Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/d7d583-2d4a-4abd-923e-23a58f3d61d7/1/TFbaF5iKEXoV94om-cXBI8K88Gw.roa
File:                     TFbaF5iKEXoV94om-cXBI8K88Gw.roa (raw, json)
Hash identifier:          Rapi4XUSpgRm7jm1pFAQz6RjmBJRmhTABSFDVzeD42Y=
Subject key identifier:   4C:56:DA:17:98:8A:11:7A:15:F7:8A:26:F9:C5:C1:23:C2:BC:F0:6C
Certificate issuer:       /CN=590bbeab48842a41afac4921d1357838b6fe6c87
Certificate serial:       019A4F0D9B08AFF8E0B93B377F14150B847E
Authority key identifier: 59:0B:BE:AB:48:84:2A:41:AF:AC:49:21:D1:35:78:38:B6:FE:6C:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WQu-q0iEKkGvrEkh0TV4OLb-bIc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/d7d583-2d4a-4abd-923e-23a58f3d61d7/1/TFbaF5iKEXoV94om-cXBI8K88Gw.roa
Signing time:             Tue 04 Nov 2025 13:28:02 +0000
ROA not before:           Tue 04 Nov 2025 13:28:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     36299
IP address blocks:        195.93.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/d7d583-2d4a-4abd-923e-23a58f3d61d7/1/WQu-q0iEKkGvrEkh0TV4OLb-bIc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/d7d583-2d4a-4abd-923e-23a58f3d61d7/1/WQu-q0iEKkGvrEkh0TV4OLb-bIc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WQu-q0iEKkGvrEkh0TV4OLb-bIc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4f:0d:9b:08:af:f8:e0:b9:3b:37:7f:14:15:0b:84:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=590bbeab48842a41afac4921d1357838b6fe6c87
        Validity
            Not Before: Nov  4 13:28:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c56da17988a117a15f78a26f9c5c123c2bcf06c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:2a:bc:d1:58:0b:f8:2b:c8:34:0a:84:61:c7:
                    e7:16:75:5d:bf:6b:d3:58:37:37:b1:49:c0:0b:4d:
                    3a:20:e6:fe:76:59:82:b8:16:81:27:1b:c3:40:da:
                    0a:7b:2d:bc:9e:3d:b1:f0:60:1d:3e:13:5c:3e:cb:
                    e0:c1:b1:93:ea:b8:f6:3b:36:7f:10:67:20:f6:5a:
                    c7:33:97:0d:1c:4e:0e:d5:07:ab:4e:9c:42:af:af:
                    f1:99:9e:27:4e:b2:d9:a4:dc:e9:52:36:c6:94:b0:
                    06:1f:95:97:67:0f:7f:26:12:9d:a0:0f:c8:a4:af:
                    77:57:e8:b0:c6:c5:89:e1:81:db:66:2f:c7:73:7d:
                    7c:fd:48:23:d1:c9:b5:4b:a9:97:22:b4:68:dc:47:
                    3d:3c:76:96:cb:6f:49:8d:3d:73:ee:89:85:8c:06:
                    5e:b9:ed:cf:2c:37:66:f3:5b:34:28:57:2f:d1:c5:
                    f0:eb:eb:02:22:db:15:5d:50:9f:2b:9d:81:71:42:
                    1f:16:63:75:59:53:0d:78:cd:31:7d:90:e2:8c:c1:
                    6c:5d:e0:ba:81:3a:73:a4:4d:9a:75:18:09:9d:2b:
                    d9:ca:99:9e:db:56:d1:89:87:92:7d:e5:fb:28:c9:
                    de:b4:1f:63:f8:fa:5e:da:af:c9:65:61:dd:06:97:
                    c9:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:56:DA:17:98:8A:11:7A:15:F7:8A:26:F9:C5:C1:23:C2:BC:F0:6C
            X509v3 Authority Key Identifier:
