Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/s_TE36yfPLoxO1HtQJoC4r51FQs.roa
File:                     s_TE36yfPLoxO1HtQJoC4r51FQs.roa (raw, json)
Hash identifier:          RUIOt2AwDF/uxoiOU2faBt5FPNFnFuIAZ2oocYmYyg8=
Subject key identifier:   B3:F4:C4:DF:AC:9F:3C:BA:31:3B:51:ED:40:9A:02:E2:BE:75:15:0B
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       01942590165B8764C08AAA41BEEA641DD93A
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/s_TE36yfPLoxO1HtQJoC4r51FQs.roa
Signing time:             Thu 02 Jan 2025 05:49:47 +0000
ROA not before:           Thu 02 Jan 2025 05:49:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215349
IP address blocks:        92.253.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:90:16:5b:87:64:c0:8a:aa:41:be:ea:64:1d:d9:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b3f4c4dfac9f3cba313b51ed409a02e2be75150b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:7e:de:3e:4d:d3:1b:39:91:13:35:bb:55:3b:
                    ed:04:c9:59:c3:12:59:d3:47:45:f7:c4:d7:b6:9b:
                    36:58:ff:9b:65:42:7a:80:9f:64:73:9e:58:f5:88:
                    de:81:11:1d:5b:d1:17:04:1f:d4:ef:8a:79:08:0f:
                    05:17:05:ad:16:56:e2:ca:94:c1:70:ce:97:97:89:
                    70:38:39:eb:40:ee:65:e4:65:1c:f7:43:45:1d:9e:
                    8f:ce:f8:43:bd:f1:37:27:32:2b:27:36:3b:bd:57:
                    aa:ab:d5:2c:4a:4a:fe:f0:7b:21:ae:e5:f1:be:37:
                    e0:34:d7:00:6a:0a:4c:e5:39:48:c3:44:59:ea:53:
                    02:2e:1b:ec:49:69:f3:2c:d4:6f:27:94:3f:2e:93:
                    9f:ff:61:2d:c0:b7:6b:88:f4:e5:90:bf:94:34:77:
                    46:d9:0f:f9:72:69:92:dc:ae:51:95:e1:7f:c6:49:
                    7c:f0:6f:1a:3f:04:3e:87:e9:b7:38:dd:a3:0a:32:
                    86:b8:40:18:b7:ff:b7:86:93:e8:bd:93:6a:a8:dd:
                    f4:78:5c:8a:43:8b:92:f2:f9:24:c9:5f:54:3e:c4:
                    62:07:53:07:57:db:8f:c9:6d:44:b6:78:24:32:e8:
                    04:b3:9d:3a:e0:85:9c:5a:1b:05:3c:6a:11:7f:4e:
                    8a:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:F4:C4:DF:AC:9F:3C:BA:31:3B:51:ED:40:9A:02:E2:BE:75:15:0B
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/s_TE36yfPLoxO1HtQJoC4r51FQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.253.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:6e:f6:4d:80:2a:02:eb:27:23:a1:a6:60:23:50:dc:13:93:
         82:3e:59:c5:56:66:b5:2e:8f:0a:17:6e:68:65:75:01:eb:7c:
         b5:3d:70:34:21:87:09:12:e9:fd:08:5f:08:73:ea:36:ba:ba:
         d8:d4:af:c0:11:94:fa:f8:ea:49:f0:ad:da:3b:32:01:0e:e7:
         52:96:cf:b7:05:c3:7d:36:3a:34:ab:26:42:0f:ba:ae:4a:74:
         9b:b2:57:bc:a5:51:41:0f:1f:23:90:ac:5d:c3:d8:4a:96:d4:
         8a:5d:58:46:1b:c4:48:de:52:9d:56:c5:f1:45:ee:c9:ae:36:
         17:26:b8:97:6c:b7:c9:bb:71:37:c0:51:4c:e4:be:dc:a7:06:
         ad:b5:dc:9e:cd:f9:e6:ec:8b:08:49:f9:82:01:21:dc:20:82:
         e9:55:42:ee:c5:7b:53:b2:d8:d8:86:85:c6:12:2c:f8:87:c6:
         51:39:c6:77:ff:57:34:0e:48:28:bc:4d:f0:e2:44:60:f2:cb:
         93:5c:83:e1:1d:fd:7f:a7:6e:78:9e:ec:04:4a:e1:7a:28:a8:
         53:8d:db:45:b0:a4:24:65:f1:74:af:9c:88:42:c4:5b:b6:f8:
         8a:bf:0c:23:4c:7c:02:c9:b2:53:78:82:b6:09:b5:db:c1:4b:
         45:f7:89:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlkBZbh2TAiqpBvupkHdk6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2Y0YzRkZmFjOWYzY2JhMzEzYjUxZWQ0MDlhMDJlMmJlNzUxNTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApn7ePk3TGzmREzW7VTvtBMlZwxJZ
00dF98TXtps2WP+bZUJ6gJ9kc55Y9YjegREdW9EXBB/U74p5CA8FFwWtFlbiypTB
cM6Xl4lwODnrQO5l5GUc90NFHZ6PzvhDvfE3JzIrJzY7vVeqq9UsSkr+8HshruXx
vjfgNNcAagpM5TlIw0RZ6lMCLhvsSWnzLNRvJ5Q/LpOf/2EtwLdriPTlkL+UNHdG
2Q/5cmmS3K5RleF/xkl88G8aPwQ+h+m3ON2jCjKGuEAYt/+3hpPovZNqqN30eFyK
Q4uS8vkkyV9UPsRiB1MHV9uPyW1EtngkMugEs5064IWcWhsFPGoRf06KiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLP0xN+snzy6MTtR7UCaAuK+dRULMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvc19URTM2eWZQTG94TzFIdFFKb0M0cjUxRlFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXP3oMA0G
CSqGSIb3DQEBCwUAA4IBAQCybvZNgCoC6ycjoaZgI1DcE5OCPlnFVma1Lo8KF25o
ZXUB63y1PXA0IYcJEun9CF8Ic+o2urrY1K/AEZT6+OpJ8K3aOzIBDudSls+3BcN9
Njo0qyZCD7quSnSbsle8pVFBDx8jkKxdw9hKltSKXVhGG8RI3lKdVsXxRe7JrjYX
JriXbLfJu3E3wFFM5L7cpwattdyezfnm7IsISfmCASHcIILpVULuxXtTstjYhoXG
Eiz4h8ZROcZ3/1c0DkgovE3w4kRg8suTXIPhHf1/p254nuwESuF6KKhTjdtFsKQk
ZfF0r5yIQsRbtviKvwwjTHwCybJTeIK2CbXbwUtF94lg
-----END CERTIFICATE-----