Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tM10Pkad9yq5Hsv-cfqn34_LFRc.roa
File:                     tM10Pkad9yq5Hsv-cfqn34_LFRc.roa (raw, json)
Hash identifier:          c2YwqEFmRVt/GP93CPEiCCw94qEe+FsD0C6QrcTdxKg=
Subject key identifier:   B4:CD:74:3E:46:9D:F7:2A:B9:1E:CB:FE:71:FA:A7:DF:8F:CB:15:17
Certificate issuer:       /CN=b6f3db35659133315d2fcf93058dce350a4cb17a
Certificate serial:       0198984C7B681BEDD1B6D30469C4274E2A84
Authority key identifier: B6:F3:DB:35:65:91:33:31:5D:2F:CF:93:05:8D:CE:35:0A:4C:B1:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tM10Pkad9yq5Hsv-cfqn34_LFRc.roa
Signing time:             Mon 11 Aug 2025 08:43:25 +0000
ROA not before:           Mon 11 Aug 2025 08:43:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57519
IP address blocks:        194.44.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Aug 2025 02:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:98:4c:7b:68:1b:ed:d1:b6:d3:04:69:c4:27:4e:2a:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6f3db35659133315d2fcf93058dce350a4cb17a
        Validity
            Not Before: Aug 11 08:43:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4cd743e469df72ab91ecbfe71faa7df8fcb1517
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:bc:e0:67:00:0a:d3:4b:fa:a8:86:94:b9:a3:
                    8d:b1:b8:d3:c6:ad:e1:8c:41:ec:34:34:c2:c3:81:
                    49:23:45:47:54:c7:cf:3c:33:7e:ac:f7:98:21:58:
                    a3:08:9f:c8:be:71:6d:0a:10:c6:60:0e:34:38:95:
                    6d:ac:e1:c9:1d:a7:5d:0e:49:be:05:5d:da:ee:02:
                    cb:fb:e3:2b:d3:46:51:1e:5f:38:76:90:b7:5f:d6:
                    cc:c3:38:3b:68:68:7a:01:e7:ec:08:66:7a:8a:0a:
                    e4:72:f2:4b:7c:2b:b5:3d:f1:15:70:e5:e3:bd:bc:
                    2e:d5:06:09:4f:26:76:35:1c:3d:01:a7:dc:8d:93:
                    31:44:50:ae:10:17:c4:75:7e:0b:87:f7:cc:9f:32:
                    c9:c8:5d:79:fc:86:e4:fd:26:98:98:6c:f8:f1:26:
                    26:79:07:f8:43:6c:db:62:da:70:d5:11:02:8d:13:
                    16:0f:44:41:bd:a8:48:cc:fd:22:13:8c:97:c4:f0:
                    da:a5:89:49:91:6a:43:df:c0:49:b7:0c:a5:50:1f:
                    d5:0e:c7:e8:e1:bd:e8:ee:d4:3f:57:f9:02:29:63:
                    2d:9d:87:0a:78:f9:aa:3b:a8:03:6a:8e:4d:e1:36:
                    65:9f:25:f7:19:61:cc:13:35:d3:1b:e8:51:6e:e9:
                    7c:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:CD:74:3E:46:9D:F7:2A:B9:1E:CB:FE:71:FA:A7:DF:8F:CB:15:17
            X509v3 Authority Key Identifier:
                keyid:B6:F3:DB:35:65:91:33:31:5D:2F:CF:93:05:8D:CE:35:0A:4C:B1:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tM10Pkad9yq5Hsv-cfqn34_LFRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.44.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:68:47:21:3d:f0:52:24:80:01:b2:4e:64:31:23:47:b4:36:
         8f:46:f5:88:56:55:ac:41:7c:c1:ad:9e:42:b8:79:17:8f:f0:
         24:24:5d:b3:c0:e9:ea:e7:e7:d2:f4:aa:01:87:be:2a:4c:11:
         a8:51:6c:ba:4b:a6:fc:dd:4c:74:3b:7a:6c:3b:dc:94:9b:1f:
         5d:ea:df:5b:28:a1:d5:50:70:18:b0:d0:a4:dc:a6:a5:b9:16:
         3a:56:18:06:5a:2e:7e:d0:96:6f:d6:c0:a7:24:49:da:a6:c2:
         41:77:f1:bd:de:dd:4f:fb:fa:e7:db:5a:2f:ca:4b:48:98:9d:
         64:d0:20:d1:cb:9f:85:ff:f1:d4:2e:bf:ff:a9:e2:77:44:19:
         2a:62:14:b3:f2:8b:88:8b:de:ce:01:66:a8:74:93:30:cf:b5:
         7a:95:aa:9b:f0:f8:63:84:bd:23:be:d5:da:94:e3:30:08:73:
         3f:e5:9d:32:b4:77:9d:a6:d9:03:8c:2d:5d:6a:a7:a0:95:dd:
         46:d1:ab:05:f2:a4:3b:a3:a6:ec:3f:46:49:c6:85:28:0a:ee:
         ca:05:0a:ca:3c:63:9d:6e:ae:49:3e:86:dd:b7:77:79:b5:c8:
         ac:05:79:6f:50:85:70:1a:77:f5:2e:77:69:12:d4:ab:9f:e2:
         1b:ea:64:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiYTHtoG+3RttMEacQnTiqEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2ZjNkYjM1NjU5MTMzMzE1ZDJmY2Y5MzA1OGRjZTM1MGE0
Y2IxN2EwHhcNMjUwODExMDg0MzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGNkNzQzZTQ2OWRmNzJhYjkxZWNiZmU3MWZhYTdkZjhmY2IxNTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrzgZwAK00v6qIaUuaONsbjTxq3h
jEHsNDTCw4FJI0VHVMfPPDN+rPeYIVijCJ/IvnFtChDGYA40OJVtrOHJHaddDkm+
BV3a7gLL++Mr00ZRHl84dpC3X9bMwzg7aGh6AefsCGZ6igrkcvJLfCu1PfEVcOXj
vbwu1QYJTyZ2NRw9AafcjZMxRFCuEBfEdX4Lh/fMnzLJyF15/Ibk/SaYmGz48SYm
eQf4Q2zbYtpw1RECjRMWD0RBvahIzP0iE4yXxPDapYlJkWpD38BJtwylUB/VDsfo
4b3o7tQ/V/kCKWMtnYcKePmqO6gDao5N4TZlnyX3GWHMEzXTG+hRbul8bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLTNdD5GnfcquR7L/nH6p9+PyxUXMB8GA1UdIwQY
MBaAFLbz2zVlkTMxXS/PkwWNzjUKTLF6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHZQYk5XV1JNekZkTDgtVEJZM09OUXBNc1hvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MGJmZmUtYjRmMy00NDllLTgxZWQt
NTQ5ZWU2ZDMwZmI2LzEvdE0xMFBrYWQ5eXE1SHN2LWNmcW4zNF9MRlJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MGJmZmUtYjRmMy00NDllLTgxZWQtNTQ5ZWU2ZDMwZmI2
LzEvdHZQYk5XV1JNekZkTDgtVEJZM09OUXBNc1hvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwixlMA0G
CSqGSIb3DQEBCwUAA4IBAQBXaEchPfBSJIABsk5kMSNHtDaPRvWIVlWsQXzBrZ5C
uHkXj/AkJF2zwOnq5+fS9KoBh74qTBGoUWy6S6b83Ux0O3psO9yUmx9d6t9bKKHV
UHAYsNCk3KaluRY6VhgGWi5+0JZv1sCnJEnapsJBd/G93t1P+/rn21ovyktImJ1k
0CDRy5+F//HULr//qeJ3RBkqYhSz8ouIi97OAWaodJMwz7V6laqb8PhjhL0jvtXa
lOMwCHM/5Z0ytHedptkDjC1daqegld1G0asF8qQ7o6bsP0ZJxoUoCu7KBQrKPGOd
bq5JPobdt3d5tcisBXlvUIVwGnf1LndpEtSrn+Ib6mRJ
-----END CERTIFICATE-----