Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/f74914-dda8-4d45-9992-4bef8328aaab/1/TNt6qas3cJ89n8wxiGWzg9MyX8w.roa
File:                     TNt6qas3cJ89n8wxiGWzg9MyX8w.roa (raw, json)
Hash identifier:          rrMidK0OGIBtvobdrSZyglIiGj8pyxF47ABU/7yhc+8=
Subject key identifier:   4C:DB:7A:A9:AB:37:70:9F:3D:9F:CC:31:88:65:B3:83:D3:32:5F:CC
Certificate issuer:       /CN=f374f734c3695e67906a7032eb2e59fb3eb41b22
Certificate serial:       019421B1C166E06FF551F6B2435DE4E42B57
Authority key identifier: F3:74:F7:34:C3:69:5E:67:90:6A:70:32:EB:2E:59:FB:3E:B4:1B:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/83T3NMNpXmeQanAy6y5Z-z60GyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/f74914-dda8-4d45-9992-4bef8328aaab/1/TNt6qas3cJ89n8wxiGWzg9MyX8w.roa
Signing time:             Wed 01 Jan 2025 11:48:04 +0000
ROA not before:           Wed 01 Jan 2025 11:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        192.162.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/f74914-dda8-4d45-9992-4bef8328aaab/1/83T3NMNpXmeQanAy6y5Z-z60GyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/f74914-dda8-4d45-9992-4bef8328aaab/1/83T3NMNpXmeQanAy6y5Z-z60GyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/83T3NMNpXmeQanAy6y5Z-z60GyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:c1:66:e0:6f:f5:51:f6:b2:43:5d:e4:e4:2b:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f374f734c3695e67906a7032eb2e59fb3eb41b22
        Validity
            Not Before: Jan  1 11:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4cdb7aa9ab37709f3d9fcc318865b383d3325fcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:05:14:62:a0:8d:80:27:44:b4:e1:3a:87:5c:
                    5d:e8:5b:c1:bf:bc:a4:47:01:c5:b9:5a:7c:d2:99:
                    21:44:20:66:7f:7f:f8:4d:d5:e2:0d:15:8c:b1:c0:
                    57:f0:0d:27:06:d1:cd:3b:dc:56:35:00:d1:78:51:
                    2a:05:b5:1c:b8:0d:9a:c1:d7:e6:b9:93:e1:72:e6:
                    18:1b:1c:d2:cb:89:df:68:ea:d0:6e:19:18:24:0b:
                    4c:21:4e:2b:25:ba:de:2d:0a:d5:20:24:d3:69:bd:
                    45:3b:05:2f:73:0b:21:4f:ef:3a:77:fc:91:4d:36:
                    65:7a:63:ee:e3:ac:45:ab:8d:5b:cf:b8:17:7a:fa:
                    05:b3:dc:45:0d:f1:02:74:eb:dc:b8:53:a3:c0:90:
                    26:e2:f1:27:e4:9f:00:85:9c:d3:1e:95:bb:fb:49:
                    c0:e1:ee:6a:f3:52:4b:9e:d8:9b:c4:21:df:62:2e:
                    ea:1c:a7:d6:42:80:c8:39:81:77:dd:3b:fe:08:87:
                    cc:a9:8e:a7:0f:d3:0e:1d:9e:fa:ad:e2:54:ea:bd:
                    e8:fd:4c:3b:84:63:dd:3d:ac:80:f8:09:47:1f:45:
                    d3:e5:f9:3a:74:2b:45:7c:17:51:45:d5:26:de:46:
                    b0:6d:ca:b1:8c:dc:05:1c:75:42:24:78:f8:c6:db:
                    63:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:DB:7A:A9:AB:37:70:9F:3D:9F:CC:31:88:65:B3:83:D3:32:5F:CC
            X509v3 Authority Key Identifier:
                keyid:F3:74:F7:34:C3:69:5E:67:90:6A:70:32:EB:2E:59:FB:3E:B4:1B:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/83T3NMNpXmeQanAy6y5Z-z60GyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/f74914-dda8-4d45-9992-4bef8328aaab/1/TNt6qas3cJ89n8wxiGWzg9MyX8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/f74914-dda8-4d45-9992-4bef8328aaab/1/83T3NMNpXmeQanAy6y5Z-z60GyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.162.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:33:d6:cd:dc:4a:4d:e7:07:1c:93:c5:20:44:e7:ff:87:68:
         31:3b:3a:04:45:de:e9:f1:70:c6:97:7b:14:9c:36:1b:68:e3:
         d9:f7:93:c9:ef:82:34:e6:39:54:41:b2:fc:c5:65:6e:3a:0e:
         a6:3c:aa:4c:fd:a2:40:41:e1:e4:b5:85:97:0f:59:73:1f:84:
         1b:86:a3:af:13:17:5d:ad:59:61:97:ca:45:ca:4a:cf:6b:c0:
         76:c6:eb:22:c1:7d:ea:f0:9e:8d:b3:cf:17:75:30:fd:33:f2:
         0e:79:c5:0e:69:b0:6d:e4:b6:e5:0a:ed:33:b8:d4:ca:ad:23:
         e7:5d:e8:9b:93:ab:b1:36:15:11:89:be:b0:5a:61:7b:ff:b6:
         e1:46:01:10:97:d7:77:50:45:49:16:da:94:f2:bd:2c:d4:b5:
         49:e8:80:2d:7f:8a:2a:d0:54:a1:3c:c5:f8:d6:75:95:e3:48:
         19:a1:aa:ec:ba:b8:58:86:6e:04:d9:e7:50:02:cc:87:ec:f9:
         36:c1:16:4a:b1:fe:70:44:71:81:9a:94:cf:02:e5:3f:95:9d:
         65:eb:f2:94:20:d9:2e:7e:b1:7e:4a:1c:1d:72:d0:81:22:48:
         2a:07:26:9f:7f:ae:fc:37:41:ef:44:bc:94:32:0b:45:8d:f8:
         9b:df:ac:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhscFm4G/1UfayQ13k5CtXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzNzRmNzM0YzM2OTVlNjc5MDZhNzAzMmViMmU1OWZiM2Vi
NDFiMjIwHhcNMjUwMTAxMTE0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2RiN2FhOWFiMzc3MDlmM2Q5ZmNjMzE4ODY1YjM4M2QzMzI1ZmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1QUUYqCNgCdEtOE6h1xd6FvBv7yk
RwHFuVp80pkhRCBmf3/4TdXiDRWMscBX8A0nBtHNO9xWNQDReFEqBbUcuA2awdfm
uZPhcuYYGxzSy4nfaOrQbhkYJAtMIU4rJbreLQrVICTTab1FOwUvcwshT+86d/yR
TTZlemPu46xFq41bz7gXevoFs9xFDfECdOvcuFOjwJAm4vEn5J8AhZzTHpW7+0nA
4e5q81JLntibxCHfYi7qHKfWQoDIOYF33Tv+CIfMqY6nD9MOHZ76reJU6r3o/Uw7
hGPdPayA+AlHH0XT5fk6dCtFfBdRRdUm3kawbcqxjNwFHHVCJHj4xttj9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEzbeqmrN3CfPZ/MMYhls4PTMl/MMB8GA1UdIwQY
MBaAFPN09zTDaV5nkGpwMusuWfs+tBsiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODNUM05NTnBYbWVRYW5BeTZ5NVotejYwR3lJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9mNzQ5MTQtZGRhOC00ZDQ1LTk5OTIt
NGJlZjgzMjhhYWFiLzEvVE50NnFhczNjSjg5bjh3eGlHV3pnOU15WDh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9mNzQ5MTQtZGRhOC00ZDQ1LTk5OTItNGJlZjgzMjhhYWFi
LzEvODNUM05NTnBYbWVRYW5BeTZ5NVotejYwR3lJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwKLbMA0G
CSqGSIb3DQEBCwUAA4IBAQBfM9bN3EpN5wcck8UgROf/h2gxOzoERd7p8XDGl3sU
nDYbaOPZ95PJ74I05jlUQbL8xWVuOg6mPKpM/aJAQeHktYWXD1lzH4QbhqOvExdd
rVlhl8pFykrPa8B2xusiwX3q8J6Ns88XdTD9M/IOecUOabBt5LblCu0zuNTKrSPn
Xeibk6uxNhURib6wWmF7/7bhRgEQl9d3UEVJFtqU8r0s1LVJ6IAtf4oq0FShPMX4
1nWV40gZoarsurhYhm4E2edQAsyH7Pk2wRZKsf5wRHGBmpTPAuU/lZ1l6/KUINku
frF+ShwdctCBIkgqByaff678N0HvRLyUMgtFjfib36xu
-----END CERTIFICATE-----