Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/4f408d-bda5-4a94-b83a-a730ccfdadc5/1/cvdTCQ1rKFtOI57splHij7_4WZc.roa
File:                     cvdTCQ1rKFtOI57splHij7_4WZc.roa (raw, json)
Hash identifier:          ooiNatd9+6iVmkcH8vk1iiTnL6jalmfjxMv2S0gJ2P4=
Subject key identifier:   72:F7:53:09:0D:6B:28:5B:4E:23:9E:EC:A6:51:E2:8F:BF:F8:59:97
Certificate issuer:       /CN=c491456eda59fb0fd2d173f95412be35f6cfbfaf
Certificate serial:       01992E47406A7355A32328DE4D784246EE72
Authority key identifier: C4:91:45:6E:DA:59:FB:0F:D2:D1:73:F9:54:12:BE:35:F6:CF:BF:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xJFFbtpZ-w_S0XP5VBK-NfbPv68.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/4f408d-bda5-4a94-b83a-a730ccfdadc5/1/cvdTCQ1rKFtOI57splHij7_4WZc.roa
Signing time:             Tue 09 Sep 2025 11:40:45 +0000
ROA not before:           Tue 09 Sep 2025 11:40:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48152
IP address blocks:        185.78.140.0/22 maxlen: 22
                          2a03:5960::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/4f408d-bda5-4a94-b83a-a730ccfdadc5/1/xJFFbtpZ-w_S0XP5VBK-NfbPv68.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/4f408d-bda5-4a94-b83a-a730ccfdadc5/1/xJFFbtpZ-w_S0XP5VBK-NfbPv68.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xJFFbtpZ-w_S0XP5VBK-NfbPv68.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Sep 2025 14:16:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:2e:47:40:6a:73:55:a3:23:28:de:4d:78:42:46:ee:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c491456eda59fb0fd2d173f95412be35f6cfbfaf
        Validity
            Not Before: Sep  9 11:40:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=72f753090d6b285b4e239eeca651e28fbff85997
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:fc:e5:12:cb:16:9e:b9:a8:ab:9a:aa:6e:79:
                    33:35:d1:96:27:11:0c:5b:a1:2b:51:f5:96:ad:d9:
                    90:c7:a2:f0:c0:9b:31:ff:f1:56:c0:63:b9:0a:18:
                    c3:86:52:74:63:a6:37:e8:cb:bf:60:73:aa:37:2b:
                    9e:58:ff:18:d4:15:da:33:4a:01:ff:b8:52:df:70:
                    b3:ff:b3:f0:ad:9d:80:c5:fc:a7:b2:4f:21:ae:0d:
                    9c:b6:de:44:dc:8e:9d:af:84:09:cf:2c:f8:99:d2:
                    b1:0f:5e:ec:0e:b0:c9:d2:a5:fd:69:21:d1:0c:b6:
                    e6:5a:49:36:b2:af:c0:16:52:c9:2e:54:60:97:7e:
                    58:0d:df:c8:45:70:39:6c:04:97:a0:92:6f:eb:b5:
                    02:9d:68:31:6a:4f:9b:27:21:e3:f0:83:fb:ee:d6:
                    42:47:76:96:da:84:cb:3c:43:b8:d6:c4:d3:de:df:
                    36:b4:b9:61:df:02:16:55:7c:58:70:43:76:bc:b3:
                    8a:64:9e:0b:6b:c8:ee:13:91:2e:36:3c:e0:a4:06:
                    cb:c0:cb:3c:a5:f0:16:31:fb:ed:f9:86:fb:b3:9f:
                    77:94:28:0f:3b:70:e0:40:76:4a:06:7a:08:10:15:
                    12:e7:0e:1d:94:83:9a:e1:d8:8b:ba:ed:ab:f1:33:
                    6a:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:F7:53:09:0D:6B:28:5B:4E:23:9E:EC:A6:51:E2:8F:BF:F8:59:97
            X509v3 Authority Key Identifier:
