Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/TcQDciPSUxogutq-xkaHUPLF3ts.roa
File:                     TcQDciPSUxogutq-xkaHUPLF3ts.roa (raw, json)
Hash identifier:          1b1s+jfbmORH2ocmov5z0/0KS7ECvLwUQn61gk6ZegM=
Subject key identifier:   4D:C4:03:72:23:D2:53:1A:20:BA:DA:BE:C6:46:87:50:F2:C5:DE:DB
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       0195B47178A57784918F7DBE4C6830E2FC1D
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/TcQDciPSUxogutq-xkaHUPLF3ts.roa
Signing time:             Thu 20 Mar 2025 16:44:50 +0000
ROA not before:           Thu 20 Mar 2025 16:44:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     10753
IP address blocks:        77.47.148.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b4:71:78:a5:77:84:91:8f:7d:be:4c:68:30:e2:fc:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Mar 20 16:44:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4dc4037223d2531a20badabec6468750f2c5dedb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:df:21:20:b0:42:a7:b3:06:25:37:b8:00:cc:
                    8d:82:92:22:e5:d0:a2:35:f7:34:bc:5a:25:85:67:
                    f5:00:42:34:a7:33:5a:03:b9:33:a5:2d:cb:c3:87:
                    05:65:2c:25:c0:e7:93:1e:48:52:22:27:30:a7:24:
                    31:cc:0d:3d:8b:8e:ca:a0:fb:cf:d6:3f:8e:62:4c:
                    96:94:6b:37:45:c0:db:e1:94:69:59:55:c1:c4:cd:
                    4a:0e:7a:d8:c9:e9:2e:b4:1c:cf:24:3b:fd:18:7d:
                    ce:5d:a1:b5:df:75:3d:58:a1:42:ba:3c:3b:cc:4a:
                    f9:80:e4:c0:fa:a0:6a:68:49:99:7c:1c:c4:26:0b:
                    d5:5b:02:0a:c0:64:62:19:bf:9a:01:f7:a3:42:cd:
                    27:89:2d:cf:c0:51:e4:d0:02:a4:6a:eb:7f:00:d1:
                    59:ff:d4:b0:89:cb:1c:1e:22:5d:ae:fa:e7:e9:66:
                    74:66:c8:46:0d:cd:83:04:95:ac:88:4f:62:78:b8:
                    3d:66:08:95:22:02:c9:c4:e2:c8:ed:07:30:c2:4f:
                    5b:24:8c:62:47:86:90:cc:e1:d4:61:a8:77:85:2b:
                    7f:47:d5:03:84:38:2b:dd:c3:0b:2b:e0:16:64:0a:
                    9e:88:e6:be:e2:06:c8:18:4e:6a:a5:65:52:81:0c:
                    9a:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:C4:03:72:23:D2:53:1A:20:BA:DA:BE:C6:46:87:50:F2:C5:DE:DB
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/TcQDciPSUxogutq-xkaHUPLF3ts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         aa:e3:19:fe:41:64:c0:50:a9:b0:84:7f:fd:bf:3a:72:72:68:
         cc:8a:c4:14:5c:70:fc:73:c2:93:cd:93:3b:58:cb:6f:11:8d:
         c0:9d:7f:af:bc:91:73:e3:3f:f2:2f:80:8b:ae:61:ef:73:10:
         32:27:2f:6b:f8:8a:bc:cc:d1:6f:35:de:fc:fe:c1:db:07:c6:
         51:1b:e1:17:39:d7:a7:bd:e8:9a:59:0a:d9:14:8b:d5:0f:19:
         d6:2b:7e:2e:c7:c4:c8:6f:69:48:bf:82:cc:c3:0b:f0:0d:56:
         74:4e:f1:ec:05:6b:7e:15:49:43:b5:ea:9f:6a:c6:f0:0f:06:
         c4:82:78:6f:58:e1:6c:b3:15:16:d4:0c:f0:cd:b6:7a:5f:81:
         73:ad:1b:74:70:da:cf:33:5b:41:64:2e:fd:ff:df:57:73:73:
         35:54:64:a6:68:58:9f:55:3e:a5:16:05:7c:7d:94:cc:80:6b:
         d7:13:2d:1f:c1:11:cc:38:8d:28:d7:41:3b:2c:ae:bf:36:1a:
         d1:34:dd:ae:89:a6:05:d4:40:42:5f:a9:af:f7:35:b4:81:d3:
         3e:64:c8:3e:eb:92:e5:68:9f:a3:e9:a4:50:03:98:d6:38:60:
         39:ba:88:16:71:92:81:e9:27:b2:64:9d:e8:ad:74:6a:76:01:
         16:13:f6:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZW0cXild4SRj32+TGgw4vwdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjUwMzIwMTY0NDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGM0MDM3MjIzZDI1MzFhMjBiYWRhYmVjNjQ2ODc1MGYyYzVkZWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAud8hILBCp7MGJTe4AMyNgpIi5dCi
Nfc0vFolhWf1AEI0pzNaA7kzpS3Lw4cFZSwlwOeTHkhSIicwpyQxzA09i47KoPvP
1j+OYkyWlGs3RcDb4ZRpWVXBxM1KDnrYyekutBzPJDv9GH3OXaG133U9WKFCujw7
zEr5gOTA+qBqaEmZfBzEJgvVWwIKwGRiGb+aAfejQs0niS3PwFHk0AKkaut/ANFZ
/9SwicscHiJdrvrn6WZ0ZshGDc2DBJWsiE9ieLg9ZgiVIgLJxOLI7Qcwwk9bJIxi
R4aQzOHUYah3hSt/R9UDhDgr3cMLK+AWZAqeiOa+4gbIGE5qpWVSgQyaywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE3EA3Ij0lMaILravsZGh1Dyxd7bMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvVGNRRGNpUFNVeG9ndXRxLXhrYUhVUExGM3RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTS+UMA0G
CSqGSIb3DQEBCwUAA4IBAQCq4xn+QWTAUKmwhH/9vzpycmjMisQUXHD8c8KTzZM7
WMtvEY3AnX+vvJFz4z/yL4CLrmHvcxAyJy9r+Iq8zNFvNd78/sHbB8ZRG+EXOden
veiaWQrZFIvVDxnWK34ux8TIb2lIv4LMwwvwDVZ0TvHsBWt+FUlDteqfasbwDwbE
gnhvWOFssxUW1AzwzbZ6X4FzrRt0cNrPM1tBZC79/99Xc3M1VGSmaFifVT6lFgV8
fZTMgGvXEy0fwRHMOI0o10E7LK6/NhrRNN2uiaYF1EBCX6mv9zW0gdM+ZMg+65Ll
aJ+j6aRQA5jWOGA5uogWcZKB6SeyZJ3orXRqdgEWE/ah
-----END CERTIFICATE-----