Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/TtCJXCZjPvFog76qNcnP4tVBIXU.roa
File:                     TtCJXCZjPvFog76qNcnP4tVBIXU.roa (raw, json)
Hash identifier:          RR78loCm+O10fJH1icMqv9FwagY1kYhnCggrwAc2ekQ=
Subject key identifier:   4E:D0:89:5C:26:63:3E:F1:68:83:BE:AA:35:C9:CF:E2:D5:41:21:75
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       01942143FB8188164FA6F102F094B18C62A7
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/TtCJXCZjPvFog76qNcnP4tVBIXU.roa
Signing time:             Wed 01 Jan 2025 09:48:10 +0000
ROA not before:           Wed 01 Jan 2025 09:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39284
IP address blocks:        45.95.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:fb:81:88:16:4f:a6:f1:02:f0:94:b1:8c:62:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Jan  1 09:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ed0895c26633ef16883beaa35c9cfe2d5412175
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:41:4b:2f:0a:72:ca:b5:df:b9:de:98:19:9c:
                    81:70:9e:f8:d3:83:88:91:be:fa:3a:8e:0c:f3:d3:
                    88:9b:0b:ca:73:b6:a9:82:68:33:8f:6f:f4:9f:89:
                    32:8c:6a:67:1c:b0:e8:06:50:16:87:c0:78:ef:45:
                    6d:19:f7:f7:5e:c1:76:e6:f2:5d:08:c9:74:66:44:
                    e2:d7:fa:5e:2d:ad:cc:b7:e7:c1:71:06:52:ed:3c:
                    f9:18:2a:2a:09:bc:68:d0:f8:3c:84:9b:bf:c5:c7:
                    bb:33:18:db:3c:6a:91:b6:76:b7:c3:2e:69:3a:89:
                    60:63:fd:d5:c2:54:f9:7a:fe:c4:16:f5:7a:95:95:
                    6f:81:bf:2b:c0:e9:0a:5b:34:8b:f8:39:7b:72:c4:
                    43:15:29:01:d8:e8:8c:89:f3:72:56:70:bb:3f:30:
                    d4:0b:87:20:ee:b5:86:26:85:fe:1d:a0:1f:8c:c5:
                    04:90:fd:b7:ae:f5:d3:c7:be:a2:f5:16:eb:ab:54:
                    c8:c3:14:49:c0:da:11:0c:f0:ab:9c:60:cf:cf:4c:
                    0d:e3:4c:9f:08:b5:a4:9b:f1:ea:1f:6f:b1:e7:05:
                    e3:8a:60:fb:93:7f:b1:ea:7d:f3:a4:45:d5:99:17:
                    03:9a:5a:84:d2:a2:1f:ec:82:dd:5d:54:9b:59:18:
                    85:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:D0:89:5C:26:63:3E:F1:68:83:BE:AA:35:C9:CF:E2:D5:41:21:75
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/TtCJXCZjPvFog76qNcnP4tVBIXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:96:c7:6b:a1:39:ee:c0:42:9e:22:bf:0c:d8:f9:7a:39:f3:
         22:64:1f:c4:65:de:66:82:96:a2:4a:80:d8:f2:f7:34:b7:f9:
         8d:59:e8:fc:01:53:9a:96:57:af:f1:87:16:52:14:e9:88:24:
         4a:d4:43:33:26:bd:71:9b:0a:29:60:b7:02:1e:e7:7e:47:ae:
         90:05:a4:2b:99:63:06:92:13:8f:8b:38:ac:c4:64:8a:82:e0:
         16:27:0f:b5:14:59:d4:3c:a0:20:db:dd:b3:7e:c1:3e:ad:e3:
         a1:c4:c9:a1:65:8e:cf:66:2a:c0:aa:93:00:7f:4e:40:ca:3c:
         a8:ac:bd:5b:f1:36:fd:93:09:a7:80:67:1e:bc:c3:91:5f:12:
         3d:6d:2e:5c:90:33:12:af:41:81:7c:60:45:f1:87:01:e7:f5:
         ab:99:7a:20:6a:c5:d7:1b:c6:ea:d1:24:14:cc:e5:1b:23:cc:
         a8:6e:8d:3c:47:d2:88:4b:6e:1a:1a:ea:de:fd:20:7b:53:72:
         e7:a9:9a:7c:ac:5b:0a:7c:7b:3c:70:4f:6f:df:4f:de:33:2d:
         4d:c0:0c:21:29:b6:79:72:3c:1d:8a:14:9c:f1:05:9a:5c:58:
         15:e6:f8:e7:cd:7a:aa:71:00:93:71:ba:f7:16:47:e8:30:76:
         ad:fc:a7:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ/uBiBZPpvEC8JSxjGKnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUwMTAxMDk0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWQwODk1YzI2NjMzZWYxNjg4M2JlYWEzNWM5Y2ZlMmQ1NDEyMTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzkFLLwpyyrXfud6YGZyBcJ7404OI
kb76Oo4M89OImwvKc7apgmgzj2/0n4kyjGpnHLDoBlAWh8B470VtGff3XsF25vJd
CMl0ZkTi1/peLa3Mt+fBcQZS7Tz5GCoqCbxo0Pg8hJu/xce7MxjbPGqRtna3wy5p
OolgY/3VwlT5ev7EFvV6lZVvgb8rwOkKWzSL+Dl7csRDFSkB2OiMifNyVnC7PzDU
C4cg7rWGJoX+HaAfjMUEkP23rvXTx76i9Rbrq1TIwxRJwNoRDPCrnGDPz0wN40yf
CLWkm/HqH2+x5wXjimD7k3+x6n3zpEXVmRcDmlqE0qIf7ILdXVSbWRiFUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE7QiVwmYz7xaIO+qjXJz+LVQSF1MB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvVHRDSlhDWmpQdkZvZzc2cU5jblA0dFZCSVhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV8eMA0G
CSqGSIb3DQEBCwUAA4IBAQAylsdroTnuwEKeIr8M2Pl6OfMiZB/EZd5mgpaiSoDY
8vc0t/mNWej8AVOallev8YcWUhTpiCRK1EMzJr1xmwopYLcCHud+R66QBaQrmWMG
khOPizisxGSKguAWJw+1FFnUPKAg292zfsE+reOhxMmhZY7PZirAqpMAf05Ayjyo
rL1b8Tb9kwmngGcevMORXxI9bS5ckDMSr0GBfGBF8YcB5/WrmXogasXXG8bq0SQU
zOUbI8yobo08R9KIS24aGure/SB7U3LnqZp8rFsKfHs8cE9v30/eMy1NwAwhKbZ5
cjwdihSc8QWaXFgV5vjnzXqqcQCTcbr3FkfoMHat/Kc0
-----END CERTIFICATE-----