Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/ae8c35-f9d7-437b-8996-32a4278e5bc5/1/tTnQsLwHNO3gLW3S0MP8mMKmk64.roa
File:                     tTnQsLwHNO3gLW3S0MP8mMKmk64.roa (raw, json)
Hash identifier:          DzDj3u7iBFvq9rklayzZVdsYdkT8c0vWssYs/0kky9E=
Subject key identifier:   B5:39:D0:B0:BC:07:34:ED:E0:2D:6D:D2:D0:C3:FC:98:C2:A6:93:AE
Certificate issuer:       /CN=9708724593b4753175b214812cf6891a645f84c5
Certificate serial:       0196D991256712F125BA3B72F00CC5E53FD2
Authority key identifier: 97:08:72:45:93:B4:75:31:75:B2:14:81:2C:F6:89:1A:64:5F:84:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lwhyRZO0dTF1shSBLPaJGmRfhMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/ae8c35-f9d7-437b-8996-32a4278e5bc5/1/tTnQsLwHNO3gLW3S0MP8mMKmk64.roa
Signing time:             Fri 16 May 2025 14:48:10 +0000
ROA not before:           Fri 16 May 2025 14:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21056
IP address blocks:        185.97.216.0/24 maxlen: 24
                          185.97.217.0/24 maxlen: 24
                          185.97.218.0/24 maxlen: 24
                          185.97.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/ae8c35-f9d7-437b-8996-32a4278e5bc5/1/lwhyRZO0dTF1shSBLPaJGmRfhMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/ae8c35-f9d7-437b-8996-32a4278e5bc5/1/lwhyRZO0dTF1shSBLPaJGmRfhMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lwhyRZO0dTF1shSBLPaJGmRfhMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d9:91:25:67:12:f1:25:ba:3b:72:f0:0c:c5:e5:3f:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9708724593b4753175b214812cf6891a645f84c5
        Validity
            Not Before: May 16 14:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b539d0b0bc0734ede02d6dd2d0c3fc98c2a693ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:87:66:e8:ad:c9:dc:05:f6:c7:2a:6c:0f:6a:
                    57:0b:fc:a4:f6:4a:46:68:79:9c:4b:47:74:ac:81:
                    f8:7d:8d:93:0f:b1:1d:98:7a:d1:dd:27:2c:cc:81:
                    14:79:b8:59:f7:8e:42:fd:22:48:18:64:c5:bf:c8:
                    08:49:3b:02:de:76:58:11:c5:fa:27:8c:54:44:aa:
                    51:e5:a6:3e:a1:dc:87:ba:82:b3:db:d9:5d:0d:07:
                    e8:1a:5a:cc:1a:3e:ef:94:ad:e9:0a:26:a8:4a:e6:
                    c0:1b:2e:0d:a9:04:c3:29:c5:d1:ee:ee:06:3e:6b:
                    7b:97:9a:bf:02:ba:a4:a0:55:00:92:7d:5f:51:01:
                    ff:20:04:9f:37:bc:df:c8:51:84:f9:ff:5c:72:09:
                    a1:d6:81:d6:36:26:43:01:0c:9c:5f:95:28:1a:e6:
                    77:f5:57:d3:59:6a:d7:2f:24:d5:60:bd:60:38:f4:
                    0e:1f:b2:48:b3:3d:9f:27:a5:1b:e6:0e:62:95:92:
                    36:9b:22:88:be:7f:77:61:bd:b3:af:70:39:fe:26:
                    10:c8:2b:8a:52:a1:28:22:e2:5b:a1:cc:6d:e2:4c:
                    a5:a5:9b:79:6b:05:82:97:7b:e6:9a:9e:07:1f:5a:
                    45:4d:3c:e2:ce:71:1b:94:cf:5d:1a:b6:fe:98:21:
                    34:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:39:D0:B0:BC:07:34:ED:E0:2D:6D:D2:D0:C3:FC:98:C2:A6:93:AE
