Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/61c61d-5ed8-4766-9b4b-056b9c231f34/1/TAIaujQ4VKKsXuUakY0dKEcAcGs.roa
File:                     TAIaujQ4VKKsXuUakY0dKEcAcGs.roa (raw, json)
Hash identifier:          d9TADe0Qn4Oy08MasSNafdYWP3qjs55v/m6HHzPTGmc=
Subject key identifier:   4C:02:1A:BA:34:38:54:A2:AC:5E:E5:1A:91:8D:1D:28:47:00:70:6B
Certificate issuer:       /CN=99282d77c662e68bb87e83338b76ad6bead93185
Certificate serial:       0194252223B818AE245EF9332B5EA68F4F0C
Authority key identifier: 99:28:2D:77:C6:62:E6:8B:B8:7E:83:33:8B:76:AD:6B:EA:D9:31:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mSgtd8Zi5ou4foMzi3ata-rZMYU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/61c61d-5ed8-4766-9b4b-056b9c231f34/1/TAIaujQ4VKKsXuUakY0dKEcAcGs.roa
Signing time:             Thu 02 Jan 2025 03:49:41 +0000
ROA not before:           Thu 02 Jan 2025 03:49:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206784
IP address blocks:        185.176.136.0/22 maxlen: 32
                          2a0a:1780::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/61c61d-5ed8-4766-9b4b-056b9c231f34/1/mSgtd8Zi5ou4foMzi3ata-rZMYU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/61c61d-5ed8-4766-9b4b-056b9c231f34/1/mSgtd8Zi5ou4foMzi3ata-rZMYU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mSgtd8Zi5ou4foMzi3ata-rZMYU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:23:b8:18:ae:24:5e:f9:33:2b:5e:a6:8f:4f:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99282d77c662e68bb87e83338b76ad6bead93185
        Validity
            Not Before: Jan  2 03:49:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c021aba343854a2ac5ee51a918d1d284700706b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:c0:29:9d:b7:fd:b1:4a:fb:3e:fd:4c:8b:c3:
                    c6:5d:76:7b:db:24:91:99:58:ac:89:52:8f:d5:06:
                    db:d6:75:f0:a9:d7:b4:9c:0b:cd:a9:f1:9c:c5:42:
                    ac:25:98:fa:8f:da:58:0f:6c:ec:89:74:e1:99:01:
                    af:db:0a:bb:57:98:a1:98:8c:7c:20:be:4c:66:ef:
                    b9:47:8f:12:1c:db:01:bd:32:b4:02:99:53:fe:db:
                    da:2f:01:bf:ee:b4:be:4c:18:9e:12:61:6e:c1:76:
                    a6:17:a8:31:64:61:15:97:c6:ed:e7:4c:11:c7:d9:
                    07:86:ef:26:7f:96:f5:cc:e6:90:13:ad:91:2e:4b:
                    59:1d:d2:a9:1e:6a:b4:0b:ef:22:06:45:a2:1d:30:
                    e8:1e:f3:b0:3b:44:70:0a:0d:f6:ca:25:e2:ee:a5:
                    6b:8a:9c:0f:ed:1e:fe:6c:6c:f6:5a:9e:f3:c3:c8:
                    7e:72:db:d4:39:3e:43:9e:14:8b:9e:b6:64:20:36:
                    1b:0c:39:b9:2f:a2:bb:5a:9b:f4:0c:75:cc:8d:27:
                    e5:96:15:ff:bf:7d:e6:ee:d0:4a:2d:11:2b:5a:c5:
                    5f:21:fa:88:2a:e1:3d:43:38:23:3b:60:2c:7e:98:
                    4e:a5:df:00:c1:7f:92:d3:3a:41:b3:37:32:f6:27:
                    29:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:02:1A:BA:34:38:54:A2:AC:5E:E5:1A:91:8D:1D:28:47:00:70:6B
            X509v3 Authority Key Identifier:
