Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/TYbsAhmCFhxDmMjSBWdQf9UoRaY.roa
File:                     TYbsAhmCFhxDmMjSBWdQf9UoRaY.roa (raw, json)
Hash identifier:          p8RJgIpCDo9sLZeHoPNcNbLdDdRc1mOcWR0m2s6oMdI=
Subject key identifier:   4D:86:EC:02:19:82:16:1C:43:98:C8:D2:05:67:50:7F:D5:28:45:A6
Certificate issuer:       /CN=16055801b775e774306321455fd463fbd9273c4c
Certificate serial:       0197184883A623543D9CA2D0C89D2DC5834B
Authority key identifier: 16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/TYbsAhmCFhxDmMjSBWdQf9UoRaY.roa
Signing time:             Wed 28 May 2025 19:04:54 +0000
ROA not before:           Wed 28 May 2025 19:04:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9318
IP address blocks:        144.56.24.0/24 maxlen: 24
                          144.56.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:18:48:83:a6:23:54:3d:9c:a2:d0:c8:9d:2d:c5:83:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16055801b775e774306321455fd463fbd9273c4c
        Validity
            Not Before: May 28 19:04:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d86ec021982161c4398c8d20567507fd52845a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:05:37:e2:3d:0b:19:08:64:e9:83:67:b9:f5:
                    47:93:a3:ef:c6:c5:a4:b7:e7:85:ff:8d:92:59:e5:
                    82:03:6e:2a:4d:0e:b6:ea:d3:dc:65:d8:42:35:52:
                    3e:8c:d0:d2:af:1e:f7:0b:97:12:ba:9e:0b:29:d0:
                    25:25:5c:35:09:c8:74:c9:c0:bc:5d:95:6f:b0:c4:
                    fc:a7:61:45:02:2b:50:74:59:d3:2f:59:61:4f:bc:
                    d0:e2:05:25:39:65:9b:ef:f6:db:55:d6:98:43:b0:
                    e7:fe:cb:6d:1f:a8:cc:1d:c3:32:a5:ad:e4:9c:23:
                    68:8a:34:ba:61:6f:48:33:a8:0c:eb:8a:db:8c:47:
                    91:e6:0c:5c:22:a2:4e:a8:1d:63:84:88:a7:b4:5c:
                    ae:a6:55:36:2c:40:94:44:1b:27:17:0e:f9:cf:56:
                    60:c1:27:28:56:f7:1b:0a:b3:00:54:00:b8:f4:c3:
                    02:25:19:fd:e5:2c:82:e1:91:da:7a:f9:5a:85:49:
                    8a:c3:9f:e2:a3:e4:59:fb:e7:ab:fc:d7:8e:29:d5:
                    a4:84:ef:07:71:61:7e:e0:fd:c2:0c:f8:fd:eb:6d:
                    e2:54:19:e0:e1:5d:f7:9b:c4:8a:67:88:8a:a3:aa:
                    6a:c5:75:8c:98:59:b1:60:de:8c:c1:ba:d3:28:1e:
                    6a:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:86:EC:02:19:82:16:1C:43:98:C8:D2:05:67:50:7F:D5:28:45:A6
            X509v3 Authority Key Identifier:
                keyid:16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/TYbsAhmCFhxDmMjSBWdQf9UoRaY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.56.24.0/24
                  144.56.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:c3:5c:dc:74:ca:1b:75:bc:90:87:f3:56:a1:f8:a3:e6:d3:
         c1:38:de:3b:43:dd:28:52:30:5f:50:d0:8f:89:11:20:77:72:
         13:b5:6a:36:74:75:37:a9:9d:9d:05:f7:64:d0:10:ec:11:09:
         81:3b:d9:98:a7:af:64:67:90:4c:db:e3:50:03:0f:c9:51:b6:
         43:46:b0:d9:2a:53:4e:a7:64:c9:23:6d:fe:74:ce:43:08:f8:
         26:bd:6b:dd:ac:72:07:01:7f:e3:5b:2d:87:49:46:ea:db:cf:
         9a:cb:61:60:b0:3e:b7:76:95:b9:34:c9:eb:79:66:1d:29:32:
         90:7c:cd:91:43:b3:a0:35:b7:9c:ad:3e:4d:7e:f8:c3:63:26:
         42:2c:27:12:02:b5:2c:65:48:92:1f:81:e7:2d:3b:f3:6f:a0:
         7d:55:f7:b1:b9:3f:d2:4f:1d:aa:80:03:b9:f2:8f:fa:c5:b8:
         89:f0:32:49:30:db:c1:d6:1b:b2:a7:01:1b:0a:14:a3:9c:54:
         1e:a9:38:a6:3b:8d:44:06:02:c7:5d:03:27:ee:08:15:03:f2:
         68:dd:a4:80:92:b3:89:99:a6:5c:a6:02:2e:0f:da:8e:7a:46:
         78:7b:e1:37:ce:cc:5a:e4:38:c8:b2:20:87:a7:82:70:17:70:
         45:cb:30:cc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZcYSIOmI1Q9nKLQyJ0txYNLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MDU1ODAxYjc3NWU3NzQzMDYzMjE0NTVmZDQ2M2ZiZDky
NzNjNGMwHhcNMjUwNTI4MTkwNDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDg2ZWMwMjE5ODIxNjFjNDM5OGM4ZDIwNTY3NTA3ZmQ1Mjg0NWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwU34j0LGQhk6YNnufVHk6PvxsWk
t+eF/42SWeWCA24qTQ626tPcZdhCNVI+jNDSrx73C5cSup4LKdAlJVw1Cch0ycC8
XZVvsMT8p2FFAitQdFnTL1lhT7zQ4gUlOWWb7/bbVdaYQ7Dn/sttH6jMHcMypa3k
nCNoijS6YW9IM6gM64rbjEeR5gxcIqJOqB1jhIintFyuplU2LECURBsnFw75z1Zg
wScoVvcbCrMAVAC49MMCJRn95SyC4ZHaevlahUmKw5/io+RZ++er/NeOKdWkhO8H
cWF+4P3CDPj9623iVBng4V33m8SKZ4iKo6pqxXWMmFmxYN6MwbrTKB5q/QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE2G7AIZghYcQ5jI0gVnUH/VKEWmMB8GA1UdIwQY
MBaAFBYFWAG3ded0MGMhRV/UY/vZJzxMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgt
MTM1NzE3ZWYzODhhLzEvVFlic0FobUNGaHhEbU1qU0JXZFFmOVVvUmFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgtMTM1NzE3ZWYzODhh
LzEvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAkDgYAwQA
kDgfMA0GCSqGSIb3DQEBCwUAA4IBAQAyw1zcdMobdbyQh/NWofij5tPBON47Q90o
UjBfUNCPiREgd3ITtWo2dHU3qZ2dBfdk0BDsEQmBO9mYp69kZ5BM2+NQAw/JUbZD
RrDZKlNOp2TJI23+dM5DCPgmvWvdrHIHAX/jWy2HSUbq28+ay2FgsD63dpW5NMnr
eWYdKTKQfM2RQ7OgNbecrT5NfvjDYyZCLCcSArUsZUiSH4HnLTvzb6B9VfexuT/S
Tx2qgAO58o/6xbiJ8DJJMNvB1huypwEbChSjnFQeqTimO41EBgLHXQMn7ggVA/Jo
3aSAkrOJmaZcpgIuD9qOekZ4e+E3zsxa5DjIsiCHp4JwF3BFyzDM
-----END CERTIFICATE-----