Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/2ddd58-6037-494b-992f-ab8e97d855cc/1/th1AZy9QK2palvP0AKvJBy2Af8Q.roa
File:                     th1AZy9QK2palvP0AKvJBy2Af8Q.roa (raw, json)
Hash identifier:          FpTL5Ku6Rr2TCOg2sfzl47CbI6p+SfKzspnxsD1s3c0=
Subject key identifier:   B6:1D:40:67:2F:50:2B:6A:5A:96:F3:F4:00:AB:C9:07:2D:80:7F:C4
Certificate issuer:       /CN=459b2fd0053bdd7e7775398db163bee8772478a5
Certificate serial:       0194258F4EF2E02D4E58825AE857CEC66B6C
Authority key identifier: 45:9B:2F:D0:05:3B:DD:7E:77:75:39:8D:B1:63:BE:E8:77:24:78:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RZsv0AU73X53dTmNsWO-6HckeKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/2ddd58-6037-494b-992f-ab8e97d855cc/1/th1AZy9QK2palvP0AKvJBy2Af8Q.roa
Signing time:             Thu 02 Jan 2025 05:48:56 +0000
ROA not before:           Thu 02 Jan 2025 05:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        209.127.202.0/24 maxlen: 24
                          2a01:4ce0:50::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/2ddd58-6037-494b-992f-ab8e97d855cc/1/RZsv0AU73X53dTmNsWO-6HckeKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/2ddd58-6037-494b-992f-ab8e97d855cc/1/RZsv0AU73X53dTmNsWO-6HckeKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RZsv0AU73X53dTmNsWO-6HckeKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 08:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:4e:f2:e0:2d:4e:58:82:5a:e8:57:ce:c6:6b:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=459b2fd0053bdd7e7775398db163bee8772478a5
        Validity
            Not Before: Jan  2 05:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b61d40672f502b6a5a96f3f400abc9072d807fc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:f2:7b:48:82:ef:2a:83:53:fc:52:1f:f9:98:
                    05:95:91:6f:b8:6a:a1:da:4e:d8:aa:33:ce:70:5b:
                    52:a0:99:29:05:37:94:28:58:f7:57:2c:66:e8:48:
                    94:10:7e:41:44:33:22:53:f6:b3:0e:f8:82:bd:21:
                    f9:50:e9:1d:5d:23:b0:03:cc:6a:cd:ec:84:01:78:
                    3f:7b:83:1d:09:32:ec:b3:ef:f8:ec:65:0d:63:f9:
                    84:67:dc:eb:e6:ea:04:79:44:78:e8:ac:54:c0:2d:
                    e3:d6:1a:86:ea:6a:12:d3:6f:fd:c6:b4:41:0e:25:
                    b2:ae:cc:02:5a:8e:cb:95:22:12:7d:82:ef:58:76:
                    99:aa:89:d4:a4:47:43:55:f7:79:74:c9:f1:94:ae:
                    8b:1f:fc:cf:2e:2e:01:0a:b4:1f:38:6b:c6:bd:a3:
                    9d:13:ed:5d:0a:b8:b7:b3:bf:18:e8:e1:05:4b:da:
                    5f:74:de:7d:ae:43:1e:37:41:b0:ff:6d:1f:ee:1b:
                    15:a4:0e:82:1e:79:31:b9:8d:c2:7a:06:b7:83:00:
                    b2:68:ea:51:24:4b:29:8e:02:60:71:ec:f1:4d:f2:
                    df:bf:0e:25:7a:cc:d9:cc:cd:84:23:6b:51:7c:25:
                    33:e4:fb:33:08:00:a3:ed:a9:a8:d9:57:53:aa:a0:
                    0c:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:1D:40:67:2F:50:2B:6A:5A:96:F3:F4:00:AB:C9:07:2D:80:7F:C4
            X509v3 Authority Key Identifier:
                keyid:45:9B:2F:D0:05:3B:DD:7E:77:75:39:8D:B1:63:BE:E8:77:24:78:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RZsv0AU73X53dTmNsWO-6HckeKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2ddd58-6037-494b-992f-ab8e97d855cc/1/th1AZy9QK2palvP0AKvJBy2Af8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2ddd58-6037-494b-992f-ab8e97d855cc/1/RZsv0AU73X53dTmNsWO-6HckeKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.127.202.0/24
                IPv6:
                  2a01:4ce0:50::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:76:a9:db:7d:e5:05:1a:e0:2b:da:ba:d0:25:30:bc:62:4f:
         ff:ae:48:7e:8a:ea:35:6e:0a:9f:ed:0d:6c:1b:e5:34:dc:21:
         af:64:67:a1:fa:75:21:08:0f:96:74:27:23:ad:ec:1f:84:c8:
         90:bd:87:44:3b:31:03:a8:05:ab:47:93:c2:b2:04:1e:83:be:
         c1:cb:89:7b:95:30:55:b4:4d:d5:b1:d4:4f:de:6b:f1:b3:01:
         80:7f:02:45:d0:e1:c9:3f:b7:59:64:b3:68:c9:aa:7c:27:43:
         51:c4:86:e2:28:02:6e:59:7f:1e:fb:36:3c:03:8d:15:64:8f:
         cc:54:ce:38:37:84:ef:e7:3c:5a:22:85:f7:c9:66:27:4f:6d:
         ee:be:cc:29:0b:5b:b0:e2:37:39:3c:9f:5e:5f:2c:1a:8a:2b:
         39:fa:85:0d:41:56:3f:f3:9c:c0:b1:26:d0:82:3f:2c:13:50:
         95:21:0c:85:86:e1:0b:ff:e5:93:f3:17:46:d2:cb:2b:a7:83:
         fd:63:e9:b9:88:19:3f:72:42:cf:1d:6b:26:7e:bf:76:b3:00:
         3d:b7:61:f5:d5:70:8f:43:bb:66:8d:16:e4:b5:12:5d:be:32:
         27:37:ca:86:e6:52:74:76:e6:87:8e:b4:70:79:11:63:9e:96:
         07:6f:18:b9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQlj07y4C1OWIJa6FfOxmtsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1OWIyZmQwMDUzYmRkN2U3Nzc1Mzk4ZGIxNjNiZWU4Nzcy
NDc4YTUwHhcNMjUwMTAyMDU0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjFkNDA2NzJmNTAyYjZhNWE5NmYzZjQwMGFiYzkwNzJkODA3ZmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfJ7SILvKoNT/FIf+ZgFlZFvuGqh
2k7YqjPOcFtSoJkpBTeUKFj3Vyxm6EiUEH5BRDMiU/azDviCvSH5UOkdXSOwA8xq
zeyEAXg/e4MdCTLss+/47GUNY/mEZ9zr5uoEeUR46KxUwC3j1hqG6moS02/9xrRB
DiWyrswCWo7LlSISfYLvWHaZqonUpEdDVfd5dMnxlK6LH/zPLi4BCrQfOGvGvaOd
E+1dCri3s78Y6OEFS9pfdN59rkMeN0Gw/20f7hsVpA6CHnkxuY3Cega3gwCyaOpR
JEspjgJgcezxTfLfvw4leszZzM2EI2tRfCUz5PszCACj7amo2VdTqqAM5QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLYdQGcvUCtqWpbz9ACryQctgH/EMB8GA1UdIwQY
MBaAFEWbL9AFO91+d3U5jbFjvuh3JHilMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlpzdjBBVTczWDUzZFRtTnNXTy02SGNrZUtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy8yZGRkNTgtNjAzNy00OTRiLTk5MmYt
YWI4ZTk3ZDg1NWNjLzEvdGgxQVp5OVFLMnBhbHZQMEFLdkpCeTJBZjhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy8yZGRkNTgtNjAzNy00OTRiLTk5MmYtYWI4ZTk3ZDg1NWNj
LzEvUlpzdjBBVTczWDUzZFRtTnNXTy02SGNrZUtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQA0X/KMA8E
AgACMAkDBwAqAUzgAFAwDQYJKoZIhvcNAQELBQADggEBABV2qdt95QUa4CvautAl
MLxiT/+uSH6K6jVuCp/tDWwb5TTcIa9kZ6H6dSEID5Z0JyOt7B+EyJC9h0Q7MQOo
BatHk8KyBB6DvsHLiXuVMFW0TdWx1E/ea/GzAYB/AkXQ4ck/t1lks2jJqnwnQ1HE
huIoAm5Zfx77NjwDjRVkj8xUzjg3hO/nPFoihffJZidPbe6+zCkLW7DiNzk8n15f
LBqKKzn6hQ1BVj/znMCxJtCCPywTUJUhDIWG4Qv/5ZPzF0bSyyung/1j6bmIGT9y
Qs8dayZ+v3azAD23YfXVcI9Du2aNFuS1El2+Mic3yobmUnR25oeOtHB5EWOelgdv
GLk=
-----END CERTIFICATE-----