWxLSjItelJkVkVZdTNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKgb+QwMF
AyoRFEADBQMqEegAMA0GCSqGSIb3DQEBCwUAA4IBAQAZUehDqml3M83JTiKzU1l1
SGJDjwwFV5e1R38iuA2uhv3WC+fWcr4nOIbe2YIAhXwY4KqBrpziWxU7yBAtuCOD
HaALNzQqoHbjpqnuE37tPXaOVYs68Z4f9pB7Of9735qoGEdx+L5HkMfBaZSxz9C9
jyQJVa7/4p2RZr/t4aIvAIgK1IUyUU2bKsktU21qje3bdOvnd1zhynRUyDf9nCIZ
JIEvDtk8NlRVvbHlN79lJkZfNKeT2ltnJnH2jqs6vi6zH8T7CijHO5TODBbqPEpA
zrX5Od85TITaW1XXQ8o4QMrS0uecUdyG+mU7ctdkvIcfocIoHlHFyZpTShyte8m9
-----END CERTIFICATE-----