Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/899218-2a19-4d0f-9f1e-ef38e8ce33d1/1/TmqgT8a6A5MGUn5mkLtQ8qR97F4.roa
File:                     TmqgT8a6A5MGUn5mkLtQ8qR97F4.roa (raw, json)
Hash identifier:          V4gF7PSkd2779yOJRGcz3efKoncCJTVpp0G+/wVgtGA=
Subject key identifier:   4E:6A:A0:4F:C6:BA:03:93:06:52:7E:66:90:BB:50:F2:A4:7D:EC:5E
Certificate issuer:       /CN=3afa2fc06e1aa9135c2631b73becc5957b023a93
Certificate serial:       01942444943710D1B26CF4327B5510EA5E32
Authority key identifier: 3A:FA:2F:C0:6E:1A:A9:13:5C:26:31:B7:3B:EC:C5:95:7B:02:3A:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvovwG4aqRNcJjG3O-zFlXsCOpM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/899218-2a19-4d0f-9f1e-ef38e8ce33d1/1/TmqgT8a6A5MGUn5mkLtQ8qR97F4.roa
Signing time:             Wed 01 Jan 2025 23:47:41 +0000
ROA not before:           Wed 01 Jan 2025 23:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15404
IP address blocks:        194.99.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/899218-2a19-4d0f-9f1e-ef38e8ce33d1/1/OvovwG4aqRNcJjG3O-zFlXsCOpM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/899218-2a19-4d0f-9f1e-ef38e8ce33d1/1/OvovwG4aqRNcJjG3O-zFlXsCOpM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvovwG4aqRNcJjG3O-zFlXsCOpM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:94:37:10:d1:b2:6c:f4:32:7b:55:10:ea:5e:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3afa2fc06e1aa9135c2631b73becc5957b023a93
        Validity
            Not Before: Jan  1 23:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e6aa04fc6ba039306527e6690bb50f2a47dec5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:c2:4a:9e:ab:4e:b6:23:2d:e8:e7:81:6b:6e:
                    42:33:90:e2:46:10:5c:4c:dc:e8:c4:a7:04:b0:9c:
                    48:f2:a4:75:a7:c2:25:b5:fa:d3:5f:d4:18:aa:0c:
                    23:40:b0:ed:65:c6:22:87:dc:3e:42:b1:d8:d6:89:
                    02:f5:ce:3d:9b:2b:94:ce:f3:53:24:bd:af:79:30:
                    1c:42:91:c8:b5:e7:72:60:37:90:56:23:8c:ad:40:
                    98:1e:6f:2a:b1:57:43:dd:17:be:ad:98:5f:f3:ee:
                    3e:34:69:c7:33:53:9c:b9:0d:09:8a:6d:99:70:a4:
                    03:e0:3f:9d:bb:89:7f:a9:60:3b:d2:44:9c:6f:cc:
                    3d:5f:c4:55:df:c7:b7:f0:5e:a6:49:42:68:e2:41:
                    2f:b4:ac:c2:9b:31:23:b9:d9:8c:aa:e9:8d:24:df:
                    89:7f:92:e5:a2:a5:cd:f8:bb:42:5e:fc:b2:f1:f3:
                    b5:62:07:6f:d6:8d:60:1c:fa:0b:ea:fd:66:d1:d0:
                    ff:2b:ac:fc:96:42:7f:e2:9b:ef:0d:54:8b:59:e8:
                    60:5d:7b:51:58:be:f3:7e:ac:3c:08:c3:f1:ea:5b:
                    d2:09:4e:a6:25:0b:f7:23:2c:2d:5b:1f:1c:3b:f2:
                    28:11:c2:29:5d:a6:cd:48:3c:bc:39:47:0c:90:ad:
                    e4:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:6A:A0:4F:C6:BA:03:93:06:52:7E:66:90:BB:50:F2:A4:7D:EC:5E
            X509v3 Authority Key Identifier:
                keyid:3A:FA:2F:C0:6E:1A:A9:13:5C:26:31:B7:3B:EC:C5:95:7B:02:3A:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvovwG4aqRNcJjG3O-zFlXsCOpM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/899218-2a19-4d0f-9f1e-ef38e8ce33d1/1/TmqgT8a6A5MGUn5mkLtQ8qR97F4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/899218-2a19-4d0f-9f1e-ef38e8ce33d1/1/OvovwG4aqRNcJjG3O-zFlXsCOpM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.99.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:9f:f9:a4:43:81:f3:5f:20:d9:3e:3c:8e:18:59:a0:a3:9a:
         e4:fe:45:c1:0c:7f:f1:09:14:68:4b:2d:bb:ba:03:6f:20:22:
         c1:d1:a6:de:af:cb:49:74:d1:e0:bc:b4:13:97:13:bc:45:fa:
         60:06:b6:d4:2d:0c:e6:ec:c8:31:df:0f:36:06:4e:65:e5:f8:
         80:1f:70:37:9a:f4:de:bb:8f:ed:c0:b6:3f:b7:7e:0a:08:12:
         74:c8:ab:76:8e:f5:b8:1f:f1:1f:e7:09:7b:33:34:96:a6:ab:
         2a:8a:b6:39:f6:ab:fd:53:2f:41:a1:37:04:82:c3:1f:fb:19:
         cf:34:08:41:6f:8f:89:10:4f:f4:cb:5c:f1:10:55:2d:0a:5d:
         0e:2b:41:a4:1c:cd:69:26:6a:72:43:f7:f4:1c:07:50:8f:11:
         0b:5a:27:e1:75:3d:2f:2b:70:a3:c9:86:83:a3:b4:64:29:3f:
         db:06:4e:ef:59:db:1e:e8:25:f2:ed:86:24:c5:a7:17:ee:0a:
         d0:68:bb:57:ec:0f:f6:69:bb:c3:5f:f7:de:fb:22:25:a7:e4:
         a6:3b:a1:c6:98:78:0f:34:9c:b9:d5:65:7e:3f:eb:13:a1:24:
         c7:9a:ce:a2:e3:2f:a3:97:75:8e:a6:47:f6:04:54:99:85:a1:
         fb:e5:4c:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRJQ3ENGybPQye1UQ6l4yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZmEyZmMwNmUxYWE5MTM1YzI2MzFiNzNiZWNjNTk1N2Iw
MjNhOTMwHhcNMjUwMTAxMjM0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTZhYTA0ZmM2YmEwMzkzMDY1MjdlNjY5MGJiNTBmMmE0N2RlYzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsJKnqtOtiMt6OeBa25CM5DiRhBc
TNzoxKcEsJxI8qR1p8IltfrTX9QYqgwjQLDtZcYih9w+QrHY1okC9c49myuUzvNT
JL2veTAcQpHItedyYDeQViOMrUCYHm8qsVdD3Re+rZhf8+4+NGnHM1OcuQ0Jim2Z
cKQD4D+du4l/qWA70kScb8w9X8RV38e38F6mSUJo4kEvtKzCmzEjudmMqumNJN+J
f5LloqXN+LtCXvyy8fO1Ygdv1o1gHPoL6v1m0dD/K6z8lkJ/4pvvDVSLWehgXXtR
WL7zfqw8CMPx6lvSCU6mJQv3IywtWx8cO/IoEcIpXabNSDy8OUcMkK3k0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE5qoE/GugOTBlJ+ZpC7UPKkfexeMB8GA1UdIwQY
MBaAFDr6L8BuGqkTXCYxtzvsxZV7AjqTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZvdndHNGFxUk5jSmpHM08tekZsWHNDT3BNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi84OTkyMTgtMmExOS00ZDBmLTlmMWUt
ZWYzOGU4Y2UzM2QxLzEvVG1xZ1Q4YTZBNU1HVW41bWtMdFE4cVI5N0Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi84OTkyMTgtMmExOS00ZDBmLTlmMWUtZWYzOGU4Y2UzM2Qx
LzEvT3ZvdndHNGFxUk5jSmpHM08tekZsWHNDT3BNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmMMMA0G
CSqGSIb3DQEBCwUAA4IBAQCKn/mkQ4HzXyDZPjyOGFmgo5rk/kXBDH/xCRRoSy27
ugNvICLB0aber8tJdNHgvLQTlxO8RfpgBrbULQzm7Mgx3w82Bk5l5fiAH3A3mvTe
u4/twLY/t34KCBJ0yKt2jvW4H/Ef5wl7MzSWpqsqirY59qv9Uy9BoTcEgsMf+xnP
NAhBb4+JEE/0y1zxEFUtCl0OK0GkHM1pJmpyQ/f0HAdQjxELWifhdT0vK3CjyYaD
o7RkKT/bBk7vWdse6CXy7YYkxacX7grQaLtX7A/2abvDX/fe+yIlp+SmO6HGmHgP
NJy51WV+P+sToSTHms6i4y+jl3WOpkf2BFSZhaH75UxH
-----END CERTIFICATE-----