Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/ceff08-0527-48be-92b7-0cdfa1c291f6/1/ThMXbqzx9UxsJ7TnPmcwU32vPLA.roa
File:                     ThMXbqzx9UxsJ7TnPmcwU32vPLA.roa (raw, json)
Hash identifier:          4NEDCtF2sgEdEat+pt3nEdPQAXszdJX/0mX9HFFwmgU=
Subject key identifier:   4E:13:17:6E:AC:F1:F5:4C:6C:27:B4:E7:3E:67:30:53:7D:AF:3C:B0
Certificate issuer:       /CN=1639e611b58b7f7055df6a7f995d01fb95d790c9
Certificate serial:       0194236A1F6066D0F7120A3228DBBA83AEB7
Authority key identifier: 16:39:E6:11:B5:8B:7F:70:55:DF:6A:7F:99:5D:01:FB:95:D7:90:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FjnmEbWLf3BV32p_mV0B-5XXkMk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/ceff08-0527-48be-92b7-0cdfa1c291f6/1/ThMXbqzx9UxsJ7TnPmcwU32vPLA.roa
Signing time:             Wed 01 Jan 2025 19:49:04 +0000
ROA not before:           Wed 01 Jan 2025 19:49:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42160
IP address blocks:        91.206.84.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/ceff08-0527-48be-92b7-0cdfa1c291f6/1/FjnmEbWLf3BV32p_mV0B-5XXkMk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/ceff08-0527-48be-92b7-0cdfa1c291f6/1/FjnmEbWLf3BV32p_mV0B-5XXkMk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FjnmEbWLf3BV32p_mV0B-5XXkMk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 22:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:1f:60:66:d0:f7:12:0a:32:28:db:ba:83:ae:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1639e611b58b7f7055df6a7f995d01fb95d790c9
        Validity
            Not Before: Jan  1 19:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e13176eacf1f54c6c27b4e73e6730537daf3cb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:ac:42:0d:62:42:37:e3:26:02:e0:e3:d4:c8:
                    70:76:a4:28:3e:1c:2f:38:b9:2c:ac:02:d9:67:bb:
                    71:4f:cd:09:1d:e9:51:1b:12:f8:e8:af:9d:d7:19:
                    a3:d1:4e:47:20:a3:44:31:1d:98:45:5a:38:fa:4e:
                    3b:bd:bd:b0:02:cd:36:38:5f:d1:12:c9:de:6e:c8:
                    16:9d:5e:15:a2:31:63:47:dd:8f:da:cf:97:21:94:
                    cd:db:c2:f2:58:92:5e:ee:01:9c:3a:d7:9f:0b:97:
                    6d:ed:c8:af:7f:1b:97:38:1b:2b:c7:c4:25:c4:b5:
                    1e:c1:a7:23:b2:6a:30:b8:5a:d3:ff:df:cb:94:b5:
                    68:66:f7:af:08:a0:e9:69:8b:4b:80:fe:37:6d:46:
                    60:57:55:d2:c8:99:f2:f5:6f:fc:25:8a:cd:7c:93:
                    fe:85:3a:74:06:e8:6c:25:d9:22:52:5d:5d:70:31:
                    dc:a7:76:92:4d:ad:01:e4:a6:da:3a:b6:7e:be:35:
                    00:c6:d3:00:10:88:24:2d:ff:f0:6c:ab:f1:4b:0b:
                    6e:16:8d:1d:df:14:ec:18:6c:72:b8:1d:17:0f:73:
                    37:8c:12:6d:a8:df:b4:36:00:b2:af:7d:70:ad:a9:
                    0a:a3:db:98:9b:aa:67:54:4e:5f:b5:fa:f7:d3:cc:
                    73:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:13:17:6E:AC:F1:F5:4C:6C:27:B4:E7:3E:67:30:53:7D:AF:3C:B0
            X509v3 Authority Key Identifier:
