Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/tiTDdv-4V1Gm4AmIPvtlq7Nzux8.roa
File:                     tiTDdv-4V1Gm4AmIPvtlq7Nzux8.roa (raw, json)
Hash identifier:          KNMxdjZJpJveHFk1A0BldLnm3kHO3YSepJ9J0DkOI1U=
Subject key identifier:   B6:24:C3:76:FF:B8:57:51:A6:E0:09:88:3E:FB:65:AB:B3:73:BB:1F
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       01992D90BC6F8FFC75455A6CB78198C5D04D
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/tiTDdv-4V1Gm4AmIPvtlq7Nzux8.roa
Signing time:             Tue 09 Sep 2025 08:21:24 +0000
ROA not before:           Tue 09 Sep 2025 08:21:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31715
IP address blocks:        147.185.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Sep 2025 14:36:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:2d:90:bc:6f:8f:fc:75:45:5a:6c:b7:81:98:c5:d0:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Sep  9 08:21:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b624c376ffb85751a6e009883efb65abb373bb1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:09:a4:78:5f:5e:bd:64:f5:4a:fe:53:31:39:
                    b1:78:79:18:ba:4e:7a:31:df:b5:1a:c7:ab:90:f3:
                    ad:b9:2a:6f:12:0c:30:e3:3b:e8:4c:34:71:3f:5e:
                    aa:f2:0f:a3:f7:2b:75:bc:99:cb:85:f4:fa:34:f4:
                    ab:9f:ab:5f:ca:c7:82:1a:79:70:8e:0d:9f:eb:5a:
                    8c:58:e6:99:88:4b:a6:e0:85:3d:b8:d9:ed:8f:4c:
                    79:7a:2a:9f:79:6e:62:c7:f9:e8:e9:28:3f:e5:77:
                    b9:bf:8b:7d:60:47:cd:5a:22:fb:06:0e:27:ed:3d:
                    d0:e9:a6:15:f9:12:2b:80:b5:8f:b9:68:e9:08:e0:
                    47:53:78:6e:db:bf:16:8c:09:29:62:3d:17:da:1a:
                    4c:96:0f:5b:1f:f5:bd:82:71:80:d6:c5:ac:06:98:
                    b8:78:16:49:10:7e:56:34:20:8b:44:38:6e:cd:ee:
                    04:10:c8:02:ed:e9:eb:a7:48:a8:1f:d7:0f:a0:2c:
                    8d:07:3e:71:72:e0:67:1d:6b:c0:20:9e:70:2a:1a:
                    f6:3d:dc:d8:f8:90:18:64:e1:67:50:b0:e8:69:5a:
                    cb:bf:8a:80:3f:f2:c5:07:38:83:33:4c:6d:8b:73:
                    b7:45:2a:2a:15:f8:68:f7:01:e4:f9:a4:a4:28:a5:
                    21:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:24:C3:76:FF:B8:57:51:A6:E0:09:88:3E:FB:65:AB:B3:73:BB:1F
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/tiTDdv-4V1Gm4AmIPvtlq7Nzux8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.185.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:71:02:43:e9:2f:6d:e3:47:80:77:e1:b2:0e:53:c2:6d:a4:
         43:63:ae:66:e7:4b:79:22:39:30:93:dc:19:ad:66:6e:25:62:
         5c:21:4a:ae:32:6b:3d:4b:ed:72:9f:f5:72:e7:6d:a8:fd:a5:
         35:d0:6e:c1:3a:f3:de:e9:a0:0a:5b:d2:83:42:57:e9:91:bc:
         2e:f2:26:61:28:63:73:5c:46:f7:49:4c:bf:75:08:e0:8c:05:
         6d:b4:5b:a5:fb:d4:06:7a:fb:56:45:ca:fc:f2:a9:65:17:75:
         e4:3b:a3:8c:23:9c:21:6a:ff:c6:b2:a8:6f:ed:95:27:76:15:
         ec:13:92:6a:01:b2:cf:ed:46:6b:3f:cd:21:0a:b1:75:ba:81:
         e3:22:72:19:4d:dd:aa:e4:7d:71:85:c0:86:d9:66:c5:51:d2:
         c2:cd:eb:f0:e4:3b:0e:f9:08:c6:8d:f0:c8:ae:43:3f:19:00:
         5a:03:b8:48:5d:2e:51:a8:df:86:e0:ad:11:75:04:40:2d:70:
         fc:b8:96:f8:ab:72:44:1a:da:59:31:70:f3:a4:76:1e:bc:74:
         87:29:54:d9:b7:fa:37:25:bd:fd:79:12:b9:fd:28:0a:79:c9:
         de:0f:e2:ce:f8:0b:7e:80:17:4e:fd:1e:21:cb:b4:bc:dd:b8:
         e9:e2:bb:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZktkLxvj/x1RVpst4GYxdBNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjUwOTA5MDgyMTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjI0YzM3NmZmYjg1NzUxYTZlMDA5ODgzZWZiNjVhYmIzNzNiYjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwmkeF9evWT1Sv5TMTmxeHkYuk56
Md+1GserkPOtuSpvEgww4zvoTDRxP16q8g+j9yt1vJnLhfT6NPSrn6tfyseCGnlw
jg2f61qMWOaZiEum4IU9uNntj0x5eiqfeW5ix/no6Sg/5Xe5v4t9YEfNWiL7Bg4n
7T3Q6aYV+RIrgLWPuWjpCOBHU3hu278WjAkpYj0X2hpMlg9bH/W9gnGA1sWsBpi4
eBZJEH5WNCCLRDhuze4EEMgC7enrp0ioH9cPoCyNBz5xcuBnHWvAIJ5wKhr2PdzY
+JAYZOFnULDoaVrLv4qAP/LFBziDM0xti3O3RSoqFfho9wHk+aSkKKUhZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLYkw3b/uFdRpuAJiD77Zauzc7sfMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvdGlURGR2LTRWMUdtNEFtSVB2dGxxN056dXg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk7nEMA0G
CSqGSIb3DQEBCwUAA4IBAQADcQJD6S9t40eAd+GyDlPCbaRDY65m50t5Ijkwk9wZ
rWZuJWJcIUquMms9S+1yn/Vy522o/aU10G7BOvPe6aAKW9KDQlfpkbwu8iZhKGNz
XEb3SUy/dQjgjAVttFul+9QGevtWRcr88qllF3XkO6OMI5whav/Gsqhv7ZUndhXs
E5JqAbLP7UZrP80hCrF1uoHjInIZTd2q5H1xhcCG2WbFUdLCzevw5DsO+QjGjfDI
rkM/GQBaA7hIXS5RqN+G4K0RdQRALXD8uJb4q3JEGtpZMXDzpHYevHSHKVTZt/o3
Jb39eRK5/SgKecneD+LO+At+gBdO/R4hy7S83bjp4rtO
-----END CERTIFICATE-----