Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/0ac77f-dce6-4eb2-808a-07203cd816b8/1/v2_TK4-REFwVL-mrNBvq6f4sDVk.roa
File:                     v2_TK4-REFwVL-mrNBvq6f4sDVk.roa (raw, json)
Hash identifier:          yZE8bYF7utpoM00wO6cfNJ1eaodSy7TIyviaRMC6vn8=
Subject key identifier:   BF:6F:D3:2B:8F:91:10:5C:15:2F:E9:AB:34:1B:EA:E9:FE:2C:0D:59
Certificate issuer:       /CN=175ad33d4f6a4d0539c2770e2b4fbba94fcf1f1d
Certificate serial:       019A5FE384F6D623CC642B5DA71521B7EE4F
Authority key identifier: 17:5A:D3:3D:4F:6A:4D:05:39:C2:77:0E:2B:4F:BB:A9:4F:CF:1F:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F1rTPU9qTQU5wncOK0-7qU_PHx0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/0ac77f-dce6-4eb2-808a-07203cd816b8/1/v2_TK4-REFwVL-mrNBvq6f4sDVk.roa
Signing time:             Fri 07 Nov 2025 19:55:37 +0000
ROA not before:           Fri 07 Nov 2025 19:55:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44884
IP address blocks:        176.103.208.0/22 maxlen: 22
                          195.216.210.0/23 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/0ac77f-dce6-4eb2-808a-07203cd816b8/1/F1rTPU9qTQU5wncOK0-7qU_PHx0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/0ac77f-dce6-4eb2-808a-07203cd816b8/1/F1rTPU9qTQU5wncOK0-7qU_PHx0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F1rTPU9qTQU5wncOK0-7qU_PHx0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:5f:e3:84:f6:d6:23:cc:64:2b:5d:a7:15:21:b7:ee:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=175ad33d4f6a4d0539c2770e2b4fbba94fcf1f1d
        Validity
            Not Before: Nov  7 19:55:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf6fd32b8f91105c152fe9ab341beae9fe2c0d59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:9c:cb:ef:61:de:e5:9a:b3:4e:a6:43:b8:f5:
                    ff:2f:41:32:1a:c9:61:f6:73:41:03:93:9e:f0:24:
                    05:db:82:37:17:ad:ff:77:ac:c5:af:ce:16:3c:ef:
                    f2:f9:46:9f:9f:8e:30:3d:fa:12:76:e9:02:6d:98:
                    88:05:8a:e0:8b:6b:b2:2b:71:b6:f5:5a:f3:1c:ae:
                    b3:c4:1f:0d:33:69:1c:61:ba:f7:16:8f:55:a7:ec:
                    de:4d:c8:fe:85:56:ed:7a:c3:52:be:54:f3:a8:d9:
                    f6:7b:4a:22:f7:29:d1:2c:a4:68:3c:0b:46:cb:af:
                    ff:8f:4a:18:51:b5:da:38:be:60:d5:37:58:0e:45:
                    50:ad:77:96:c0:ec:a7:db:44:c3:84:4c:7a:08:67:
                    de:c2:27:11:2d:5e:c7:f8:f5:a4:df:ed:d1:53:9b:
                    75:5c:3a:5f:a4:78:19:63:35:a4:0e:78:b7:4c:71:
                    a4:20:6c:c8:46:92:cb:bd:5b:22:ff:5f:f9:0b:08:
                    a2:c7:f5:3b:00:17:56:79:1c:e1:00:8f:aa:e6:51:
                    c7:26:b7:1d:4f:92:27:65:89:8f:d6:33:70:43:2d:
                    4b:d5:3f:ae:d2:db:f9:33:ce:76:6f:51:02:5a:c8:
                    6e:84:8a:14:d9:8d:18:5f:39:d0:a5:0f:6a:38:c2:
                    3a:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:6F:D3:2B:8F:91:10:5C:15:2F:E9:AB:34:1B:EA:E9:FE:2C:0D:59
            X509v3 Authority Key Identifier:
                keyid:17:5A:D3:3D:4F:6A:4D:05:39:C2:77:0E:2B:4F:BB:A9:4F:CF:1F:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F1rTPU9qTQU5wncOK0-7qU_PHx0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/0ac77f-dce6-4eb2-808a-07203cd816b8/1/v2_TK4-REFwVL-mrNBvq6f4sDVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/0ac77f-dce6-4eb2-808a-07203cd816b8/1/F1rTPU9qTQU5wncOK0-7qU_PHx0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.103.208.0/22
                  195.216.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         43:91:3b:37:2f:a8:f4:22:92:00:1e:03:a4:07:85:6b:57:32:
         be:bf:b4:0b:d6:f6:24:5b:40:16:0a:c0:3f:c1:8b:07:a8:6e:
         82:a5:8f:e4:75:cf:5b:33:b4:99:4f:a3:48:3d:bb:d7:01:0e:
         82:2a:52:a8:1e:09:fe:6f:23:4c:1f:86:fb:91:0b:b1:85:48:
         9b:10:d1:76:c3:01:84:55:ef:65:32:3c:00:1e:72:f8:e1:28:
         96:2f:e0:65:23:7f:53:0f:78:ed:6b:b5:47:7e:c4:94:49:3b:
         97:79:e7:02:5c:aa:bc:42:41:11:69:2c:48:f5:db:35:f7:7c:
         45:b4:20:f5:7e:8c:19:c6:9e:7f:9d:80:2e:81:0e:94:58:bb:
         82:06:58:1e:0e:bc:d1:42:1f:0a:fa:3d:d6:ab:55:fe:2a:bf:
         24:92:68:93:60:11:94:73:df:23:39:58:94:a5:c6:25:18:76:
         c0:f3:61:82:7d:bc:4b:ed:c0:fa:63:c3:7e:09:99:03:ca:fd:
         49:47:40:97:ee:dd:63:27:ff:43:7c:e4:63:83:0c:7d:11:d7:
         c8:7a:ae:2f:38:e9:52:78:ec:17:a2:bc:26:81:3b:c2:df:32:
         d3:5c:c8:98:01:88:d0:b0:c3:dc:0c:c0:31:71:de:d4:e6:bf:
         3c:12:bb:a9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZpf44T21iPMZCtdpxUht+5PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NWFkMzNkNGY2YTRkMDUzOWMyNzcwZTJiNGZiYmE5NGZj
ZjFmMWQwHhcNMjUxMTA3MTk1NTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjZmZDMyYjhmOTExMDVjMTUyZmU5YWIzNDFiZWFlOWZlMmMwZDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk5zL72He5ZqzTqZDuPX/L0EyGslh
9nNBA5Oe8CQF24I3F63/d6zFr84WPO/y+Uafn44wPfoSdukCbZiIBYrgi2uyK3G2
9VrzHK6zxB8NM2kcYbr3Fo9Vp+zeTcj+hVbtesNSvlTzqNn2e0oi9ynRLKRoPAtG
y6//j0oYUbXaOL5g1TdYDkVQrXeWwOyn20TDhEx6CGfewicRLV7H+PWk3+3RU5t1
XDpfpHgZYzWkDni3THGkIGzIRpLLvVsi/1/5Cwiix/U7ABdWeRzhAI+q5lHHJrcd
T5InZYmP1jNwQy1L1T+u0tv5M852b1ECWshuhIoU2Y0YXznQpQ9qOMI6QQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL9v0yuPkRBcFS/pqzQb6un+LA1ZMB8GA1UdIwQY
MBaAFBda0z1Pak0FOcJ3DitPu6lPzx8dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjFyVFBVOXFUUVU1d25jT0swLTdxVV9QSHgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8wYWM3N2YtZGNlNi00ZWIyLTgwOGEt
MDcyMDNjZDgxNmI4LzEvdjJfVEs0LVJFRndWTC1tck5CdnE2ZjRzRFZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8wYWM3N2YtZGNlNi00ZWIyLTgwOGEtMDcyMDNjZDgxNmI4
LzEvRjFyVFBVOXFUUVU1d25jT0swLTdxVV9QSHgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCsGfQAwQB
w9jSMA0GCSqGSIb3DQEBCwUAA4IBAQBDkTs3L6j0IpIAHgOkB4VrVzK+v7QL1vYk
W0AWCsA/wYsHqG6CpY/kdc9bM7SZT6NIPbvXAQ6CKlKoHgn+byNMH4b7kQuxhUib
ENF2wwGEVe9lMjwAHnL44SiWL+BlI39TD3jta7VHfsSUSTuXeecCXKq8QkERaSxI
9ds193xFtCD1fowZxp5/nYAugQ6UWLuCBlgeDrzRQh8K+j3Wq1X+Kr8kkmiTYBGU
c98jOViUpcYlGHbA82GCfbxL7cD6Y8N+CZkDyv1JR0CX7t1jJ/9DfORjgwx9EdfI
eq4vOOlSeOwXorwmgTvC3zLTXMiYAYjQsMPcDMAxcd7U5r88Erup
-----END CERTIFICATE-----