Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/0e4dd3-9de7-436e-aba9-de6a9c017f7b/1/TaWWlaQdJDy__bPOa0_wHi28kgw.roa
File:                     TaWWlaQdJDy__bPOa0_wHi28kgw.roa (raw, json)
Hash identifier:          GmxVMkOCc40Mr9ux5EGho294LI1OMaDC/pTrag518As=
Subject key identifier:   4D:A5:96:95:A4:1D:24:3C:BF:FD:B3:CE:6B:4F:F0:1E:2D:BC:92:0C
Certificate issuer:       /CN=edbd2b2871c06e5e21dfcd01603075816bd14489
Certificate serial:       01941FFAA87564D93A48FB17169A729CD3C2
Authority key identifier: ED:BD:2B:28:71:C0:6E:5E:21:DF:CD:01:60:30:75:81:6B:D1:44:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7b0rKHHAbl4h380BYDB1gWvRRIk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/0e4dd3-9de7-436e-aba9-de6a9c017f7b/1/TaWWlaQdJDy__bPOa0_wHi28kgw.roa
Signing time:             Wed 01 Jan 2025 03:48:28 +0000
ROA not before:           Wed 01 Jan 2025 03:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     4913
IP address blocks:        212.39.160.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/0e4dd3-9de7-436e-aba9-de6a9c017f7b/1/7b0rKHHAbl4h380BYDB1gWvRRIk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/0e4dd3-9de7-436e-aba9-de6a9c017f7b/1/7b0rKHHAbl4h380BYDB1gWvRRIk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7b0rKHHAbl4h380BYDB1gWvRRIk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:a8:75:64:d9:3a:48:fb:17:16:9a:72:9c:d3:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=edbd2b2871c06e5e21dfcd01603075816bd14489
        Validity
            Not Before: Jan  1 03:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4da59695a41d243cbffdb3ce6b4ff01e2dbc920c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:8d:24:9f:30:1d:98:01:a5:63:65:7f:e1:46:
                    4c:f8:3f:7e:0a:e7:5f:13:0b:de:31:9a:a5:49:27:
                    97:68:50:d4:bc:1e:9f:6c:34:9b:5a:c3:d0:ea:16:
                    a0:00:fd:64:7c:b5:e7:68:6d:63:26:bb:ff:eb:0d:
                    59:d0:4a:f7:cb:cc:1d:6b:53:12:75:f4:fa:68:2c:
                    8b:6b:3d:0d:47:4c:10:9e:56:34:b9:28:ee:f0:32:
                    02:2e:56:18:6d:1c:6a:b8:57:c5:b2:d5:27:97:a9:
                    1e:2d:6b:b3:da:e6:7a:ed:00:52:18:60:b8:97:06:
                    68:c3:ae:9c:2a:12:06:f2:35:a7:28:f0:f9:39:2a:
                    97:04:28:14:07:0a:5d:ae:e7:c0:23:e0:8d:ce:07:
                    41:fe:98:09:1c:0a:94:54:85:1a:5b:d5:60:a5:71:
                    95:56:13:ca:70:95:b0:70:96:38:ff:0d:7f:65:a7:
                    65:24:53:84:2f:d5:18:61:c1:47:63:d1:71:6a:a5:
                    aa:b6:5f:b8:b0:35:19:90:16:da:df:27:89:9d:fa:
                    4b:b4:41:ef:99:9c:95:de:8f:7f:62:68:c4:6e:37:
                    01:ea:82:ee:bd:d5:7f:f8:58:44:76:49:14:ab:44:
                    11:ae:f2:73:3d:73:37:0e:cf:b4:9d:98:36:dc:30:
                    8d:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:A5:96:95:A4:1D:24:3C:BF:FD:B3:CE:6B:4F:F0:1E:2D:BC:92:0C
            X509v3 Authority Key Identifier:
                keyid:ED:BD:2B:28:71:C0:6E:5E:21:DF:CD:01:60:30:75:81:6B:D1:44:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b0rKHHAbl4h380BYDB1gWvRRIk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/0e4dd3-9de7-436e-aba9-de6a9c017f7b/1/TaWWlaQdJDy__bPOa0_wHi28kgw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/0e4dd3-9de7-436e-aba9-de6a9c017f7b/1/7b0rKHHAbl4h380BYDB1gWvRRIk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.39.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         0d:3e:e6:70:89:3a:cb:10:91:62:c8:e8:d4:7f:44:93:23:a1:
         f2:85:a1:fe:13:5f:62:6a:96:4a:05:96:9b:cb:06:17:1e:ca:
         ed:88:a5:2d:3e:5a:f2:38:81:aa:f5:2e:e4:00:ba:f7:a2:2a:
         73:b0:f1:a4:5a:1c:62:a8:c9:06:0d:67:7b:eb:6f:b5:72:02:
         37:ef:f8:ca:3f:44:bd:e0:c3:30:ab:7a:ed:c1:70:04:d4:69:
         9b:c0:93:f7:d6:b1:dc:65:ec:57:4d:a7:03:62:5f:44:a3:f6:
         d4:fb:55:10:cd:e7:5c:74:48:e4:ba:bb:d7:cc:ed:ef:c2:81:
         b1:61:ca:73:ce:af:a2:f6:36:db:9a:4c:74:52:58:87:dc:c2:
         29:79:f3:66:cb:a1:18:c0:11:65:7f:cb:1d:e7:67:0e:d1:e7:
         3c:0c:ef:39:69:2c:3c:99:94:17:18:01:27:e8:81:3d:0d:d3:
         74:98:54:84:9d:dd:57:04:3a:dc:de:f3:29:71:a1:a9:5f:b3:
         b5:75:0c:29:0c:a4:cb:02:00:f5:8b:d0:9e:59:74:11:aa:6f:
         32:51:30:2f:d2:19:89:67:a6:11:b6:e2:09:51:44:ee:ce:2b:
         ad:c9:31:13:ea:a6:aa:33:dd:78:7a:a1:f8:3c:2a:16:ef:1e:
         81:36:ac:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+qh1ZNk6SPsXFppynNPCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkYmQyYjI4NzFjMDZlNWUyMWRmY2QwMTYwMzA3NTgxNmJk
MTQ0ODkwHhcNMjUwMTAxMDM0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGE1OTY5NWE0MWQyNDNjYmZmZGIzY2U2YjRmZjAxZTJkYmM5MjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoI0knzAdmAGlY2V/4UZM+D9+Cudf
EwveMZqlSSeXaFDUvB6fbDSbWsPQ6hagAP1kfLXnaG1jJrv/6w1Z0Er3y8wda1MS
dfT6aCyLaz0NR0wQnlY0uSju8DICLlYYbRxquFfFstUnl6keLWuz2uZ67QBSGGC4
lwZow66cKhIG8jWnKPD5OSqXBCgUBwpdrufAI+CNzgdB/pgJHAqUVIUaW9VgpXGV
VhPKcJWwcJY4/w1/ZadlJFOEL9UYYcFHY9FxaqWqtl+4sDUZkBba3yeJnfpLtEHv
mZyV3o9/YmjEbjcB6oLuvdV/+FhEdkkUq0QRrvJzPXM3Ds+0nZg23DCNQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE2llpWkHSQ8v/2zzmtP8B4tvJIMMB8GA1UdIwQY
MBaAFO29KyhxwG5eId/NAWAwdYFr0USJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2IwcktISEFibDRoMzgwQllEQjFnV3ZSUklrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8wZTRkZDMtOWRlNy00MzZlLWFiYTkt
ZGU2YTljMDE3ZjdiLzEvVGFXV2xhUWRKRHlfX2JQT2EwX3dIaTI4a2d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8wZTRkZDMtOWRlNy00MzZlLWFiYTktZGU2YTljMDE3Zjdi
LzEvN2IwcktISEFibDRoMzgwQllEQjFnV3ZSUklrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1CegMA0G
CSqGSIb3DQEBCwUAA4IBAQANPuZwiTrLEJFiyOjUf0STI6HyhaH+E19iapZKBZab
ywYXHsrtiKUtPlryOIGq9S7kALr3oipzsPGkWhxiqMkGDWd762+1cgI37/jKP0S9
4MMwq3rtwXAE1GmbwJP31rHcZexXTacDYl9Eo/bU+1UQzedcdEjkurvXzO3vwoGx
Ycpzzq+i9jbbmkx0UliH3MIpefNmy6EYwBFlf8sd52cO0ec8DO85aSw8mZQXGAEn
6IE9DdN0mFSEnd1XBDrc3vMpcaGpX7O1dQwpDKTLAgD1i9CeWXQRqm8yUTAv0hmJ
Z6YRtuIJUUTuziutyTET6qaqM914eqH4PCoW7x6BNqwg
-----END CERTIFICATE-----