Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/I6X1ECNGJXSxa2VCPP9AOf4hG_g.roa
File:                     I6X1ECNGJXSxa2VCPP9AOf4hG_g.roa (raw, json)
Hash identifier:          3NuVXHHyzJsCtQdW4ARp1TTbJ49yR8rCB0qLCR3jRyo=
Subject key identifier:   23:A5:F5:10:23:46:25:74:B1:6B:65:42:3C:FF:40:39:FE:21:1B:F8
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01995396805780EE56CB7102783FE73EC6D2
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/I6X1ECNGJXSxa2VCPP9AOf4hG_g.roa
Signing time:             Tue 16 Sep 2025 17:33:16 +0000
ROA not before:           Tue 16 Sep 2025 17:33:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53388
IP address blocks:        146.19.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 05:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:53:96:80:57:80:ee:56:cb:71:02:78:3f:e7:3e:c6:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Sep 16 17:33:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23a5f51023462574b16b65423cff4039fe211bf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e1:b5:2c:83:fd:b9:2d:32:58:8d:02:82:77:
                    eb:8b:df:de:68:e5:70:44:b4:03:09:69:3a:e7:c4:
                    7a:1a:95:7f:16:ce:8e:e6:74:c6:9d:ae:8a:cb:e5:
                    19:b9:fb:3a:a9:8b:3c:da:1d:e4:71:10:97:b2:5c:
                    93:cd:77:94:fb:0f:5a:ae:27:fa:5b:79:4e:0e:e1:
                    2d:99:91:f4:a5:5d:f5:ee:0f:3e:55:1c:f2:1f:eb:
                    54:e5:7f:04:c5:40:bf:dc:34:b2:a4:46:26:f9:71:
                    56:8d:37:c0:a7:b3:8d:0d:e8:f3:da:f8:0c:cb:6b:
                    b4:d0:85:ec:72:a9:4b:6d:b1:9d:20:3f:5e:b4:06:
                    7c:23:27:da:fa:46:d4:94:a4:88:36:29:dd:47:5c:
                    83:99:20:68:64:fb:5c:70:ff:75:ea:dd:bc:fa:e7:
                    2e:62:16:11:9d:65:d2:0e:16:c1:62:bd:f2:ec:32:
                    7d:10:5c:a6:a4:17:81:02:a4:5d:fb:2e:a6:e1:ca:
                    18:19:d1:91:00:69:1c:6a:68:4b:ce:9f:32:cc:97:
                    9c:92:5f:95:57:55:58:d3:ba:8f:a6:cd:86:52:7a:
                    b4:65:8a:b1:d3:fb:81:b0:af:95:4d:ed:7e:5d:9c:
                    27:52:9e:98:ae:aa:6b:16:85:05:12:26:bb:fa:1e:
                    a5:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:A5:F5:10:23:46:25:74:B1:6B:65:42:3C:FF:40:39:FE:21:1B:F8
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/I6X1ECNGJXSxa2VCPP9AOf4hG_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:87:a4:25:54:a5:30:cc:35:88:36:70:c0:68:d3:91:98:de:
         59:f5:8f:94:f5:51:c8:ad:70:b7:ff:51:e9:8c:86:d3:25:3c:
         72:f6:3f:50:ab:53:91:b0:ce:cb:c4:df:67:90:a7:2d:35:1e:
         59:9a:8c:4b:1a:1a:38:b6:2e:23:ef:da:c1:c9:42:d0:7c:c3:
         d8:7e:c3:15:b4:5a:7e:a6:1d:66:43:d1:72:38:e1:bf:20:17:
         eb:88:ca:71:a1:70:c4:80:cf:99:39:35:9d:69:d1:eb:78:ff:
         ba:54:8a:f3:ea:46:7b:2f:3d:6f:ad:8f:11:16:ac:37:aa:8d:
         ca:53:b7:52:92:c4:0b:41:c0:be:80:5a:61:da:2c:33:ec:f7:
         3a:e3:29:bd:36:ba:53:a9:1e:b6:f0:d9:8b:b2:15:bc:19:d3:
         88:0e:8e:1f:22:1a:b4:a1:9a:51:24:c6:8b:1b:9e:74:88:dc:
         cc:be:85:31:d4:5c:1b:f8:3c:cd:af:aa:4f:c6:40:84:c2:b8:
         a1:a7:19:78:27:23:f6:1a:89:7c:f4:7a:43:31:6f:bc:2f:86:
         87:e1:00:cc:99:7e:cf:0f:0b:fb:ae:c6:c5:8b:05:e2:e3:a0:
         28:2f:4f:02:c4:5e:9a:ad:16:53:3c:1e:36:10:5d:22:a8:62:
         80:f7:6f:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlTloBXgO5Wy3ECeD/nPsbSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwOTE2MTczMzE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2E1ZjUxMDIzNDYyNTc0YjE2YjY1NDIzY2ZmNDAzOWZlMjExYmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOG1LIP9uS0yWI0Cgnfri9/eaOVw
RLQDCWk658R6GpV/Fs6O5nTGna6Ky+UZufs6qYs82h3kcRCXslyTzXeU+w9arif6
W3lODuEtmZH0pV317g8+VRzyH+tU5X8ExUC/3DSypEYm+XFWjTfAp7ONDejz2vgM
y2u00IXscqlLbbGdID9etAZ8Iyfa+kbUlKSINindR1yDmSBoZPtccP916t28+ucu
YhYRnWXSDhbBYr3y7DJ9EFympBeBAqRd+y6m4coYGdGRAGkcamhLzp8yzJeckl+V
V1VY07qPps2GUnq0ZYqx0/uBsK+VTe1+XZwnUp6YrqprFoUFEia7+h6lLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCOl9RAjRiV0sWtlQjz/QDn+IRv4MB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvSTZYMUVDTkdKWFN4YTJWQ1BQOUFPZjRoR19nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhMVMA0G
CSqGSIb3DQEBCwUAA4IBAQAZh6QlVKUwzDWINnDAaNORmN5Z9Y+U9VHIrXC3/1Hp
jIbTJTxy9j9Qq1ORsM7LxN9nkKctNR5ZmoxLGho4ti4j79rByULQfMPYfsMVtFp+
ph1mQ9FyOOG/IBfriMpxoXDEgM+ZOTWdadHreP+6VIrz6kZ7Lz1vrY8RFqw3qo3K
U7dSksQLQcC+gFph2iwz7Pc64ym9NrpTqR628NmLshW8GdOIDo4fIhq0oZpRJMaL
G550iNzMvoUx1Fwb+DzNr6pPxkCEwrihpxl4JyP2Gol89HpDMW+8L4aH4QDMmX7P
Dwv7rsbFiwXi46AoL08CxF6arRZTPB42EF0iqGKA929D
-----END CERTIFICATE-----