Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/a4280e-d094-4a74-b8f6-7e859ff4651c/1/TlU9Uk_nAAl7-fcJ5oPvF-WHQ6g.roa
File:                     TlU9Uk_nAAl7-fcJ5oPvF-WHQ6g.roa (raw, json)
Hash identifier:          kHfyiCHQk1viwG97rNRumEvrS7xQPQhtjEnkV3NwAaY=
Subject key identifier:   4E:55:3D:52:4F:E7:00:09:7B:F9:F7:09:E6:83:EF:17:E5:87:43:A8
Certificate issuer:       /CN=b93ca6fd00327aedf1d4e3275562cae733b4e743
Certificate serial:       0194244517C482326302827B201711FB6B02
Authority key identifier: B9:3C:A6:FD:00:32:7A:ED:F1:D4:E3:27:55:62:CA:E7:33:B4:E7:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uTym_QAyeu3x1OMnVWLK5zO050M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/a4280e-d094-4a74-b8f6-7e859ff4651c/1/TlU9Uk_nAAl7-fcJ5oPvF-WHQ6g.roa
Signing time:             Wed 01 Jan 2025 23:48:15 +0000
ROA not before:           Wed 01 Jan 2025 23:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34301
IP address blocks:        195.242.88.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/a4280e-d094-4a74-b8f6-7e859ff4651c/1/uTym_QAyeu3x1OMnVWLK5zO050M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/a4280e-d094-4a74-b8f6-7e859ff4651c/1/uTym_QAyeu3x1OMnVWLK5zO050M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uTym_QAyeu3x1OMnVWLK5zO050M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:17:c4:82:32:63:02:82:7b:20:17:11:fb:6b:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b93ca6fd00327aedf1d4e3275562cae733b4e743
        Validity
            Not Before: Jan  1 23:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e553d524fe700097bf9f709e683ef17e58743a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:f9:e8:3d:a9:52:eb:e0:e4:18:93:20:71:16:
                    59:5e:4e:79:ee:a9:55:bb:ab:b5:4d:79:fa:1b:b1:
                    34:95:11:cb:1b:e6:11:47:3f:89:49:68:b1:51:69:
                    eb:5d:e1:38:08:a5:50:f6:cc:98:a2:54:b4:df:2f:
                    d1:9a:f8:3c:89:49:ab:2c:b7:fb:34:af:a6:86:b3:
                    ee:d0:d3:7e:ce:da:17:a9:b4:bb:01:ae:dd:83:60:
                    a8:4e:44:89:9e:36:17:f8:2e:a0:27:25:ff:d0:0d:
                    9e:e5:81:90:07:4e:b4:0e:24:33:f6:62:03:eb:4c:
                    c7:79:82:36:1c:84:ad:39:5e:c9:1c:31:22:94:23:
                    73:15:9b:92:57:85:10:d4:e8:09:1a:a9:51:05:d4:
                    96:4e:8f:45:49:0d:bc:bf:a0:2d:33:c8:68:7e:5d:
                    eb:23:f9:8f:f7:a6:22:b3:1e:85:22:d1:7d:c1:71:
                    a1:7c:61:df:80:97:ac:10:a9:7c:26:98:83:e5:d4:
                    98:dd:85:d1:db:84:eb:82:95:cb:2e:08:2e:e4:56:
                    99:b8:4a:8e:1c:89:87:df:90:b9:84:c4:ed:fd:65:
                    98:0c:b5:9b:9e:08:48:51:2b:3d:a8:2a:22:c1:f3:
                    53:15:d0:f5:e7:fa:20:ea:21:66:4b:95:7f:6f:19:
                    17:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:55:3D:52:4F:E7:00:09:7B:F9:F7:09:E6:83:EF:17:E5:87:43:A8
            X509v3 Authority Key Identifier:
                keyid:B9:3C:A6:FD:00:32:7A:ED:F1:D4:E3:27:55:62:CA:E7:33:B4:E7:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uTym_QAyeu3x1OMnVWLK5zO050M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/a4280e-d094-4a74-b8f6-7e859ff4651c/1/TlU9Uk_nAAl7-fcJ5oPvF-WHQ6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/a4280e-d094-4a74-b8f6-7e859ff4651c/1/uTym_QAyeu3x1OMnVWLK5zO050M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.242.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2a:83:ff:ea:dc:f8:bd:05:57:6b:54:f0:62:4e:6e:55:af:0c:
         ea:6c:68:e2:7f:a9:51:63:d4:f2:03:00:6b:da:1e:8d:f4:02:
         3e:ab:05:13:eb:74:ec:79:4b:11:c3:b3:79:93:d2:b3:74:9e:
         91:5f:e8:d6:7b:af:cb:3c:a2:32:40:3f:7f:85:15:a2:bb:63:
         52:c6:56:99:b0:5a:2b:5b:b2:7a:76:40:80:30:ff:51:6b:78:
         b7:ec:d4:1f:0f:57:da:64:c3:55:93:2a:92:af:d5:24:a0:ac:
         89:b6:7e:ed:d8:b6:00:55:31:d4:d9:41:c3:24:3b:3f:05:31:
         4f:05:0e:7b:8f:9e:fd:72:ae:b2:fb:43:af:48:61:8d:ae:93:
         96:1e:38:20:5a:d0:c1:c1:22:60:ad:1b:8c:e2:71:bd:17:dd:
         44:eb:fb:1c:fa:50:69:0e:6a:c7:60:fd:dc:40:c7:46:5e:2d:
         82:cf:b3:ab:c4:5f:2a:a5:95:2f:14:d1:22:12:bd:1d:fe:ce:
         8a:b2:8c:58:46:3c:5c:1c:fb:2b:c3:b7:9b:15:d2:37:62:2f:
         45:fb:2e:6a:1b:7e:5d:ce:89:4d:c2:38:ff:0c:26:1f:47:cd:
         a2:ee:a1:d3:47:15:b7:9b:9b:51:c6:9f:bc:13:50:75:11:18:
         2d:93:30:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRRfEgjJjAoJ7IBcR+2sCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5M2NhNmZkMDAzMjdhZWRmMWQ0ZTMyNzU1NjJjYWU3MzNi
NGU3NDMwHhcNMjUwMTAxMjM0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTU1M2Q1MjRmZTcwMDA5N2JmOWY3MDllNjgzZWYxN2U1ODc0M2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzPnoPalS6+DkGJMgcRZZXk557qlV
u6u1TXn6G7E0lRHLG+YRRz+JSWixUWnrXeE4CKVQ9syYolS03y/Rmvg8iUmrLLf7
NK+mhrPu0NN+ztoXqbS7Aa7dg2CoTkSJnjYX+C6gJyX/0A2e5YGQB060DiQz9mID
60zHeYI2HIStOV7JHDEilCNzFZuSV4UQ1OgJGqlRBdSWTo9FSQ28v6AtM8hofl3r
I/mP96Yisx6FItF9wXGhfGHfgJesEKl8JpiD5dSY3YXR24TrgpXLLggu5FaZuEqO
HImH35C5hMTt/WWYDLWbnghIUSs9qCoiwfNTFdD15/og6iFmS5V/bxkXKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE5VPVJP5wAJe/n3CeaD7xflh0OoMB8GA1UdIwQY
MBaAFLk8pv0AMnrt8dTjJ1ViyucztOdDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVR5bV9RQXlldTN4MU9NblZXTEs1ek8wNTBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9hNDI4MGUtZDA5NC00YTc0LWI4ZjYt
N2U4NTlmZjQ2NTFjLzEvVGxVOVVrX25BQWw3LWZjSjVvUHZGLVdIUTZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9hNDI4MGUtZDA5NC00YTc0LWI4ZjYtN2U4NTlmZjQ2NTFj
LzEvdVR5bV9RQXlldTN4MU9NblZXTEs1ek8wNTBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw/JYMA0G
CSqGSIb3DQEBCwUAA4IBAQAqg//q3Pi9BVdrVPBiTm5VrwzqbGjif6lRY9TyAwBr
2h6N9AI+qwUT63TseUsRw7N5k9KzdJ6RX+jWe6/LPKIyQD9/hRWiu2NSxlaZsFor
W7J6dkCAMP9Ra3i37NQfD1faZMNVkyqSr9UkoKyJtn7t2LYAVTHU2UHDJDs/BTFP
BQ57j579cq6y+0OvSGGNrpOWHjggWtDBwSJgrRuM4nG9F91E6/sc+lBpDmrHYP3c
QMdGXi2Cz7OrxF8qpZUvFNEiEr0d/s6KsoxYRjxcHPsrw7ebFdI3Yi9F+y5qG35d
zolNwjj/DCYfR82i7qHTRxW3m5tRxp+8E1B1ERgtkzAh
-----END CERTIFICATE-----