Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/tEG80p8s8oQ4Tptfq4VMliOqn5c.roa
File:                     tEG80p8s8oQ4Tptfq4VMliOqn5c.roa (raw, json)
Hash identifier:          AqmsaqOT5QryNjeyheANv5QRaGt08lj8LeFrC8xbJ8k=
Subject key identifier:   B4:41:BC:D2:9F:2C:F2:84:38:4E:9B:5F:AB:85:4C:96:23:AA:9F:97
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       0197EE169CD249EF6A3827967D2D2D204DAC
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/tEG80p8s8oQ4Tptfq4VMliOqn5c.roa
Signing time:             Wed 09 Jul 2025 07:29:08 +0000
ROA not before:           Wed 09 Jul 2025 07:29:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213619
IP address blocks:        193.29.181.0/24 maxlen: 24
                          2a11:1400:3000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ee:16:9c:d2:49:ef:6a:38:27:96:7d:2d:2d:20:4d:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: Jul  9 07:29:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b441bcd29f2cf284384e9b5fab854c9623aa9f97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ee:42:1b:db:5b:7f:11:94:90:e7:26:63:8c:
                    e0:a2:95:41:fc:2e:1f:d9:24:bc:c8:df:39:73:ea:
                    41:bc:d1:11:29:de:d8:d4:37:20:bb:e8:30:4a:4a:
                    5d:e4:57:58:9b:52:50:a1:d6:ed:4a:8d:bd:5e:c6:
                    69:62:a3:f9:91:cc:aa:4c:7a:dd:f6:c9:6a:41:f9:
                    df:09:41:2f:d1:02:2b:20:71:94:27:56:6a:16:31:
                    32:fe:73:2a:34:6b:d6:3e:2e:a1:9a:c0:82:be:a3:
                    3a:56:18:ed:a0:61:72:0a:8f:5a:ac:68:a5:98:e3:
                    25:74:b0:18:03:f0:5c:32:c7:8f:af:9b:1f:98:7a:
                    ec:c0:34:a5:53:1f:3a:93:e2:02:cd:4e:6f:1f:50:
                    51:2e:d0:08:b9:6a:bc:c0:66:73:69:90:90:52:de:
                    2c:43:8f:42:19:cd:27:0a:62:b8:bf:7f:3e:e3:72:
                    c4:11:3c:21:30:b6:c1:36:43:7e:12:e9:56:d9:ce:
                    64:ec:54:c0:89:03:c7:01:00:a0:e2:ef:e0:16:7b:
                    fc:90:66:4d:6e:80:9f:89:5e:5b:42:a1:c2:c1:11:
                    1c:79:2d:1c:7a:9d:45:07:1a:2f:00:46:38:d6:56:
                    49:05:a2:9f:ac:91:c4:77:6e:ae:77:58:60:ab:b0:
                    c2:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:41:BC:D2:9F:2C:F2:84:38:4E:9B:5F:AB:85:4C:96:23:AA:9F:97
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/tEG80p8s8oQ4Tptfq4VMliOqn5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.29.181.0/24
                IPv6:
                  2a11:1400:3000::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:c4:dd:ed:c6:e6:b4:8c:a6:90:7e:fc:f1:5c:69:d7:c4:35:
         4b:f4:82:2d:7e:20:51:32:96:6e:95:c5:e1:f0:37:51:24:f1:
         c4:d0:75:00:f1:74:9b:70:42:8d:95:7f:ac:45:67:2e:f2:c0:
         18:b8:32:28:16:af:d2:c5:d4:bf:4d:9f:d3:40:d5:65:c3:a3:
         7d:5f:0d:12:b1:2c:65:ab:b5:09:8e:0e:c1:48:6a:c5:8e:b6:
         8d:74:7c:8f:28:84:d1:af:74:dc:58:d1:d8:0f:7a:26:8e:61:
         c3:ce:c9:00:3b:ce:4e:9e:4d:d7:46:42:79:aa:4e:66:d4:31:
         6b:17:4e:03:c4:be:58:1b:4c:1b:e0:ca:35:eb:3f:ee:f0:d8:
         f3:87:ce:96:e6:68:9c:ce:e8:9d:7e:42:b2:c1:05:29:5c:c2:
         b8:a3:71:58:55:05:d2:ac:ce:86:6b:02:a1:27:6e:7f:91:20:
         1d:2c:11:3a:0b:02:22:f3:40:0a:90:d0:14:af:48:10:02:bb:
         0f:b4:00:48:89:60:ca:32:c8:4d:77:3d:28:c4:41:4b:38:fb:
         4f:2e:96:ab:43:72:b0:22:e8:80:7a:3b:5f:df:83:85:6a:cc:
         1f:50:24:06:29:c8:c9:c1:19:1b:e2:4e:7f:1b:61:2b:78:0c:
         47:73:dc:bd
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZfuFpzSSe9qOCeWfS0tIE2sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjUwNzA5MDcyOTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDQxYmNkMjlmMmNmMjg0Mzg0ZTliNWZhYjg1NGM5NjIzYWE5Zjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+5CG9tbfxGUkOcmY4zgopVB/C4f
2SS8yN85c+pBvNERKd7Y1Dcgu+gwSkpd5FdYm1JQodbtSo29XsZpYqP5kcyqTHrd
9slqQfnfCUEv0QIrIHGUJ1ZqFjEy/nMqNGvWPi6hmsCCvqM6VhjtoGFyCo9arGil
mOMldLAYA/BcMsePr5sfmHrswDSlUx86k+ICzU5vH1BRLtAIuWq8wGZzaZCQUt4s
Q49CGc0nCmK4v38+43LEETwhMLbBNkN+EulW2c5k7FTAiQPHAQCg4u/gFnv8kGZN
boCfiV5bQqHCwREceS0cep1FBxovAEY41lZJBaKfrJHEd26ud1hgq7DCuwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLRBvNKfLPKEOE6bX6uFTJYjqp+XMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvdEVHODBwOHM4b1E0VHB0ZnE0Vk1saU9xbjVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwR21MA8E
AgACMAkDBwAqERQAMAAwDQYJKoZIhvcNAQELBQADggEBAKLE3e3G5rSMppB+/PFc
adfENUv0gi1+IFEylm6VxeHwN1Ek8cTQdQDxdJtwQo2Vf6xFZy7ywBi4MigWr9LF
1L9Nn9NA1WXDo31fDRKxLGWrtQmODsFIasWOto10fI8ohNGvdNxY0dgPeiaOYcPO
yQA7zk6eTddGQnmqTmbUMWsXTgPEvlgbTBvgyjXrP+7w2POHzpbmaJzO6J1+QrLB
BSlcwrijcVhVBdKszoZrAqEnbn+RIB0sEToLAiLzQAqQ0BSvSBACuw+0AEiJYMoy
yE13PSjEQUs4+08ulqtDcrAi6IB6O1/fg4VqzB9QJAYpyMnBGRviTn8bYSt4DEdz
3L0=
-----END CERTIFICATE-----