Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/t10ytuHzLBo0-cyFhVGWj6IJRt0.roa
File:                     t10ytuHzLBo0-cyFhVGWj6IJRt0.roa (raw, json)
Hash identifier:          MsPrygdde5gAS+ElSL2+5g+vrekUVGzvRNpNRAOCFCY=
Subject key identifier:   B7:5D:32:B6:E1:F3:2C:1A:34:F9:CC:85:85:51:96:8F:A2:09:46:DD
Certificate issuer:       /CN=81fa48f40bc84540c46bd23be9b90897aa184f4d
Certificate serial:       01941FFA6855B42F5F60A7AF1A92CB9FFC38
Authority key identifier: 81:FA:48:F4:0B:C8:45:40:C4:6B:D2:3B:E9:B9:08:97:AA:18:4F:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gfpI9AvIRUDEa9I76bkIl6oYT00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/t10ytuHzLBo0-cyFhVGWj6IJRt0.roa
Signing time:             Wed 01 Jan 2025 03:48:11 +0000
ROA not before:           Wed 01 Jan 2025 03:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199313
IP address blocks:        195.64.236.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/gfpI9AvIRUDEa9I76bkIl6oYT00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/gfpI9AvIRUDEa9I76bkIl6oYT00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gfpI9AvIRUDEa9I76bkIl6oYT00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 18:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:68:55:b4:2f:5f:60:a7:af:1a:92:cb:9f:fc:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81fa48f40bc84540c46bd23be9b90897aa184f4d
        Validity
            Not Before: Jan  1 03:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b75d32b6e1f32c1a34f9cc858551968fa20946dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:67:fd:a4:87:c6:73:5d:c4:80:d5:b8:68:bd:
                    5b:8e:d5:a3:a7:56:23:4b:17:16:f7:b4:de:13:f4:
                    31:82:94:00:ab:af:47:65:4c:d6:eb:6d:34:68:31:
                    25:62:0b:17:55:ba:13:67:61:29:71:57:ef:ae:22:
                    e1:d8:b1:3c:5f:78:ed:fc:6e:48:fd:fc:07:3b:3a:
                    73:7e:d2:30:42:0c:8b:5a:f2:02:bf:9a:13:56:4f:
                    b6:ee:6f:79:a3:bd:40:0c:c3:f3:fd:65:4d:d7:57:
                    df:7c:db:62:57:eb:ed:4f:4d:2b:3a:0e:f0:e0:c1:
                    df:be:69:29:98:d7:95:a1:d0:aa:93:c0:6e:33:06:
                    8a:51:78:fc:45:6e:48:08:82:0f:b8:d7:ae:9f:e8:
                    30:59:9b:74:59:05:f3:91:0c:7e:3d:33:a7:fc:a3:
                    33:96:8d:02:8b:ca:bb:a1:d3:88:02:67:de:2d:41:
                    a4:8b:6b:cc:24:ca:86:b7:5c:1c:77:89:98:79:f8:
                    a8:59:9a:95:fb:15:79:5a:f6:ca:d7:65:5e:ab:7a:
                    cd:81:03:8e:91:05:8e:c0:b2:d3:bb:13:26:db:83:
                    de:5e:91:3c:97:85:c7:2c:b9:d8:76:a6:d3:00:21:
                    a9:13:91:62:f0:2c:ba:e0:b0:af:ea:e1:9b:b9:1a:
                    90:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:5D:32:B6:E1:F3:2C:1A:34:F9:CC:85:85:51:96:8F:A2:09:46:DD
            X509v3 Authority Key Identifier:
                keyid:81:FA:48:F4:0B:C8:45:40:C4:6B:D2:3B:E9:B9:08:97:AA:18:4F:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gfpI9AvIRUDEa9I76bkIl6oYT00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/t10ytuHzLBo0-cyFhVGWj6IJRt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/gfpI9AvIRUDEa9I76bkIl6oYT00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.64.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         15:eb:cc:13:bf:36:f2:0f:c7:ce:99:e2:99:1a:f8:99:dc:f8:
         62:80:d2:b6:d1:60:70:93:94:69:30:2f:71:d0:a0:86:c3:d4:
         37:70:d9:5e:4e:7c:7e:d8:61:22:5a:69:c1:7d:72:f1:b7:c5:
         27:de:a4:1b:eb:cb:52:67:75:c5:bc:9b:4d:3a:0a:6a:45:f2:
         52:b7:35:62:4e:ba:1f:a6:c5:c6:75:a1:08:48:04:5a:83:5b:
         a1:0a:7a:1f:41:e5:eb:7e:c7:50:d3:52:a8:a7:46:2b:48:8f:
         f9:de:14:0f:20:46:af:a6:c8:d6:78:ff:1c:16:37:0b:ff:46:
         b8:bd:3d:12:42:17:01:74:aa:2d:91:31:17:c0:fc:34:88:6c:
         c9:03:cd:6c:c7:78:8f:8f:c6:fb:76:89:c4:b3:77:fc:b8:59:
         fe:50:76:d0:ac:2c:0f:0c:6f:d9:23:a4:48:25:c9:be:40:42:
         26:da:a8:38:a7:86:22:d7:80:eb:77:a6:9f:68:14:26:bb:c9:
         62:5d:c3:fc:da:fc:6c:2e:9f:37:8b:5c:6d:8c:64:26:45:a2:
         33:e1:05:60:a9:d1:b9:38:47:91:77:a2:90:d4:e9:f8:9a:a2:
         2d:28:26:af:22:c5:69:9a:f6:fe:af:20:53:eb:de:42:1e:a9:
         f8:91:0e:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+mhVtC9fYKevGpLLn/w4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxZmE0OGY0MGJjODQ1NDBjNDZiZDIzYmU5YjkwODk3YWEx
ODRmNGQwHhcNMjUwMTAxMDM0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzVkMzJiNmUxZjMyYzFhMzRmOWNjODU4NTUxOTY4ZmEyMDk0NmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7mf9pIfGc13EgNW4aL1bjtWjp1Yj
SxcW97TeE/QxgpQAq69HZUzW6200aDElYgsXVboTZ2EpcVfvriLh2LE8X3jt/G5I
/fwHOzpzftIwQgyLWvICv5oTVk+27m95o71ADMPz/WVN11fffNtiV+vtT00rOg7w
4MHfvmkpmNeVodCqk8BuMwaKUXj8RW5ICIIPuNeun+gwWZt0WQXzkQx+PTOn/KMz
lo0Ci8q7odOIAmfeLUGki2vMJMqGt1wcd4mYefioWZqV+xV5WvbK12Veq3rNgQOO
kQWOwLLTuxMm24PeXpE8l4XHLLnYdqbTACGpE5Fi8Cy64LCv6uGbuRqQSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLddMrbh8ywaNPnMhYVRlo+iCUbdMB8GA1UdIwQY
MBaAFIH6SPQLyEVAxGvSO+m5CJeqGE9NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2ZwSTlBdklSVURFYTlJNzZia0lsNm9ZVDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My8xNDYwNzgtZjliMi00MTYzLWFmMWEt
OGU5M2NiNWM1MzU1LzEvdDEweXR1SHpMQm8wLWN5RmhWR1dqNklKUnQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My8xNDYwNzgtZjliMi00MTYzLWFmMWEtOGU5M2NiNWM1MzU1
LzEvZ2ZwSTlBdklSVURFYTlJNzZia0lsNm9ZVDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw0DsMA0G
CSqGSIb3DQEBCwUAA4IBAQAV68wTvzbyD8fOmeKZGviZ3PhigNK20WBwk5RpMC9x
0KCGw9Q3cNleTnx+2GEiWmnBfXLxt8Un3qQb68tSZ3XFvJtNOgpqRfJStzViTrof
psXGdaEISARag1uhCnofQeXrfsdQ01Kop0YrSI/53hQPIEavpsjWeP8cFjcL/0a4
vT0SQhcBdKotkTEXwPw0iGzJA81sx3iPj8b7donEs3f8uFn+UHbQrCwPDG/ZI6RI
Jcm+QEIm2qg4p4Yi14Drd6afaBQmu8liXcP82vxsLp83i1xtjGQmRaIz4QVgqdG5
OEeRd6KQ1On4mqItKCavIsVpmvb+ryBT695CHqn4kQ5W
-----END CERTIFICATE-----