Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/TsxIMsF8K1omM_AvXGk2jwhO2LA.roa
File:                     TsxIMsF8K1omM_AvXGk2jwhO2LA.roa (raw, json)
Hash identifier:          Ki93Dlcm/zwKyvY/hg2iPOXRzvQJVjOmp49ykKMUpDI=
Subject key identifier:   4E:CC:48:32:C1:7C:2B:5A:26:33:F0:2F:5C:69:36:8F:08:4E:D8:B0
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01927FE73721F782D22698ACF0C236393904
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/TsxIMsF8K1omM_AvXGk2jwhO2LA.roa
Signing time:             Sat 12 Oct 2024 08:45:12 +0000
ROA not before:           Sat 12 Oct 2024 08:45:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25369
IP address blocks:        5.252.132.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7f:e7:37:21:f7:82:d2:26:98:ac:f0:c2:36:39:39:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Oct 12 08:45:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ecc4832c17c2b5a2633f02f5c69368f084ed8b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:16:fe:d3:15:c2:ef:24:75:26:f5:3a:72:13:
                    7a:66:94:39:4b:fc:8e:06:27:52:0b:16:49:d9:e3:
                    ea:ce:07:90:44:52:cf:ee:ec:b3:cb:b6:5b:16:8f:
                    c2:d1:b4:d5:da:5b:07:b6:07:f0:ac:ce:28:50:ce:
                    10:ea:34:1b:fd:ff:26:07:68:d5:aa:8f:b4:63:61:
                    ad:61:8b:81:0f:af:ab:cd:4b:39:5c:b9:b6:be:dd:
                    84:f8:14:e2:fb:f8:22:28:4f:dc:03:92:eb:e1:a6:
                    a1:93:75:d0:2f:40:94:67:3f:2c:bb:0f:e7:e7:b9:
                    f2:1b:ac:25:89:18:fd:f2:b0:59:91:13:80:3f:59:
                    aa:53:59:04:a6:e1:ef:31:1f:31:ab:c9:11:d6:b9:
                    55:88:05:42:7d:cd:b8:ef:85:81:98:a8:d1:51:79:
                    dc:8d:c6:9f:64:f4:1d:ed:67:df:dd:e4:8c:1d:2b:
                    aa:c8:11:d5:7a:3a:bd:e4:eb:47:89:04:2b:7f:b0:
                    d6:54:71:00:4c:3b:05:05:c9:5a:23:f4:7d:df:e9:
                    e0:64:17:dd:04:29:6f:4f:68:e6:c1:58:10:07:de:
                    5f:ab:a3:d7:9f:68:02:37:5c:03:76:8a:33:e9:fc:
                    88:6d:43:fd:d3:63:c1:a1:0c:08:b6:33:de:32:9c:
                    6a:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:CC:48:32:C1:7C:2B:5A:26:33:F0:2F:5C:69:36:8F:08:4E:D8:B0
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/TsxIMsF8K1omM_AvXGk2jwhO2LA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:43:ac:64:83:72:1e:f4:64:bd:a0:61:f7:c9:ed:c3:10:02:
         b8:5b:f1:1b:3b:64:55:e7:b2:3e:cf:b2:48:6f:7f:d7:0c:51:
         53:50:aa:f2:1d:bc:2f:74:6c:0d:73:68:c1:68:3c:4b:e0:c3:
         42:8a:72:66:97:83:00:6e:0d:f1:36:7c:b5:50:75:86:89:57:
         36:4d:df:47:50:ab:0b:1c:b7:e1:35:cc:3f:31:35:74:bb:24:
         56:af:d6:fa:07:62:e1:5c:03:1a:73:0e:a3:e3:83:fd:e1:e4:
         58:79:16:cf:12:dc:97:50:e3:62:e9:d8:50:6a:bc:91:ae:28:
         dc:32:10:42:f6:06:d3:d4:b7:3b:c3:f1:d1:f9:1a:e9:35:11:
         61:49:e4:0a:56:b8:a1:11:aa:67:87:9c:6a:fd:39:d0:2d:6f:
         e4:d1:72:c1:11:6e:ce:22:cb:15:63:0c:e6:e4:18:2c:28:35:
         75:be:c5:6c:7f:9b:cc:49:df:37:69:25:70:fd:b9:9b:4e:a2:
         55:dc:27:72:9b:88:21:bb:ef:a8:59:78:d4:52:d6:89:70:52:
         50:cf:fb:c8:dd:0a:e9:5b:a7:2f:3d:12:6b:a4:7e:ca:ec:5e:
         08:a0:24:d5:5f:1f:e9:e0:e5:e3:a8:ff:5e:b0:dd:f6:b5:c8:
         16:59:91:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJ/5zch94LSJpis8MI2OTkEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQxMDEyMDg0NTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWNjNDgzMmMxN2MyYjVhMjYzM2YwMmY1YzY5MzY4ZjA4NGVkOGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqBb+0xXC7yR1JvU6chN6ZpQ5S/yO
BidSCxZJ2ePqzgeQRFLP7uyzy7ZbFo/C0bTV2lsHtgfwrM4oUM4Q6jQb/f8mB2jV
qo+0Y2GtYYuBD6+rzUs5XLm2vt2E+BTi+/giKE/cA5Lr4aahk3XQL0CUZz8suw/n
57nyG6wliRj98rBZkROAP1mqU1kEpuHvMR8xq8kR1rlViAVCfc2474WBmKjRUXnc
jcafZPQd7Wff3eSMHSuqyBHVejq95OtHiQQrf7DWVHEATDsFBclaI/R93+ngZBfd
BClvT2jmwVgQB95fq6PXn2gCN1wDdooz6fyIbUP902PBoQwItjPeMpxqaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE7MSDLBfCtaJjPwL1xpNo8ITtiwMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVHN4SU1zRjhLMW9tTV9BdlhHazJqd2hPMkxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBfyEMA0G
CSqGSIb3DQEBCwUAA4IBAQAQQ6xkg3Ie9GS9oGH3ye3DEAK4W/EbO2RV57I+z7JI
b3/XDFFTUKryHbwvdGwNc2jBaDxL4MNCinJml4MAbg3xNny1UHWGiVc2Td9HUKsL
HLfhNcw/MTV0uyRWr9b6B2LhXAMacw6j44P94eRYeRbPEtyXUONi6dhQaryRrijc
MhBC9gbT1Lc7w/HR+RrpNRFhSeQKVrihEapnh5xq/TnQLW/k0XLBEW7OIssVYwzm
5BgsKDV1vsVsf5vMSd83aSVw/bmbTqJV3Cdym4ghu++oWXjUUtaJcFJQz/vI3Qrp
W6cvPRJrpH7K7F4IoCTVXx/p4OXjqP9esN32tcgWWZFi
-----END CERTIFICATE-----