Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/2c3a30-5498-447d-8d39-25b6bd2e1e43/1/tgPmLmeCalXg1Y4YKFYEpDBpLis.roa
File:                     tgPmLmeCalXg1Y4YKFYEpDBpLis.roa (raw, json)
Hash identifier:          E95Pu7lKY/fzLNqx288foQ/dCyRdu2HVykfNqinzNk8=
Subject key identifier:   B6:03:E6:2E:67:82:6A:55:E0:D5:8E:18:28:56:04:A4:30:69:2E:2B
Certificate issuer:       /CN=802fa5b984226183201b701596b0368a27ca9196
Certificate serial:       01990583E06935BFF465F0DA7BDEE2EC228F
Authority key identifier: 80:2F:A5:B9:84:22:61:83:20:1B:70:15:96:B0:36:8A:27:CA:91:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gC-luYQiYYMgG3AVlrA2iifKkZY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/2c3a30-5498-447d-8d39-25b6bd2e1e43/1/tgPmLmeCalXg1Y4YKFYEpDBpLis.roa
Signing time:             Mon 01 Sep 2025 13:42:32 +0000
ROA not before:           Mon 01 Sep 2025 13:42:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209363
IP address blocks:        193.34.148.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/2c3a30-5498-447d-8d39-25b6bd2e1e43/1/gC-luYQiYYMgG3AVlrA2iifKkZY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/2c3a30-5498-447d-8d39-25b6bd2e1e43/1/gC-luYQiYYMgG3AVlrA2iifKkZY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gC-luYQiYYMgG3AVlrA2iifKkZY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 04:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:05:83:e0:69:35:bf:f4:65:f0:da:7b:de:e2:ec:22:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=802fa5b984226183201b701596b0368a27ca9196
        Validity
            Not Before: Sep  1 13:42:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b603e62e67826a55e0d58e18285604a430692e2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:c0:e0:7e:ee:40:f6:c6:be:be:29:4e:77:c6:
                    93:78:ba:30:78:57:eb:be:ca:0c:3e:03:70:a5:e7:
                    e6:2b:78:54:41:49:95:fa:9e:18:4e:d2:72:1a:e3:
                    f6:69:b6:4c:65:58:6a:2e:0e:b7:50:93:fe:e8:1e:
                    97:18:d7:0f:11:d7:d5:38:85:26:f4:b6:0a:52:19:
                    68:2a:9d:64:fc:1b:2e:86:f7:88:c3:ca:e4:10:a4:
                    cf:ef:9b:8e:88:87:a7:b6:66:98:1f:3f:63:32:34:
                    5c:86:80:88:d5:7c:a6:19:49:2a:39:a9:9d:13:5e:
                    e5:71:35:1d:4e:3f:d9:58:5f:ae:2e:8f:5b:89:a8:
                    33:d4:f0:a6:2b:ee:7a:b6:7e:90:dd:a0:88:63:95:
                    93:46:c9:1a:86:22:7a:a6:98:06:9c:93:42:42:48:
                    38:04:72:ec:95:3d:59:d7:4c:7c:b9:e2:76:ba:0e:
                    2a:ae:af:3a:3a:34:9d:5c:dc:06:ed:26:da:b4:86:
                    cd:ef:17:85:f2:71:a9:08:60:df:8e:a6:f2:76:b4:
                    47:f4:3e:a6:9c:8f:57:02:29:08:ad:d1:49:5d:af:
                    16:4b:70:23:ab:d9:a7:b8:d8:dd:86:97:fc:be:b3:
                    2e:98:24:ed:12:c8:c4:f1:dd:34:46:3b:39:e3:63:
                    99:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:03:E6:2E:67:82:6A:55:E0:D5:8E:18:28:56:04:A4:30:69:2E:2B
            X509v3 Authority Key Identifier:
                keyid:80:2F:A5:B9:84:22:61:83:20:1B:70:15:96:B0:36:8A:27:CA:91:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gC-luYQiYYMgG3AVlrA2iifKkZY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/2c3a30-5498-447d-8d39-25b6bd2e1e43/1/tgPmLmeCalXg1Y4YKFYEpDBpLis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/2c3a30-5498-447d-8d39-25b6bd2e1e43/1/gC-luYQiYYMgG3AVlrA2iifKkZY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4d:39:b5:72:bc:92:0b:50:b4:0f:99:5b:0c:51:dd:c5:6e:ef:
         55:f5:3e:24:55:ce:a4:c5:74:88:b8:22:ca:df:21:aa:32:c3:
         22:5e:20:5d:85:aa:dc:6c:80:30:38:69:c4:57:70:f4:b7:d0:
         2a:76:26:4d:cc:29:1a:1c:c4:28:07:55:42:f3:f9:a9:d5:cb:
         82:a1:47:70:6a:aa:e9:1c:2b:d2:63:92:1f:70:31:c6:b4:42:
         14:ca:d6:bc:b9:1f:e5:d6:68:9a:3b:15:ef:5e:bd:f2:ff:b8:
         a0:7d:0a:7a:26:7c:fa:1a:f9:07:04:cb:fb:4b:52:2e:e6:33:
         91:4e:91:db:32:04:fd:00:93:96:f2:ad:91:a2:84:dd:ce:03:
         ea:e8:e4:06:3e:39:ce:6c:35:0b:6d:df:70:0d:d5:e9:3a:ce:
         ad:e9:dc:33:ba:51:92:97:16:f5:bd:ab:e2:77:5b:42:74:b4:
         af:e6:f8:54:af:9b:db:63:34:c1:64:d6:f3:d8:48:96:d9:8e:
         f0:3e:9d:dc:4b:86:06:71:c2:59:22:91:ac:11:5c:0c:6f:c3:
         2e:79:fe:ef:30:d7:a3:57:4f:0b:ea:54:da:e6:eb:dc:42:00:
         1f:50:f0:57:0d:3f:ee:6e:fc:8e:ac:fa:38:d5:b5:a3:98:be:
         9a:ee:de:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkFg+BpNb/0ZfDae97i7CKPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwMmZhNWI5ODQyMjYxODMyMDFiNzAxNTk2YjAzNjhhMjdj
YTkxOTYwHhcNMjUwOTAxMTM0MjMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjAzZTYyZTY3ODI2YTU1ZTBkNThlMTgyODU2MDRhNDMwNjkyZTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuMDgfu5A9sa+vilOd8aTeLoweFfr
vsoMPgNwpefmK3hUQUmV+p4YTtJyGuP2abZMZVhqLg63UJP+6B6XGNcPEdfVOIUm
9LYKUhloKp1k/BsuhveIw8rkEKTP75uOiIentmaYHz9jMjRchoCI1XymGUkqOamd
E17lcTUdTj/ZWF+uLo9biagz1PCmK+56tn6Q3aCIY5WTRskahiJ6ppgGnJNCQkg4
BHLslT1Z10x8ueJ2ug4qrq86OjSdXNwG7SbatIbN7xeF8nGpCGDfjqbydrRH9D6m
nI9XAikIrdFJXa8WS3Ajq9mnuNjdhpf8vrMumCTtEsjE8d00Rjs542OZDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLYD5i5ngmpV4NWOGChWBKQwaS4rMB8GA1UdIwQY
MBaAFIAvpbmEImGDIBtwFZawNoonypGWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0MtbHVZUWlZWU1nRzNBVmxyQTJpaWZLa1pZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8yYzNhMzAtNTQ5OC00NDdkLThkMzkt
MjViNmJkMmUxZTQzLzEvdGdQbUxtZUNhbFhnMVk0WUtGWUVwREJwTGlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8yYzNhMzAtNTQ5OC00NDdkLThkMzktMjViNmJkMmUxZTQz
LzEvZ0MtbHVZUWlZWU1nRzNBVmxyQTJpaWZLa1pZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSKUMA0G
CSqGSIb3DQEBCwUAA4IBAQBNObVyvJILULQPmVsMUd3Fbu9V9T4kVc6kxXSIuCLK
3yGqMsMiXiBdharcbIAwOGnEV3D0t9AqdiZNzCkaHMQoB1VC8/mp1cuCoUdwaqrp
HCvSY5IfcDHGtEIUyta8uR/l1miaOxXvXr3y/7igfQp6Jnz6GvkHBMv7S1Iu5jOR
TpHbMgT9AJOW8q2RooTdzgPq6OQGPjnObDULbd9wDdXpOs6t6dwzulGSlxb1vavi
d1tCdLSv5vhUr5vbYzTBZNbz2EiW2Y7wPp3cS4YGccJZIpGsEVwMb8Muef7vMNej
V08L6lTa5uvcQgAfUPBXDT/ubvyOrPo41bWjmL6a7t4F
-----END CERTIFICATE-----