Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/Tnk1wiAmPTA2EvykM-I1OKWkVM0.roa
File:                     Tnk1wiAmPTA2EvykM-I1OKWkVM0.roa (raw, json)
Hash identifier:          CkGbzxIp/nDeor+MgaCnYi4yfneUe4YI/nAwy0LJQnY=
Subject key identifier:   4E:79:35:C2:20:26:3D:30:36:12:FC:A4:33:E2:35:38:A5:A4:54:CD
Certificate issuer:       /CN=c105adc5c4262dff6b3f3e606830c7f971d766ce
Certificate serial:       019836E6B1139A047006E36BF18D30D8B75F
Authority key identifier: C1:05:AD:C5:C4:26:2D:FF:6B:3F:3E:60:68:30:C7:F9:71:D7:66:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wQWtxcQmLf9rPz5gaDDH-XHXZs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/Tnk1wiAmPTA2EvykM-I1OKWkVM0.roa
Signing time:             Wed 23 Jul 2025 10:49:05 +0000
ROA not before:           Wed 23 Jul 2025 10:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210353
IP address blocks:        195.123.120.0/24 maxlen: 24
                          195.123.121.0/24 maxlen: 24
                          195.123.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/wQWtxcQmLf9rPz5gaDDH-XHXZs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/wQWtxcQmLf9rPz5gaDDH-XHXZs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wQWtxcQmLf9rPz5gaDDH-XHXZs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 06:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:36:e6:b1:13:9a:04:70:06:e3:6b:f1:8d:30:d8:b7:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c105adc5c4262dff6b3f3e606830c7f971d766ce
        Validity
            Not Before: Jul 23 10:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e7935c220263d303612fca433e23538a5a454cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:65:82:78:84:c9:d3:58:50:b7:4b:44:d9:e7:
                    85:6f:eb:d8:3d:6e:76:4f:d8:8a:a6:a1:3a:3d:3f:
                    fc:4a:1d:c0:f8:f5:e4:52:2e:60:ab:63:d2:ce:f7:
                    9a:9b:af:9f:3c:f4:a2:b7:12:4d:ff:f7:95:ad:49:
                    42:8b:aa:17:6b:7d:24:db:f8:e0:17:3a:47:d9:c7:
                    78:03:fe:59:a7:8e:bb:00:a7:b1:10:d1:2f:a7:8c:
                    d4:a8:f3:68:89:e6:93:87:2b:69:e4:c6:2d:d4:52:
                    04:a3:0d:af:15:40:d4:b7:3d:2c:22:da:25:c7:1e:
                    62:84:3f:ee:14:d2:d6:db:41:d5:91:c1:6c:41:b0:
                    9d:c8:5e:d1:b1:bf:6a:32:1a:59:af:2d:06:01:c2:
                    4f:48:f7:c9:86:26:96:7e:24:37:c0:c8:2e:d9:53:
                    f4:49:69:ec:32:24:cf:5f:45:11:26:8d:8e:60:a8:
                    85:64:1d:19:30:06:41:19:06:05:a0:1a:e3:71:3a:
                    fc:15:6c:ae:ee:b9:60:7f:cb:e2:77:72:b0:dd:02:
                    05:25:55:af:10:2a:72:1c:31:21:0f:c3:81:3c:ff:
                    d6:bb:1e:ba:71:8b:12:44:83:73:c1:76:01:3b:13:
                    12:48:1a:04:63:b9:1e:0e:54:36:b9:6b:05:3b:e0:
                    a8:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:79:35:C2:20:26:3D:30:36:12:FC:A4:33:E2:35:38:A5:A4:54:CD
            X509v3 Authority Key Identifier:
                keyid:C1:05:AD:C5:C4:26:2D:FF:6B:3F:3E:60:68:30:C7:F9:71:D7:66:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wQWtxcQmLf9rPz5gaDDH-XHXZs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/Tnk1wiAmPTA2EvykM-I1OKWkVM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/wQWtxcQmLf9rPz5gaDDH-XHXZs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.123.120.0-195.123.122.255

    Signature Algorithm: sha256WithRSAEncryption
         8c:86:0e:c8:7c:79:c7:0d:a2:80:d5:49:de:c5:5d:54:20:38:
         31:44:13:79:0c:3e:db:df:85:04:42:1b:9a:66:4a:51:93:96:
         13:64:fb:99:23:47:54:cf:75:d6:02:cd:7e:d0:57:67:43:62:
         d0:73:9f:47:b0:76:91:5b:1d:be:cd:f7:2c:ff:86:7e:7b:8c:
         eb:3c:98:3c:94:ec:45:84:b4:44:be:96:3c:46:68:5b:1a:57:
         20:ce:39:53:db:cc:09:ae:13:68:b8:c7:76:29:8e:7a:a9:26:
         fa:94:f8:0b:1f:e0:1b:29:c8:7d:e9:4d:17:66:78:aa:92:08:
         0b:76:78:c4:36:20:bb:3a:e3:35:0d:b2:0b:be:2c:eb:c0:14:
         3e:df:53:7a:be:43:6c:9f:cc:ab:1c:ed:7a:68:93:a8:fc:7d:
         8c:07:2c:a1:b1:fc:ba:3b:f7:d8:13:6b:53:ec:68:92:d0:27:
         5f:ce:65:ef:38:d5:6e:0d:c6:64:60:05:cb:46:b1:6c:b3:7b:
         d4:22:69:02:48:4c:50:ff:00:b3:f5:01:37:a5:32:96:58:53:
         38:cc:7a:f2:c6:ff:90:ce:38:fa:38:cb:09:12:8c:16:5b:da:
         aa:a6:49:46:67:23:94:4d:62:7f:61:2f:d2:c9:d2:93:fd:3e:
         26:cb:bc:70
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZg25rETmgRwBuNr8Y0w2LdfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMDVhZGM1YzQyNjJkZmY2YjNmM2U2MDY4MzBjN2Y5NzFk
NzY2Y2UwHhcNMjUwNzIzMTA0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTc5MzVjMjIwMjYzZDMwMzYxMmZjYTQzM2UyMzUzOGE1YTQ1NGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkmWCeITJ01hQt0tE2eeFb+vYPW52
T9iKpqE6PT/8Sh3A+PXkUi5gq2PSzveam6+fPPSitxJN//eVrUlCi6oXa30k2/jg
FzpH2cd4A/5Zp467AKexENEvp4zUqPNoieaThytp5MYt1FIEow2vFUDUtz0sItol
xx5ihD/uFNLW20HVkcFsQbCdyF7Rsb9qMhpZry0GAcJPSPfJhiaWfiQ3wMgu2VP0
SWnsMiTPX0URJo2OYKiFZB0ZMAZBGQYFoBrjcTr8FWyu7rlgf8vid3Kw3QIFJVWv
ECpyHDEhD8OBPP/Wux66cYsSRINzwXYBOxMSSBoEY7keDlQ2uWsFO+ComwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFE55NcIgJj0wNhL8pDPiNTilpFTNMB8GA1UdIwQY
MBaAFMEFrcXEJi3/az8+YGgwx/lx12bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1FXdHhjUW1MZjlyUHo1Z2FEREgtWEhYWnM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9jNDkxNzItZjhkYS00MTI4LTg2ODkt
NTE1ODQ1ZTZjMzE3LzEvVG5rMXdpQW1QVEEyRXZ5a00tSTFPS1drVk0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9jNDkxNzItZjhkYS00MTI4LTg2ODktNTE1ODQ1ZTZjMzE3
LzEvd1FXdHhjUW1MZjlyUHo1Z2FEREgtWEhYWnM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAPDe3gD
BADDe3owDQYJKoZIhvcNAQELBQADggEBAIyGDsh8eccNooDVSd7FXVQgODFEE3kM
PtvfhQRCG5pmSlGTlhNk+5kjR1TPddYCzX7QV2dDYtBzn0ewdpFbHb7N9yz/hn57
jOs8mDyU7EWEtES+ljxGaFsaVyDOOVPbzAmuE2i4x3YpjnqpJvqU+Asf4BspyH3p
TRdmeKqSCAt2eMQ2ILs64zUNsgu+LOvAFD7fU3q+Q2yfzKsc7Xpok6j8fYwHLKGx
/Lo799gTa1PsaJLQJ1/OZe841W4NxmRgBctGsWyze9QiaQJITFD/ALP1ATelMpZY
UzjMevLG/5DOOPo4ywkSjBZb2qqmSUZnI5RNYn9hL9LJ0pP9PibLvHA=
-----END CERTIFICATE-----