Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/TtksbOzQLcKevAaxz1nBRO1dXnA.roa
File:                     TtksbOzQLcKevAaxz1nBRO1dXnA.roa (raw, json)
Hash identifier:          qUST9Jt6bJJsP/YmBop/WCiUBd/c6DA9/zKvyoo/a8A=
Subject key identifier:   4E:D9:2C:6C:EC:D0:2D:C2:9E:BC:06:B1:CF:59:C1:44:ED:5D:5E:70
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       01941F8C3B698429FC820A5574AB0C26B88B
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/TtksbOzQLcKevAaxz1nBRO1dXnA.roa
Signing time:             Wed 01 Jan 2025 01:47:51 +0000
ROA not before:           Wed 01 Jan 2025 01:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205001
IP address blocks:        80.96.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:3b:69:84:29:fc:82:0a:55:74:ab:0c:26:b8:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 01:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ed92c6cecd02dc29ebc06b1cf59c144ed5d5e70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:43:f4:e6:1a:a1:86:e1:98:65:fb:7b:27:4c:
                    af:f0:b8:95:8d:79:07:b3:ad:be:6b:61:92:e1:16:
                    34:ca:fb:a9:e5:15:f1:8e:03:2c:23:9f:e5:5e:25:
                    be:96:d0:7e:f8:40:be:96:7c:9f:af:c5:b9:bd:9a:
                    13:fb:0c:ae:1a:8d:b1:21:ff:db:e4:38:dd:0d:c3:
                    dd:c8:ad:5b:c0:82:ea:e5:29:5e:80:f9:9f:4e:ad:
                    65:38:f5:d7:9a:22:24:9d:18:f4:80:50:33:b4:35:
                    8b:0f:ad:d5:6b:9c:57:49:38:15:f7:6f:c6:e4:c0:
                    73:53:80:44:2e:6c:46:fa:0e:94:e9:03:c1:c2:6b:
                    38:c9:ce:a5:36:8f:7e:91:03:67:cc:b3:2d:32:7f:
                    32:df:4a:8f:d1:af:93:27:62:ea:21:95:45:87:59:
                    6b:3a:4a:7e:0a:c0:8b:2f:a0:ec:ef:98:47:3a:0d:
                    5f:f5:7d:28:39:b3:67:c2:21:d5:72:db:a8:52:43:
                    5b:2b:b8:ba:a8:2c:7e:fb:f2:81:2e:1b:25:73:ea:
                    d3:30:c5:54:d7:80:01:67:fd:17:e4:bd:66:8f:f1:
                    ca:2a:6b:08:26:29:65:e5:91:11:e8:46:8e:47:20:
                    08:0f:fe:75:7c:16:e9:47:29:40:42:75:85:60:a9:
                    b2:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:D9:2C:6C:EC:D0:2D:C2:9E:BC:06:B1:CF:59:C1:44:ED:5D:5E:70
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/TtksbOzQLcKevAaxz1nBRO1dXnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.96.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:6a:4b:cb:30:fa:c2:a5:d8:bc:83:fd:ce:22:30:d9:36:ae:
         a9:bd:6d:66:7d:89:c8:d2:27:ee:87:c8:4e:ab:e2:e4:06:a5:
         97:70:3c:46:73:d6:0c:51:4f:c4:fc:a7:05:ba:63:a1:87:63:
         ab:da:3b:9b:82:a4:1a:ad:39:bc:11:f6:3c:a3:47:42:7b:e7:
         aa:b8:2a:5e:b4:fd:25:26:24:2a:8f:8a:1e:79:9c:1b:ab:26:
         be:72:22:87:59:a6:a8:e5:fa:29:14:47:23:cd:8e:8f:5b:d9:
         25:8d:3e:57:9b:4c:d9:e4:63:8c:2e:2d:fd:ac:26:c0:4b:0a:
         7b:5a:63:08:09:eb:8d:ac:90:29:f1:c6:eb:c4:b3:1d:69:af:
         a4:51:9a:62:7e:fc:e3:34:07:cb:43:f6:26:af:34:4b:38:1a:
         56:5e:d7:db:2f:5d:7e:27:16:e3:b8:cc:65:64:0e:01:bd:d9:
         ca:a1:76:03:51:6a:5b:3e:1a:d6:c0:23:a8:2d:e1:1d:65:ce:
         ad:d1:4f:c9:99:5c:a3:25:6f:92:11:d6:ea:94:3d:d0:96:ed:
         98:7d:79:4a:8d:19:9f:6a:9e:47:8e:3a:a8:0b:c6:fd:9a:85:
         55:c1:f6:52:78:6c:a5:09:b3:e1:b1:98:83:dc:72:27:f7:d6:
         48:11:7f:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjDtphCn8ggpVdKsMJriLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjUwMTAxMDE0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWQ5MmM2Y2VjZDAyZGMyOWViYzA2YjFjZjU5YzE0NGVkNWQ1ZTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxkP05hqhhuGYZft7J0yv8LiVjXkH
s62+a2GS4RY0yvup5RXxjgMsI5/lXiW+ltB++EC+lnyfr8W5vZoT+wyuGo2xIf/b
5DjdDcPdyK1bwILq5SlegPmfTq1lOPXXmiIknRj0gFAztDWLD63Va5xXSTgV92/G
5MBzU4BELmxG+g6U6QPBwms4yc6lNo9+kQNnzLMtMn8y30qP0a+TJ2LqIZVFh1lr
Okp+CsCLL6Ds75hHOg1f9X0oObNnwiHVctuoUkNbK7i6qCx++/KBLhslc+rTMMVU
14ABZ/0X5L1mj/HKKmsIJill5ZER6EaORyAID/51fBbpRylAQnWFYKmyOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE7ZLGzs0C3CnrwGsc9ZwUTtXV5wMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvVHRrc2JPelFMY0tldkFheHoxbkJSTzFkWG5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUGApMA0G
CSqGSIb3DQEBCwUAA4IBAQCpakvLMPrCpdi8g/3OIjDZNq6pvW1mfYnI0ifuh8hO
q+LkBqWXcDxGc9YMUU/E/KcFumOhh2Or2jubgqQarTm8EfY8o0dCe+equCpetP0l
JiQqj4oeeZwbqya+ciKHWaao5fopFEcjzY6PW9kljT5Xm0zZ5GOMLi39rCbASwp7
WmMICeuNrJAp8cbrxLMdaa+kUZpifvzjNAfLQ/YmrzRLOBpWXtfbL11+JxbjuMxl
ZA4BvdnKoXYDUWpbPhrWwCOoLeEdZc6t0U/JmVyjJW+SEdbqlD3Qlu2YfXlKjRmf
ap5HjjqoC8b9moVVwfZSeGylCbPhsZiD3HIn99ZIEX/F
-----END CERTIFICATE-----