Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/5dc195-0d99-483e-b449-ce227042dda2/1/thxqmd-4993wIDVkeKo6YjJwVCI.roa
File:                     thxqmd-4993wIDVkeKo6YjJwVCI.roa (raw, json)
Hash identifier:          JrvwHVFBcBXJuk+VrcpY4TJjyv1IyLed5UMTTe97Myk=
Subject key identifier:   B6:1C:6A:99:DF:B8:F7:DD:F0:20:35:64:78:AA:3A:62:32:70:54:22
Certificate issuer:       /CN=5bbd481841154bcefcaca7b3045c0bef4a734db2
Certificate serial:       0198E52F1A3F0F18F14349BC05DF8B7B3CE0
Authority key identifier: 5B:BD:48:18:41:15:4B:CE:FC:AC:A7:B3:04:5C:0B:EF:4A:73:4D:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W71IGEEVS878rKezBFwL70pzTbI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/5dc195-0d99-483e-b449-ce227042dda2/1/thxqmd-4993wIDVkeKo6YjJwVCI.roa
Signing time:             Tue 26 Aug 2025 07:02:06 +0000
ROA not before:           Tue 26 Aug 2025 07:02:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213940
IP address blocks:        64.39.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/5dc195-0d99-483e-b449-ce227042dda2/1/W71IGEEVS878rKezBFwL70pzTbI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/5dc195-0d99-483e-b449-ce227042dda2/1/W71IGEEVS878rKezBFwL70pzTbI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W71IGEEVS878rKezBFwL70pzTbI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 01:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e5:2f:1a:3f:0f:18:f1:43:49:bc:05:df:8b:7b:3c:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5bbd481841154bcefcaca7b3045c0bef4a734db2
        Validity
            Not Before: Aug 26 07:02:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b61c6a99dfb8f7ddf020356478aa3a6232705422
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:ac:d4:66:2f:b7:f9:e6:d0:65:76:56:b2:4c:
                    e5:6b:48:20:e8:44:34:c0:4c:01:ee:20:bb:ab:ad:
                    bb:b6:da:b7:7a:f4:e9:f8:4c:34:29:6c:91:17:9e:
                    4c:6f:44:bd:92:24:92:69:78:59:90:4f:a2:1f:3c:
                    ad:41:c8:eb:b8:93:c8:bb:63:7b:fd:64:5d:5c:06:
                    13:45:de:58:3e:e3:a5:14:b8:4e:b1:88:6c:b0:f9:
                    d9:99:9f:62:a0:6b:d1:1e:06:7e:3d:31:c0:f0:4c:
                    5f:e1:33:7d:4d:06:b0:09:ab:ed:65:c1:a2:69:b0:
                    ec:a0:ef:ec:99:05:c4:96:d0:fc:e7:64:9d:9a:db:
                    8c:9e:70:17:f0:44:67:88:5b:2a:63:b0:bc:4c:3e:
                    97:69:d9:9f:78:fe:be:63:89:40:e6:9c:7c:ba:61:
                    41:6f:2c:96:e0:2c:df:27:b0:80:1f:fa:35:ed:5b:
                    64:1d:8e:82:c2:3f:38:8d:5b:cf:13:4a:7e:75:57:
                    30:23:a4:cd:ba:a4:f4:4c:1d:84:27:51:63:5d:06:
                    e9:f8:fd:ed:02:7b:60:10:5a:9c:af:49:d8:08:c7:
                    aa:08:39:e2:b0:4a:1e:6c:58:f3:ec:fd:a2:cb:1a:
                    91:e5:7c:51:2f:1f:08:b5:fb:59:cb:a3:a7:f4:a7:
                    c1:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:1C:6A:99:DF:B8:F7:DD:F0:20:35:64:78:AA:3A:62:32:70:54:22
            X509v3 Authority Key Identifier:
