Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/tXpAR6snYYdl9lnSZFlZrlTwOtU.roa
File:                     tXpAR6snYYdl9lnSZFlZrlTwOtU.roa (raw, json)
Hash identifier:          amfZ9AmgB5LnsYibO/xBS7f3HIiKaJ443EHi9bke7DY=
Subject key identifier:   B5:7A:40:47:AB:27:61:87:65:F6:59:D2:64:59:59:AE:54:F0:3A:D5
Certificate issuer:       /CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
Certificate serial:       01942747BEE171B0643402C9B8B39AFC551E
Authority key identifier: C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/tXpAR6snYYdl9lnSZFlZrlTwOtU.roa
Signing time:             Thu 02 Jan 2025 13:50:00 +0000
ROA not before:           Thu 02 Jan 2025 13:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52025
IP address blocks:        185.121.24.0/23 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:be:e1:71:b0:64:34:02:c9:b8:b3:9a:fc:55:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
        Validity
            Not Before: Jan  2 13:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b57a4047ab27618765f659d2645959ae54f03ad5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:64:c7:2b:e8:29:70:2b:1f:14:17:b3:2b:54:
                    18:f7:d1:ce:99:ad:ac:36:68:09:1d:8e:f8:e6:d7:
                    03:82:97:a9:54:5d:22:49:fc:e1:9b:0b:52:f0:37:
                    db:af:d8:f0:fd:42:21:46:44:4b:fa:91:7a:b7:16:
                    01:14:65:3d:18:14:b6:3b:fd:b4:10:22:39:39:e1:
                    b1:3e:88:22:a1:cf:ad:6f:91:fd:fe:2f:e8:7a:1f:
                    49:55:c5:97:30:a8:69:49:c1:b5:b6:ec:fe:02:90:
                    0f:c5:39:96:21:1b:f3:68:86:e1:52:4f:53:0d:38:
                    38:bf:86:7e:b8:f6:2e:fb:83:df:89:32:3a:51:f0:
                    80:5c:16:80:ca:7a:a8:df:f9:ce:65:1d:c5:da:f8:
                    c7:82:3c:6d:e9:d0:c7:78:8e:6b:fc:2e:47:91:61:
                    b2:40:6c:da:96:c8:aa:d9:a3:21:4f:d2:7f:ec:1d:
                    b5:a6:c9:f4:67:6a:31:83:f2:6c:fe:bd:71:b5:2f:
                    ef:f7:6b:a2:e8:24:fa:20:c5:e8:61:d3:8e:90:f5:
                    c7:4d:9f:13:a4:20:91:0d:b4:e3:c8:80:16:2a:c8:
                    3e:69:bc:19:05:de:d4:a3:66:64:05:16:9c:af:d0:
                    b4:a5:fb:57:f7:46:ec:cc:f4:4f:0c:a2:2b:fa:a6:
                    e2:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:7A:40:47:AB:27:61:87:65:F6:59:D2:64:59:59:AE:54:F0:3A:D5
            X509v3 Authority Key Identifier:
                keyid:C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/tXpAR6snYYdl9lnSZFlZrlTwOtU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.24.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2b:75:32:6d:48:0f:9b:a4:45:bd:ed:7e:f2:a7:10:fa:bb:1c:
         93:64:c3:a4:e0:05:c4:18:60:78:ee:51:87:89:aa:51:16:12:
         25:1d:85:17:30:9c:a1:b4:31:6f:11:7d:a0:a3:35:b5:a8:fb:
         9d:fb:8a:99:53:d0:40:9c:60:19:ec:be:62:c9:93:ad:fc:19:
         2c:17:a9:a7:32:33:67:55:01:67:2f:c8:d1:b5:19:e3:58:0c:
         fc:4c:27:3a:30:68:18:45:0b:8a:09:11:5b:ae:92:c5:09:3b:
         7a:b7:66:66:54:1b:23:8d:64:34:8c:8c:06:bb:9e:e9:19:d4:
         ea:df:38:74:91:bd:aa:97:8c:ad:c9:20:35:08:f7:d3:81:8e:
         94:fc:5b:3a:9e:1a:96:62:a3:f9:32:7c:2f:f7:69:b7:03:ff:
         1e:99:50:de:42:d4:ec:8c:b4:5f:13:fd:45:7d:d3:61:b6:47:
         99:a0:08:3c:dd:dc:00:90:a8:a0:4c:23:95:1e:ab:21:2d:7c:
         ea:b9:1c:3e:ee:5c:78:a8:ac:c4:e4:4a:74:68:5d:f1:fb:86:
         22:c6:92:63:27:e6:ec:44:e6:a8:31:24:f8:07:de:03:3f:9c:
         b2:e9:6a:82:9b:32:ab:a4:75:d2:79:58:4e:45:43:eb:4f:5d:
         6b:85:7c:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR77hcbBkNALJuLOa/FUeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMjgzNDhlOTA1NDk3M2Q3YTVmODE5M2JkNGU1YzQ0ZjY3
Mzk5ZTEwHhcNMjUwMTAyMTM1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTdhNDA0N2FiMjc2MTg3NjVmNjU5ZDI2NDU5NTlhZTU0ZjAzYWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWTHK+gpcCsfFBezK1QY99HOma2s
NmgJHY745tcDgpepVF0iSfzhmwtS8Dfbr9jw/UIhRkRL+pF6txYBFGU9GBS2O/20
ECI5OeGxPogioc+tb5H9/i/oeh9JVcWXMKhpScG1tuz+ApAPxTmWIRvzaIbhUk9T
DTg4v4Z+uPYu+4PfiTI6UfCAXBaAynqo3/nOZR3F2vjHgjxt6dDHeI5r/C5HkWGy
QGzalsiq2aMhT9J/7B21psn0Z2oxg/Js/r1xtS/v92ui6CT6IMXoYdOOkPXHTZ8T
pCCRDbTjyIAWKsg+abwZBd7Uo2ZkBRacr9C0pftX90bszPRPDKIr+qbicQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLV6QEerJ2GHZfZZ0mRZWa5U8DrVMB8GA1UdIwQY
MBaAFMIoNI6QVJc9el+Bk71OXET2c5nhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMt
ZTg4ZmZmODJkNTUzLzEvdFhwQVI2c25ZWWRsOWxuU1pGbFpybFR3T3RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMtZTg4ZmZmODJkNTUz
LzEvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuXkYMA0G
CSqGSIb3DQEBCwUAA4IBAQArdTJtSA+bpEW97X7ypxD6uxyTZMOk4AXEGGB47lGH
iapRFhIlHYUXMJyhtDFvEX2gozW1qPud+4qZU9BAnGAZ7L5iyZOt/BksF6mnMjNn
VQFnL8jRtRnjWAz8TCc6MGgYRQuKCRFbrpLFCTt6t2ZmVBsjjWQ0jIwGu57pGdTq
3zh0kb2ql4ytySA1CPfTgY6U/Fs6nhqWYqP5Mnwv92m3A/8emVDeQtTsjLRfE/1F
fdNhtkeZoAg83dwAkKigTCOVHqshLXzquRw+7lx4qKzE5Ep0aF3x+4YixpJjJ+bs
ROaoMST4B94DP5yy6WqCmzKrpHXSeVhORUPrT11rhXzv
-----END CERTIFICATE-----