Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/d33bca-729d-43e3-95f7-7b041c54576a/1/T7HJ2-tjdriOGAxfth6N3m1dxyY.roa
File:                     T7HJ2-tjdriOGAxfth6N3m1dxyY.roa (raw, json)
Hash identifier:          llPCQsjAeQDplZsfiLoaF630T6RziIZ2ZPKVofqV5Fw=
Subject key identifier:   4F:B1:C9:DB:EB:63:76:B8:8E:18:0C:5F:B6:1E:8D:DE:6D:5D:C7:26
Certificate issuer:       /CN=e2d7b7eb8f47e5277912ff058cfed7d899fc69b9
Certificate serial:       01942747FFBA18F1150BB5E30FD55B912CAD
Authority key identifier: E2:D7:B7:EB:8F:47:E5:27:79:12:FF:05:8C:FE:D7:D8:99:FC:69:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4te3649H5Sd5Ev8FjP7X2Jn8abk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/d33bca-729d-43e3-95f7-7b041c54576a/1/T7HJ2-tjdriOGAxfth6N3m1dxyY.roa
Signing time:             Thu 02 Jan 2025 13:50:17 +0000
ROA not before:           Thu 02 Jan 2025 13:50:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207813
IP address blocks:        5.252.148.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/d33bca-729d-43e3-95f7-7b041c54576a/1/4te3649H5Sd5Ev8FjP7X2Jn8abk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/d33bca-729d-43e3-95f7-7b041c54576a/1/4te3649H5Sd5Ev8FjP7X2Jn8abk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4te3649H5Sd5Ev8FjP7X2Jn8abk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 13:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:ff:ba:18:f1:15:0b:b5:e3:0f:d5:5b:91:2c:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2d7b7eb8f47e5277912ff058cfed7d899fc69b9
        Validity
            Not Before: Jan  2 13:50:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4fb1c9dbeb6376b88e180c5fb61e8dde6d5dc726
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:f4:d5:77:53:97:db:6c:a2:d1:43:77:70:13:
                    ec:46:16:41:60:ca:64:77:87:43:a9:e1:a0:c6:54:
                    e0:d1:74:51:e2:7d:39:80:80:a9:7f:d6:d1:3a:e5:
                    93:45:db:90:46:c0:94:a9:32:05:db:4c:02:ab:f4:
                    5b:a9:1c:63:cd:09:76:58:02:77:d8:1c:c0:05:bf:
                    28:6a:7d:22:2b:bf:24:aa:50:81:36:0b:63:bb:51:
                    74:68:5e:79:c9:81:62:0b:7a:10:78:01:83:9a:40:
                    69:52:bf:d0:17:26:3f:c3:a9:c5:8f:9d:1b:25:21:
                    e8:50:77:75:a4:fc:c4:dc:4f:d0:1b:4c:f9:82:d8:
                    4a:58:8c:a5:06:83:a7:6d:67:18:6d:d2:fa:57:e4:
                    88:fc:6d:62:89:11:8f:09:7c:ae:8d:2c:87:68:60:
                    db:94:57:c5:9c:fc:78:86:0e:b3:2b:07:ee:76:20:
                    6b:f8:43:a5:39:32:88:3b:dc:26:0e:a9:f2:e9:00:
                    e0:e3:84:52:af:7f:a8:b0:74:40:64:f4:d7:78:f7:
                    76:a5:36:81:21:59:24:13:fd:e2:d7:9e:b0:eb:a0:
                    09:0f:b5:38:e5:3b:6c:b6:4b:0c:b4:35:cd:57:9b:
                    87:4a:78:c9:4b:9c:4c:ed:d3:ca:0c:6c:e6:35:43:
                    8b:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:B1:C9:DB:EB:63:76:B8:8E:18:0C:5F:B6:1E:8D:DE:6D:5D:C7:26
            X509v3 Authority Key Identifier:
