Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/tscTIRNnXBX4bdk7PPWEzOgkrpQ.roa
File:                     tscTIRNnXBX4bdk7PPWEzOgkrpQ.roa (raw, json)
Hash identifier:          jmoGtQG/6MXeYZuB+mNX2aLoq4UfhEQ2DtKrowmccSM=
Subject key identifier:   B6:C7:13:21:13:67:5C:15:F8:6D:D9:3B:3C:F5:84:CC:E8:24:AE:94
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       01955302620F2CB58320386D501E5E9FF67A
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/tscTIRNnXBX4bdk7PPWEzOgkrpQ.roa
Signing time:             Sat 01 Mar 2025 18:40:19 +0000
ROA not before:           Sat 01 Mar 2025 18:40:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     973
IP address blocks:        89.251.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:53:02:62:0f:2c:b5:83:20:38:6d:50:1e:5e:9f:f6:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Mar  1 18:40:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b6c7132113675c15f86dd93b3cf584cce824ae94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:00:ae:bc:89:8a:91:17:bb:ff:c2:39:df:7a:
                    13:ba:61:2a:ad:4a:f7:79:84:f7:ce:c1:08:e4:c7:
                    d9:d0:c8:9d:d6:ae:6f:22:ba:94:43:a9:b8:c4:11:
                    df:b0:63:a4:4b:f5:34:60:ad:55:d4:fc:94:21:5d:
                    f5:03:3e:16:d6:e9:7c:fc:b4:8b:99:2f:d5:47:e4:
                    24:e0:f0:43:11:5a:54:4b:0e:a7:c1:a5:4f:b2:5c:
                    d0:34:13:c6:b9:b7:74:f3:9b:fe:cc:b2:1b:99:8c:
                    66:3a:a1:d1:05:eb:98:f3:02:7e:ab:61:4d:fc:a3:
                    9c:06:f6:12:b1:cf:65:b3:a2:3d:19:82:01:f0:35:
                    3b:0a:a2:a3:24:15:f2:30:a7:13:68:67:e5:78:2a:
                    18:35:c5:05:a7:69:32:8a:82:79:f9:7b:bb:09:ec:
                    59:eb:83:60:1e:04:4a:10:b6:ca:4f:87:10:ed:20:
                    59:9b:c1:40:94:b0:00:fd:3a:3b:18:5d:e5:53:8f:
                    93:83:14:53:f8:3d:1f:30:af:fb:57:a0:23:4a:5c:
                    4d:63:8f:ee:f6:29:a3:f5:2a:1d:99:e9:e0:07:c2:
                    05:8c:32:cf:92:f8:68:33:32:6b:2a:df:6c:03:fd:
                    74:e6:a1:2d:04:a0:ea:63:19:51:94:54:f6:6a:1e:
                    9e:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:C7:13:21:13:67:5C:15:F8:6D:D9:3B:3C:F5:84:CC:E8:24:AE:94
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/tscTIRNnXBX4bdk7PPWEzOgkrpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:0e:a0:2b:ca:a7:06:e9:c8:9c:48:f3:42:6b:fe:b5:cd:df:
         80:73:a6:00:d6:7d:2e:28:e7:1b:20:9f:9c:e2:12:8b:91:4e:
         b2:72:e6:d6:f5:ac:02:57:0f:a4:8c:9c:f9:34:b9:7a:86:0c:
         bc:d2:b2:5e:ac:49:f1:01:81:38:2d:c1:c9:29:7a:2d:6e:cc:
         35:8b:f9:50:d3:40:0c:d1:46:90:3b:c2:c1:b2:58:a3:11:01:
         79:02:37:2f:e6:61:31:6d:af:6c:48:e8:64:db:1d:d5:81:4c:
         35:db:22:92:ef:42:52:c6:2c:26:1a:1b:61:f4:d3:f0:04:df:
         9b:96:72:5d:83:a4:24:91:4a:f4:5f:cd:dc:58:59:1d:87:f8:
         b4:72:91:0d:54:53:f0:7a:83:7e:a3:97:98:e1:0d:3e:75:5c:
         0d:a2:5e:f2:c4:42:67:70:77:4a:dd:62:83:6f:06:29:94:6f:
         20:da:d0:20:e7:de:b3:50:70:f4:44:ca:0b:53:35:a1:f0:d7:
         69:3e:64:18:d4:fc:c5:3c:6b:78:3b:ee:ad:78:94:cf:5d:dc:
         a0:f9:fb:f7:1c:22:dd:b2:2d:87:10:e3:8e:d7:ae:cb:ec:d3:
         50:d2:ae:76:99:db:a4:6b:e9:9b:09:82:c7:da:f8:17:46:17:
         66:9e:e1:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVTAmIPLLWDIDhtUB5en/Z6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjUwMzAxMTg0MDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmM3MTMyMTEzNjc1YzE1Zjg2ZGQ5M2IzY2Y1ODRjY2U4MjRhZTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmgCuvImKkRe7/8I533oTumEqrUr3
eYT3zsEI5MfZ0Mid1q5vIrqUQ6m4xBHfsGOkS/U0YK1V1PyUIV31Az4W1ul8/LSL
mS/VR+Qk4PBDEVpUSw6nwaVPslzQNBPGubd085v+zLIbmYxmOqHRBeuY8wJ+q2FN
/KOcBvYSsc9ls6I9GYIB8DU7CqKjJBXyMKcTaGfleCoYNcUFp2kyioJ5+Xu7CexZ
64NgHgRKELbKT4cQ7SBZm8FAlLAA/To7GF3lU4+TgxRT+D0fMK/7V6AjSlxNY4/u
9imj9SodmengB8IFjDLPkvhoMzJrKt9sA/105qEtBKDqYxlRlFT2ah6evQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLbHEyETZ1wV+G3ZOzz1hMzoJK6UMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvdHNjVElSTm5YQlg0YmRrN1BQV0V6T2drcnBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfsYMA0G
CSqGSIb3DQEBCwUAA4IBAQB1DqAryqcG6cicSPNCa/61zd+Ac6YA1n0uKOcbIJ+c
4hKLkU6ycubW9awCVw+kjJz5NLl6hgy80rJerEnxAYE4LcHJKXotbsw1i/lQ00AM
0UaQO8LBslijEQF5Ajcv5mExba9sSOhk2x3VgUw12yKS70JSxiwmGhth9NPwBN+b
lnJdg6QkkUr0X83cWFkdh/i0cpENVFPweoN+o5eY4Q0+dVwNol7yxEJncHdK3WKD
bwYplG8g2tAg596zUHD0RMoLUzWh8NdpPmQY1PzFPGt4O+6teJTPXdyg+fv3HCLd
si2HEOOO167L7NNQ0q52mduka+mbCYLH2vgXRhdmnuE2
-----END CERTIFICATE-----