Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/Tz-eGTasLTxJaRB_AyMo0GbjCYY.roa
File:                     Tz-eGTasLTxJaRB_AyMo0GbjCYY.roa (raw, json)
Hash identifier:          y/BDSOiRtRFchkB8Upvuvb+MNs6zs82qA1XU7WJzVqs=
Subject key identifier:   4F:3F:9E:19:36:AC:2D:3C:49:69:10:7F:03:23:28:D0:66:E3:09:86
Certificate issuer:       /CN=dede91a0fb1f4dd17900d06db6e88336f78b5c05
Certificate serial:       019422FB061ED0DD51BB8F1445D1C7F09103
Authority key identifier: DE:DE:91:A0:FB:1F:4D:D1:79:00:D0:6D:B6:E8:83:36:F7:8B:5C:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3t6RoPsfTdF5ANBttuiDNveLXAU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/Tz-eGTasLTxJaRB_AyMo0GbjCYY.roa
Signing time:             Wed 01 Jan 2025 17:47:43 +0000
ROA not before:           Wed 01 Jan 2025 17:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215064
IP address blocks:        193.28.68.0/24 maxlen: 24
                          2a12:6900:2000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/3t6RoPsfTdF5ANBttuiDNveLXAU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/3t6RoPsfTdF5ANBttuiDNveLXAU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3t6RoPsfTdF5ANBttuiDNveLXAU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:06:1e:d0:dd:51:bb:8f:14:45:d1:c7:f0:91:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dede91a0fb1f4dd17900d06db6e88336f78b5c05
        Validity
            Not Before: Jan  1 17:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f3f9e1936ac2d3c4969107f032328d066e30986
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:7f:1b:52:97:84:99:03:56:5e:18:c6:1f:0e:
                    a9:d2:e8:20:26:ed:09:f4:04:5c:91:21:0d:3a:ed:
                    61:d6:8a:ca:b9:80:6e:7d:64:a3:8a:0b:66:7d:51:
                    66:f5:d0:11:52:c3:38:ef:8e:bf:5e:26:41:10:23:
                    f7:2a:b6:ce:63:9c:62:f8:d8:b1:62:d2:3b:c3:8e:
                    68:f9:57:9d:3f:a5:ff:11:94:94:c3:18:2f:22:4f:
                    99:2b:49:8d:9b:d8:c0:42:29:db:0c:af:62:3b:1d:
                    ab:90:7d:49:01:40:5e:47:11:7d:85:9d:d7:d9:27:
                    8c:b0:58:5d:c6:3c:a1:71:8b:0a:db:2f:5a:f1:72:
                    16:a5:32:c0:b8:56:71:71:55:f4:be:31:9e:5c:fd:
                    c6:73:29:36:b8:08:f8:b9:b7:b5:88:04:c1:9a:bd:
                    71:75:d4:a7:91:aa:31:aa:58:25:02:2d:01:39:f2:
                    f9:c5:97:86:e2:b3:38:da:6d:61:b1:ad:87:d2:48:
                    24:57:aa:ae:b3:d5:63:e6:58:29:f3:17:c1:d8:6d:
                    8f:46:1b:3c:11:d2:63:a4:00:db:95:99:8d:8b:74:
                    c1:6a:74:c2:8c:8a:66:76:24:f3:43:ae:80:58:f3:
                    a5:07:9f:b3:69:e7:84:a9:49:5d:54:ad:f6:ef:3a:
                    6a:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:3F:9E:19:36:AC:2D:3C:49:69:10:7F:03:23:28:D0:66:E3:09:86
            X509v3 Authority Key Identifier:
                keyid:DE:DE:91:A0:FB:1F:4D:D1:79:00:D0:6D:B6:E8:83:36:F7:8B:5C:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3t6RoPsfTdF5ANBttuiDNveLXAU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/Tz-eGTasLTxJaRB_AyMo0GbjCYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/3t6RoPsfTdF5ANBttuiDNveLXAU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.28.68.0/24
                IPv6:
                  2a12:6900:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         4b:e3:06:db:66:88:a5:e9:b4:54:5e:0a:9d:69:07:db:65:70:
         a6:da:be:70:5d:98:c6:12:22:f2:1d:35:6a:3d:95:5c:cc:de:
         f6:a5:ba:86:02:9d:f6:07:09:31:d0:37:e8:78:41:e9:8a:5f:
         4f:16:a1:8d:51:f5:da:9d:cb:a7:17:e8:b9:9c:58:df:22:88:
         e6:c5:03:a1:45:b4:f3:4c:64:18:8b:fd:b8:8d:58:e5:e9:f5:
         dd:ed:81:d0:43:5e:35:65:db:e3:bf:e6:7f:78:3f:da:d0:5f:
         ae:5d:82:08:4d:8d:57:9b:03:76:89:24:53:81:8b:a3:65:b1:
         c3:b9:53:6c:dc:58:a2:c7:50:aa:94:0e:b2:a6:0d:34:11:c5:
         94:55:a6:7b:33:1b:56:9b:bd:97:02:db:cc:3f:99:af:c0:dc:
         01:54:d8:b5:d0:17:4a:77:83:92:45:2d:71:4d:ab:48:fa:b3:
         b1:44:af:a9:b0:4a:bf:f5:c1:f4:1d:ab:ae:de:c8:58:fc:ea:
         36:da:4a:8f:38:b1:1c:7f:f7:d4:ba:f4:7e:ff:fd:94:31:4d:
         a8:37:d1:83:12:20:4e:f9:02:16:2e:f1:3a:bc:11:18:07:40:
         32:ee:ef:55:8e:99:c3:f2:04:9a:ae:94:27:f1:72:01:59:30:
         39:6a:0c:66
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQi+wYe0N1Ru48URdHH8JEDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZGU5MWEwZmIxZjRkZDE3OTAwZDA2ZGI2ZTg4MzM2Zjc4
YjVjMDUwHhcNMjUwMTAxMTc0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjNmOWUxOTM2YWMyZDNjNDk2OTEwN2YwMzIzMjhkMDY2ZTMwOTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3X8bUpeEmQNWXhjGHw6p0uggJu0J
9ARckSENOu1h1orKuYBufWSjigtmfVFm9dARUsM4746/XiZBECP3KrbOY5xi+Nix
YtI7w45o+VedP6X/EZSUwxgvIk+ZK0mNm9jAQinbDK9iOx2rkH1JAUBeRxF9hZ3X
2SeMsFhdxjyhcYsK2y9a8XIWpTLAuFZxcVX0vjGeXP3Gcyk2uAj4ube1iATBmr1x
ddSnkaoxqlglAi0BOfL5xZeG4rM42m1hsa2H0kgkV6qus9Vj5lgp8xfB2G2PRhs8
EdJjpADblZmNi3TBanTCjIpmdiTzQ66AWPOlB5+zaeeEqUldVK327zpq2QIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFE8/nhk2rC08SWkQfwMjKNBm4wmGMB8GA1UdIwQY
MBaAFN7ekaD7H03ReQDQbbbogzb3i1wFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3Q2Um9Qc2ZUZEY1QU5CdHR1aUROdmVMWEFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS8yMzIxZDYtYmQ2Yy00YjJhLWFmODMt
MjFhNzAwYzcxMTlmLzEvVHotZUdUYXNMVHhKYVJCX0F5TW8wR2JqQ1lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS8yMzIxZDYtYmQ2Yy00YjJhLWFmODMtMjFhNzAwYzcxMTlm
LzEvM3Q2Um9Qc2ZUZEY1QU5CdHR1aUROdmVMWEFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAwRxEMA4E
AgACMAgDBgAqEmkAIDANBgkqhkiG9w0BAQsFAAOCAQEAS+MG22aIpem0VF4KnWkH
22Vwptq+cF2YxhIi8h01aj2VXMze9qW6hgKd9gcJMdA36HhB6YpfTxahjVH12p3L
pxfouZxY3yKI5sUDoUW080xkGIv9uI1Y5en13e2B0ENeNWXb47/mf3g/2tBfrl2C
CE2NV5sDdokkU4GLo2Wxw7lTbNxYosdQqpQOsqYNNBHFlFWmezMbVpu9lwLbzD+Z
r8DcAVTYtdAXSneDkkUtcU2rSPqzsUSvqbBKv/XB9B2rrt7IWPzqNtpKjzixHH/3
1Lr0fv/9lDFNqDfRgxIgTvkCFi7xOrwRGAdAMu7vVY6Zw/IEmq6UJ/FyAVkwOWoM
Zg==
-----END CERTIFICATE-----