Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/c7c51d-4f90-4087-a13a-f3c1a9a11d73/1/TrApzRwO46U5cvWOoWRmtJkH50k.roa
File:                     TrApzRwO46U5cvWOoWRmtJkH50k.roa (raw, json)
Hash identifier:          jn6OnmEsOzdilDL0UdqQEgfGfw7WKVGdZ+IBRjWfYTM=
Subject key identifier:   4E:B0:29:CD:1C:0E:E3:A5:39:72:F5:8E:A1:64:66:B4:99:07:E7:49
Certificate issuer:       /CN=9c47ee73c28780b12f152cfa259ade3d8ae0d13b
Certificate serial:       0194236A2A1D074446C7FBF29AF55EA87536
Authority key identifier: 9C:47:EE:73:C2:87:80:B1:2F:15:2C:FA:25:9A:DE:3D:8A:E0:D1:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nEfuc8KHgLEvFSz6JZrePYrg0Ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/c7c51d-4f90-4087-a13a-f3c1a9a11d73/1/TrApzRwO46U5cvWOoWRmtJkH50k.roa
Signing time:             Wed 01 Jan 2025 19:49:07 +0000
ROA not before:           Wed 01 Jan 2025 19:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208161
IP address blocks:        194.33.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/c7c51d-4f90-4087-a13a-f3c1a9a11d73/1/nEfuc8KHgLEvFSz6JZrePYrg0Ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/c7c51d-4f90-4087-a13a-f3c1a9a11d73/1/nEfuc8KHgLEvFSz6JZrePYrg0Ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nEfuc8KHgLEvFSz6JZrePYrg0Ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 19:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:2a:1d:07:44:46:c7:fb:f2:9a:f5:5e:a8:75:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c47ee73c28780b12f152cfa259ade3d8ae0d13b
        Validity
            Not Before: Jan  1 19:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4eb029cd1c0ee3a53972f58ea16466b49907e749
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:80:c8:a7:b3:02:fa:5b:26:28:d3:ef:bb:02:
                    b7:00:23:6b:b9:e1:f0:19:e1:f6:ba:34:e0:c2:50:
                    8b:cf:44:80:de:56:64:ea:ec:37:70:d1:9f:51:32:
                    17:6a:50:c6:b1:94:4b:4f:22:64:64:13:a4:41:49:
                    53:1d:89:6c:1d:e9:d6:c3:dd:86:17:4d:b3:6e:bf:
                    8c:cd:ea:74:b4:fd:23:59:7a:a0:cb:a3:30:f8:c3:
                    d5:3d:ad:45:6a:2f:cb:b0:b0:ad:62:dc:a9:87:3b:
                    d8:f3:80:c3:8b:95:cc:38:bb:cf:92:ff:ea:e2:96:
                    80:17:1b:8a:9d:e1:8d:c8:10:9a:34:03:ba:08:4b:
                    6b:a5:51:0e:b4:2b:0e:23:16:36:8e:8a:09:38:96:
                    cb:9c:0c:c7:a5:48:bb:7d:1a:5a:77:3e:09:f0:73:
                    10:81:28:75:e8:10:5a:c0:fd:73:74:35:b4:17:07:
                    aa:e2:d1:a8:cf:1a:21:7b:6c:4b:05:87:7f:36:18:
                    70:e4:ef:61:8b:22:82:0c:19:de:26:85:25:df:28:
                    de:45:ac:c8:39:07:b5:df:a0:bb:36:68:ad:f7:53:
                    e2:4a:3d:71:ff:b4:a3:33:78:5e:f3:71:79:0e:d6:
                    35:42:79:62:03:4a:97:fd:b0:1a:cd:8f:d4:00:ac:
                    13:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:B0:29:CD:1C:0E:E3:A5:39:72:F5:8E:A1:64:66:B4:99:07:E7:49
            X509v3 Authority Key Identifier:
