Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/cb614c-495e-410e-8730-5a366315c166/1/tKjpgYt3F1U92FlxxtExmwv_VJA.roa
File:                     tKjpgYt3F1U92FlxxtExmwv_VJA.roa (raw, json)
Hash identifier:          PCobIxyuHsntJ/hl1UTuu1qlban1/mIdUKP0z5QY3l0=
Subject key identifier:   B4:A8:E9:81:8B:77:17:55:3D:D8:59:71:C6:D1:31:9B:0B:FF:54:90
Certificate issuer:       /CN=9a48c1d8008cdc059db0b27aa9514799c06d5443
Certificate serial:       0194228E3EEC7AF3646B2C3E299F0F4E7804
Authority key identifier: 9A:48:C1:D8:00:8C:DC:05:9D:B0:B2:7A:A9:51:47:99:C0:6D:54:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mkjB2ACM3AWdsLJ6qVFHmcBtVEM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/cb614c-495e-410e-8730-5a366315c166/1/tKjpgYt3F1U92FlxxtExmwv_VJA.roa
Signing time:             Wed 01 Jan 2025 15:48:55 +0000
ROA not before:           Wed 01 Jan 2025 15:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35758
IP address blocks:        193.169.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/cb614c-495e-410e-8730-5a366315c166/1/mkjB2ACM3AWdsLJ6qVFHmcBtVEM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/cb614c-495e-410e-8730-5a366315c166/1/mkjB2ACM3AWdsLJ6qVFHmcBtVEM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mkjB2ACM3AWdsLJ6qVFHmcBtVEM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 18:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:3e:ec:7a:f3:64:6b:2c:3e:29:9f:0f:4e:78:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a48c1d8008cdc059db0b27aa9514799c06d5443
        Validity
            Not Before: Jan  1 15:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4a8e9818b7717553dd85971c6d1319b0bff5490
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:8a:43:6a:4d:07:05:ec:6e:ee:95:81:bc:56:
                    94:bc:97:c9:1d:43:ff:2f:45:83:40:a8:07:d2:34:
                    c0:ea:0f:2e:89:93:a0:9e:de:e9:b3:c6:b1:e2:38:
                    55:12:b1:9e:b1:b8:fe:82:d9:ee:0b:e2:60:20:ae:
                    64:04:97:35:52:8c:72:66:f6:2a:2c:a8:81:a4:bb:
                    05:d3:48:1e:ce:4a:e6:16:51:45:cc:41:97:eb:bd:
                    94:5c:34:ce:c3:50:4e:61:c3:bc:4a:f1:4d:9d:53:
                    a8:e4:3f:e6:e5:b2:d8:2d:14:c5:55:c6:3f:bf:13:
                    1e:2d:c0:8c:f2:b1:07:a8:ca:85:54:9c:5d:1c:14:
                    6f:43:16:30:0e:33:1f:7f:42:28:1d:c7:37:6a:6c:
                    78:c5:c2:99:c5:92:e2:e7:cd:8c:6a:01:cc:df:40:
                    4a:b0:a1:f5:ef:49:a6:61:40:78:99:3a:39:7a:d8:
                    cb:4b:41:16:e7:cd:fc:cf:5b:9c:8d:0f:1d:49:7c:
                    b5:56:d1:19:71:7f:dc:31:6f:1d:75:2c:84:b0:f3:
                    11:5c:df:bb:ab:ba:d6:a5:f4:a8:3a:d2:52:d0:38:
                    13:7c:95:e3:5f:3c:23:7e:6b:f5:38:e5:8e:11:78:
                    91:03:4d:99:50:38:69:db:f2:1a:12:9e:55:8c:de:
                    5b:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:A8:E9:81:8B:77:17:55:3D:D8:59:71:C6:D1:31:9B:0B:FF:54:90
            X509v3 Authority Key Identifier:
                keyid:9A:48:C1:D8:00:8C:DC:05:9D:B0:B2:7A:A9:51:47:99:C0:6D:54:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mkjB2ACM3AWdsLJ6qVFHmcBtVEM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/cb614c-495e-410e-8730-5a366315c166/1/tKjpgYt3F1U92FlxxtExmwv_VJA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/cb614c-495e-410e-8730-5a366315c166/1/mkjB2ACM3AWdsLJ6qVFHmcBtVEM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.169.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:f0:de:2d:e6:a7:5c:c7:2f:1a:6f:9a:68:34:41:f3:29:61:
         9a:69:aa:15:84:2a:a7:69:f5:27:2c:3c:7e:05:bb:ed:26:ad:
         d6:9e:dd:96:c2:88:9f:5b:ad:2c:e9:2c:b5:26:b3:e7:5c:de:
         37:87:b0:fb:0f:16:03:5a:c7:ae:28:4e:96:2f:a5:e6:9a:2c:
         80:3e:c8:95:c7:60:04:3e:84:a8:0d:f4:10:16:8c:cf:73:40:
         b7:1f:49:a6:09:1e:2c:f4:23:c1:0b:06:b7:04:9f:5e:18:70:
         a8:c9:4b:75:6c:26:c2:52:db:da:a6:8c:3a:cc:bc:a6:4c:23:
         fd:e0:3c:7f:ca:10:16:2b:ed:a4:d6:cc:25:d3:1a:27:e4:83:
         c6:de:91:cc:26:34:c8:eb:06:ac:e5:d3:a2:b2:2b:34:9c:a8:
         c5:7f:9c:7b:76:73:bc:f2:45:45:1d:b2:68:28:d8:1e:76:29:
         11:f6:34:86:6d:c6:2c:71:c8:b6:8e:13:99:a5:5c:5f:e9:29:
         01:fa:37:4f:db:12:f5:fe:ba:60:40:1c:5f:c5:bd:d6:1c:90:
         20:fa:3b:c7:ea:5e:7c:be:cd:5e:c7:ed:eb:c5:6b:3c:e2:8b:
         6d:5b:fe:40:7f:68:6c:76:6d:18:c1:4f:6f:27:2f:25:38:48:
         3b:e2:95:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijj7sevNkayw+KZ8PTngEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNDhjMWQ4MDA4Y2RjMDU5ZGIwYjI3YWE5NTE0Nzk5YzA2
ZDU0NDMwHhcNMjUwMTAxMTU0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGE4ZTk4MThiNzcxNzU1M2RkODU5NzFjNmQxMzE5YjBiZmY1NDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA04pDak0HBexu7pWBvFaUvJfJHUP/
L0WDQKgH0jTA6g8uiZOgnt7ps8ax4jhVErGesbj+gtnuC+JgIK5kBJc1UoxyZvYq
LKiBpLsF00gezkrmFlFFzEGX672UXDTOw1BOYcO8SvFNnVOo5D/m5bLYLRTFVcY/
vxMeLcCM8rEHqMqFVJxdHBRvQxYwDjMff0IoHcc3amx4xcKZxZLi582MagHM30BK
sKH170mmYUB4mTo5etjLS0EW5838z1ucjQ8dSXy1VtEZcX/cMW8ddSyEsPMRXN+7
q7rWpfSoOtJS0DgTfJXjXzwjfmv1OOWOEXiRA02ZUDhp2/IaEp5VjN5bpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLSo6YGLdxdVPdhZccbRMZsL/1SQMB8GA1UdIwQY
MBaAFJpIwdgAjNwFnbCyeqlRR5nAbVRDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWtqQjJBQ00zQVdkc0xKNnFWRkhtY0J0VkVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy9jYjYxNGMtNDk1ZS00MTBlLTg3MzAt
NWEzNjYzMTVjMTY2LzEvdEtqcGdZdDNGMVU5MkZseHh0RXhtd3ZfVkpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy9jYjYxNGMtNDk1ZS00MTBlLTg3MzAtNWEzNjYzMTVjMTY2
LzEvbWtqQjJBQ00zQVdkc0xKNnFWRkhtY0J0VkVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwanlMA0G
CSqGSIb3DQEBCwUAA4IBAQBP8N4t5qdcxy8ab5poNEHzKWGaaaoVhCqnafUnLDx+
BbvtJq3Wnt2WwoifW60s6Sy1JrPnXN43h7D7DxYDWseuKE6WL6XmmiyAPsiVx2AE
PoSoDfQQFozPc0C3H0mmCR4s9CPBCwa3BJ9eGHCoyUt1bCbCUtvapow6zLymTCP9
4Dx/yhAWK+2k1swl0xon5IPG3pHMJjTI6was5dOisis0nKjFf5x7dnO88kVFHbJo
KNgedikR9jSGbcYscci2jhOZpVxf6SkB+jdP2xL1/rpgQBxfxb3WHJAg+jvH6l58
vs1ex+3rxWs84ottW/5Af2hsdm0YwU9vJy8lOEg74pWa
-----END CERTIFICATE-----