Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/TUldFuXRlNkhcxG2k3pbkLp8w6k.roa
File:                     TUldFuXRlNkhcxG2k3pbkLp8w6k.roa (raw, json)
Hash identifier:          u8w+hKuVRJcapFna3Gt95nB+zwn2rJ1IH60Do+ZSEr0=
Subject key identifier:   4D:49:5D:16:E5:D1:94:D9:21:73:11:B6:93:7A:5B:90:BA:7C:C3:A9
Certificate issuer:       /CN=dfee2bf43f21a81c492c6e6a9fc6f074d2f0a217
Certificate serial:       01942747843282F1AC88B26EB2403DE121E1
Authority key identifier: DF:EE:2B:F4:3F:21:A8:1C:49:2C:6E:6A:9F:C6:F0:74:D2:F0:A2:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3-4r9D8hqBxJLG5qn8bwdNLwohc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/TUldFuXRlNkhcxG2k3pbkLp8w6k.roa
Signing time:             Thu 02 Jan 2025 13:49:45 +0000
ROA not before:           Thu 02 Jan 2025 13:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3758
IP address blocks:        212.124.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/3-4r9D8hqBxJLG5qn8bwdNLwohc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/3-4r9D8hqBxJLG5qn8bwdNLwohc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3-4r9D8hqBxJLG5qn8bwdNLwohc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 13:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:84:32:82:f1:ac:88:b2:6e:b2:40:3d:e1:21:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfee2bf43f21a81c492c6e6a9fc6f074d2f0a217
        Validity
            Not Before: Jan  2 13:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d495d16e5d194d9217311b6937a5b90ba7cc3a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:77:41:e8:46:22:87:74:60:e8:17:64:ee:93:
                    06:81:6b:8e:96:63:0d:d1:8b:9f:be:f8:be:ec:7e:
                    7a:82:a3:48:8b:d2:ba:1e:93:48:70:45:0d:41:a7:
                    3c:5d:03:70:5f:86:38:57:a3:91:b6:bc:11:3f:9e:
                    25:78:d0:9c:31:45:8d:6b:d8:9b:e6:ef:c0:a8:4b:
                    35:65:df:bd:8d:de:9f:04:44:d6:84:12:74:53:eb:
                    e0:05:ad:2d:82:c3:94:4f:15:e0:de:c8:20:a2:36:
                    e6:ff:af:d7:ef:f2:08:0c:04:d1:ba:d3:24:a7:9e:
                    6b:bb:0e:66:ec:4c:6a:79:35:e7:79:56:0d:de:ff:
                    94:eb:4e:c6:54:71:c2:96:10:5f:00:f9:6d:06:ed:
                    47:7d:a5:1b:1a:a0:38:0a:36:44:98:5a:d3:5d:2f:
                    6b:8c:92:89:46:c0:97:bf:65:22:69:dc:60:19:4a:
                    08:23:63:d7:45:98:e8:69:75:d9:8e:0c:c3:90:64:
                    d5:87:7d:26:4d:86:18:e0:16:66:f3:cc:a1:63:9a:
                    82:2c:17:41:cf:c0:c1:6d:e5:3f:68:22:e5:62:01:
                    1d:28:d8:86:07:79:a6:d0:2b:9f:21:24:1b:7e:ba:
                    a8:8f:bd:69:07:2b:00:27:cf:c3:34:c1:ea:92:5a:
                    9e:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:49:5D:16:E5:D1:94:D9:21:73:11:B6:93:7A:5B:90:BA:7C:C3:A9
            X509v3 Authority Key Identifier:
