Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/tyaYl5YiFR3mBp3dE0Z7qqSxJ-4.roa
File:                     tyaYl5YiFR3mBp3dE0Z7qqSxJ-4.roa (raw, json)
Hash identifier:          1oOfsGz2G4JZrKzX/nD0zBodH4uCjpfY8iZX8tHeLNY=
Subject key identifier:   B7:26:98:97:96:22:15:1D:E6:06:9D:DD:13:46:7B:AA:A4:B1:27:EE
Certificate issuer:       /CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
Certificate serial:       0194244553061CA0C2B4C2979CFC366C886B
Authority key identifier: 56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/tyaYl5YiFR3mBp3dE0Z7qqSxJ-4.roa
Signing time:             Wed 01 Jan 2025 23:48:30 +0000
ROA not before:           Wed 01 Jan 2025 23:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31674
IP address blocks:        212.133.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 06:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:53:06:1c:a0:c2:b4:c2:97:9c:fc:36:6c:88:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
        Validity
            Not Before: Jan  1 23:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b72698979622151de6069ddd13467baaa4b127ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:db:cb:3f:8f:f6:fe:69:a3:f4:71:a4:82:68:
                    49:1a:9d:0e:38:d6:f5:6c:bc:a2:67:80:58:18:2f:
                    7b:e7:33:af:d1:35:40:26:25:be:46:7b:97:54:30:
                    09:7c:70:6f:d9:f4:e6:56:46:e9:3e:54:f9:92:79:
                    23:eb:8c:9f:9a:a6:9a:6a:05:1d:95:81:66:d4:99:
                    f1:ea:c3:24:6d:c1:3e:57:d6:fa:35:ec:c1:4f:a1:
                    8c:70:4f:77:b8:6a:0d:10:8e:82:65:27:35:dd:33:
                    6a:c0:80:4a:56:fa:21:d2:d9:8e:f1:b5:94:56:47:
                    45:92:54:67:ae:57:3d:2d:f7:52:90:c0:05:4b:6f:
                    63:38:0b:8a:e3:6c:c3:fe:55:f8:37:d9:e8:ed:17:
                    86:7b:af:d3:06:9c:18:6e:6f:9a:e6:7f:c3:a8:32:
                    ac:00:cb:12:ca:32:97:8e:9f:b5:28:af:77:54:5f:
                    1e:e5:de:47:2d:56:e4:59:84:98:8f:a1:bd:81:89:
                    3c:3b:53:74:bc:8a:3f:a1:4e:8a:16:0a:a8:36:24:
                    0f:c7:f6:d7:1f:67:b3:0e:23:02:c9:37:59:d9:fb:
                    bb:88:17:ac:9a:86:d4:2f:b4:3b:21:5e:12:2b:62:
                    fc:c6:5e:6b:97:1c:be:7c:ab:21:b2:f5:3f:24:14:
                    9d:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:26:98:97:96:22:15:1D:E6:06:9D:DD:13:46:7B:AA:A4:B1:27:EE
            X509v3 Authority Key Identifier:
                keyid:56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/tyaYl5YiFR3mBp3dE0Z7qqSxJ-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.133.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:7e:b1:17:eb:06:6d:9c:46:55:d8:14:67:26:cf:47:10:3b:
         60:2f:45:18:f1:b6:e9:46:d1:df:66:51:0c:35:2a:79:75:98:
         4f:df:d0:23:e7:bd:8d:e3:00:32:1c:ea:4a:e2:a4:44:8e:2c:
         85:89:47:8c:59:46:e2:c8:b0:82:24:68:4e:a3:67:e1:54:df:
         e2:17:52:31:a0:89:fd:7c:dd:05:26:52:1f:5f:b9:cd:7f:a2:
         f4:1a:87:0b:f6:d7:76:52:ab:c0:66:ec:75:bd:0b:5e:81:79:
         29:d7:cf:9c:2f:ea:fd:13:12:5b:14:9a:fa:20:8d:1a:52:7b:
         60:80:dc:77:fa:00:d9:98:a5:49:c9:0d:5b:4d:e8:68:63:0f:
         11:16:3b:28:60:d3:3f:0e:e0:62:72:30:bd:1e:f2:8b:09:0b:
         36:7f:55:d3:eb:85:f5:88:dc:ac:57:04:5d:64:94:5b:b2:fb:
         4a:fa:1b:f2:24:d3:e7:c9:aa:87:3b:26:c8:3f:1c:fc:f3:1b:
         b0:94:0e:45:82:dc:14:0c:82:3d:67:80:ed:a6:09:a7:52:d4:
         49:67:9b:04:b5:53:5d:d0:3b:a0:ac:e1:9b:9f:4a:54:63:75:
         5f:95:31:a0:3e:54:a5:9a:67:14:49:4e:f9:58:02:8a:dc:1b:
         4f:78:47:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRVMGHKDCtMKXnPw2bIhrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2OGZlMzVjYzk2MjYzM2EyNzU3YWYxMGEwZTZlOGFiNmQw
MWY0YzkwHhcNMjUwMTAxMjM0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzI2OTg5Nzk2MjIxNTFkZTYwNjlkZGQxMzQ2N2JhYWE0YjEyN2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdvLP4/2/mmj9HGkgmhJGp0OONb1
bLyiZ4BYGC975zOv0TVAJiW+RnuXVDAJfHBv2fTmVkbpPlT5knkj64yfmqaaagUd
lYFm1Jnx6sMkbcE+V9b6NezBT6GMcE93uGoNEI6CZSc13TNqwIBKVvoh0tmO8bWU
VkdFklRnrlc9LfdSkMAFS29jOAuK42zD/lX4N9no7ReGe6/TBpwYbm+a5n/DqDKs
AMsSyjKXjp+1KK93VF8e5d5HLVbkWYSYj6G9gYk8O1N0vIo/oU6KFgqoNiQPx/bX
H2ezDiMCyTdZ2fu7iBesmobUL7Q7IV4SK2L8xl5rlxy+fKshsvU/JBSdzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLcmmJeWIhUd5gad3RNGe6qksSfuMB8GA1UdIwQY
MBaAFFaP41zJYmM6J1evEKDm6KttAfTJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMt
ODNkNjQ4Zjc5NzQ2LzEvdHlhWWw1WWlGUjNtQnAzZEUwWjdxcVN4Si00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMtODNkNjQ4Zjc5NzQ2
LzEvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IWkMA0G
CSqGSIb3DQEBCwUAA4IBAQA7frEX6wZtnEZV2BRnJs9HEDtgL0UY8bbpRtHfZlEM
NSp5dZhP39Aj572N4wAyHOpK4qREjiyFiUeMWUbiyLCCJGhOo2fhVN/iF1IxoIn9
fN0FJlIfX7nNf6L0GocL9td2UqvAZux1vQtegXkp18+cL+r9ExJbFJr6II0aUntg
gNx3+gDZmKVJyQ1bTehoYw8RFjsoYNM/DuBicjC9HvKLCQs2f1XT64X1iNysVwRd
ZJRbsvtK+hvyJNPnyaqHOybIPxz88xuwlA5FgtwUDII9Z4DtpgmnUtRJZ5sEtVNd
0DugrOGbn0pUY3VflTGgPlSlmmcUSU75WAKK3BtPeEds
-----END CERTIFICATE-----