Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ee3ac0-be33-4a37-a0d7-59a5ee3ad9a8/1/tbot_ZPo7efS_eEBsyLeDHJNVmM.roa
File:                     tbot_ZPo7efS_eEBsyLeDHJNVmM.roa (raw, json)
Hash identifier:          edYIJvl9gSH8k9QetJe1JVzyMvJbYqfDW2Tyrs7Mw9w=
Subject key identifier:   B5:BA:2D:FD:93:E8:ED:E7:D2:FD:E1:01:B3:22:DE:0C:72:4D:56:63
Certificate issuer:       /CN=a33eec03ea122713278b4066ecf2bfeaa1563c0d
Certificate serial:       01941F8C7F2F9B2A8694FEAD43705A2070D0
Authority key identifier: A3:3E:EC:03:EA:12:27:13:27:8B:40:66:EC:F2:BF:EA:A1:56:3C:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oz7sA-oSJxMni0Bm7PK_6qFWPA0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ee3ac0-be33-4a37-a0d7-59a5ee3ad9a8/1/tbot_ZPo7efS_eEBsyLeDHJNVmM.roa
Signing time:             Wed 01 Jan 2025 01:48:08 +0000
ROA not before:           Wed 01 Jan 2025 01:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12552
IP address blocks:        45.15.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/ee3ac0-be33-4a37-a0d7-59a5ee3ad9a8/1/oz7sA-oSJxMni0Bm7PK_6qFWPA0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/ee3ac0-be33-4a37-a0d7-59a5ee3ad9a8/1/oz7sA-oSJxMni0Bm7PK_6qFWPA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oz7sA-oSJxMni0Bm7PK_6qFWPA0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:7f:2f:9b:2a:86:94:fe:ad:43:70:5a:20:70:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a33eec03ea122713278b4066ecf2bfeaa1563c0d
        Validity
            Not Before: Jan  1 01:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b5ba2dfd93e8ede7d2fde101b322de0c724d5663
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:95:8e:66:4d:33:90:02:b4:38:e9:6b:88:d2:
                    e0:24:89:83:a7:dd:2f:07:59:c8:6c:c6:1f:27:d6:
                    de:93:23:ad:32:29:f9:7c:a0:b4:9c:2f:24:52:bd:
                    59:74:6b:c1:46:12:df:65:3e:e5:57:69:65:8f:60:
                    c3:44:08:2a:50:f7:96:a1:c9:36:70:cd:6e:98:30:
                    30:c5:7a:ab:35:fd:7a:c7:23:e9:74:ee:60:54:5b:
                    fb:fe:d2:2d:d3:f9:2d:04:dd:3e:c2:76:ef:3e:8f:
                    95:73:c4:9b:d6:32:ad:b8:4f:7e:73:82:02:ea:cd:
                    01:a5:90:63:4f:8d:b6:35:70:2b:50:1e:e0:f2:9e:
                    c2:9b:83:dc:20:16:7f:5e:bc:2d:92:ac:fe:fb:b4:
                    18:cc:bc:1d:02:bd:fb:84:5e:51:42:9d:4e:cb:d6:
                    a6:99:3e:d4:2e:15:70:69:81:8b:2f:8d:dc:bd:cb:
                    25:6d:dd:96:90:0f:ac:75:fb:7d:d2:9b:f0:33:95:
                    4a:ae:6a:b1:31:3d:b8:9f:7a:92:f2:96:ab:39:9a:
                    72:d8:2d:34:18:c7:2b:9e:b9:08:16:ef:de:13:bf:
                    07:32:a9:29:2c:b9:e1:73:d9:6e:ce:a0:2b:b4:14:
                    42:06:48:89:10:6f:a9:a6:c1:3c:b9:b0:6c:39:07:
                    3e:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:BA:2D:FD:93:E8:ED:E7:D2:FD:E1:01:B3:22:DE:0C:72:4D:56:63
            X509v3 Authority Key Identifier:
                keyid:A3:3E:EC:03:EA:12:27:13:27:8B:40:66:EC:F2:BF:EA:A1:56:3C:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oz7sA-oSJxMni0Bm7PK_6qFWPA0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee3ac0-be33-4a37-a0d7-59a5ee3ad9a8/1/tbot_ZPo7efS_eEBsyLeDHJNVmM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee3ac0-be33-4a37-a0d7-59a5ee3ad9a8/1/oz7sA-oSJxMni0Bm7PK_6qFWPA0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:01:7c:88:57:0d:14:a3:1c:e9:1f:83:6c:0d:e7:a9:a0:cd:
         3a:c0:87:e1:47:f5:89:65:84:56:94:e0:a3:58:e2:2e:e4:1f:
         78:96:75:03:66:65:9a:75:b4:f5:16:bc:86:79:4e:b3:7c:56:
         df:4f:93:27:ee:13:c6:7c:45:f2:d6:a7:83:d2:32:3c:b7:c5:
         53:47:4e:16:27:e4:65:9f:d5:36:83:3c:70:bf:c9:28:4f:c5:
         ea:83:cd:97:71:b1:1a:c3:51:9c:37:5f:dd:4e:41:27:b7:eb:
         58:fd:3b:33:01:ac:72:8e:24:b0:c0:e4:ff:aa:83:67:3b:0a:
         28:08:3a:f5:2e:33:99:66:c3:d5:5b:63:78:48:df:b7:07:2d:
         3e:d2:44:38:a8:8d:f9:0e:4c:26:21:1f:b1:35:bd:9a:2e:6f:
         f2:0f:4b:9d:5b:a6:cc:c8:11:11:9b:88:10:6d:f2:28:ba:e6:
         cc:9d:62:c3:f5:dc:71:0d:84:71:1d:a1:6f:36:f3:ae:0a:da:
         f0:17:d2:84:44:27:fb:34:78:b0:ae:9f:28:3b:d1:b7:3a:54:
         d0:6d:87:f4:06:d3:71:b0:30:f6:70:2a:78:4c:5b:8f:11:11:
         4e:ce:a0:53:2a:8b:d7:68:fb:c4:1a:ad:7d:ab:49:21:fb:d1:
         18:94:d7:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjH8vmyqGlP6tQ3BaIHDQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzM2VlYzAzZWExMjI3MTMyNzhiNDA2NmVjZjJiZmVhYTE1
NjNjMGQwHhcNMjUwMTAxMDE0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWJhMmRmZDkzZThlZGU3ZDJmZGUxMDFiMzIyZGUwYzcyNGQ1NjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5WOZk0zkAK0OOlriNLgJImDp90v
B1nIbMYfJ9bekyOtMin5fKC0nC8kUr1ZdGvBRhLfZT7lV2llj2DDRAgqUPeWock2
cM1umDAwxXqrNf16xyPpdO5gVFv7/tIt0/ktBN0+wnbvPo+Vc8Sb1jKtuE9+c4IC
6s0BpZBjT422NXArUB7g8p7Cm4PcIBZ/Xrwtkqz++7QYzLwdAr37hF5RQp1Oy9am
mT7ULhVwaYGLL43cvcslbd2WkA+sdft90pvwM5VKrmqxMT24n3qS8parOZpy2C00
GMcrnrkIFu/eE78HMqkpLLnhc9luzqArtBRCBkiJEG+ppsE8ubBsOQc+AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLW6Lf2T6O3n0v3hAbMi3gxyTVZjMB8GA1UdIwQY
MBaAFKM+7APqEicTJ4tAZuzyv+qhVjwNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3o3c0Etb1NKeE1uaTBCbTdQS182cUZXUEEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lZTNhYzAtYmUzMy00YTM3LWEwZDct
NTlhNWVlM2FkOWE4LzEvdGJvdF9aUG83ZWZTX2VFQnN5TGVESEpOVm1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lZTNhYzAtYmUzMy00YTM3LWEwZDctNTlhNWVlM2FkOWE4
LzEvb3o3c0Etb1NKeE1uaTBCbTdQS182cUZXUEEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ8dMA0G
CSqGSIb3DQEBCwUAA4IBAQAZAXyIVw0UoxzpH4NsDeepoM06wIfhR/WJZYRWlOCj
WOIu5B94lnUDZmWadbT1FryGeU6zfFbfT5Mn7hPGfEXy1qeD0jI8t8VTR04WJ+Rl
n9U2gzxwv8koT8Xqg82XcbEaw1GcN1/dTkEnt+tY/TszAaxyjiSwwOT/qoNnOwoo
CDr1LjOZZsPVW2N4SN+3By0+0kQ4qI35DkwmIR+xNb2aLm/yD0udW6bMyBERm4gQ
bfIouubMnWLD9dxxDYRxHaFvNvOuCtrwF9KERCf7NHiwrp8oO9G3OlTQbYf0BtNx
sDD2cCp4TFuPERFOzqBTKovXaPvEGq19q0kh+9EYlNd1
-----END CERTIFICATE-----