Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/tB4Gwrhu06E3QsikW_2RR3FHl9c.roa
File:                     tB4Gwrhu06E3QsikW_2RR3FHl9c.roa (raw, json)
Hash identifier:          rpxh3Xft3stAaYfa6mVzKU7ubzyBU16e4wSptWKVCrs=
Subject key identifier:   B4:1E:06:C2:B8:6E:D3:A1:37:42:C8:A4:5B:FD:91:47:71:47:97:D7
Certificate issuer:       /CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
Certificate serial:       0197C031410C58814237A0E97FE0F91CDB80
Authority key identifier: 92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/tB4Gwrhu06E3QsikW_2RR3FHl9c.roa
Signing time:             Mon 30 Jun 2025 09:35:42 +0000
ROA not before:           Mon 30 Jun 2025 09:35:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        147.161.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Jul 2025 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c0:31:41:0c:58:81:42:37:a0:e9:7f:e0:f9:1c:db:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
        Validity
            Not Before: Jun 30 09:35:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b41e06c2b86ed3a13742c8a45bfd9147714797d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:7e:84:44:95:d7:37:50:e7:06:87:87:06:e7:
                    12:ae:ae:d3:31:80:57:6e:d5:45:23:18:77:0f:70:
                    3e:01:2d:fb:00:2e:32:2f:c5:46:16:34:80:f3:56:
                    6f:36:84:38:4e:73:e5:e8:31:23:41:40:01:61:dd:
                    8c:91:e8:77:b7:b2:e4:a5:69:ff:67:46:5d:60:1f:
                    4e:98:c5:fc:d0:e5:72:be:3c:28:f5:26:4f:ec:3e:
                    86:53:b7:51:f2:90:c8:a3:34:88:e9:34:11:b9:4d:
                    3f:37:03:0e:fc:dc:8f:5a:7f:af:25:8f:30:af:4a:
                    ae:ef:85:6a:62:b0:ed:ba:43:cb:a6:4b:d5:99:6f:
                    6e:32:4b:8d:1f:0d:cd:a8:91:b9:9e:29:b7:17:02:
                    36:7c:65:17:05:35:80:4e:79:25:f5:32:f3:2c:44:
                    27:b0:ee:4f:72:85:61:38:a1:8c:71:d6:39:7c:cb:
                    56:c9:7d:91:71:db:2f:21:db:8a:b9:0e:ce:bc:82:
                    c2:18:99:4d:b7:4a:07:59:d2:34:60:35:be:37:bd:
                    91:07:46:5b:99:be:8a:5a:78:46:e4:89:5f:f5:23:
                    b1:5f:cf:36:6e:b0:83:22:98:54:3d:79:73:75:6d:
                    9d:49:8a:a4:f7:28:0c:2c:a5:2d:d9:98:26:41:78:
                    e5:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:1E:06:C2:B8:6E:D3:A1:37:42:C8:A4:5B:FD:91:47:71:47:97:D7
            X509v3 Authority Key Identifier:
                keyid:92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/tB4Gwrhu06E3QsikW_2RR3FHl9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.161.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:11:56:cd:f3:e2:59:fe:35:82:8e:4d:f4:49:7b:86:d3:bd:
         56:38:c9:6b:27:83:29:e6:c5:68:ea:d4:a5:9d:ea:3c:78:de:
         37:bb:b5:73:24:63:d7:78:ab:70:6f:9a:bd:77:1e:d3:c4:d2:
         be:bc:bd:8a:5c:19:50:34:a5:dc:14:3d:73:35:50:46:5a:9f:
         28:8e:44:b9:e0:34:bd:9a:d5:51:57:97:64:5d:74:6e:c8:7e:
         81:87:e4:68:01:60:ab:80:46:7f:0c:92:be:08:41:2e:d2:b1:
         99:ff:23:88:0f:6e:b5:48:16:0d:c3:76:9b:6f:e6:7c:f4:85:
         dd:0c:45:f8:86:28:ec:7c:f0:d9:5d:d7:43:84:93:22:70:9c:
         06:a8:bd:e3:24:9a:d4:59:6c:23:6f:8b:c3:c3:dd:39:4f:bc:
         12:2b:cb:8b:fd:98:f7:80:ef:a5:d8:ce:5a:fb:ca:e8:10:bf:
         71:5e:05:05:b6:56:58:b6:8c:a0:8b:69:74:c3:6d:40:12:68:
         cc:9f:5e:d9:08:a7:a8:6a:55:51:98:e4:0b:c3:ac:07:e4:70:
         76:f4:3b:cb:4a:31:63:ee:cb:22:47:33:00:83:31:eb:46:a3:
         70:b9:bb:78:43:17:7c:f2:87:14:fe:62:49:46:52:7e:e6:af:
         31:ff:a4:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfAMUEMWIFCN6Dpf+D5HNuAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZTcyMDQ2NWM1Y2QwZGE5YzZhMTNiNDRmYTBkODZmNjQ5
ZTUwNTUwHhcNMjUwNjMwMDkzNTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDFlMDZjMmI4NmVkM2ExMzc0MmM4YTQ1YmZkOTE0NzcxNDc5N2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAon6ERJXXN1DnBoeHBucSrq7TMYBX
btVFIxh3D3A+AS37AC4yL8VGFjSA81ZvNoQ4TnPl6DEjQUABYd2Mkeh3t7LkpWn/
Z0ZdYB9OmMX80OVyvjwo9SZP7D6GU7dR8pDIozSI6TQRuU0/NwMO/NyPWn+vJY8w
r0qu74VqYrDtukPLpkvVmW9uMkuNHw3NqJG5nim3FwI2fGUXBTWATnkl9TLzLEQn
sO5PcoVhOKGMcdY5fMtWyX2RcdsvIduKuQ7OvILCGJlNt0oHWdI0YDW+N72RB0Zb
mb6KWnhG5Ilf9SOxX882brCDIphUPXlzdW2dSYqk9ygMLKUt2ZgmQXjlgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLQeBsK4btOhN0LIpFv9kUdxR5fXMB8GA1UdIwQY
MBaAFJLnIEZcXNDanGoTtE+g2G9knlBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3VjZ1JseGMwTnFjYWhPMFQ2RFliMlNlVUZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9mOGE5ZWItN2Y4ZC00YmY3LTgzZDkt
OTA5NmUxNjc0ZTIyLzEvdEI0R3dyaHUwNkUzUXNpa1dfMlJSM0ZIbDljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9mOGE5ZWItN2Y4ZC00YmY3LTgzZDktOTA5NmUxNjc0ZTIy
LzEva3VjZ1JseGMwTnFjYWhPMFQ2RFliMlNlVUZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk6EDMA0G
CSqGSIb3DQEBCwUAA4IBAQB5EVbN8+JZ/jWCjk30SXuG071WOMlrJ4Mp5sVo6tSl
neo8eN43u7VzJGPXeKtwb5q9dx7TxNK+vL2KXBlQNKXcFD1zNVBGWp8ojkS54DS9
mtVRV5dkXXRuyH6Bh+RoAWCrgEZ/DJK+CEEu0rGZ/yOID261SBYNw3abb+Z89IXd
DEX4hijsfPDZXddDhJMicJwGqL3jJJrUWWwjb4vDw905T7wSK8uL/Zj3gO+l2M5a
+8roEL9xXgUFtlZYtoygi2l0w21AEmjMn17ZCKeoalVRmOQLw6wH5HB29DvLSjFj
7ssiRzMAgzHrRqNwubt4Qxd88ocU/mJJRlJ+5q8x/6Qb
-----END CERTIFICATE-----