                keyid:99:28:2D:77:C6:62:E6:8B:B8:7E:83:33:8B:76:AD:6B:EA:D9:31:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSgtd8Zi5ou4foMzi3ata-rZMYU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/61c61d-5ed8-4766-9b4b-056b9c231f34/1/TAIaujQ4VKKsXuUakY0dKEcAcGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/61c61d-5ed8-4766-9b4b-056b9c231f34/1/mSgtd8Zi5ou4foMzi3ata-rZMYU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.176.136.0/22
                IPv6:
                  2a0a:1780::/29

    Signature Algorithm: sha256WithRSAEncryption
         7f:86:45:c3:de:92:f7:95:b0:b4:3d:f8:63:75:bc:ea:51:91:
         de:e4:8f:54:3f:ee:b2:93:c2:9e:bf:ac:9a:d5:93:a1:8f:57:
         e9:7f:2b:e2:f7:ab:cf:c9:48:a7:bc:e8:84:6e:3f:1d:e2:60:
         f3:10:8e:af:9f:4e:75:33:7a:ff:30:8e:8f:2c:3c:22:a2:96:
         86:ee:d1:90:e6:15:f7:dc:8b:68:21:9d:d5:01:ff:36:f9:00:
         58:fb:0d:31:cb:7c:8a:b4:21:c9:61:46:7c:4e:55:88:23:3b:
         3d:c9:db:35:3d:16:68:9a:15:37:57:f5:83:35:d4:8f:39:c6:
         13:96:bc:3c:6c:da:fd:aa:93:24:0a:10:1a:f1:22:8e:2a:96:
         09:bd:c8:d2:6b:03:40:ed:19:a3:04:c5:21:0a:4d:6f:f7:60:
         85:54:a7:7e:7b:cf:6b:d5:1e:fd:e8:94:e2:ba:75:02:00:b6:
         d6:65:0e:ca:eb:8b:81:a2:9a:04:0c:d5:73:6c:21:93:64:a4:
         5c:f5:1a:24:3b:46:97:a8:e4:5f:91:ce:cf:11:4b:0a:5a:01:
         c2:25:91:72:b7:9e:eb:db:ca:4c:2c:b0:f1:ca:ac:6d:86:61:
         43:d4:4e:e7:aa:ea:e1:7f:6b:6e:bb:78:9f:e5:0a:4c:c6:80:
         1c:23:85:78
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlIiO4GK4kXvkzK16mj08MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MjgyZDc3YzY2MmU2OGJiODdlODMzMzhiNzZhZDZiZWFk
OTMxODUwHhcNMjUwMTAyMDM0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzAyMWFiYTM0Mzg1NGEyYWM1ZWU1MWE5MThkMWQyODQ3MDA3MDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuMApnbf9sUr7Pv1Mi8PGXXZ72ySR
mVisiVKP1Qbb1nXwqde0nAvNqfGcxUKsJZj6j9pYD2zsiXThmQGv2wq7V5ihmIx8
IL5MZu+5R48SHNsBvTK0AplT/tvaLwG/7rS+TBieEmFuwXamF6gxZGEVl8bt50wR
x9kHhu8mf5b1zOaQE62RLktZHdKpHmq0C+8iBkWiHTDoHvOwO0RwCg32yiXi7qVr
ipwP7R7+bGz2Wp7zw8h+ctvUOT5DnhSLnrZkIDYbDDm5L6K7Wpv0DHXMjSfllhX/
v33m7tBKLRErWsVfIfqIKuE9QzgjO2AsfphOpd8AwX+S0zpBszcy9icprQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEwCGro0OFSirF7lGpGNHShHAHBrMB8GA1UdIwQY
MBaAFJkoLXfGYuaLuH6DM4t2rWvq2TGFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVNndGQ4Wmk1b3U0Zm9NemkzYXRhLXJaTVlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS82MWM2MWQtNWVkOC00NzY2LTliNGIt
MDU2YjljMjMxZjM0LzEvVEFJYXVqUTRWS0tzWHVVYWtZMGRLRWNBY0dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS82MWM2MWQtNWVkOC00NzY2LTliNGItMDU2YjljMjMxZjM0
LzEvbVNndGQ4Wmk1b3U0Zm9NemkzYXRhLXJaTVlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubCIMA0E
AgACMAcDBQMqCheAMA0GCSqGSIb3DQEBCwUAA4IBAQB/hkXD3pL3lbC0Pfhjdbzq
UZHe5I9UP+6yk8Kev6ya1ZOhj1fpfyvi96vPyUinvOiEbj8d4mDzEI6vn051M3r/
MI6PLDwiopaG7tGQ5hX33ItoIZ3VAf82+QBY+w0xy3yKtCHJYUZ8TlWIIzs9yds1
PRZomhU3V/WDNdSPOcYTlrw8bNr9qpMkChAa8SKOKpYJvcjSawNA7RmjBMUhCk1v
92CFVKd+e89r1R796JTiunUCALbWZQ7K64uBopoEDNVzbCGTZKRc9RokO0aXqORf
kc7PEUsKWgHCJZFyt57r28pMLLDxyqxthmFD1E7nqurhf2tuu3if5QpMxoAcI4V4
-----END CERTIFICATE-----