Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/TAbKgUyv1M2o14k63ItFm954szQ.roa
File:                     TAbKgUyv1M2o14k63ItFm954szQ.roa (raw, json)
Hash identifier:          0s5M02Od9+2ZIHBPyatRe7MUX/RFakfKEZMoY/+NOmo=
Subject key identifier:   4C:06:CA:81:4C:AF:D4:CD:A8:D7:89:3A:DC:8B:45:9B:DE:78:B3:34
Certificate issuer:       /CN=1a4dc22595fc1f588fbc4dde07c1c394998f33a7
Certificate serial:       01987FDFA489ACC2324A698A9EF533A21ED4
Authority key identifier: 1A:4D:C2:25:95:FC:1F:58:8F:BC:4D:DE:07:C1:C3:94:99:8F:33:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/TAbKgUyv1M2o14k63ItFm954szQ.roa
Signing time:             Wed 06 Aug 2025 14:53:39 +0000
ROA not before:           Wed 06 Aug 2025 14:53:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28753
IP address blocks:        5.61.32.0/20 maxlen: 20
                          37.1.192.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Aug 2025 05:02:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7f:df:a4:89:ac:c2:32:4a:69:8a:9e:f5:33:a2:1e:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a4dc22595fc1f588fbc4dde07c1c394998f33a7
        Validity
            Not Before: Aug  6 14:53:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c06ca814cafd4cda8d7893adc8b459bde78b334
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:df:dc:16:d8:da:e0:68:7e:dd:e0:2a:76:88:
                    15:cf:ca:f0:e2:41:8a:cf:ac:06:51:25:88:b2:62:
                    65:0d:8a:6c:96:91:eb:b7:ec:2d:43:24:dc:16:a0:
                    3f:d7:80:4e:9a:6b:e5:7a:10:d4:b8:6e:9b:cc:c0:
                    e5:d7:f9:74:4c:db:ab:95:9a:d3:30:ed:96:6b:59:
                    1b:2f:cd:76:9a:e5:46:67:a1:63:05:c2:01:01:a6:
                    86:b7:3f:67:a1:54:ea:56:a5:1e:21:92:b6:46:25:
                    9b:44:4e:f7:4f:1b:8f:41:cc:69:d9:f9:b1:99:4e:
                    08:cf:85:5d:e8:bc:a0:0e:fa:24:19:55:3c:bc:e2:
                    f7:a4:ec:c8:4b:21:34:f1:df:d0:f5:20:fb:ed:f7:
                    73:15:b4:89:ee:55:2c:9a:4e:01:ea:20:98:f2:fb:
                    ce:f8:3b:cb:96:69:35:45:88:98:98:fb:09:2a:ab:
                    4f:aa:de:8f:fe:ce:e7:f1:8e:80:25:9b:a2:ec:c0:
                    d9:6a:61:6e:ce:83:75:3b:f6:5d:23:b0:38:fd:0d:
                    69:d4:9f:bf:6e:0e:30:05:2d:f9:38:96:5b:d1:4d:
                    e9:3f:8e:a1:6e:d1:6b:8b:a1:6e:bc:6f:97:72:06:
                    f3:d3:07:1a:eb:0c:53:dd:82:50:40:e7:97:5f:1b:
                    09:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:06:CA:81:4C:AF:D4:CD:A8:D7:89:3A:DC:8B:45:9B:DE:78:B3:34
            X509v3 Authority Key Identifier:
                keyid:1A:4D:C2:25:95:FC:1F:58:8F:BC:4D:DE:07:C1:C3:94:99:8F:33:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/TAbKgUyv1M2o14k63ItFm954szQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.61.32.0/20
