Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/tG4g1BdAZXJJCRqpp4-iIfhPS7A.roa
File:                     tG4g1BdAZXJJCRqpp4-iIfhPS7A.roa (raw, json)
Hash identifier:          RhUg/lFrjd8svZKGKHUf8jyRLBa2ufNJJnf5L1QU7V8=
Subject key identifier:   B4:6E:20:D4:17:40:65:72:49:09:1A:A9:A7:8F:A2:21:F8:4F:4B:B0
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       0197125C6710FF680AD0438102F280770C5E
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/tG4g1BdAZXJJCRqpp4-iIfhPS7A.roa
Signing time:             Tue 27 May 2025 15:28:54 +0000
ROA not before:           Tue 27 May 2025 15:28:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25198
IP address blocks:        195.211.190.0/24 maxlen: 24
                          2a01:7120:6::/48 maxlen: 48
                          2a01:7120:7::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:12:5c:67:10:ff:68:0a:d0:43:81:02:f2:80:77:0c:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: May 27 15:28:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b46e20d41740657249091aa9a78fa221f84f4bb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:a2:aa:be:b8:85:ea:19:1a:6f:df:df:62:35:
                    de:3c:92:f5:76:a1:ce:f9:ec:80:60:6f:79:fa:99:
                    6d:98:42:aa:d6:b3:90:e5:48:4d:8a:3d:95:64:ec:
                    10:89:b7:46:5b:b8:01:a4:1c:86:3c:ec:ad:42:68:
                    2f:f1:13:9a:5c:41:ad:f1:67:db:0d:a8:e6:4d:27:
                    0e:90:e3:fe:21:e5:01:38:9d:55:32:8b:c0:31:5c:
                    1e:a9:6d:a6:7b:6b:aa:00:49:5d:1e:07:bd:54:b4:
                    e7:a0:ad:dd:1a:ae:d2:d5:a0:01:ba:42:46:5c:8c:
                    19:46:9d:d0:3b:a6:f1:63:26:9e:f4:8a:fa:cd:5f:
                    62:a0:a7:d6:10:d1:33:00:03:f7:59:64:52:b6:0c:
                    10:ab:89:2d:f8:d9:24:42:e1:64:f9:04:50:a6:37:
                    3f:5d:2a:1a:5e:fb:16:1d:80:5d:d3:39:8c:e0:f9:
                    a5:13:2d:25:cc:04:73:2b:c6:28:f0:89:ca:45:7a:
                    36:4b:83:bd:e5:dc:e4:d3:02:68:5f:a9:dc:48:87:
                    69:0f:40:31:50:cd:b1:b8:8c:de:15:17:22:9d:33:
                    75:49:1d:0e:ce:82:99:e5:27:6d:84:8e:96:c2:86:
                    44:bd:f7:f3:1e:cd:21:de:e4:31:0d:a3:05:01:0b:
                    0d:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:6E:20:D4:17:40:65:72:49:09:1A:A9:A7:8F:A2:21:F8:4F:4B:B0
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/tG4g1BdAZXJJCRqpp4-iIfhPS7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.211.190.0/24
                IPv6:
                  2a01:7120:6::/47

    Signature Algorithm: sha256WithRSAEncryption
         4e:b5:49:9d:9d:8b:67:54:a5:ac:71:79:d2:b9:73:02:a3:f2:
         46:0e:a4:16:8b:68:5f:95:fb:95:53:98:08:3e:a5:dc:3f:1f:
         08:b7:8f:85:96:7e:9b:99:05:4f:c4:cc:a9:06:7e:3a:4e:be:
         3f:6e:67:f3:a3:2e:69:4d:24:3e:aa:4f:0c:64:b0:b4:f3:21:
         46:d6:d8:55:49:45:10:87:89:9e:d7:18:43:bc:27:3f:cb:46:
         26:b4:28:19:aa:b7:e0:83:42:c6:36:df:66:b0:f5:96:7c:7d:
         60:b4:27:f2:f5:39:56:b6:ac:d6:6d:7d:59:62:2f:e7:4d:03:
         c3:02:fc:99:d4:f9:96:a9:d5:42:28:9d:57:b3:e4:c6:e4:61:
         e9:01:58:37:12:ee:2d:74:ff:2f:5a:9b:95:89:5a:3b:81:fd:
         22:fa:f9:1e:c2:0b:30:da:8e:4d:82:ed:38:e4:e3:53:e4:06:
         33:4c:74:53:95:28:b0:c9:22:9a:6e:43:0f:2f:42:94:66:ca:
         6d:df:e5:10:ca:c7:d8:5e:3d:07:e3:eb:4e:cc:58:21:e8:33:
         a5:cb:19:5a:d8:31:b1:bb:8b:85:5a:b9:2a:1b:33:b0:97:9d:
         5a:40:00:bd:be:ea:60:a4:44:0f:55:20:91:06:ff:5b:4b:18:
         fe:99:eb:10
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZcSXGcQ/2gK0EOBAvKAdwxeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwNTI3MTUyODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDZlMjBkNDE3NDA2NTcyNDkwOTFhYTlhNzhmYTIyMWY4NGY0YmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKKqvriF6hkab9/fYjXePJL1dqHO
+eyAYG95+pltmEKq1rOQ5UhNij2VZOwQibdGW7gBpByGPOytQmgv8ROaXEGt8Wfb
DajmTScOkOP+IeUBOJ1VMovAMVweqW2me2uqAEldHge9VLTnoK3dGq7S1aABukJG
XIwZRp3QO6bxYyae9Ir6zV9ioKfWENEzAAP3WWRStgwQq4kt+NkkQuFk+QRQpjc/
XSoaXvsWHYBd0zmM4PmlEy0lzARzK8Yo8InKRXo2S4O95dzk0wJoX6ncSIdpD0Ax
UM2xuIzeFRcinTN1SR0OzoKZ5SdthI6WwoZEvffzHs0h3uQxDaMFAQsNeQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLRuINQXQGVySQkaqaePoiH4T0uwMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvdEc0ZzFCZEFaWEpKQ1JxcHA0LWlJZmhQUzdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAw9O+MA8E
AgACMAkDBwEqAXEgAAYwDQYJKoZIhvcNAQELBQADggEBAE61SZ2di2dUpaxxedK5
cwKj8kYOpBaLaF+V+5VTmAg+pdw/Hwi3j4WWfpuZBU/EzKkGfjpOvj9uZ/OjLmlN
JD6qTwxksLTzIUbW2FVJRRCHiZ7XGEO8Jz/LRia0KBmqt+CDQsY232aw9ZZ8fWC0
J/L1OVa2rNZtfVliL+dNA8MC/JnU+Zap1UIonVez5MbkYekBWDcS7i10/y9am5WJ
WjuB/SL6+R7CCzDajk2C7Tjk41PkBjNMdFOVKLDJIppuQw8vQpRmym3f5RDKx9he
PQfj607MWCHoM6XLGVrYMbG7i4VauSobM7CXnVpAAL2+6mCkRA9VIJEG/1tLGP6Z
6xA=
-----END CERTIFICATE-----