                keyid:59:0B:BE:AB:48:84:2A:41:AF:AC:49:21:D1:35:78:38:B6:FE:6C:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WQu-q0iEKkGvrEkh0TV4OLb-bIc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/d7d583-2d4a-4abd-923e-23a58f3d61d7/1/TFbaF5iKEXoV94om-cXBI8K88Gw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/d7d583-2d4a-4abd-923e-23a58f3d61d7/1/WQu-q0iEKkGvrEkh0TV4OLb-bIc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.93.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:05:d8:af:86:df:84:56:50:f7:bc:1e:cc:47:05:49:e0:2b:
         3f:78:c2:b8:8e:16:a1:23:a0:b4:d8:4c:09:61:cd:83:15:67:
         5c:a8:e2:e7:26:a3:d6:86:29:6a:53:2c:a9:7f:a5:d0:53:d4:
         99:06:2a:5f:df:fe:83:9e:8b:14:52:3a:83:58:9c:b0:a4:ef:
         83:69:37:8f:5f:99:28:84:9e:65:a6:80:58:47:83:8a:44:d0:
         09:f6:f1:bc:76:e9:f8:fe:f2:2d:41:48:a7:b3:3c:5b:16:ee:
         23:7a:0d:c6:a3:21:d6:6d:fe:ad:4d:80:7b:3b:3a:90:22:6f:
         3f:a3:ba:e9:0e:75:47:b3:18:ee:cf:2c:b5:90:62:b4:12:4e:
         42:a1:92:59:0b:ed:b0:c2:77:f5:ff:3d:8e:e4:74:e5:a0:1a:
         24:e9:4c:3e:ba:a0:52:2f:8a:92:88:78:db:93:32:69:65:1f:
         89:a7:3e:7e:e2:27:53:79:72:d9:39:d9:58:95:0c:e7:67:b3:
         b8:07:ad:36:34:de:57:4b:08:2c:d0:d4:b9:e2:fd:81:29:a3:
         84:d5:c7:ba:d9:30:26:20:42:a9:b6:75:17:b3:bb:86:50:43:
         7d:1d:56:4e:e9:7d:d0:d4:a3:09:b3:ed:5b:3e:e2:5e:c3:9f:
         89:0a:b8:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpPDZsIr/jguTs3fxQVC4R+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5MGJiZWFiNDg4NDJhNDFhZmFjNDkyMWQxMzU3ODM4YjZm
ZTZjODcwHhcNMjUxMTA0MTMyODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzU2ZGExNzk4OGExMTdhMTVmNzhhMjZmOWM1YzEyM2MyYmNmMDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuiq80VgL+CvINAqEYcfnFnVdv2vT
WDc3sUnAC006IOb+dlmCuBaBJxvDQNoKey28nj2x8GAdPhNcPsvgwbGT6rj2OzZ/
EGcg9lrHM5cNHE4O1QerTpxCr6/xmZ4nTrLZpNzpUjbGlLAGH5WXZw9/JhKdoA/I
pK93V+iwxsWJ4YHbZi/Hc318/Ugj0cm1S6mXIrRo3Ec9PHaWy29JjT1z7omFjAZe
ue3PLDdm81s0KFcv0cXw6+sCItsVXVCfK52BcUIfFmN1WVMNeM0xfZDijMFsXeC6
gTpzpE2adRgJnSvZypme21bRiYeSfeX7KMnetB9j+Ppe2q/JZWHdBpfJUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFExW2heYihF6FfeKJvnFwSPCvPBsMB8GA1UdIwQY
MBaAFFkLvqtIhCpBr6xJIdE1eDi2/myHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1F1LXEwaUVLa0d2ckVraDBUVjRPTGItYkljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9kN2Q1ODMtMmQ0YS00YWJkLTkyM2Ut
MjNhNThmM2Q2MWQ3LzEvVEZiYUY1aUtFWG9WOTRvbS1jWEJJOEs4OEd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9kN2Q1ODMtMmQ0YS00YWJkLTkyM2UtMjNhNThmM2Q2MWQ3
LzEvV1F1LXEwaUVLa0d2ckVraDBUVjRPTGItYkljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw12aMA0G
CSqGSIb3DQEBCwUAA4IBAQCDBdivht+EVlD3vB7MRwVJ4Cs/eMK4jhahI6C02EwJ
Yc2DFWdcqOLnJqPWhilqUyypf6XQU9SZBipf3/6DnosUUjqDWJywpO+DaTePX5ko
hJ5lpoBYR4OKRNAJ9vG8dun4/vItQUinszxbFu4jeg3GoyHWbf6tTYB7OzqQIm8/
o7rpDnVHsxjuzyy1kGK0Ek5CoZJZC+2wwnf1/z2O5HTloBok6Uw+uqBSL4qSiHjb
kzJpZR+Jpz5+4idTeXLZOdlYlQznZ7O4B602NN5XSwgs0NS54v2BKaOE1ce62TAm
IEKptnUXs7uGUEN9HVZO6X3Q1KMJs+1bPuJew5+JCrgc
-----END CERTIFICATE-----