Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/503603-1a5d-4900-9829-48dea1021a69/1/tFsxYNJ-pvk9ebf-ewoCu0vCFeI.roa
File:                     tFsxYNJ-pvk9ebf-ewoCu0vCFeI.roa (raw, json)
Hash identifier:          fEyaOVZRLIFifs+RWkNXOgYvzq9xsl1Jvqnurm5BNu8=
Subject key identifier:   B4:5B:31:60:D2:7E:A6:F9:3D:79:B7:FE:7B:0A:02:BB:4B:C2:15:E2
Certificate issuer:       /CN=08b0f12f115ad40f2c2b4aad454d2e43611c9a06
Certificate serial:       01942067B668DB5E0C23F5B63EEC4AAE3669
Authority key identifier: 08:B0:F1:2F:11:5A:D4:0F:2C:2B:4A:AD:45:4D:2E:43:61:1C:9A:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CLDxLxFa1A8sK0qtRU0uQ2EcmgY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/503603-1a5d-4900-9829-48dea1021a69/1/tFsxYNJ-pvk9ebf-ewoCu0vCFeI.roa
Signing time:             Wed 01 Jan 2025 05:47:35 +0000
ROA not before:           Wed 01 Jan 2025 05:47:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29240
IP address blocks:        195.225.176.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/503603-1a5d-4900-9829-48dea1021a69/1/CLDxLxFa1A8sK0qtRU0uQ2EcmgY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/503603-1a5d-4900-9829-48dea1021a69/1/CLDxLxFa1A8sK0qtRU0uQ2EcmgY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CLDxLxFa1A8sK0qtRU0uQ2EcmgY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:b6:68:db:5e:0c:23:f5:b6:3e:ec:4a:ae:36:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08b0f12f115ad40f2c2b4aad454d2e43611c9a06
        Validity
            Not Before: Jan  1 05:47:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b45b3160d27ea6f93d79b7fe7b0a02bb4bc215e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ee:4d:dc:23:8c:c8:8d:30:fb:0f:04:9b:4b:
                    03:73:14:e3:70:b1:1a:6a:96:e7:ca:f2:e0:59:1e:
                    44:1c:d9:ae:ac:35:bd:32:d4:b5:1f:90:84:4c:f5:
                    c7:98:70:d4:ae:16:2d:1a:b4:0a:89:91:e2:01:2b:
                    31:6d:ff:29:aa:45:82:2f:99:6f:ab:1e:6d:34:59:
                    36:ae:99:b4:b5:5f:ec:fb:5a:0c:61:9a:39:87:ec:
                    dc:6b:a9:54:fb:2d:9d:dc:a5:b5:c4:d3:9c:65:21:
                    ab:06:52:71:bd:da:32:51:f0:84:87:47:6f:96:15:
                    7d:df:9c:c8:2f:6b:26:f1:07:1b:57:1e:4f:39:8c:
                    97:f3:27:65:be:18:35:65:44:00:45:4c:cd:c5:28:
                    40:e2:26:f5:a6:3f:48:18:78:30:ec:97:cd:92:11:
                    f8:77:e9:0b:e5:1c:7b:47:4a:d1:59:6a:35:c3:b8:
                    ac:af:33:1a:39:df:ba:ee:59:c2:6d:62:8d:02:94:
                    0e:90:d6:1e:90:8d:6b:6a:b7:60:33:aa:d8:bd:fe:
                    f1:71:b0:3d:40:7d:bd:71:4f:5d:b7:e4:5f:0c:97:
                    d7:9c:59:dc:32:70:46:e4:da:1c:6c:f9:18:1a:51:
                    e0:18:3f:be:bc:f9:a9:cd:ab:ab:a8:ec:cd:f7:a6:
                    39:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:5B:31:60:D2:7E:A6:F9:3D:79:B7:FE:7B:0A:02:BB:4B:C2:15:E2
            X509v3 Authority Key Identifier:
                keyid:08:B0:F1:2F:11:5A:D4:0F:2C:2B:4A:AD:45:4D:2E:43:61:1C:9A:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CLDxLxFa1A8sK0qtRU0uQ2EcmgY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/503603-1a5d-4900-9829-48dea1021a69/1/tFsxYNJ-pvk9ebf-ewoCu0vCFeI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/503603-1a5d-4900-9829-48dea1021a69/1/CLDxLxFa1A8sK0qtRU0uQ2EcmgY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.225.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         90:94:84:96:dc:f8:6b:36:1c:e0:81:7b:49:61:51:56:0d:ef:
         14:8b:40:f7:2e:d4:ee:28:04:5b:8f:3c:2f:7d:ec:fe:6a:4f:
         62:9f:af:e6:a1:b8:c3:5e:b3:73:0a:68:2a:66:9a:fc:f1:a0:
         5a:2c:39:d7:e1:c0:f2:dc:51:b2:5f:f5:29:34:72:1c:df:fd:
         68:59:f1:f2:77:a8:38:20:38:d9:20:50:83:13:c5:b7:f5:82:
         40:a8:ce:53:eb:e9:4e:0c:d4:2f:23:5a:8e:6f:0b:30:2c:a6:
         c0:05:dd:63:5d:f3:de:59:d6:f5:c7:04:09:86:43:4c:08:11:
         4f:af:50:a0:17:43:72:23:05:a5:5f:94:5c:e0:9f:a9:c2:30:
         b4:85:24:a8:ba:50:fd:ca:e5:ce:a2:67:6c:d9:3a:ca:b0:8f:
         94:de:81:52:32:a3:1f:58:15:5b:f8:bb:6c:7e:d4:73:1c:17:
         b0:e9:09:2f:55:3b:37:5d:70:55:2a:27:0d:4f:4c:47:ca:cd:
         04:52:d3:6a:32:03:34:dc:c5:de:06:df:33:68:28:82:10:11:
         ce:df:aa:97:25:62:3f:da:eb:6e:7f:69:49:84:6a:d7:38:37:
         d3:6e:e7:7c:43:2e:c1:87:4a:24:0e:46:fd:25:44:e7:bc:ac:
         c7:2d:69:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ7Zo214MI/W2PuxKrjZpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4YjBmMTJmMTE1YWQ0MGYyYzJiNGFhZDQ1NGQyZTQzNjEx
YzlhMDYwHhcNMjUwMTAxMDU0NzM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDViMzE2MGQyN2VhNmY5M2Q3OWI3ZmU3YjBhMDJiYjRiYzIxNWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAte5N3COMyI0w+w8Em0sDcxTjcLEa
apbnyvLgWR5EHNmurDW9MtS1H5CETPXHmHDUrhYtGrQKiZHiASsxbf8pqkWCL5lv
qx5tNFk2rpm0tV/s+1oMYZo5h+zca6lU+y2d3KW1xNOcZSGrBlJxvdoyUfCEh0dv
lhV935zIL2sm8QcbVx5POYyX8ydlvhg1ZUQARUzNxShA4ib1pj9IGHgw7JfNkhH4
d+kL5Rx7R0rRWWo1w7isrzMaOd+67lnCbWKNApQOkNYekI1rardgM6rYvf7xcbA9
QH29cU9dt+RfDJfXnFncMnBG5NocbPkYGlHgGD++vPmpzaurqOzN96Y5SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLRbMWDSfqb5PXm3/nsKArtLwhXiMB8GA1UdIwQY
MBaAFAiw8S8RWtQPLCtKrUVNLkNhHJoGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0xEeEx4RmExQThzSzBxdFJVMHVRMkVjbWdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy81MDM2MDMtMWE1ZC00OTAwLTk4Mjkt
NDhkZWExMDIxYTY5LzEvdEZzeFlOSi1wdms5ZWJmLWV3b0N1MHZDRmVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy81MDM2MDMtMWE1ZC00OTAwLTk4MjktNDhkZWExMDIxYTY5
LzEvQ0xEeEx4RmExQThzSzBxdFJVMHVRMkVjbWdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw+GwMA0G
CSqGSIb3DQEBCwUAA4IBAQCQlISW3PhrNhzggXtJYVFWDe8Ui0D3LtTuKARbjzwv
fez+ak9in6/mobjDXrNzCmgqZpr88aBaLDnX4cDy3FGyX/UpNHIc3/1oWfHyd6g4
IDjZIFCDE8W39YJAqM5T6+lODNQvI1qObwswLKbABd1jXfPeWdb1xwQJhkNMCBFP
r1CgF0NyIwWlX5Rc4J+pwjC0hSSoulD9yuXOomds2TrKsI+U3oFSMqMfWBVb+Lts
ftRzHBew6QkvVTs3XXBVKicNT0xHys0EUtNqMgM03MXeBt8zaCiCEBHO36qXJWI/
2utuf2lJhGrXODfTbud8Qy7Bh0okDkb9JUTnvKzHLWms
-----END CERTIFICATE-----