Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/TDFs8yvqioFA20AZ5IpcMfekJf8.roa
File:                     TDFs8yvqioFA20AZ5IpcMfekJf8.roa (raw, json)
Hash identifier:          g4uRnPKs+YjQtRwoofiu/6QoZ0w003X3NkZd/ntHR0o=
Subject key identifier:   4C:31:6C:F3:2B:EA:8A:81:40:DB:40:19:E4:8A:5C:31:F7:A4:25:FF
Certificate issuer:       /CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
Certificate serial:       0199164C50D04D3B8055D8F9FC23EB5EA79D
Authority key identifier: 1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/TDFs8yvqioFA20AZ5IpcMfekJf8.roa
Signing time:             Thu 04 Sep 2025 19:55:24 +0000
ROA not before:           Thu 04 Sep 2025 19:55:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213541
IP address blocks:        45.95.129.0/24 maxlen: 24
                          185.253.24.0/24 maxlen: 24
                          194.113.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 01:02:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:16:4c:50:d0:4d:3b:80:55:d8:f9:fc:23:eb:5e:a7:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
        Validity
            Not Before: Sep  4 19:55:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c316cf32bea8a8140db4019e48a5c31f7a425ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:ba:e3:1d:cb:24:68:e4:69:e7:5d:fe:90:a5:
                    66:4e:d2:eb:c2:08:53:8a:b2:07:8b:ca:17:cb:50:
                    c3:06:17:d1:bf:cf:48:4d:31:19:a5:5d:33:eb:0c:
                    f6:14:c6:34:c0:66:42:fb:e8:8e:72:7e:cd:3c:82:
                    8b:1d:49:e1:7a:44:e9:97:3b:97:72:24:97:71:39:
                    83:5b:e4:c8:db:a0:9d:a6:96:28:e5:73:e5:44:fa:
                    b2:ee:e7:8c:79:de:c1:b5:18:2e:b5:f6:d7:af:f6:
                    2b:a8:3d:45:01:d6:0f:4c:e7:b7:9d:92:28:2e:ab:
                    a7:fe:dc:f1:d4:a2:94:6b:6e:d7:dc:d6:3d:38:1a:
                    27:2a:cb:d1:06:46:85:db:19:b7:dd:08:3a:5c:34:
                    41:17:61:3a:fa:24:c1:79:98:8c:23:80:06:10:ab:
                    b8:27:71:aa:62:0d:8a:66:06:f4:e5:2f:79:53:d8:
                    ba:8f:1d:9f:3d:dc:cb:8b:73:97:db:21:4e:18:8c:
                    6a:88:42:95:88:99:d4:1f:05:9f:2d:50:7a:bd:a1:
                    8c:7b:53:0f:98:c1:b3:34:52:73:11:38:39:63:13:
                    2b:86:25:e5:0e:f2:1a:4b:59:fa:5a:38:c2:59:53:
                    60:9d:9a:c7:19:c3:e1:b9:3c:51:bc:a7:c0:3a:5d:
                    d6:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:31:6C:F3:2B:EA:8A:81:40:DB:40:19:E4:8A:5C:31:F7:A4:25:FF
            X509v3 Authority Key Identifier:
                keyid:1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/TDFs8yvqioFA20AZ5IpcMfekJf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.129.0/24
                  185.253.24.0/24
                  194.113.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:8e:c7:8e:be:c7:1f:59:cb:34:ac:af:b4:1a:5a:d6:7a:67:
         61:b2:1f:73:07:49:9d:3f:61:de:d6:01:b5:48:25:cb:18:f9:
         6f:03:99:85:c2:dc:c6:69:4d:bc:6d:c3:49:13:dd:e4:a3:6e:
         7e:4a:2f:4d:cc:13:13:1b:1f:b0:61:e6:2c:35:d8:36:12:72:
         a4:a2:51:bd:0a:40:7e:6f:5e:75:28:a0:ee:16:03:4d:8a:9b:
         3e:36:85:69:24:d2:27:dc:85:0b:e9:f9:a0:36:97:fb:8a:57:
         98:84:92:cc:c9:f8:15:e0:e6:fe:8e:88:2e:4c:94:15:a8:84:
         29:b2:40:2e:be:95:2f:4c:46:c3:aa:6a:f3:7c:90:a3:a2:7c:
         bd:af:9a:a3:fb:f3:86:91:3e:a8:88:12:85:ba:dd:35:f8:3b:
         e2:7f:d2:d7:12:04:58:7f:30:e3:bd:3d:9b:ad:04:7e:41:a2:
         3c:43:8d:9f:27:71:94:17:05:aa:15:56:28:96:3d:25:aa:56:
         5f:3e:84:60:e7:df:4c:b4:3a:23:a4:80:9b:2b:64:f7:2e:c2:
         bb:37:ee:37:45:3b:eb:ae:24:05:b1:e8:cc:9e:da:a1:91:02:
         2a:2c:c5:8d:93:32:77:7c:5f:9f:8c:9c:13:7e:e1:d5:0c:65:
         53:96:50:83
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZkWTFDQTTuAVdj5/CPrXqedMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOWZkYzdmYjM5ZWJiYmVkNGVlNTRmNzAzZDNhYzYxNTNk
ZGVlNjkwHhcNMjUwOTA0MTk1NTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzMxNmNmMzJiZWE4YTgxNDBkYjQwMTllNDhhNWMzMWY3YTQyNWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3brjHcskaORp513+kKVmTtLrwghT
irIHi8oXy1DDBhfRv89ITTEZpV0z6wz2FMY0wGZC++iOcn7NPIKLHUnhekTplzuX
ciSXcTmDW+TI26CdppYo5XPlRPqy7ueMed7BtRgutfbXr/YrqD1FAdYPTOe3nZIo
Lqun/tzx1KKUa27X3NY9OBonKsvRBkaF2xm33Qg6XDRBF2E6+iTBeZiMI4AGEKu4
J3GqYg2KZgb05S95U9i6jx2fPdzLi3OX2yFOGIxqiEKViJnUHwWfLVB6vaGMe1MP
mMGzNFJzETg5YxMrhiXlDvIaS1n6WjjCWVNgnZrHGcPhuTxRvKfAOl3WUQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEwxbPMr6oqBQNtAGeSKXDH3pCX/MB8GA1UdIwQY
MBaAFB6f3H+znru+1O5U9wPTrGFT3e5pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgt
NjkxZmY1YjQ0YjAxLzEvVERGczh5dnFpb0ZBMjBBWjVJcGNNZmVrSmY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgtNjkxZmY1YjQ0YjAx
LzEvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALV+BAwQA
uf0YAwQAwnHuMA0GCSqGSIb3DQEBCwUAA4IBAQCyjseOvscfWcs0rK+0GlrWemdh
sh9zB0mdP2He1gG1SCXLGPlvA5mFwtzGaU28bcNJE93ko25+Si9NzBMTGx+wYeYs
Ndg2EnKkolG9CkB+b151KKDuFgNNips+NoVpJNIn3IUL6fmgNpf7ileYhJLMyfgV
4Ob+joguTJQVqIQpskAuvpUvTEbDqmrzfJCjony9r5qj+/OGkT6oiBKFut01+Dvi
f9LXEgRYfzDjvT2brQR+QaI8Q42fJ3GUFwWqFVYolj0lqlZfPoRg599MtDojpICb
K2T3LsK7N+43RTvrriQFsejMntqhkQIqLMWNkzJ3fF+fjJwTfuHVDGVTllCD
-----END CERTIFICATE-----