                keyid:5B:BD:48:18:41:15:4B:CE:FC:AC:A7:B3:04:5C:0B:EF:4A:73:4D:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W71IGEEVS878rKezBFwL70pzTbI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/5dc195-0d99-483e-b449-ce227042dda2/1/thxqmd-4993wIDVkeKo6YjJwVCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/5dc195-0d99-483e-b449-ce227042dda2/1/W71IGEEVS878rKezBFwL70pzTbI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.39.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:56:be:ce:3c:5b:98:f3:56:91:b3:3c:cc:5e:2e:d5:9f:06:
         47:81:41:93:f4:93:9a:20:45:f2:f4:3e:f1:1b:26:be:c4:51:
         8e:c7:f5:8f:75:c3:74:bc:ba:0f:ef:6e:c1:b6:db:33:98:c2:
         e1:78:04:ee:1c:a1:ce:eb:1d:4e:d3:3a:14:b1:ac:ad:61:d6:
         d6:95:5d:8b:26:a1:ec:30:27:db:87:2a:4b:80:4c:61:cb:e0:
         ef:b8:21:c0:01:8d:54:c7:f1:0f:fc:4e:a4:30:98:a8:c5:eb:
         c0:6f:91:13:ec:01:9b:cc:0d:f5:60:d5:a1:f2:c4:88:af:51:
         f0:93:24:9a:f5:06:9d:9a:b7:f9:7a:53:52:69:ae:0e:35:8c:
         6f:fd:79:15:37:67:a8:f8:79:67:bb:1a:d9:c6:99:c3:f3:13:
         39:2f:12:53:c5:7c:14:8b:ca:ec:d1:c4:a1:9c:c0:ff:9b:4a:
         1f:9a:ef:35:06:6d:d3:ff:ff:c9:15:9b:00:1f:5c:bf:48:55:
         91:9f:2b:c6:52:28:08:99:0c:9d:9e:8a:8a:a0:ba:8e:4a:04:
         23:ca:51:ba:15:42:83:b6:17:3f:42:cd:09:de:d8:82:6b:58:
         4b:26:47:63:97:f1:f7:ab:9b:3d:ab:27:2e:c6:33:85:13:fe:
         00:72:90:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjlLxo/DxjxQ0m8Bd+LezzgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViYmQ0ODE4NDExNTRiY2VmY2FjYTdiMzA0NWMwYmVmNGE3
MzRkYjIwHhcNMjUwODI2MDcwMjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjFjNmE5OWRmYjhmN2RkZjAyMDM1NjQ3OGFhM2E2MjMyNzA1NDIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy6zUZi+3+ebQZXZWskzla0gg6EQ0
wEwB7iC7q627ttq3evTp+Ew0KWyRF55Mb0S9kiSSaXhZkE+iHzytQcjruJPIu2N7
/WRdXAYTRd5YPuOlFLhOsYhssPnZmZ9ioGvRHgZ+PTHA8Exf4TN9TQawCavtZcGi
abDsoO/smQXEltD852SdmtuMnnAX8ERniFsqY7C8TD6XadmfeP6+Y4lA5px8umFB
byyW4CzfJ7CAH/o17VtkHY6Cwj84jVvPE0p+dVcwI6TNuqT0TB2EJ1FjXQbp+P3t
AntgEFqcr0nYCMeqCDnisEoebFjz7P2iyxqR5XxRLx8ItftZy6On9KfB1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLYcapnfuPfd8CA1ZHiqOmIycFQiMB8GA1UdIwQY
MBaAFFu9SBhBFUvO/KynswRcC+9Kc02yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzcxSUdFRVZTODc4cktlekJGd0w3MHB6VGJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81ZGMxOTUtMGQ5OS00ODNlLWI0NDkt
Y2UyMjcwNDJkZGEyLzEvdGh4cW1kLTQ5OTN3SURWa2VLbzZZakp3VkNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81ZGMxOTUtMGQ5OS00ODNlLWI0NDktY2UyMjcwNDJkZGEy
LzEvVzcxSUdFRVZTODc4cktlekJGd0w3MHB6VGJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAQCfkMA0G
CSqGSIb3DQEBCwUAA4IBAQBIVr7OPFuY81aRszzMXi7VnwZHgUGT9JOaIEXy9D7x
Gya+xFGOx/WPdcN0vLoP727BttszmMLheATuHKHO6x1O0zoUsaytYdbWlV2LJqHs
MCfbhypLgExhy+DvuCHAAY1Ux/EP/E6kMJioxevAb5ET7AGbzA31YNWh8sSIr1Hw
kySa9Qadmrf5elNSaa4ONYxv/XkVN2eo+HlnuxrZxpnD8xM5LxJTxXwUi8rs0cSh
nMD/m0ofmu81Bm3T///JFZsAH1y/SFWRnyvGUigImQydnoqKoLqOSgQjylG6FUKD
thc/Qs0J3tiCa1hLJkdjl/H3q5s9qycuxjOFE/4AcpDM
-----END CERTIFICATE-----