                keyid:9C:47:EE:73:C2:87:80:B1:2F:15:2C:FA:25:9A:DE:3D:8A:E0:D1:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nEfuc8KHgLEvFSz6JZrePYrg0Ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/c7c51d-4f90-4087-a13a-f3c1a9a11d73/1/TrApzRwO46U5cvWOoWRmtJkH50k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/c7c51d-4f90-4087-a13a-f3c1a9a11d73/1/nEfuc8KHgLEvFSz6JZrePYrg0Ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.33.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:dd:dd:7f:1e:05:4a:5a:37:7b:b2:3d:59:fb:d1:fd:c5:15:
         ea:31:83:54:8b:0d:ad:9c:5d:2e:e0:b2:f4:de:1f:95:c1:ea:
         7e:bb:94:b1:85:6c:07:fe:e4:69:20:fa:a1:2c:ac:14:14:31:
         72:a0:26:38:cd:ec:d9:51:b3:f4:09:41:5d:a8:b1:bc:54:93:
         c8:b6:06:a6:78:13:99:b4:00:e3:bc:81:48:6e:6f:9a:b0:da:
         e5:75:34:82:14:16:54:65:5c:0b:aa:b5:a3:85:93:bb:6e:3c:
         fa:df:98:ff:85:cf:93:9b:72:dd:d7:fd:85:01:1c:2f:3f:16:
         e5:90:f8:07:54:60:c6:b2:0e:1e:51:bb:f6:42:4a:05:85:2b:
         dc:df:f3:bf:05:5a:35:e2:e3:19:bc:6c:cf:0f:6e:b7:4e:49:
         90:6c:5b:ad:62:cf:f9:eb:6d:97:f5:86:05:73:63:e5:a2:c5:
         e8:90:e5:ae:de:ee:e9:9d:c3:d9:d4:4c:ff:a0:17:70:9d:3f:
         b6:9f:31:ce:25:06:32:cc:f8:64:6c:d5:46:42:79:55:13:ab:
         f5:08:99:e2:91:d4:fb:8d:ee:01:44:2e:6c:59:fe:14:13:15:
         58:82:a4:02:27:7e:60:48:78:c8:a7:1b:9f:10:cc:c9:27:de:
         43:8c:d4:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaiodB0RGx/vymvVeqHU2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNDdlZTczYzI4NzgwYjEyZjE1MmNmYTI1OWFkZTNkOGFl
MGQxM2IwHhcNMjUwMTAxMTk0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWIwMjljZDFjMGVlM2E1Mzk3MmY1OGVhMTY0NjZiNDk5MDdlNzQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsoDIp7MC+lsmKNPvuwK3ACNrueHw
GeH2ujTgwlCLz0SA3lZk6uw3cNGfUTIXalDGsZRLTyJkZBOkQUlTHYlsHenWw92G
F02zbr+Mzep0tP0jWXqgy6Mw+MPVPa1Fai/LsLCtYtyphzvY84DDi5XMOLvPkv/q
4paAFxuKneGNyBCaNAO6CEtrpVEOtCsOIxY2jooJOJbLnAzHpUi7fRpadz4J8HMQ
gSh16BBawP1zdDW0Fweq4tGozxohe2xLBYd/Nhhw5O9hiyKCDBneJoUl3yjeRazI
OQe136C7Nmit91PiSj1x/7SjM3he83F5DtY1QnliA0qX/bAazY/UAKwTCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE6wKc0cDuOlOXL1jqFkZrSZB+dJMB8GA1UdIwQY
MBaAFJxH7nPCh4CxLxUs+iWa3j2K4NE7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkVmdWM4S0hnTEV2RlN6NkpacmVQWXJnMFRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9jN2M1MWQtNGY5MC00MDg3LWExM2Et
ZjNjMWE5YTExZDczLzEvVHJBcHpSd080NlU1Y3ZXT29XUm10SmtINTBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9jN2M1MWQtNGY5MC00MDg3LWExM2EtZjNjMWE5YTExZDcz
LzEvbkVmdWM4S0hnTEV2RlN6NkpacmVQWXJnMFRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiFpMA0G
CSqGSIb3DQEBCwUAA4IBAQCQ3d1/HgVKWjd7sj1Z+9H9xRXqMYNUiw2tnF0u4LL0
3h+Vwep+u5SxhWwH/uRpIPqhLKwUFDFyoCY4zezZUbP0CUFdqLG8VJPItgameBOZ
tADjvIFIbm+asNrldTSCFBZUZVwLqrWjhZO7bjz635j/hc+Tm3Ld1/2FARwvPxbl
kPgHVGDGsg4eUbv2QkoFhSvc3/O/BVo14uMZvGzPD263TkmQbFutYs/5622X9YYF
c2PlosXokOWu3u7pncPZ1Ez/oBdwnT+2nzHOJQYyzPhkbNVGQnlVE6v1CJnikdT7
je4BRC5sWf4UExVYgqQCJ35gSHjIpxufEMzJJ95DjNS6
-----END CERTIFICATE-----