                keyid:C4:91:45:6E:DA:59:FB:0F:D2:D1:73:F9:54:12:BE:35:F6:CF:BF:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xJFFbtpZ-w_S0XP5VBK-NfbPv68.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/4f408d-bda5-4a94-b83a-a730ccfdadc5/1/cvdTCQ1rKFtOI57splHij7_4WZc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/4f408d-bda5-4a94-b83a-a730ccfdadc5/1/xJFFbtpZ-w_S0XP5VBK-NfbPv68.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.78.140.0/22
                IPv6:
                  2a03:5960::/32

    Signature Algorithm: sha256WithRSAEncryption
         4a:58:ce:b0:24:f0:75:14:5e:9d:2f:e0:ef:17:3f:40:d2:b8:
         14:a1:aa:a5:18:3c:91:9a:20:00:bf:43:3b:f1:4c:c3:c5:b0:
         40:fb:77:b8:ac:d5:56:5f:a7:f0:3c:0a:56:3b:d0:35:31:92:
         42:66:94:1a:51:af:e8:68:78:f8:d6:17:5e:ef:14:25:57:65:
         ff:34:6e:95:16:ba:d5:91:17:d7:4d:6a:f1:14:ab:b3:57:d0:
         2e:66:1d:5e:4c:07:da:c2:31:c6:15:a8:28:5b:54:0c:ff:5e:
         a0:2e:a5:ec:ca:20:d9:5e:37:de:11:c1:e8:54:b1:43:9b:91:
         df:0c:ad:5e:61:82:48:1c:a5:46:04:8e:5b:0d:d1:d0:63:37:
         b4:6b:ed:1a:bc:d1:ff:ad:2a:a1:4c:41:8d:0f:bc:3e:27:98:
         53:86:e4:fb:4c:9d:32:2a:d9:6d:91:38:68:7b:47:45:9a:43:
         bd:fa:8e:a9:d2:e8:30:84:38:a2:ff:3c:cc:78:75:73:d2:5d:
         4b:17:42:6c:9e:fa:8e:3a:c5:b1:70:77:3f:05:0d:12:37:dd:
         cc:fe:52:7c:88:e9:30:06:f8:92:76:28:f7:8f:e0:6d:83:35:
         bb:dd:e5:8f:48:d4:f2:09:22:f6:58:b8:5a:b6:15:76:05:9d:
         34:d9:77:bc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZkuR0Bqc1WjIyjeTXhCRu5yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0OTE0NTZlZGE1OWZiMGZkMmQxNzNmOTU0MTJiZTM1ZjZj
ZmJmYWYwHhcNMjUwOTA5MTE0MDQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmY3NTMwOTBkNmIyODViNGUyMzllZWNhNjUxZTI4ZmJmZjg1OTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPzlEssWnrmoq5qqbnkzNdGWJxEM
W6ErUfWWrdmQx6LwwJsx//FWwGO5ChjDhlJ0Y6Y36Mu/YHOqNyueWP8Y1BXaM0oB
/7hS33Cz/7PwrZ2Axfynsk8hrg2ctt5E3I6dr4QJzyz4mdKxD17sDrDJ0qX9aSHR
DLbmWkk2sq/AFlLJLlRgl35YDd/IRXA5bASXoJJv67UCnWgxak+bJyHj8IP77tZC
R3aW2oTLPEO41sTT3t82tLlh3wIWVXxYcEN2vLOKZJ4La8juE5EuNjzgpAbLwMs8
pfAWMfvt+Yb7s593lCgPO3DgQHZKBnoIEBUS5w4dlIOa4diLuu2r8TNqCwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHL3UwkNayhbTiOe7KZR4o+/+FmXMB8GA1UdIwQY
MBaAFMSRRW7aWfsP0tFz+VQSvjX2z7+vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEpGRmJ0cFotd19TMFhQNVZCSy1OZmJQdjY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni80ZjQwOGQtYmRhNS00YTk0LWI4M2Et
YTczMGNjZmRhZGM1LzEvY3ZkVENRMXJLRnRPSTU3c3BsSGlqN180V1pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni80ZjQwOGQtYmRhNS00YTk0LWI4M2EtYTczMGNjZmRhZGM1
LzEveEpGRmJ0cFotd19TMFhQNVZCSy1OZmJQdjY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuU6MMA0E
AgACMAcDBQAqA1lgMA0GCSqGSIb3DQEBCwUAA4IBAQBKWM6wJPB1FF6dL+DvFz9A
0rgUoaqlGDyRmiAAv0M78UzDxbBA+3e4rNVWX6fwPApWO9A1MZJCZpQaUa/oaHj4
1hde7xQlV2X/NG6VFrrVkRfXTWrxFKuzV9AuZh1eTAfawjHGFagoW1QM/16gLqXs
yiDZXjfeEcHoVLFDm5HfDK1eYYJIHKVGBI5bDdHQYze0a+0avNH/rSqhTEGND7w+
J5hThuT7TJ0yKtltkThoe0dFmkO9+o6p0ugwhDii/zzMeHVz0l1LF0JsnvqOOsWx
cHc/BQ0SN93M/lJ8iOkwBviSdij3j+BtgzW73eWPSNTyCSL2WLhathV2BZ002Xe8
-----END CERTIFICATE-----