                  37.1.192.0/21

    Signature Algorithm: sha256WithRSAEncryption
         05:06:95:5b:8d:78:f3:27:8a:c0:d3:d2:47:d0:0a:3c:5c:41:
         af:25:7e:3a:9f:14:9a:8c:57:2f:d9:9e:3f:7a:8f:9a:b9:c2:
         7a:6d:02:c2:63:7c:e7:96:48:f9:13:2a:22:71:40:f3:b7:50:
         f2:01:0f:a1:0c:75:a3:a2:2e:bd:06:e0:88:94:4e:57:ea:3a:
         dd:bb:e2:65:02:93:28:1b:4f:2a:85:7d:ce:d3:88:44:cc:bc:
         75:a2:1a:ab:c6:41:dc:41:02:2e:1a:a3:a9:42:7c:9f:5d:fd:
         45:a7:45:69:dd:16:6d:ff:16:7e:d1:63:ca:bb:b6:b9:31:50:
         17:bc:e3:9f:83:b4:49:31:25:81:ff:48:18:f2:eb:4a:83:6f:
         72:c1:a4:58:88:c3:ec:29:c5:dd:09:35:0e:6a:ad:f4:4e:54:
         5d:d8:2b:18:1b:09:14:97:61:ed:1d:a5:1e:c1:75:f8:11:6a:
         ce:48:0c:cf:74:82:7e:5f:1f:0d:97:32:23:5a:89:d5:cc:e4:
         f6:24:4e:e8:60:4c:75:96:f5:0d:1b:a9:26:f6:41:8f:fc:c1:
         c9:45:45:07:7c:0f:3f:0e:77:bf:71:54:9f:72:6f:6b:a9:61:
         4b:2d:fc:dd:dd:77:8b:27:85:c9:33:05:0d:e2:84:39:12:3c:
         a8:97:69:4a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZh/36SJrMIySmmKnvUzoh7UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNGRjMjI1OTVmYzFmNTg4ZmJjNGRkZTA3YzFjMzk0OTk4
ZjMzYTcwHhcNMjUwODA2MTQ1MzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzA2Y2E4MTRjYWZkNGNkYThkNzg5M2FkYzhiNDU5YmRlNzhiMzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1N/cFtja4Gh+3eAqdogVz8rw4kGK
z6wGUSWIsmJlDYpslpHrt+wtQyTcFqA/14BOmmvlehDUuG6bzMDl1/l0TNurlZrT
MO2Wa1kbL812muVGZ6FjBcIBAaaGtz9noVTqVqUeIZK2RiWbRE73TxuPQcxp2fmx
mU4Iz4Vd6LygDvokGVU8vOL3pOzISyE08d/Q9SD77fdzFbSJ7lUsmk4B6iCY8vvO
+DvLlmk1RYiYmPsJKqtPqt6P/s7n8Y6AJZui7MDZamFuzoN1O/ZdI7A4/Q1p1J+/
bg4wBS35OJZb0U3pP46hbtFri6FuvG+Xcgbz0wca6wxT3YJQQOeXXxsJywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEwGyoFMr9TNqNeJOtyLRZveeLM0MB8GA1UdIwQY
MBaAFBpNwiWV/B9Yj7xN3gfBw5SZjzOnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2szQ0paWDhIMWlQdkUzZUI4SERsSm1QTTZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8wZjEyZjItOGEyYi00MzQ2LWI2YjYt
MmI3OGIxOWI1YTg3LzEvVEFiS2dVeXYxTTJvMTRrNjNJdEZtOTU0c3pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8wZjEyZjItOGEyYi00MzQ2LWI2YjYtMmI3OGIxOWI1YTg3
LzEvR2szQ0paWDhIMWlQdkUzZUI4SERsSm1QTTZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEBT0gAwQD
JQHAMA0GCSqGSIb3DQEBCwUAA4IBAQAFBpVbjXjzJ4rA09JH0Ao8XEGvJX46nxSa
jFcv2Z4/eo+aucJ6bQLCY3znlkj5EyoicUDzt1DyAQ+hDHWjoi69BuCIlE5X6jrd
u+JlApMoG08qhX3O04hEzLx1ohqrxkHcQQIuGqOpQnyfXf1Fp0Vp3RZt/xZ+0WPK
u7a5MVAXvOOfg7RJMSWB/0gY8utKg29ywaRYiMPsKcXdCTUOaq30TlRd2CsYGwkU
l2HtHaUewXX4EWrOSAzPdIJ+Xx8NlzIjWonVzOT2JE7oYEx1lvUNG6km9kGP/MHJ
RUUHfA8/Dne/cVSfcm9rqWFLLfzd3XeLJ4XJMwUN4oQ5Ejyol2lK
-----END CERTIFICATE-----