                keyid:DF:EE:2B:F4:3F:21:A8:1C:49:2C:6E:6A:9F:C6:F0:74:D2:F0:A2:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3-4r9D8hqBxJLG5qn8bwdNLwohc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/TUldFuXRlNkhcxG2k3pbkLp8w6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/3-4r9D8hqBxJLG5qn8bwdNLwohc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.124.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:67:c1:e0:6b:42:2a:b9:9a:fb:b9:ba:32:de:04:ef:e4:53:
         02:0f:a5:4c:b4:a1:7d:64:77:88:0e:96:1a:da:3e:84:4e:8c:
         8f:32:71:94:7e:27:55:a4:24:22:e1:a0:8c:2d:f1:38:35:99:
         ca:2c:5b:06:93:ce:99:28:f0:da:14:c0:dc:0c:18:f5:3f:a0:
         b0:b2:06:9a:33:36:09:60:4e:98:50:31:43:ba:2c:f3:33:af:
         fa:74:34:4a:c2:87:06:f3:95:e9:14:05:e6:04:f4:c0:ad:76:
         56:cd:dc:df:60:5d:0d:ea:39:e5:02:d5:1d:02:3f:e9:45:93:
         5b:7b:19:3c:0a:91:2e:60:87:49:e5:21:63:ed:74:ce:e2:ad:
         03:a2:1f:ed:87:75:73:18:54:9a:31:58:cd:16:c6:45:6e:78:
         29:f2:03:49:3e:f1:18:09:c7:38:4f:1d:84:b4:e8:d1:15:76:
         e0:d9:89:a4:62:0b:7a:83:5c:b2:f5:e8:04:79:73:8a:9e:d6:
         bd:05:81:fc:ab:37:6e:74:75:7f:e8:6a:43:d2:9a:cf:87:db:
         8e:c4:e1:7d:14:24:1d:47:09:f5:a9:cd:26:6c:d4:95:fd:1f:
         a7:12:0c:61:6e:2b:e3:af:ad:7f:a3:22:5d:d4:bb:69:43:d8:
         4b:d3:d8:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR4QygvGsiLJuskA94SHhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZWUyYmY0M2YyMWE4MWM0OTJjNmU2YTlmYzZmMDc0ZDJm
MGEyMTcwHhcNMjUwMTAyMTM0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDQ5NWQxNmU1ZDE5NGQ5MjE3MzExYjY5MzdhNWI5MGJhN2NjM2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwndB6EYih3Rg6Bdk7pMGgWuOlmMN
0Yufvvi+7H56gqNIi9K6HpNIcEUNQac8XQNwX4Y4V6ORtrwRP54leNCcMUWNa9ib
5u/AqEs1Zd+9jd6fBETWhBJ0U+vgBa0tgsOUTxXg3sggojbm/6/X7/IIDATRutMk
p55ruw5m7ExqeTXneVYN3v+U607GVHHClhBfAPltBu1HfaUbGqA4CjZEmFrTXS9r
jJKJRsCXv2UiadxgGUoII2PXRZjoaXXZjgzDkGTVh30mTYYY4BZm88yhY5qCLBdB
z8DBbeU/aCLlYgEdKNiGB3mm0CufISQbfrqoj71pBysAJ8/DNMHqklqekQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE1JXRbl0ZTZIXMRtpN6W5C6fMOpMB8GA1UdIwQY
MBaAFN/uK/Q/IagcSSxuap/G8HTS8KIXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMy00cjlEOGhxQnhKTEc1cW44YndkTkx3b2hjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zYjNiZTAtNTRhNy00MTBmLTlkMTIt
MjhkNzhlYjlmMmRjLzEvVFVsZEZ1WFJsTmtoY3hHMmszcGJrTHA4dzZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zYjNiZTAtNTRhNy00MTBmLTlkMTItMjhkNzhlYjlmMmRj
LzEvMy00cjlEOGhxQnhKTEc1cW44YndkTkx3b2hjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1HxdMA0G
CSqGSIb3DQEBCwUAA4IBAQCEZ8Hga0IquZr7uboy3gTv5FMCD6VMtKF9ZHeIDpYa
2j6EToyPMnGUfidVpCQi4aCMLfE4NZnKLFsGk86ZKPDaFMDcDBj1P6CwsgaaMzYJ
YE6YUDFDuizzM6/6dDRKwocG85XpFAXmBPTArXZWzdzfYF0N6jnlAtUdAj/pRZNb
exk8CpEuYIdJ5SFj7XTO4q0Doh/th3VzGFSaMVjNFsZFbngp8gNJPvEYCcc4Tx2E
tOjRFXbg2YmkYgt6g1yy9egEeXOKnta9BYH8qzdudHV/6GpD0prPh9uOxOF9FCQd
Rwn1qc0mbNSV/R+nEgxhbivjr61/oyJd1LtpQ9hL09gd
-----END CERTIFICATE-----