                keyid:16:39:E6:11:B5:8B:7F:70:55:DF:6A:7F:99:5D:01:FB:95:D7:90:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FjnmEbWLf3BV32p_mV0B-5XXkMk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ceff08-0527-48be-92b7-0cdfa1c291f6/1/ThMXbqzx9UxsJ7TnPmcwU32vPLA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ceff08-0527-48be-92b7-0cdfa1c291f6/1/FjnmEbWLf3BV32p_mV0B-5XXkMk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.84.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4d:b4:d9:f8:11:bc:62:55:6b:26:87:54:2b:a1:01:ed:51:59:
         37:16:5b:61:d7:c0:db:76:42:1c:dd:b9:30:f9:21:7e:39:92:
         e6:65:e9:1f:80:e9:a2:02:ee:f3:d1:1e:71:d2:5d:d5:d8:93:
         7a:9e:74:5a:1d:ff:af:4e:e9:04:71:c1:fb:34:5b:20:db:b4:
         a1:89:f2:34:51:78:e4:41:2d:4b:eb:99:6b:2c:74:8f:6c:78:
         26:7d:fc:c1:bc:97:e6:6f:e0:fa:36:d2:00:3a:21:84:70:0c:
         bb:70:da:0c:36:93:73:d2:86:70:b6:b4:5f:43:56:2c:9b:c5:
         6b:1d:34:5c:4d:a3:5a:8f:50:99:e0:2c:4c:f7:0b:b0:5f:b1:
         86:28:a0:7d:ce:a9:c6:ad:66:90:ef:f7:de:78:91:a5:fd:28:
         65:ab:60:8b:b7:2f:61:fc:5f:99:db:a3:62:07:08:5c:ca:04:
         f7:7c:bf:73:63:5f:df:c7:a0:1d:b2:66:ed:2e:ac:b3:4b:7c:
         28:d0:4d:db:39:b5:51:76:6b:4f:84:88:ce:60:2a:2d:61:2a:
         63:ae:26:f4:f8:67:d5:a7:6d:34:ce:44:74:ed:99:7b:42:35:
         bb:c3:10:34:32:2f:45:bf:dd:a3:dd:68:45:2d:0c:58:6b:d6:
         37:c5:e5:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjah9gZtD3EgoyKNu6g663MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MzllNjExYjU4YjdmNzA1NWRmNmE3Zjk5NWQwMWZiOTVk
NzkwYzkwHhcNMjUwMTAxMTk0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTEzMTc2ZWFjZjFmNTRjNmMyN2I0ZTczZTY3MzA1MzdkYWYzY2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA56xCDWJCN+MmAuDj1MhwdqQoPhwv
OLksrALZZ7txT80JHelRGxL46K+d1xmj0U5HIKNEMR2YRVo4+k47vb2wAs02OF/R
EsnebsgWnV4VojFjR92P2s+XIZTN28LyWJJe7gGcOtefC5dt7civfxuXOBsrx8Ql
xLUewacjsmowuFrT/9/LlLVoZvevCKDpaYtLgP43bUZgV1XSyJny9W/8JYrNfJP+
hTp0BuhsJdkiUl1dcDHcp3aSTa0B5KbaOrZ+vjUAxtMAEIgkLf/wbKvxSwtuFo0d
3xTsGGxyuB0XD3M3jBJtqN+0NgCyr31wrakKo9uYm6pnVE5ftfr308xzxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE4TF26s8fVMbCe05z5nMFN9rzywMB8GA1UdIwQY
MBaAFBY55hG1i39wVd9qf5ldAfuV15DJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmpubUViV0xmM0JWMzJwX21WMEItNVhYa01rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9jZWZmMDgtMDUyNy00OGJlLTkyYjct
MGNkZmExYzI5MWY2LzEvVGhNWGJxeng5VXhzSjdUblBtY3dVMzJ2UExBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9jZWZmMDgtMDUyNy00OGJlLTkyYjctMGNkZmExYzI5MWY2
LzEvRmpubUViV0xmM0JWMzJwX21WMEItNVhYa01rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW85UMA0G
CSqGSIb3DQEBCwUAA4IBAQBNtNn4EbxiVWsmh1QroQHtUVk3Flth18DbdkIc3bkw
+SF+OZLmZekfgOmiAu7z0R5x0l3V2JN6nnRaHf+vTukEccH7NFsg27ShifI0UXjk
QS1L65lrLHSPbHgmffzBvJfmb+D6NtIAOiGEcAy7cNoMNpNz0oZwtrRfQ1Ysm8Vr
HTRcTaNaj1CZ4CxM9wuwX7GGKKB9zqnGrWaQ7/feeJGl/Shlq2CLty9h/F+Z26Ni
BwhcygT3fL9zY1/fx6AdsmbtLqyzS3wo0E3bObVRdmtPhIjOYCotYSpjrib0+GfV
p200zkR07Zl7QjW7wxA0Mi9Fv92j3WhFLQxYa9Y3xeU0
-----END CERTIFICATE-----