Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/te_PvOQMp0rwCQ2c0mzUaH-8kso.roa
File:                     te_PvOQMp0rwCQ2c0mzUaH-8kso.roa (raw, json)
Hash identifier:          6zBLtgmGjTOi9HvrkSl1NZ1E90EjUDQjRWsamm50vgM=
Subject key identifier:   B5:EF:CF:BC:E4:0C:A7:4A:F0:09:0D:9C:D2:6C:D4:68:7F:BC:92:CA
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       0198A02D5FFE7F816BA2F9E0BA3F023F7D77
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/te_PvOQMp0rwCQ2c0mzUaH-8kso.roa
Signing time:             Tue 12 Aug 2025 21:26:24 +0000
ROA not before:           Tue 12 Aug 2025 21:26:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        104.238.31.0/24 maxlen: 24
                          216.173.88.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 20 Aug 2025 23:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a0:2d:5f:fe:7f:81:6b:a2:f9:e0:ba:3f:02:3f:7d:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Aug 12 21:26:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b5efcfbce40ca74af0090d9cd26cd4687fbc92ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:3f:3e:a5:92:1b:65:42:ef:7c:08:33:b3:c2:
                    b8:8e:d8:28:60:46:9b:60:7c:9b:e2:78:0e:75:1f:
                    c2:ea:fe:c1:03:46:e7:a3:d2:ad:bc:25:59:8d:f3:
                    98:ec:d5:94:12:42:a4:ef:b2:3c:b7:87:3c:2a:f3:
                    91:d3:80:ef:c6:64:55:ba:92:9e:d0:fe:50:37:d2:
                    f5:76:98:c5:55:92:0f:cc:37:68:5f:95:24:81:18:
                    57:13:2f:e7:87:73:38:e3:a9:f3:32:08:b7:11:c2:
                    e1:5f:d2:92:4f:a9:e6:d2:e9:0e:1d:55:7d:c6:d0:
                    13:8a:b2:37:c1:f9:b3:02:e4:29:6d:d2:1a:ae:7c:
                    14:7a:31:90:1f:bd:97:1a:e2:45:d4:4c:85:7c:57:
                    46:04:4b:4f:07:1e:e9:13:67:c3:1b:4f:5d:5e:0a:
                    ba:81:96:7a:05:78:b0:96:0a:b5:a0:e6:eb:cc:a6:
                    79:ca:a3:28:8f:2a:1b:d7:fb:93:c8:c9:ee:37:9b:
                    1f:12:a3:0e:92:8f:8d:95:fa:d7:6d:c3:a4:03:57:
                    73:50:77:77:67:65:5b:5a:fe:89:25:bd:3f:ce:ae:
                    24:d2:35:e6:0c:78:aa:d6:df:22:c4:ae:13:13:e0:
                    91:f1:22:5e:38:0b:cd:aa:50:91:80:e8:f6:fa:cd:
                    53:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:EF:CF:BC:E4:0C:A7:4A:F0:09:0D:9C:D2:6C:D4:68:7F:BC:92:CA
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/te_PvOQMp0rwCQ2c0mzUaH-8kso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.238.31.0/24
                  216.173.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         83:23:f7:b0:cc:53:1f:49:49:90:48:80:4c:fc:cf:fd:5d:04:
         a7:b7:d5:fa:0f:5a:80:39:3a:c2:98:62:8e:d2:06:59:c1:dc:
         fa:8c:9f:77:56:c1:89:dd:f9:2c:62:0a:e9:da:76:26:ce:d7:
         1e:6b:ae:e7:e4:d8:92:ef:8c:a7:92:7d:3a:57:34:6a:75:af:
         68:7d:ef:78:0a:a5:92:6a:53:71:52:ce:3e:5e:0b:dc:16:d1:
         2a:b8:ba:cd:95:7a:92:47:54:22:96:25:17:ed:ae:f9:b7:53:
         44:19:d9:bc:38:e7:02:b5:cd:cc:91:8b:f1:89:68:30:dc:cb:
         da:4f:77:b8:9d:17:5d:3b:ce:ac:75:c9:69:42:e2:a7:56:48:
         e2:09:38:24:94:d0:79:31:3c:c0:33:a3:45:da:b3:1c:3d:9f:
         6c:fb:5b:84:a4:5d:f0:a9:7e:e5:fb:44:c2:32:9b:7f:5c:7b:
         89:56:19:bd:f6:f2:4c:8b:6a:98:73:c6:1d:ff:ca:99:f3:f1:
         f0:cf:a8:6e:be:32:9c:e1:1c:2e:88:c6:b9:73:25:3f:62:af:
         a4:c6:65:dd:9b:ae:f8:ff:e5:eb:22:7f:1c:85:63:36:fb:04:
         05:28:6d:de:2c:95:9a:2f:1a:ef:3d:d3:53:ff:5d:3a:ec:2e:
         75:2e:5e:70
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZigLV/+f4Frovnguj8CP313MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUwODEyMjEyNjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWVmY2ZiY2U0MGNhNzRhZjAwOTBkOWNkMjZjZDQ2ODdmYmM5MmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtD8+pZIbZULvfAgzs8K4jtgoYEab
YHyb4ngOdR/C6v7BA0bno9KtvCVZjfOY7NWUEkKk77I8t4c8KvOR04DvxmRVupKe
0P5QN9L1dpjFVZIPzDdoX5UkgRhXEy/nh3M446nzMgi3EcLhX9KST6nm0ukOHVV9
xtATirI3wfmzAuQpbdIarnwUejGQH72XGuJF1EyFfFdGBEtPBx7pE2fDG09dXgq6
gZZ6BXiwlgq1oObrzKZ5yqMojyob1/uTyMnuN5sfEqMOko+NlfrXbcOkA1dzUHd3
Z2VbWv6JJb0/zq4k0jXmDHiq1t8ixK4TE+CR8SJeOAvNqlCRgOj2+s1TfQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLXvz7zkDKdK8AkNnNJs1Gh/vJLKMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvdGVfUHZPUU1wMHJ3Q1EyYzBtelVhSC04a3NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAaO4fAwQB
2K1YMA0GCSqGSIb3DQEBCwUAA4IBAQCDI/ewzFMfSUmQSIBM/M/9XQSnt9X6D1qA
OTrCmGKO0gZZwdz6jJ93VsGJ3fksYgrp2nYmztcea67n5NiS74ynkn06VzRqda9o
fe94CqWSalNxUs4+XgvcFtEquLrNlXqSR1QiliUX7a75t1NEGdm8OOcCtc3MkYvx
iWgw3MvaT3e4nRddO86sdclpQuKnVkjiCTgklNB5MTzAM6NF2rMcPZ9s+1uEpF3w
qX7l+0TCMpt/XHuJVhm99vJMi2qYc8Yd/8qZ8/Hwz6huvjKc4RwuiMa5cyU/Yq+k
xmXdm674/+XrIn8chWM2+wQFKG3eLJWaLxrvPdNT/1067C51Ll5w
-----END CERTIFICATE-----