Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/b4ecb1-a0f5-4261-bcde-096c9c07ae18/1/tscq8RR5-J67nLuusgspLPatxCY.roa
File:                     tscq8RR5-J67nLuusgspLPatxCY.roa (raw, json)
Hash identifier:          mhooYjP72FJexVsRBpMnu3/8vTwdVxQOmpcDiGXdBjc=
Subject key identifier:   B6:C7:2A:F1:14:79:F8:9E:BB:9C:BB:AE:B2:0B:29:2C:F6:AD:C4:26
Certificate issuer:       /CN=5c6a5f52b002f6286c1d5eb257bb5e853342a284
Certificate serial:       0194274877146C690C052C65A1FC6E5030B6
Authority key identifier: 5C:6A:5F:52:B0:02:F6:28:6C:1D:5E:B2:57:BB:5E:85:33:42:A2:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XGpfUrAC9ihsHV6yV7tehTNCooQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/b4ecb1-a0f5-4261-bcde-096c9c07ae18/1/tscq8RR5-J67nLuusgspLPatxCY.roa
Signing time:             Thu 02 Jan 2025 13:50:47 +0000
ROA not before:           Thu 02 Jan 2025 13:50:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33864
IP address blocks:        84.17.128.0/19 maxlen: 24
                          185.137.40.0/22 maxlen: 24
                          2a02:1760::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/b4ecb1-a0f5-4261-bcde-096c9c07ae18/1/XGpfUrAC9ihsHV6yV7tehTNCooQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/b4ecb1-a0f5-4261-bcde-096c9c07ae18/1/XGpfUrAC9ihsHV6yV7tehTNCooQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XGpfUrAC9ihsHV6yV7tehTNCooQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 01:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:77:14:6c:69:0c:05:2c:65:a1:fc:6e:50:30:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c6a5f52b002f6286c1d5eb257bb5e853342a284
        Validity
            Not Before: Jan  2 13:50:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b6c72af11479f89ebb9cbbaeb20b292cf6adc426
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:8f:17:4b:55:f9:2e:27:c0:9c:a9:ca:09:2b:
                    aa:2c:2e:e3:ad:a4:f5:f0:1f:1e:9f:e0:f9:88:a5:
                    a1:78:82:66:5b:d0:43:cd:2f:27:b1:30:86:dd:01:
                    87:c8:2d:22:2e:81:24:a6:4d:a6:32:b7:aa:ca:46:
                    6f:8e:16:27:97:dc:87:3a:84:88:a3:19:50:96:64:
                    95:34:e5:42:39:23:6f:14:e9:3b:01:a8:da:1b:bf:
                    1f:f6:91:fe:5c:63:66:83:f8:a9:70:50:24:ae:4f:
                    78:c0:69:71:9b:e5:c6:7d:63:ab:c0:a0:9e:6c:1d:
                    c6:49:99:97:96:6e:db:77:a3:f2:56:71:4a:fb:ee:
                    77:27:66:52:17:8b:65:9d:c1:7b:79:c1:84:a9:08:
                    54:57:73:c2:18:ad:3b:b2:70:39:7c:74:56:07:42:
                    48:96:c7:ed:46:2b:9a:bb:a8:45:63:71:61:8b:8e:
                    e2:b6:4a:76:6b:4a:6e:d9:68:33:49:9e:4d:c8:f0:
                    34:62:69:44:56:d4:a0:9f:90:5c:e6:a1:6e:7f:be:
                    b7:14:09:af:4d:e2:06:c5:e4:f9:c0:f7:09:a8:bf:
                    2c:47:02:29:fa:1c:b5:07:ae:3f:c3:5a:08:c2:3e:
                    40:8e:f9:31:88:d4:2e:e9:88:51:2a:76:c7:95:27:
                    37:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:C7:2A:F1:14:79:F8:9E:BB:9C:BB:AE:B2:0B:29:2C:F6:AD:C4:26
            X509v3 Authority Key Identifier:
                keyid:5C:6A:5F:52:B0:02:F6:28:6C:1D:5E:B2:57:BB:5E:85:33:42:A2:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XGpfUrAC9ihsHV6yV7tehTNCooQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/b4ecb1-a0f5-4261-bcde-096c9c07ae18/1/tscq8RR5-J67nLuusgspLPatxCY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/b4ecb1-a0f5-4261-bcde-096c9c07ae18/1/XGpfUrAC9ihsHV6yV7tehTNCooQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.17.128.0/19
                  185.137.40.0/22
                IPv6:
                  2a02:1760::/32

    Signature Algorithm: sha256WithRSAEncryption
         6f:1c:c9:f2:a3:2f:1f:a9:c6:ae:ed:a4:59:9d:77:dc:e2:fc:
         5a:f9:aa:21:6d:11:93:54:b7:61:bd:ed:f7:d4:7e:5c:ac:be:
         d3:ab:a2:f2:e7:eb:5d:8c:18:ed:e2:75:a3:30:b9:f9:23:27:
         30:b5:0b:ab:68:c1:ee:be:b5:79:51:c5:55:bb:6a:67:fe:f7:
         30:41:d7:00:eb:68:01:8f:a1:5d:87:31:3f:6e:a6:fa:89:e7:
         9b:57:a8:89:b0:13:0b:bf:4f:b8:fa:93:e4:e3:23:ce:93:10:
         0b:1b:87:d4:76:bd:09:9f:a1:b6:e5:b0:13:a9:bb:07:4c:0e:
         2d:47:39:f8:ab:90:29:13:af:9b:81:ab:d5:6e:d3:5c:b1:61:
         ec:6c:de:5a:5f:51:1e:5c:00:4f:61:c1:3a:b5:7c:74:84:b3:
         3b:b8:19:4a:d6:f5:b5:c2:a8:46:dc:c7:6d:32:7d:e7:b7:63:
         b8:d6:cc:54:e7:5f:f4:a2:89:e3:93:f5:4e:34:b8:76:a4:21:
         2b:fd:37:61:fd:51:cb:ab:7f:a6:cc:6d:0c:ee:5a:c0:ee:39:
         78:b0:2b:0d:e4:32:0e:4e:53:12:f0:73:81:f1:f2:fc:5f:14:
         d5:cf:22:28:3e:ab:43:9b:a9:69:f7:3e:f9:7f:8b:59:70:0b:
         e7:ca:5e:25
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQnSHcUbGkMBSxlofxuUDC2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNmE1ZjUyYjAwMmY2Mjg2YzFkNWViMjU3YmI1ZTg1MzM0
MmEyODQwHhcNMjUwMTAyMTM1MDQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmM3MmFmMTE0NzlmODllYmI5Y2JiYWViMjBiMjkyY2Y2YWRjNDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6I8XS1X5LifAnKnKCSuqLC7jraT1
8B8en+D5iKWheIJmW9BDzS8nsTCG3QGHyC0iLoEkpk2mMreqykZvjhYnl9yHOoSI
oxlQlmSVNOVCOSNvFOk7AajaG78f9pH+XGNmg/ipcFAkrk94wGlxm+XGfWOrwKCe
bB3GSZmXlm7bd6PyVnFK++53J2ZSF4tlncF7ecGEqQhUV3PCGK07snA5fHRWB0JI
lsftRiuau6hFY3Fhi47itkp2a0pu2WgzSZ5NyPA0YmlEVtSgn5Bc5qFuf763FAmv
TeIGxeT5wPcJqL8sRwIp+hy1B64/w1oIwj5AjvkxiNQu6YhRKnbHlSc3CQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLbHKvEUefieu5y7rrILKSz2rcQmMB8GA1UdIwQY
MBaAFFxqX1KwAvYobB1esle7XoUzQqKEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEdwZlVyQUM5aWhzSFY2eVY3dGVoVE5Db29RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9iNGVjYjEtYTBmNS00MjYxLWJjZGUt
MDk2YzljMDdhZTE4LzEvdHNjcThSUjUtSjY3bkx1dXNnc3BMUGF0eENZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9iNGVjYjEtYTBmNS00MjYxLWJjZGUtMDk2YzljMDdhZTE4
LzEvWEdwZlVyQUM5aWhzSFY2eVY3dGVoVE5Db29RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFVBGAAwQC
uYkoMA0EAgACMAcDBQAqAhdgMA0GCSqGSIb3DQEBCwUAA4IBAQBvHMnyoy8fqcau
7aRZnXfc4vxa+aohbRGTVLdhve331H5crL7Tq6Ly5+tdjBjt4nWjMLn5IycwtQur
aMHuvrV5UcVVu2pn/vcwQdcA62gBj6FdhzE/bqb6ieebV6iJsBMLv0+4+pPk4yPO
kxALG4fUdr0Jn6G25bATqbsHTA4tRzn4q5ApE6+bgavVbtNcsWHsbN5aX1EeXABP
YcE6tXx0hLM7uBlK1vW1wqhG3MdtMn3nt2O41sxU51/0oonjk/VONLh2pCEr/Tdh
/VHLq3+mzG0M7lrA7jl4sCsN5DIOTlMS8HOB8fL8XxTVzyIoPqtDm6lp9z75f4tZ
cAvnyl4l
-----END CERTIFICATE-----