Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/bd0a76-04b1-4490-ad04-97eec7cf6093/1/Tx774YWupF3TJKc5zuGEprJ-8Q8.roa
File:                     Tx774YWupF3TJKc5zuGEprJ-8Q8.roa (raw, json)
Hash identifier:          6EvMus28/r2hOkn9lsQE7epJ2J6h3GLbCRAmFL/wVzM=
Subject key identifier:   4F:1E:FB:E1:85:AE:A4:5D:D3:24:A7:39:CE:E1:84:A6:B2:7E:F1:0F
Certificate issuer:       /CN=7977b55e34ffd72075fbdda039a65b371de39820
Certificate serial:       01942368D13AAEF7F1C179D5C0A04763EF32
Authority key identifier: 79:77:B5:5E:34:FF:D7:20:75:FB:DD:A0:39:A6:5B:37:1D:E3:98:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eXe1XjT_1yB1-92gOaZbNx3jmCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/bd0a76-04b1-4490-ad04-97eec7cf6093/1/Tx774YWupF3TJKc5zuGEprJ-8Q8.roa
Signing time:             Wed 01 Jan 2025 19:47:39 +0000
ROA not before:           Wed 01 Jan 2025 19:47:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57022
IP address blocks:        194.45.45.0/24 maxlen: 24
                          194.45.106.0/24 maxlen: 24
                          194.45.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/bd0a76-04b1-4490-ad04-97eec7cf6093/1/eXe1XjT_1yB1-92gOaZbNx3jmCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/bd0a76-04b1-4490-ad04-97eec7cf6093/1/eXe1XjT_1yB1-92gOaZbNx3jmCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eXe1XjT_1yB1-92gOaZbNx3jmCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 07:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:68:d1:3a:ae:f7:f1:c1:79:d5:c0:a0:47:63:ef:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7977b55e34ffd72075fbdda039a65b371de39820
        Validity
            Not Before: Jan  1 19:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f1efbe185aea45dd324a739cee184a6b27ef10f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:14:b5:85:c3:3c:e8:d0:00:d0:7e:e6:58:64:
                    ad:af:1b:16:0a:6d:25:de:8f:00:e5:cc:15:5b:a1:
                    0e:12:65:fd:08:69:92:ef:48:74:a0:25:1d:8a:46:
                    82:23:6e:57:1f:9f:05:d0:a8:76:a7:16:43:12:2d:
                    42:5b:12:0b:f3:72:f7:a2:2e:36:8f:55:76:0c:05:
                    f3:20:ca:f8:06:93:a0:89:92:fb:54:26:3e:c6:62:
                    30:29:1c:51:ac:0c:46:c2:9b:8e:4d:6f:b0:a0:f3:
                    37:f2:bf:97:76:9d:9c:ba:96:e5:6d:7c:58:08:de:
                    c2:66:9c:59:af:52:48:9c:a6:be:0d:7e:f4:5e:93:
                    4b:f3:68:bc:16:81:f9:8d:27:fa:6e:77:88:78:00:
                    6e:1e:a0:26:66:eb:61:0b:c2:82:55:f8:df:ea:80:
                    3a:c6:3d:08:66:01:dd:07:66:d5:e8:92:21:de:58:
                    c7:8f:87:84:cd:0b:5b:5e:2f:64:4e:26:11:0d:46:
                    3c:da:3d:ee:22:cb:d3:ab:eb:79:54:5d:a6:fb:2b:
                    84:08:73:e0:78:46:c0:70:b8:1d:80:ee:a6:7f:b9:
                    67:aa:be:99:a5:e1:7c:b5:dd:cf:01:f9:34:f7:bf:
                    e7:2a:84:c5:20:f2:57:76:54:49:ae:35:cb:d7:d2:
                    79:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:1E:FB:E1:85:AE:A4:5D:D3:24:A7:39:CE:E1:84:A6:B2:7E:F1:0F
            X509v3 Authority Key Identifier:
                keyid:79:77:B5:5E:34:FF:D7:20:75:FB:DD:A0:39:A6:5B:37:1D:E3:98:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eXe1XjT_1yB1-92gOaZbNx3jmCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/bd0a76-04b1-4490-ad04-97eec7cf6093/1/Tx774YWupF3TJKc5zuGEprJ-8Q8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/bd0a76-04b1-4490-ad04-97eec7cf6093/1/eXe1XjT_1yB1-92gOaZbNx3jmCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.45.45.0/24
                  194.45.106.0/24
                  194.45.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:48:c9:a5:e1:95:2a:90:ee:88:25:57:87:a8:e1:d7:20:fa:
         fe:4a:ce:76:9c:56:58:be:f4:02:2c:00:a7:e1:f6:0f:5a:c4:
         07:af:f3:ef:eb:b0:36:c1:4e:1c:3a:b3:d8:44:23:92:9d:bb:
         9f:5b:c3:c0:f7:a2:17:d1:81:83:61:be:7b:b8:b6:ab:c5:60:
         e7:13:fa:9e:b1:48:23:d2:7c:32:0c:7d:97:fa:bc:38:15:75:
         ee:6f:f0:ec:72:af:fe:d7:f0:40:c5:b3:de:49:42:9b:6e:3c:
         2b:af:7b:80:a0:e1:8e:a4:51:06:f3:ca:e0:61:14:3d:94:3b:
         73:20:8e:a8:5c:51:86:02:fc:c0:90:cf:3e:e1:a2:5f:99:fb:
         dd:2c:1f:c8:07:e3:db:09:c1:c3:05:eb:5e:dd:2c:21:5b:c3:
         b9:b0:20:4a:1f:19:9b:d3:04:fd:8a:46:26:90:15:4b:a3:87:
         bc:5a:fa:7f:35:87:81:c3:33:ff:99:a4:5c:3d:67:7a:9d:b4:
         e5:2c:80:1b:25:cc:b7:50:87:74:39:21:41:24:94:65:59:b7:
         09:58:5c:9a:a7:90:25:12:af:19:d2:6c:65:22:bb:88:5d:4b:
         14:4b:1a:ff:a5:61:ff:55:fe:26:34:a5:b3:78:3f:1e:0f:cb:
         ce:39:d2:d7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQjaNE6rvfxwXnVwKBHY+8yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5NzdiNTVlMzRmZmQ3MjA3NWZiZGRhMDM5YTY1YjM3MWRl
Mzk4MjAwHhcNMjUwMTAxMTk0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjFlZmJlMTg1YWVhNDVkZDMyNGE3MzljZWUxODRhNmIyN2VmMTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4BS1hcM86NAA0H7mWGStrxsWCm0l
3o8A5cwVW6EOEmX9CGmS70h0oCUdikaCI25XH58F0Kh2pxZDEi1CWxIL83L3oi42
j1V2DAXzIMr4BpOgiZL7VCY+xmIwKRxRrAxGwpuOTW+woPM38r+Xdp2cupblbXxY
CN7CZpxZr1JInKa+DX70XpNL82i8FoH5jSf6bneIeABuHqAmZuthC8KCVfjf6oA6
xj0IZgHdB2bV6JIh3ljHj4eEzQtbXi9kTiYRDUY82j3uIsvTq+t5VF2m+yuECHPg
eEbAcLgdgO6mf7lnqr6ZpeF8td3PAfk097/nKoTFIPJXdlRJrjXL19J5owIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFE8e++GFrqRd0ySnOc7hhKayfvEPMB8GA1UdIwQY
MBaAFHl3tV40/9cgdfvdoDmmWzcd45ggMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVhlMVhqVF8xeUIxLTkyZ09hWmJOeDNqbUNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9iZDBhNzYtMDRiMS00NDkwLWFkMDQt
OTdlZWM3Y2Y2MDkzLzEvVHg3NzRZV3VwRjNUSktjNXp1R0VwckotOFE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9iZDBhNzYtMDRiMS00NDkwLWFkMDQtOTdlZWM3Y2Y2MDkz
LzEvZVhlMVhqVF8xeUIxLTkyZ09hWmJOeDNqbUNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwi0tAwQA
wi1qAwQAwi2pMA0GCSqGSIb3DQEBCwUAA4IBAQCtSMml4ZUqkO6IJVeHqOHXIPr+
Ss52nFZYvvQCLACn4fYPWsQHr/Pv67A2wU4cOrPYRCOSnbufW8PA96IX0YGDYb57
uLarxWDnE/qesUgj0nwyDH2X+rw4FXXub/Dscq/+1/BAxbPeSUKbbjwrr3uAoOGO
pFEG88rgYRQ9lDtzII6oXFGGAvzAkM8+4aJfmfvdLB/IB+PbCcHDBete3SwhW8O5
sCBKHxmb0wT9ikYmkBVLo4e8Wvp/NYeBwzP/maRcPWd6nbTlLIAbJcy3UId0OSFB
JJRlWbcJWFyap5AlEq8Z0mxlIruIXUsUSxr/pWH/Vf4mNKWzeD8eD8vOOdLX
-----END CERTIFICATE-----