                keyid:E2:D7:B7:EB:8F:47:E5:27:79:12:FF:05:8C:FE:D7:D8:99:FC:69:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4te3649H5Sd5Ev8FjP7X2Jn8abk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/d33bca-729d-43e3-95f7-7b041c54576a/1/T7HJ2-tjdriOGAxfth6N3m1dxyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/d33bca-729d-43e3-95f7-7b041c54576a/1/4te3649H5Sd5Ev8FjP7X2Jn8abk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0d:f3:78:49:a7:2d:85:8b:43:bc:06:d5:08:eb:30:c4:ff:13:
         d8:63:2f:a7:eb:fa:12:e6:58:67:40:67:26:cd:15:13:cd:52:
         95:48:30:7a:ac:c7:08:fa:fd:ba:59:58:0f:b5:80:b6:ce:6c:
         08:12:a5:0b:9c:94:27:a5:19:07:f9:b9:9e:87:a8:0b:7e:02:
         fe:a1:7e:05:63:d5:97:d0:fe:e2:cc:41:54:da:e2:e9:fb:ed:
         fb:8b:18:21:87:d7:6a:c0:93:93:83:b5:74:6f:a8:ef:9b:91:
         8f:cc:6a:cf:ac:94:b4:3a:8c:83:d1:81:e3:6e:16:3d:a5:56:
         7f:f0:d9:94:d9:77:04:44:98:b1:b3:4d:bc:d1:15:66:ab:a4:
         3b:37:bb:2e:e6:87:38:e4:3a:4d:09:cb:a4:51:6f:9e:b5:c1:
         b8:c4:51:99:bd:29:c0:d8:43:b2:4e:c9:41:63:49:ab:03:ba:
         9d:49:77:18:92:2e:f6:f0:fc:ee:a3:73:64:86:bc:3a:ba:ca:
         1f:54:57:1c:62:f2:23:10:bc:bc:0c:63:be:03:5f:2a:11:10:
         86:35:69:97:de:4f:db:96:3c:2b:e5:94:9c:e1:72:d7:4c:df:
         26:6c:43:c0:a8:b2:af:6e:ef:2f:81:dc:00:01:4c:b2:c4:fb:
         75:48:a9:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR/+6GPEVC7XjD9VbkSytMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZDdiN2ViOGY0N2U1Mjc3OTEyZmYwNThjZmVkN2Q4OTlm
YzY5YjkwHhcNMjUwMTAyMTM1MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmIxYzlkYmViNjM3NmI4OGUxODBjNWZiNjFlOGRkZTZkNWRjNzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1vTVd1OX22yi0UN3cBPsRhZBYMpk
d4dDqeGgxlTg0XRR4n05gICpf9bROuWTRduQRsCUqTIF20wCq/RbqRxjzQl2WAJ3
2BzABb8oan0iK78kqlCBNgtju1F0aF55yYFiC3oQeAGDmkBpUr/QFyY/w6nFj50b
JSHoUHd1pPzE3E/QG0z5gthKWIylBoOnbWcYbdL6V+SI/G1iiRGPCXyujSyHaGDb
lFfFnPx4hg6zKwfudiBr+EOlOTKIO9wmDqny6QDg44RSr3+osHRAZPTXePd2pTaB
IVkkE/3i156w66AJD7U45TtstksMtDXNV5uHSnjJS5xM7dPKDGzmNUOLvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE+xydvrY3a4jhgMX7Yejd5tXccmMB8GA1UdIwQY
MBaAFOLXt+uPR+UneRL/BYz+19iZ/Gm5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRlMzY0OUg1U2Q1RXY4RmpQN1gySm44YWJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9kMzNiY2EtNzI5ZC00M2UzLTk1Zjct
N2IwNDFjNTQ1NzZhLzEvVDdISjItdGpkcmlPR0F4ZnRoNk4zbTFkeHlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9kMzNiY2EtNzI5ZC00M2UzLTk1ZjctN2IwNDFjNTQ1NzZh
LzEvNHRlMzY0OUg1U2Q1RXY4RmpQN1gySm44YWJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBfyUMA0G
CSqGSIb3DQEBCwUAA4IBAQAN83hJpy2Fi0O8BtUI6zDE/xPYYy+n6/oS5lhnQGcm
zRUTzVKVSDB6rMcI+v26WVgPtYC2zmwIEqULnJQnpRkH+bmeh6gLfgL+oX4FY9WX
0P7izEFU2uLp++37ixghh9dqwJOTg7V0b6jvm5GPzGrPrJS0OoyD0YHjbhY9pVZ/
8NmU2XcERJixs0280RVmq6Q7N7su5oc45DpNCcukUW+etcG4xFGZvSnA2EOyTslB
Y0mrA7qdSXcYki728Pzuo3Nkhrw6usofVFccYvIjELy8DGO+A18qERCGNWmX3k/b
ljwr5ZSc4XLXTN8mbEPAqLKvbu8vgdwAAUyyxPt1SKk5
-----END CERTIFICATE-----