Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/4bff72-ba5b-4528-8c42-7f6b9f1040fd/1/tlchQmDxgjTRo1pLaspfZw12O3A.roa
File:                     tlchQmDxgjTRo1pLaspfZw12O3A.roa (raw, json)
Hash identifier:          6bDu460ilvbyFwMJbm1Vw+QewREO9nGYqnB3iYaAR4Y=
Subject key identifier:   B6:57:21:42:60:F1:82:34:D1:A3:5A:4B:6A:CA:5F:67:0D:76:3B:70
Certificate issuer:       /CN=3d9944e8f5651b1bd2f0a9e006865f3a6b81eb61
Certificate serial:       01942369FDB8FA4F1ACA0573C34DEB8589D7
Authority key identifier: 3D:99:44:E8:F5:65:1B:1B:D2:F0:A9:E0:06:86:5F:3A:6B:81:EB:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PZlE6PVlGxvS8KngBoZfOmuB62E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/4bff72-ba5b-4528-8c42-7f6b9f1040fd/1/tlchQmDxgjTRo1pLaspfZw12O3A.roa
Signing time:             Wed 01 Jan 2025 19:48:56 +0000
ROA not before:           Wed 01 Jan 2025 19:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57249
IP address blocks:        193.22.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/4bff72-ba5b-4528-8c42-7f6b9f1040fd/1/PZlE6PVlGxvS8KngBoZfOmuB62E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/4bff72-ba5b-4528-8c42-7f6b9f1040fd/1/PZlE6PVlGxvS8KngBoZfOmuB62E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PZlE6PVlGxvS8KngBoZfOmuB62E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 10:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:fd:b8:fa:4f:1a:ca:05:73:c3:4d:eb:85:89:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d9944e8f5651b1bd2f0a9e006865f3a6b81eb61
        Validity
            Not Before: Jan  1 19:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b657214260f18234d1a35a4b6aca5f670d763b70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:8b:d4:6c:64:6f:0f:4d:cc:63:97:ef:cd:59:
                    fa:30:73:02:e0:bb:d4:82:b2:9b:c1:02:27:0f:53:
                    0f:51:39:fd:21:b8:8a:a6:68:2f:3a:54:5c:f6:33:
                    74:24:33:aa:36:c5:71:9d:8f:fa:25:03:1f:4d:a1:
                    4c:f5:70:a6:d7:ed:99:38:e9:61:fb:ae:c5:d6:a9:
                    57:f9:f0:67:ad:c0:f9:9a:46:8e:d4:8c:74:fe:4c:
                    59:f1:89:13:d7:84:3b:a7:37:9b:db:63:d4:30:be:
                    27:f2:87:41:96:28:50:31:22:38:a1:32:35:90:12:
                    e7:e8:d1:96:cb:8c:e3:66:ac:23:ea:9b:0a:b3:6d:
                    56:a5:72:29:e7:1e:16:08:4f:95:b1:b3:6f:46:22:
                    f3:e8:21:72:c9:50:ad:64:c4:85:1e:55:b2:52:66:
                    9c:0f:7b:fb:af:6f:30:86:a9:ae:ff:1a:ec:4b:54:
                    4c:d1:4b:85:1c:18:46:30:b5:92:2f:fd:a6:5b:33:
                    de:8f:c0:a4:82:56:8a:bb:bb:10:a4:55:96:30:0b:
                    93:25:94:3e:de:f6:2a:c5:06:2b:87:55:15:3d:9f:
                    c1:3f:98:bb:0f:f4:7a:a6:9f:5b:b0:45:af:2a:35:
                    04:1c:a7:44:e9:9e:c9:e7:ba:ef:70:ec:f0:f4:0b:
                    c4:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:57:21:42:60:F1:82:34:D1:A3:5A:4B:6A:CA:5F:67:0D:76:3B:70
            X509v3 Authority Key Identifier:
                keyid:3D:99:44:E8:F5:65:1B:1B:D2:F0:A9:E0:06:86:5F:3A:6B:81:EB:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PZlE6PVlGxvS8KngBoZfOmuB62E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/4bff72-ba5b-4528-8c42-7f6b9f1040fd/1/tlchQmDxgjTRo1pLaspfZw12O3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/4bff72-ba5b-4528-8c42-7f6b9f1040fd/1/PZlE6PVlGxvS8KngBoZfOmuB62E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:ca:f4:07:0e:51:da:de:6a:77:8b:14:a0:c7:71:6b:3e:31:
         0b:06:4c:64:85:be:cd:85:bf:0b:27:ee:ba:4d:14:4a:56:1e:
         c5:c8:2b:70:17:a2:8e:39:56:ac:07:c8:6c:5f:49:04:fd:e1:
         ba:fd:ba:b0:bd:8b:48:49:43:fa:52:49:50:3b:f4:65:77:3b:
         3c:e2:ef:52:0f:80:b6:1f:73:89:f6:ce:d7:2d:eb:82:73:ec:
         ab:41:2e:18:59:4d:51:d0:41:d1:21:47:f4:df:6e:bd:89:37:
         e1:0f:2d:b9:65:c2:02:5c:f9:7e:25:36:ab:6a:ea:47:06:15:
         49:37:1f:49:a6:ad:b0:91:18:3f:9e:cf:39:ca:c9:e9:72:3b:
         6a:b4:4f:03:0e:f3:f4:77:d3:3f:85:05:df:33:d6:04:cc:30:
         fb:5a:f9:6d:2f:e7:aa:23:cc:e2:8e:e7:82:14:44:51:1e:ca:
         b3:20:e6:87:f2:ad:94:5e:7b:7e:08:24:36:9f:ba:02:f6:7a:
         51:b5:a0:a9:53:b9:89:a5:e1:a6:89:7d:a7:23:a8:05:5d:ec:
         b5:9b:42:a4:3e:8e:0c:d8:7e:05:73:bd:b7:76:b5:a9:20:4f:
         bf:e5:1c:35:3c:cd:0b:7d:f2:09:be:03:ef:be:74:07:74:86:
         df:e6:ee:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaf24+k8aygVzw03rhYnXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkOTk0NGU4ZjU2NTFiMWJkMmYwYTllMDA2ODY1ZjNhNmI4
MWViNjEwHhcNMjUwMTAxMTk0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjU3MjE0MjYwZjE4MjM0ZDFhMzVhNGI2YWNhNWY2NzBkNzYzYjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk4vUbGRvD03MY5fvzVn6MHMC4LvU
grKbwQInD1MPUTn9IbiKpmgvOlRc9jN0JDOqNsVxnY/6JQMfTaFM9XCm1+2ZOOlh
+67F1qlX+fBnrcD5mkaO1Ix0/kxZ8YkT14Q7pzeb22PUML4n8odBlihQMSI4oTI1
kBLn6NGWy4zjZqwj6psKs21WpXIp5x4WCE+VsbNvRiLz6CFyyVCtZMSFHlWyUmac
D3v7r28whqmu/xrsS1RM0UuFHBhGMLWSL/2mWzPej8CkglaKu7sQpFWWMAuTJZQ+
3vYqxQYrh1UVPZ/BP5i7D/R6pp9bsEWvKjUEHKdE6Z7J57rvcOzw9AvE2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLZXIUJg8YI00aNaS2rKX2cNdjtwMB8GA1UdIwQY
MBaAFD2ZROj1ZRsb0vCp4AaGXzprgethMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFpsRTZQVmxHeHZTOEtuZ0JvWmZPbXVCNjJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC80YmZmNzItYmE1Yi00NTI4LThjNDIt
N2Y2YjlmMTA0MGZkLzEvdGxjaFFtRHhnalRSbzFwTGFzcGZadzEyTzNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC80YmZmNzItYmE1Yi00NTI4LThjNDItN2Y2YjlmMTA0MGZk
LzEvUFpsRTZQVmxHeHZTOEtuZ0JvWmZPbXVCNjJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRZRMA0G
CSqGSIb3DQEBCwUAA4IBAQBOyvQHDlHa3mp3ixSgx3FrPjELBkxkhb7Nhb8LJ+66
TRRKVh7FyCtwF6KOOVasB8hsX0kE/eG6/bqwvYtISUP6UklQO/Rldzs84u9SD4C2
H3OJ9s7XLeuCc+yrQS4YWU1R0EHRIUf03269iTfhDy25ZcICXPl+JTaraupHBhVJ
Nx9Jpq2wkRg/ns85ysnpcjtqtE8DDvP0d9M/hQXfM9YEzDD7WvltL+eqI8zijueC
FERRHsqzIOaH8q2UXnt+CCQ2n7oC9npRtaCpU7mJpeGmiX2nI6gFXey1m0KkPo4M
2H4Fc723drWpIE+/5Rw1PM0LffIJvgPvvnQHdIbf5u4D
-----END CERTIFICATE-----