            X509v3 Authority Key Identifier:
                keyid:97:08:72:45:93:B4:75:31:75:B2:14:81:2C:F6:89:1A:64:5F:84:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lwhyRZO0dTF1shSBLPaJGmRfhMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/ae8c35-f9d7-437b-8996-32a4278e5bc5/1/tTnQsLwHNO3gLW3S0MP8mMKmk64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/ae8c35-f9d7-437b-8996-32a4278e5bc5/1/lwhyRZO0dTF1shSBLPaJGmRfhMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.97.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9d:29:6c:77:cc:82:55:93:ae:05:e3:a8:c3:7c:48:41:4f:1e:
         e6:86:a2:7a:56:99:50:66:7f:54:fe:88:14:62:22:fd:f2:6c:
         67:d7:b7:1b:f6:a2:ab:dc:ae:9e:be:ba:15:ff:e2:85:7b:af:
         56:db:d9:0a:73:0f:db:25:4c:11:17:f2:b2:1f:21:26:6a:08:
         74:bb:ca:51:34:94:66:5c:9a:df:d6:4f:da:72:f0:30:ff:d7:
         a2:0e:f7:3e:30:d6:43:10:59:7b:74:11:e0:e9:b4:e2:17:8a:
         9d:28:c7:60:cc:02:9d:bb:dc:eb:7c:2f:0f:9a:d6:1b:70:19:
         30:a7:7f:73:b5:30:a2:45:4c:98:c8:30:75:03:79:84:5d:53:
         d5:31:0c:34:8a:fb:b6:f1:c7:60:8c:3d:61:69:66:37:8b:8d:
         bb:95:2b:b0:45:80:24:39:db:68:1d:5e:6e:e5:74:6d:79:43:
         45:31:f6:53:94:ad:92:a2:a5:cb:a0:84:b8:bb:7d:3c:ef:cf:
         b3:e3:2f:30:98:da:43:c7:90:c8:38:13:7e:ec:dc:6a:4f:50:
         87:d3:7f:8f:df:a4:0c:fd:50:68:72:d9:9b:e3:55:95:79:35:
         b3:4d:c1:76:8c:71:f6:77:75:3d:6b:60:28:30:dc:77:7b:df:
         f4:f4:33:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbZkSVnEvElujty8AzF5T/SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MDg3MjQ1OTNiNDc1MzE3NWIyMTQ4MTJjZjY4OTFhNjQ1
Zjg0YzUwHhcNMjUwNTE2MTQ0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTM5ZDBiMGJjMDczNGVkZTAyZDZkZDJkMGMzZmM5OGMyYTY5M2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA24dm6K3J3AX2xypsD2pXC/yk9kpG
aHmcS0d0rIH4fY2TD7EdmHrR3ScszIEUebhZ945C/SJIGGTFv8gISTsC3nZYEcX6
J4xURKpR5aY+odyHuoKz29ldDQfoGlrMGj7vlK3pCiaoSubAGy4NqQTDKcXR7u4G
Pmt7l5q/ArqkoFUAkn1fUQH/IASfN7zfyFGE+f9ccgmh1oHWNiZDAQycX5UoGuZ3
9VfTWWrXLyTVYL1gOPQOH7JIsz2fJ6Ub5g5ilZI2myKIvn93Yb2zr3A5/iYQyCuK
UqEoIuJbocxt4kylpZt5awWCl3vmmp4HH1pFTTziznEblM9dGrb+mCE0JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLU50LC8BzTt4C1t0tDD/JjCppOuMB8GA1UdIwQY
MBaAFJcIckWTtHUxdbIUgSz2iRpkX4TFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHdoeVJaTzBkVEYxc2hTQkxQYUpHbVJmaE1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9hZThjMzUtZjlkNy00MzdiLTg5OTYt
MzJhNDI3OGU1YmM1LzEvdFRuUXNMd0hOTzNnTFczUzBNUDhtTUttazY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9hZThjMzUtZjlkNy00MzdiLTg5OTYtMzJhNDI3OGU1YmM1
LzEvbHdoeVJaTzBkVEYxc2hTQkxQYUpHbVJmaE1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWHYMA0G
CSqGSIb3DQEBCwUAA4IBAQCdKWx3zIJVk64F46jDfEhBTx7mhqJ6VplQZn9U/ogU
YiL98mxn17cb9qKr3K6evroV/+KFe69W29kKcw/bJUwRF/KyHyEmagh0u8pRNJRm
XJrf1k/acvAw/9eiDvc+MNZDEFl7dBHg6bTiF4qdKMdgzAKdu9zrfC8PmtYbcBkw
p39ztTCiRUyYyDB1A3mEXVPVMQw0ivu28cdgjD1haWY3i427lSuwRYAkOdtoHV5u
5XRteUNFMfZTlK2SoqXLoIS4u30878+z4y8wmNpDx5DIOBN+7NxqT1CH03+P36QM
/VBoctmb41WVeTWzTcF2jHH2d3U9a2AoMNx3e9/09DM2
-----END CERTIFICATE-----