Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/tfv3_rv02JWiLR4nD37HTi9BOXk.roa
File:                     tfv3_rv02JWiLR4nD37HTi9BOXk.roa (raw, json)
Hash identifier:          oUD43fH1Ln1bYMf1953nzMasBC08WA7mLV6xSsGpPNc=
Subject key identifier:   B5:FB:F7:FE:BB:F4:D8:95:A2:2D:1E:27:0F:7E:C7:4E:2F:41:39:79
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019428249FD11D11CD34AF66C34F1C9C00AB
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/tfv3_rv02JWiLR4nD37HTi9BOXk.roa
Signing time:             Thu 02 Jan 2025 17:51:16 +0000
ROA not before:           Thu 02 Jan 2025 17:51:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197625
IP address blocks:        81.161.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:57:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:9f:d1:1d:11:cd:34:af:66:c3:4f:1c:9c:00:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 17:51:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b5fbf7febbf4d895a22d1e270f7ec74e2f413979
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:9c:44:be:7a:85:b2:61:15:e6:cb:b1:ad:2a:
                    75:16:95:a8:89:30:fb:b9:a1:6e:fb:05:9e:de:69:
                    96:bf:67:37:a0:27:4b:65:6c:2c:09:9e:c1:23:f9:
                    9d:9e:94:e0:b2:66:39:b7:43:ce:a4:54:ba:c1:a9:
                    7f:35:67:c0:53:51:d9:04:ed:22:f5:eb:9f:b2:d1:
                    e2:b1:9d:bc:6b:82:e9:94:59:c2:e3:56:2f:d7:eb:
                    c3:8b:4b:f9:55:a5:0b:57:89:0f:e4:05:11:c1:07:
                    16:f2:da:21:16:96:f8:44:6c:33:67:62:44:53:01:
                    ab:e0:17:75:a5:ba:fb:aa:df:a1:7d:0c:a8:ad:2f:
                    b7:6b:99:84:25:47:51:f2:b0:bd:cb:86:c0:e4:d7:
                    64:3f:0c:bf:1c:70:5a:99:6a:e1:4f:32:45:33:4c:
                    8f:34:a0:aa:a4:ae:07:5b:08:17:2a:3a:4e:07:c3:
                    ed:2e:7d:e7:d2:fd:65:b0:b7:1b:ed:56:82:40:a6:
                    15:45:92:c8:6d:67:1d:3c:55:fa:e4:76:ae:6d:a1:
                    c4:89:66:37:74:6b:66:86:5b:b7:a5:76:b3:36:96:
                    6a:bf:97:25:08:83:ba:0f:7c:c9:16:e0:cf:2d:18:
                    7d:8a:f5:68:a2:4b:e7:f0:d9:39:8e:18:5c:95:4c:
                    8c:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:FB:F7:FE:BB:F4:D8:95:A2:2D:1E:27:0F:7E:C7:4E:2F:41:39:79
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/tfv3_rv02JWiLR4nD37HTi9BOXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.161.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:53:a9:a2:ac:be:c4:a2:b9:3f:2b:a2:6b:41:e7:5c:8b:03:
         ad:11:fb:eb:bf:65:b1:4d:f5:5a:fd:ce:9e:bd:c4:de:ea:95:
         61:87:de:3f:e4:e9:4c:4b:ae:cc:bf:b6:68:4d:4a:bd:67:d4:
         73:0f:ea:89:cd:ad:16:6e:41:7e:c1:33:30:1e:eb:46:c0:b3:
         bc:74:31:46:3f:26:79:b7:bc:02:33:2e:48:c3:91:52:54:7a:
         bd:99:f2:c0:4f:ca:86:fe:16:dd:19:f8:95:f5:40:2e:c6:64:
         96:98:42:47:9b:39:41:77:5c:3f:ef:38:a4:3e:af:b6:a4:4e:
         af:d9:1d:70:ac:e8:3a:6f:98:94:c7:f4:39:e2:84:d0:2e:c3:
         e6:cd:18:f4:66:f5:ff:9f:f6:78:05:44:45:1f:17:8f:9d:5b:
         15:13:5b:1c:2e:08:ce:77:65:36:ef:6d:48:9f:02:ad:fb:86:
         8a:e1:19:4d:94:0b:e7:89:18:5d:f7:e2:05:ae:6a:1a:87:f4:
         d0:be:cd:b7:ae:2f:26:3e:9e:46:be:63:af:2f:53:d7:60:bb:
         9b:cb:2b:85:fc:73:51:5a:76:6a:e7:2e:f2:f7:11:9b:a3:2b:
         2b:2b:fd:71:42:ff:1d:f7:2c:56:01:7b:a6:7c:2b:8d:96:31:
         fd:b7:a9:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJJ/RHRHNNK9mw08cnACrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTAyMTc1MTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWZiZjdmZWJiZjRkODk1YTIyZDFlMjcwZjdlYzc0ZTJmNDEzOTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZxEvnqFsmEV5suxrSp1FpWoiTD7
uaFu+wWe3mmWv2c3oCdLZWwsCZ7BI/mdnpTgsmY5t0POpFS6wal/NWfAU1HZBO0i
9eufstHisZ28a4LplFnC41Yv1+vDi0v5VaULV4kP5AURwQcW8tohFpb4RGwzZ2JE
UwGr4Bd1pbr7qt+hfQyorS+3a5mEJUdR8rC9y4bA5NdkPwy/HHBamWrhTzJFM0yP
NKCqpK4HWwgXKjpOB8PtLn3n0v1lsLcb7VaCQKYVRZLIbWcdPFX65HaubaHEiWY3
dGtmhlu3pXazNpZqv5clCIO6D3zJFuDPLRh9ivVookvn8Nk5jhhclUyMdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLX79/679NiVoi0eJw9+x04vQTl5MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvdGZ2M19ydjAySldpTFI0bkQzN0hUaTlCT1hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUaHnMA0G
CSqGSIb3DQEBCwUAA4IBAQBVU6mirL7Eork/K6JrQedciwOtEfvrv2WxTfVa/c6e
vcTe6pVhh94/5OlMS67Mv7ZoTUq9Z9RzD+qJza0WbkF+wTMwHutGwLO8dDFGPyZ5
t7wCMy5Iw5FSVHq9mfLAT8qG/hbdGfiV9UAuxmSWmEJHmzlBd1w/7zikPq+2pE6v
2R1wrOg6b5iUx/Q54oTQLsPmzRj0ZvX/n/Z4BURFHxePnVsVE1scLgjOd2U2721I
nwKt+4aK4RlNlAvniRhd9+IFrmoah/TQvs23ri8mPp5GvmOvL1PXYLubyyuF/HNR
WnZq5y7y9xGboysrK/1xQv8d9yxWAXumfCuNljH9t6n1
-----END CERTIFICATE-----