Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/d0abd0-b114-4e3a-ae59-e21763c672fa/1/T0gIBaDZSSA1_Pyt8UpVKwt95_0.roa
File:                     T0gIBaDZSSA1_Pyt8UpVKwt95_0.roa (raw, json)
Hash identifier:          nbenz1vYxVFMHFnGvbQUJouQW7ZpPmtwGQgZKKoqSuc=
Subject key identifier:   4F:48:08:05:A0:D9:49:20:35:FC:FC:AD:F1:4A:55:2B:0B:7D:E7:FD
Certificate issuer:       /CN=706745ad92353da8a80cb2e0d229d68c2ef53db2
Certificate serial:       01991A323C9200115E14F2120B7DD6449288
Authority key identifier: 70:67:45:AD:92:35:3D:A8:A8:0C:B2:E0:D2:29:D6:8C:2E:F5:3D:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cGdFrZI1PaioDLLg0inWjC71PbI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/d0abd0-b114-4e3a-ae59-e21763c672fa/1/T0gIBaDZSSA1_Pyt8UpVKwt95_0.roa
Signing time:             Fri 05 Sep 2025 14:05:23 +0000
ROA not before:           Fri 05 Sep 2025 14:05:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     55154
IP address blocks:        185.133.172.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/d0abd0-b114-4e3a-ae59-e21763c672fa/1/cGdFrZI1PaioDLLg0inWjC71PbI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/d0abd0-b114-4e3a-ae59-e21763c672fa/1/cGdFrZI1PaioDLLg0inWjC71PbI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cGdFrZI1PaioDLLg0inWjC71PbI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:1a:32:3c:92:00:11:5e:14:f2:12:0b:7d:d6:44:92:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=706745ad92353da8a80cb2e0d229d68c2ef53db2
        Validity
            Not Before: Sep  5 14:05:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f480805a0d9492035fcfcadf14a552b0b7de7fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:7b:17:16:51:0a:54:be:5f:eb:69:75:59:5d:
                    1d:14:4f:f4:8e:14:dd:0b:43:bd:33:22:7a:81:a6:
                    8a:a7:93:1b:75:85:9d:c5:99:1e:8a:8b:4d:de:82:
                    8c:05:4e:1c:94:bf:f4:71:7e:a8:e1:bd:a4:67:7b:
                    10:c2:fe:32:99:39:13:55:a2:5e:2c:2c:e6:0f:8c:
                    b3:11:c9:f0:74:4f:b9:a5:23:32:37:28:c2:c4:b6:
                    53:71:2d:2f:48:dc:31:99:41:44:41:62:3a:c0:f1:
                    41:15:c6:b1:71:6e:4d:55:ad:6d:a4:ba:ab:8f:6d:
                    c9:17:d3:ef:46:29:9c:00:1f:cf:e0:b1:b9:9e:3b:
                    fe:b9:d9:1a:21:ea:9d:23:25:61:cf:e9:29:4a:ac:
                    06:c8:8b:1e:2f:41:0f:2f:87:39:cc:9d:b6:12:79:
                    ea:d9:90:9c:fe:18:ba:80:2d:82:52:a4:54:59:41:
                    1e:f6:7c:19:5b:66:0d:4b:d7:71:bb:23:e7:5f:ad:
                    02:91:00:cf:6d:af:ac:00:13:a7:b1:9b:27:25:38:
                    83:49:7f:89:a0:5f:83:8c:d1:39:ee:c6:30:3a:f5:
                    12:40:53:9d:b3:5e:14:88:8d:3d:a3:0e:ae:15:3f:
                    6b:ca:5e:ff:97:2b:3f:36:6c:b7:63:98:1c:1d:ef:
                    93:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:48:08:05:A0:D9:49:20:35:FC:FC:AD:F1:4A:55:2B:0B:7D:E7:FD
            X509v3 Authority Key Identifier:
                keyid:70:67:45:AD:92:35:3D:A8:A8:0C:B2:E0:D2:29:D6:8C:2E:F5:3D:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cGdFrZI1PaioDLLg0inWjC71PbI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/d0abd0-b114-4e3a-ae59-e21763c672fa/1/T0gIBaDZSSA1_Pyt8UpVKwt95_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/d0abd0-b114-4e3a-ae59-e21763c672fa/1/cGdFrZI1PaioDLLg0inWjC71PbI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6e:64:1d:44:b6:4b:e1:a3:82:74:35:25:bf:b3:6a:98:d9:85:
         c8:54:d7:da:cf:e4:d6:9d:ee:b0:7d:4e:16:72:05:67:f2:33:
         c3:af:b6:d8:81:f4:c4:37:70:f2:29:22:b4:c2:56:f9:68:62:
         60:60:78:f8:94:89:f8:5a:dd:28:20:b7:4b:ca:f3:ee:34:4c:
         d3:61:9a:2a:ef:58:19:b9:a4:fa:cc:9a:ee:34:17:c7:a9:ac:
         d0:d5:e9:00:ba:9b:36:94:b6:c6:f3:15:a1:35:fb:f9:d0:ea:
         0f:31:6e:4e:b7:5c:fe:64:ff:f1:1d:89:e0:5c:fd:cc:6e:0f:
         79:b9:8e:c8:19:a5:de:b5:ad:bd:92:46:a7:c1:56:0f:27:aa:
         c9:39:4e:1a:42:d2:b0:b0:78:70:75:8f:76:b1:15:bf:1e:eb:
         b6:69:11:8d:22:0b:d3:ff:b6:ba:4f:67:6b:a6:62:b3:55:7c:
         f2:52:b3:70:de:a7:79:e1:e3:64:f7:0b:bc:9c:a1:79:f6:1c:
         8a:60:44:01:07:0c:f1:17:d3:08:09:10:59:02:12:55:d2:59:
         75:60:77:46:7f:05:2a:0a:11:c9:9e:b5:08:01:34:3e:44:d8:
         1a:35:57:ac:6d:73:c8:cf:ff:26:93:2c:88:60:d7:8b:a3:b6:
         36:65:52:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkaMjySABFeFPISC33WRJKIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNjc0NWFkOTIzNTNkYThhODBjYjJlMGQyMjlkNjhjMmVm
NTNkYjIwHhcNMjUwOTA1MTQwNTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjQ4MDgwNWEwZDk0OTIwMzVmY2ZjYWRmMTRhNTUyYjBiN2RlN2ZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwXsXFlEKVL5f62l1WV0dFE/0jhTd
C0O9MyJ6gaaKp5MbdYWdxZkeiotN3oKMBU4clL/0cX6o4b2kZ3sQwv4ymTkTVaJe
LCzmD4yzEcnwdE+5pSMyNyjCxLZTcS0vSNwxmUFEQWI6wPFBFcaxcW5NVa1tpLqr
j23JF9PvRimcAB/P4LG5njv+udkaIeqdIyVhz+kpSqwGyIseL0EPL4c5zJ22Ennq
2ZCc/hi6gC2CUqRUWUEe9nwZW2YNS9dxuyPnX60CkQDPba+sABOnsZsnJTiDSX+J
oF+DjNE57sYwOvUSQFOds14UiI09ow6uFT9ryl7/lys/Nmy3Y5gcHe+TsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE9ICAWg2UkgNfz8rfFKVSsLfef9MB8GA1UdIwQY
MBaAFHBnRa2SNT2oqAyy4NIp1owu9T2yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0dkRnJaSTFQYWlvRExMZzBpbldqQzcxUGJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC9kMGFiZDAtYjExNC00ZTNhLWFlNTkt
ZTIxNzYzYzY3MmZhLzEvVDBnSUJhRFpTU0ExX1B5dDhVcFZLd3Q5NV8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC9kMGFiZDAtYjExNC00ZTNhLWFlNTktZTIxNzYzYzY3MmZh
LzEvY0dkRnJaSTFQYWlvRExMZzBpbldqQzcxUGJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYWsMA0G
CSqGSIb3DQEBCwUAA4IBAQBuZB1Etkvho4J0NSW/s2qY2YXIVNfaz+TWne6wfU4W
cgVn8jPDr7bYgfTEN3DyKSK0wlb5aGJgYHj4lIn4Wt0oILdLyvPuNEzTYZoq71gZ
uaT6zJruNBfHqazQ1ekAups2lLbG8xWhNfv50OoPMW5Ot1z+ZP/xHYngXP3Mbg95
uY7IGaXeta29kkanwVYPJ6rJOU4aQtKwsHhwdY92sRW/Huu2aRGNIgvT/7a6T2dr
pmKzVXzyUrNw3qd54eNk9wu8nKF59hyKYEQBBwzxF9MICRBZAhJV0ll1YHdGfwUq
ChHJnrUIATQ+RNgaNVesbXPIz/8mkyyIYNeLo7Y2ZVKA
-----END CERTIFICATE-----