Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/566cb1-7915-4ffd-8570-6b93af613d7d/1/TbDm0VV2IIni5MfaMJDxPEqxHQQ.roa
File:                     TbDm0VV2IIni5MfaMJDxPEqxHQQ.roa (raw, json)
Hash identifier:          7X6b+hTk4kXwHQiBVUnERgcn3N8YcwYoax1mTJYhV7U=
Subject key identifier:   4D:B0:E6:D1:55:76:20:89:E2:E4:C7:DA:30:90:F1:3C:4A:B1:1D:04
Certificate issuer:       /CN=8d3f356a02d9679ce890b5d51e0dec2f3f363361
Certificate serial:       019425218B526C58771D0F9338467EBE88E0
Authority key identifier: 8D:3F:35:6A:02:D9:67:9C:E8:90:B5:D5:1E:0D:EC:2F:3F:36:33:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jT81agLZZ5zokLXVHg3sLz82M2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/566cb1-7915-4ffd-8570-6b93af613d7d/1/TbDm0VV2IIni5MfaMJDxPEqxHQQ.roa
Signing time:             Thu 02 Jan 2025 03:49:02 +0000
ROA not before:           Thu 02 Jan 2025 03:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208565
IP address blocks:        193.163.70.0/24 maxlen: 24
                          2a11:4e00::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/566cb1-7915-4ffd-8570-6b93af613d7d/1/jT81agLZZ5zokLXVHg3sLz82M2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/566cb1-7915-4ffd-8570-6b93af613d7d/1/jT81agLZZ5zokLXVHg3sLz82M2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jT81agLZZ5zokLXVHg3sLz82M2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 16:11:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:8b:52:6c:58:77:1d:0f:93:38:46:7e:be:88:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d3f356a02d9679ce890b5d51e0dec2f3f363361
        Validity
            Not Before: Jan  2 03:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4db0e6d155762089e2e4c7da3090f13c4ab11d04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:ee:3c:df:1d:f6:e2:e5:ec:6a:18:50:a3:43:
                    37:ec:7c:bd:83:3a:0e:3b:2f:3a:01:6a:b1:57:c9:
                    e1:6f:1e:9a:55:07:83:91:bc:57:3b:cc:09:2f:8d:
                    63:c1:e2:50:93:7f:66:54:7b:cd:8c:9b:fd:94:c7:
                    8c:7f:cd:c7:47:3c:b8:f9:f7:aa:5a:ac:3a:0f:f8:
                    2e:2b:8b:b3:8d:43:ef:b9:94:fd:ab:31:65:3d:51:
                    f2:6e:0a:33:03:f2:77:ee:ce:d9:9d:e0:2e:3b:3a:
                    43:64:c3:ae:0c:c5:01:60:6b:d5:a7:a4:ae:97:fa:
                    4a:ce:b5:51:47:cb:51:63:3e:ce:5f:40:51:26:c7:
                    a9:34:9a:7d:2b:7c:12:94:c0:bf:1c:a8:76:4a:ee:
                    ab:ab:c4:e0:1c:e1:6a:ad:09:5f:d5:a6:73:3e:df:
                    b0:b7:21:d7:42:7a:f3:6d:43:ba:a8:29:88:0b:bf:
                    10:6f:0f:3e:89:32:3f:0d:99:11:29:7f:d5:7a:20:
                    23:71:64:1b:58:58:3d:b2:ef:64:21:ed:63:56:f5:
                    93:97:23:06:4b:1b:17:f7:67:df:af:d5:93:29:69:
                    f6:8f:af:f9:8e:b4:05:53:76:d8:d9:2f:2d:99:47:
                    bd:95:18:04:41:ad:42:87:5f:2a:28:40:f7:db:4c:
                    4e:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:B0:E6:D1:55:76:20:89:E2:E4:C7:DA:30:90:F1:3C:4A:B1:1D:04
            X509v3 Authority Key Identifier:
                keyid:8D:3F:35:6A:02:D9:67:9C:E8:90:B5:D5:1E:0D:EC:2F:3F:36:33:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jT81agLZZ5zokLXVHg3sLz82M2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/566cb1-7915-4ffd-8570-6b93af613d7d/1/TbDm0VV2IIni5MfaMJDxPEqxHQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/566cb1-7915-4ffd-8570-6b93af613d7d/1/jT81agLZZ5zokLXVHg3sLz82M2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.70.0/24
                IPv6:
                  2a11:4e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         79:a5:8b:4e:8e:6c:f3:bb:3b:3a:ec:65:02:8c:b9:d2:a6:07:
         5d:22:a2:a8:18:83:8c:54:72:93:1e:53:33:39:1c:fb:f4:70:
         36:19:57:53:96:14:53:f5:87:3e:33:9d:a2:75:75:66:a9:25:
         33:a2:fc:2f:27:b6:ad:22:63:66:d0:36:49:8c:b7:b4:1e:a6:
         06:15:5b:5c:70:82:f1:f3:14:83:c6:e8:75:43:7b:7a:98:0b:
         f2:c4:f5:ca:9b:b3:9f:19:79:d7:af:b1:33:ed:f2:b5:cb:f0:
         c3:ad:ac:7f:00:df:9b:50:7c:5f:fb:8c:39:f7:ce:98:cd:53:
         25:a6:48:66:25:75:ee:7c:13:12:a3:b2:e4:1a:d0:32:24:e4:
         e2:38:33:c0:a4:62:dd:0c:65:c5:6e:bf:10:e5:8a:64:17:14:
         77:f6:08:35:01:f7:53:c6:3c:84:3f:37:6b:fa:63:fe:92:3e:
         65:7a:c6:5a:44:78:48:a9:6d:94:d9:e3:db:c0:bd:5f:58:5d:
         ba:8b:c3:78:9d:a8:6d:f3:62:b3:1f:2f:dd:98:25:51:1d:4f:
         9c:9a:b8:37:50:72:08:c4:9a:a9:52:8f:ae:04:1f:85:28:98:
         27:f4:7d:46:ea:5f:fe:96:a8:dd:3b:e7:d3:5b:d5:cc:07:2b:
         4b:10:45:29
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlIYtSbFh3HQ+TOEZ+vojgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkM2YzNTZhMDJkOTY3OWNlODkwYjVkNTFlMGRlYzJmM2Yz
NjMzNjEwHhcNMjUwMTAyMDM0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGIwZTZkMTU1NzYyMDg5ZTJlNGM3ZGEzMDkwZjEzYzRhYjExZDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1e483x324uXsahhQo0M37Hy9gzoO
Oy86AWqxV8nhbx6aVQeDkbxXO8wJL41jweJQk39mVHvNjJv9lMeMf83HRzy4+feq
Wqw6D/guK4uzjUPvuZT9qzFlPVHybgozA/J37s7ZneAuOzpDZMOuDMUBYGvVp6Su
l/pKzrVRR8tRYz7OX0BRJsepNJp9K3wSlMC/HKh2Su6rq8TgHOFqrQlf1aZzPt+w
tyHXQnrzbUO6qCmIC78Qbw8+iTI/DZkRKX/VeiAjcWQbWFg9su9kIe1jVvWTlyMG
SxsX92ffr9WTKWn2j6/5jrQFU3bY2S8tmUe9lRgEQa1Ch18qKED320xOVQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFE2w5tFVdiCJ4uTH2jCQ8TxKsR0EMB8GA1UdIwQY
MBaAFI0/NWoC2Wec6JC11R4N7C8/NjNhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalQ4MWFnTFpaNXpva0xYVkhnM3NMejgyTTJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny81NjZjYjEtNzkxNS00ZmZkLTg1NzAt
NmI5M2FmNjEzZDdkLzEvVGJEbTBWVjJJSW5pNU1mYU1KRHhQRXF4SFFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny81NjZjYjEtNzkxNS00ZmZkLTg1NzAtNmI5M2FmNjEzZDdk
LzEvalQ4MWFnTFpaNXpva0xYVkhnM3NMejgyTTJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwaNGMA0E
AgACMAcDBQMqEU4AMA0GCSqGSIb3DQEBCwUAA4IBAQB5pYtOjmzzuzs67GUCjLnS
pgddIqKoGIOMVHKTHlMzORz79HA2GVdTlhRT9Yc+M52idXVmqSUzovwvJ7atImNm
0DZJjLe0HqYGFVtccILx8xSDxuh1Q3t6mAvyxPXKm7OfGXnXr7Ez7fK1y/DDrax/
AN+bUHxf+4w5986YzVMlpkhmJXXufBMSo7LkGtAyJOTiODPApGLdDGXFbr8Q5Ypk
FxR39gg1AfdTxjyEPzdr+mP+kj5lesZaRHhIqW2U2ePbwL1fWF26i8N4naht82Kz
Hy/dmCVRHU+cmrg3UHIIxJqpUo+uBB+FKJgn9H1G6l/+lqjdO+fTW9XMBytLEEUp
-----END CERTIFICATE-----