Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/632dc0-4d2d-40c2-ab65-c38b1f9d457c/1/Tyq3VKoV7toHz4LXY-F6FRKUTFc.roa
File:                     Tyq3VKoV7toHz4LXY-F6FRKUTFc.roa (raw, json)
Hash identifier:          RHBupRRuz7kLI26AVDq35ZlOcZY/SSv2fkkTHG+8t+o=
Subject key identifier:   4F:2A:B7:54:AA:15:EE:DA:07:CF:82:D7:63:E1:7A:15:12:94:4C:57
Certificate issuer:       /CN=bc35904e24db0e990495a3445e77d1136ed618d7
Certificate serial:       019426D96E1F3775AFD5C508E0AAB07A510C
Authority key identifier: BC:35:90:4E:24:DB:0E:99:04:95:A3:44:5E:77:D1:13:6E:D6:18:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vDWQTiTbDpkElaNEXnfRE27WGNc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/632dc0-4d2d-40c2-ab65-c38b1f9d457c/1/Tyq3VKoV7toHz4LXY-F6FRKUTFc.roa
Signing time:             Thu 02 Jan 2025 11:49:31 +0000
ROA not before:           Thu 02 Jan 2025 11:49:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        213.165.40.0/21 maxlen: 21
                          213.165.48.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/632dc0-4d2d-40c2-ab65-c38b1f9d457c/1/vDWQTiTbDpkElaNEXnfRE27WGNc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/632dc0-4d2d-40c2-ab65-c38b1f9d457c/1/vDWQTiTbDpkElaNEXnfRE27WGNc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vDWQTiTbDpkElaNEXnfRE27WGNc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:6e:1f:37:75:af:d5:c5:08:e0:aa:b0:7a:51:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc35904e24db0e990495a3445e77d1136ed618d7
        Validity
            Not Before: Jan  2 11:49:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f2ab754aa15eeda07cf82d763e17a1512944c57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:6d:75:cc:16:c5:95:db:18:e1:12:c4:69:97:
                    b0:d9:24:8f:b3:80:fa:62:32:d7:bf:f7:1c:2b:9f:
                    11:df:88:69:22:ca:73:30:6d:97:e0:2b:29:c1:87:
                    69:b3:ce:a1:8f:c6:ce:73:22:69:b1:7e:0c:bf:54:
                    64:0e:7f:38:e6:70:36:50:02:28:f9:51:e6:79:4f:
                    f3:03:91:ca:28:c1:ba:93:02:14:39:df:fa:c2:40:
                    17:90:ae:96:4d:bd:83:8a:f8:71:71:21:d1:56:9a:
                    0f:c5:f1:61:3c:1d:7d:05:fc:30:de:8d:14:17:f9:
                    99:fd:85:c5:71:52:04:a2:f7:4a:c0:9c:18:b0:05:
                    08:4f:93:03:bd:52:3b:d5:75:a8:16:0a:45:b2:ee:
                    5b:38:d0:fb:a7:ec:b7:a1:b9:75:4f:21:c8:28:27:
                    3b:79:ec:0a:4e:87:63:a3:79:2f:df:25:98:ab:d3:
                    bf:21:b0:80:63:0c:ba:55:b8:da:8c:0b:c0:a3:fe:
                    4e:fe:60:cd:7b:e5:77:5b:e3:5b:f4:49:97:b9:d4:
                    8c:93:be:0f:c4:4b:73:c5:4f:af:b7:b5:a5:df:6f:
                    09:d3:3c:a2:de:7e:44:a6:c5:9f:bd:12:6d:6e:ed:
                    d0:e3:3d:dc:b2:db:c0:08:37:c5:0a:6c:7f:4a:7f:
                    1c:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:2A:B7:54:AA:15:EE:DA:07:CF:82:D7:63:E1:7A:15:12:94:4C:57
            X509v3 Authority Key Identifier:
                keyid:BC:35:90:4E:24:DB:0E:99:04:95:A3:44:5E:77:D1:13:6E:D6:18:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vDWQTiTbDpkElaNEXnfRE27WGNc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/632dc0-4d2d-40c2-ab65-c38b1f9d457c/1/Tyq3VKoV7toHz4LXY-F6FRKUTFc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/632dc0-4d2d-40c2-ab65-c38b1f9d457c/1/vDWQTiTbDpkElaNEXnfRE27WGNc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.165.40.0-213.165.63.255

    Signature Algorithm: sha256WithRSAEncryption
         b7:de:ea:e3:e7:ed:43:67:34:f3:5a:86:9c:cc:a2:3e:6d:24:
         74:40:48:ba:0a:7e:a5:d7:1d:3e:c8:cc:f6:f5:9c:f6:58:6c:
         46:66:dc:b0:6a:7e:12:db:88:1a:47:75:cc:c7:83:96:c3:47:
         f6:c2:61:23:21:b5:76:6d:ba:e5:fd:c1:06:7c:16:46:69:a0:
         30:5c:ff:a3:80:88:f2:7a:1a:1b:c6:dd:8e:49:6b:8a:11:96:
         fe:7d:91:e0:2d:22:5a:24:83:56:dc:4d:e6:95:90:f1:2a:f6:
         e7:ad:e9:de:87:75:d0:a6:80:c6:a6:37:1d:40:5a:44:f3:1e:
         fe:c0:61:49:1f:8d:2c:68:b8:36:36:42:3c:f0:3a:80:4e:b2:
         10:8b:82:67:4c:21:b0:2c:9b:10:95:7c:2e:a8:12:aa:51:be:
         a5:d9:4b:c6:e4:68:ae:ae:26:a0:5b:4e:10:72:54:eb:c2:48:
         af:f1:f3:29:31:bc:0c:ed:d4:83:26:d6:06:e3:df:2e:78:4d:
         b6:49:3e:a6:bb:a6:4b:15:39:47:10:3c:8c:44:86:ed:4a:7f:
         88:20:b4:6c:5a:00:73:20:a5:d9:49:3a:6b:0e:b8:57:f2:65:
         b5:5e:b9:6a:f9:03:1e:95:25:6a:39:c4:07:ab:71:2a:5f:14:
         fa:28:6d:d3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQm2W4fN3Wv1cUI4KqwelEMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjMzU5MDRlMjRkYjBlOTkwNDk1YTM0NDVlNzdkMTEzNmVk
NjE4ZDcwHhcNMjUwMTAyMTE0OTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjJhYjc1NGFhMTVlZWRhMDdjZjgyZDc2M2UxN2ExNTEyOTQ0YzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuW11zBbFldsY4RLEaZew2SSPs4D6
YjLXv/ccK58R34hpIspzMG2X4CspwYdps86hj8bOcyJpsX4Mv1RkDn845nA2UAIo
+VHmeU/zA5HKKMG6kwIUOd/6wkAXkK6WTb2DivhxcSHRVpoPxfFhPB19Bfww3o0U
F/mZ/YXFcVIEovdKwJwYsAUIT5MDvVI71XWoFgpFsu5bOND7p+y3obl1TyHIKCc7
eewKTodjo3kv3yWYq9O/IbCAYwy6VbjajAvAo/5O/mDNe+V3W+Nb9EmXudSMk74P
xEtzxU+vt7Wl328J0zyi3n5EpsWfvRJtbu3Q4z3cstvACDfFCmx/Sn8cUwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFE8qt1SqFe7aB8+C12PhehUSlExXMB8GA1UdIwQY
MBaAFLw1kE4k2w6ZBJWjRF530RNu1hjXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkRXUVRpVGJEcGtFbGFORVhuZlJFMjdXR05jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy82MzJkYzAtNGQyZC00MGMyLWFiNjUt
YzM4YjFmOWQ0NTdjLzEvVHlxM1ZLb1Y3dG9IejRMWFktRjZGUktVVEZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy82MzJkYzAtNGQyZC00MGMyLWFiNjUtYzM4YjFmOWQ0NTdj
LzEvdkRXUVRpVGJEcGtFbGFORVhuZlJFMjdXR05jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAPVpSgD
BAbVpQAwDQYJKoZIhvcNAQELBQADggEBALfe6uPn7UNnNPNahpzMoj5tJHRASLoK
fqXXHT7IzPb1nPZYbEZm3LBqfhLbiBpHdczHg5bDR/bCYSMhtXZtuuX9wQZ8FkZp
oDBc/6OAiPJ6GhvG3Y5Ja4oRlv59keAtIlokg1bcTeaVkPEq9uet6d6HddCmgMam
Nx1AWkTzHv7AYUkfjSxouDY2QjzwOoBOshCLgmdMIbAsmxCVfC6oEqpRvqXZS8bk
aK6uJqBbThByVOvCSK/x8ykxvAzt1IMm1gbj3y54TbZJPqa7pksVOUcQPIxEhu1K
f4ggtGxaAHMgpdlJOmsOuFfyZbVeuWr5Ax6VJWo5xAercSpfFPoobdM=
-----END CERTIFICATE-----