Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/Tfg3jqM-y4B9_0O830RjMgiNMwI.roa
File:                     Tfg3jqM-y4B9_0O830RjMgiNMwI.roa (raw, json)
Hash identifier:          KhUTb4LC7xdbTloQRmriQdzEeWTgLwDx3/uTjpbvQFU=
Subject key identifier:   4D:F8:37:8E:A3:3E:CB:80:7D:FF:43:BC:DF:44:63:32:08:8D:33:02
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       019428267667D05F2CF57B1D0426B89D039A
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/Tfg3jqM-y4B9_0O830RjMgiNMwI.roa
Signing time:             Thu 02 Jan 2025 17:53:16 +0000
ROA not before:           Thu 02 Jan 2025 17:53:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215638
IP address blocks:        185.21.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 11:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:76:67:d0:5f:2c:f5:7b:1d:04:26:b8:9d:03:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Jan  2 17:53:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4df8378ea33ecb807dff43bcdf446332088d3302
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:85:00:3a:36:37:e2:f8:f9:7f:02:04:56:9c:
                    5d:84:e3:49:d8:ae:93:4e:9f:5f:c6:19:64:48:8f:
                    e8:b2:bd:a8:01:b4:28:87:0e:e7:77:dc:49:c0:a0:
                    5e:2a:a8:0a:61:32:c3:d6:3e:8e:39:2b:c5:03:f4:
                    c2:13:df:bc:f0:19:37:80:2d:64:c6:f7:6d:e3:aa:
                    65:45:af:94:33:b6:a7:8e:57:6b:fb:5d:58:08:23:
                    0a:d4:81:08:ae:15:3c:5d:1d:bc:61:53:33:8f:32:
                    6a:41:3c:67:14:6e:8c:07:f1:ec:5c:17:36:6c:68:
                    db:94:3d:6e:b9:c5:21:4c:6e:43:7b:14:d7:ab:cb:
                    a4:32:61:ad:77:64:09:23:a4:4a:46:6d:2e:ad:0a:
                    fd:7b:63:ab:99:6a:28:a6:95:0a:03:c1:30:b6:59:
                    eb:a0:d4:4a:6e:5f:17:54:82:e9:84:ef:d4:aa:58:
                    1e:be:7d:77:a2:ba:da:76:4d:a5:71:05:c8:1d:d5:
                    bc:33:1f:0c:24:af:aa:98:a8:2f:74:11:eb:ca:2b:
                    f5:fc:c0:1f:8d:f2:e3:d4:22:f8:42:0a:d0:af:02:
                    ae:03:f2:63:3c:db:53:9f:fa:69:b3:b2:5b:68:2d:
                    47:47:91:4a:14:ec:c3:28:ec:45:29:b8:93:61:71:
                    c5:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:F8:37:8E:A3:3E:CB:80:7D:FF:43:BC:DF:44:63:32:08:8D:33:02
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/Tfg3jqM-y4B9_0O830RjMgiNMwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d4:ae:d3:77:ea:83:c6:e0:c5:b3:9a:91:21:58:fd:43:94:74:
         13:5b:4d:72:f5:f1:36:81:b6:c0:d3:8e:f8:fb:6e:9c:39:fe:
         7e:f8:78:55:7a:43:f1:45:77:7d:17:41:d3:48:06:a5:19:3b:
         f0:9b:6b:c1:76:2d:81:23:19:d7:ca:99:73:43:e1:56:3f:dd:
         d2:1c:04:f2:11:28:7b:5d:9b:bf:92:a3:c4:aa:a0:74:0b:e3:
         35:a4:4c:a9:d2:91:bd:88:13:a0:aa:f5:c6:34:34:aa:18:66:
         6a:65:0f:b8:25:76:b7:ef:17:5d:41:c9:0a:d5:06:be:ae:ee:
         5b:8b:a0:86:c0:55:8e:b6:03:26:b6:25:a7:2f:61:c5:4a:c8:
         59:91:1f:63:62:0e:50:f3:a0:c8:1f:e4:94:47:5c:96:84:de:
         cd:60:13:6e:2d:95:8b:4b:5b:a2:33:e1:25:37:73:d0:a1:eb:
         c5:38:be:9b:a4:69:8b:62:21:81:4e:77:85:ca:f6:0d:0e:3d:
         ca:35:d2:6c:92:bb:5e:3e:ca:06:52:a8:36:a4:3f:d6:e0:ba:
         e1:70:89:44:44:2b:39:16:5a:a5:b7:ac:9b:7c:e0:17:cc:fa:
         9b:6b:19:b2:56:e6:ef:48:01:b0:c0:40:99:65:2e:f7:cc:df:
         8f:57:f0:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJnZn0F8s9XsdBCa4nQOaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjUwMTAyMTc1MzE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGY4Mzc4ZWEzM2VjYjgwN2RmZjQzYmNkZjQ0NjMzMjA4OGQzMzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvoUAOjY34vj5fwIEVpxdhONJ2K6T
Tp9fxhlkSI/osr2oAbQohw7nd9xJwKBeKqgKYTLD1j6OOSvFA/TCE9+88Bk3gC1k
xvdt46plRa+UM7anjldr+11YCCMK1IEIrhU8XR28YVMzjzJqQTxnFG6MB/HsXBc2
bGjblD1uucUhTG5DexTXq8ukMmGtd2QJI6RKRm0urQr9e2OrmWooppUKA8Ewtlnr
oNRKbl8XVILphO/Uqlgevn13orradk2lcQXIHdW8Mx8MJK+qmKgvdBHryiv1/MAf
jfLj1CL4QgrQrwKuA/JjPNtTn/pps7JbaC1HR5FKFOzDKOxFKbiTYXHFKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE34N46jPsuAff9DvN9EYzIIjTMCMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvVGZnM2pxTS15NEI5XzBPODMwUmpNZ2lOTXdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRX/MA0G
CSqGSIb3DQEBCwUAA4IBAQDUrtN36oPG4MWzmpEhWP1DlHQTW01y9fE2gbbA0474
+26cOf5++HhVekPxRXd9F0HTSAalGTvwm2vBdi2BIxnXyplzQ+FWP93SHATyESh7
XZu/kqPEqqB0C+M1pEyp0pG9iBOgqvXGNDSqGGZqZQ+4JXa37xddQckK1Qa+ru5b
i6CGwFWOtgMmtiWnL2HFSshZkR9jYg5Q86DIH+SUR1yWhN7NYBNuLZWLS1uiM+El
N3PQoevFOL6bpGmLYiGBTneFyvYNDj3KNdJskrtePsoGUqg2pD/W4LrhcIlERCs5
Flqlt6ybfOAXzPqbaxmyVubvSAGwwECZZS73zN+PV/BU
-----END CERTIFICATE-----