Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/30eaee-1ad7-4e73-a4dc-8ae51f62d218/1/tP4Nr3k13Af3UtlucGdOvIgy7uY.roa
File:                     tP4Nr3k13Af3UtlucGdOvIgy7uY.roa (raw, json)
Hash identifier:          ofrFnG5ByBdxFiFLthIkeYVusoIIsNMbVNLs6rFZMMg=
Subject key identifier:   B4:FE:0D:AF:79:35:DC:07:F7:52:D9:6E:70:67:4E:BC:88:32:EE:E6
Certificate issuer:       /CN=75b345562d5718b6c4b206b1ae304fc68436adb2
Certificate serial:       019421B1937B1B7912A124005B99CBAA56EF
Authority key identifier: 75:B3:45:56:2D:57:18:B6:C4:B2:06:B1:AE:30:4F:C6:84:36:AD:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dbNFVi1XGLbEsgaxrjBPxoQ2rbI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/30eaee-1ad7-4e73-a4dc-8ae51f62d218/1/tP4Nr3k13Af3UtlucGdOvIgy7uY.roa
Signing time:             Wed 01 Jan 2025 11:47:53 +0000
ROA not before:           Wed 01 Jan 2025 11:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28795
IP address blocks:        144.127.0.0/16 maxlen: 16
                          144.127.3.0/24 maxlen: 24
                          144.127.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/30eaee-1ad7-4e73-a4dc-8ae51f62d218/1/dbNFVi1XGLbEsgaxrjBPxoQ2rbI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/30eaee-1ad7-4e73-a4dc-8ae51f62d218/1/dbNFVi1XGLbEsgaxrjBPxoQ2rbI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dbNFVi1XGLbEsgaxrjBPxoQ2rbI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:93:7b:1b:79:12:a1:24:00:5b:99:cb:aa:56:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75b345562d5718b6c4b206b1ae304fc68436adb2
        Validity
            Not Before: Jan  1 11:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4fe0daf7935dc07f752d96e70674ebc8832eee6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:20:e6:09:73:cb:e1:a6:23:dc:78:cb:03:3b:
                    1d:26:98:27:92:90:f1:07:ea:db:41:37:d9:75:82:
                    88:50:db:16:02:ee:20:c2:eb:af:f1:42:38:90:84:
                    6a:01:e8:79:19:f6:39:86:60:05:d8:d8:cb:e7:e2:
                    5b:74:cc:fc:fe:5c:1b:4a:60:97:f1:ba:cb:ce:1c:
                    dd:6b:06:11:35:60:35:0f:b7:15:e8:a8:3d:7c:2b:
                    a2:67:1e:36:fa:32:96:b6:46:f5:ef:92:da:26:3e:
                    4f:6f:e4:21:0c:46:9d:c3:2c:ea:9f:0a:6c:35:71:
                    a5:f0:10:5e:90:88:a3:9b:c8:59:17:f6:19:cf:3e:
                    f9:47:d3:8d:3b:e8:0f:78:7b:a1:1d:43:4c:2c:1d:
                    98:96:a5:bb:83:b0:6a:20:fa:6d:86:ab:43:6e:b5:
                    4d:92:08:0d:ee:55:35:4a:3f:38:92:fd:a3:bc:49:
                    0c:fe:d8:f4:6a:4d:d4:24:79:2d:f6:cb:3c:02:f1:
                    81:d1:c8:34:2f:5d:0b:90:f4:a3:40:a8:8d:69:c4:
                    bc:b2:a6:28:51:00:ad:c7:f6:d1:03:a4:62:bf:b1:
                    52:35:01:e2:88:c0:35:c3:e5:6e:9c:18:ae:0b:81:
                    82:49:84:fd:86:d2:ff:0b:8f:41:86:be:38:69:a4:
                    b0:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:FE:0D:AF:79:35:DC:07:F7:52:D9:6E:70:67:4E:BC:88:32:EE:E6
            X509v3 Authority Key Identifier:
                keyid:75:B3:45:56:2D:57:18:B6:C4:B2:06:B1:AE:30:4F:C6:84:36:AD:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dbNFVi1XGLbEsgaxrjBPxoQ2rbI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/30eaee-1ad7-4e73-a4dc-8ae51f62d218/1/tP4Nr3k13Af3UtlucGdOvIgy7uY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/30eaee-1ad7-4e73-a4dc-8ae51f62d218/1/dbNFVi1XGLbEsgaxrjBPxoQ2rbI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.127.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3c:ac:b3:1a:90:17:c6:a4:59:de:f7:51:11:9a:4b:c6:83:63:
         f7:ba:51:c7:f3:3c:28:dd:b2:43:e7:86:7d:0f:78:3e:66:e7:
         8d:f1:96:a2:66:83:42:28:8b:fe:ce:58:80:9f:03:4c:90:eb:
         85:bf:72:51:db:97:26:15:1f:dd:df:58:86:29:30:b3:80:2e:
         31:40:90:08:35:35:3b:53:da:80:4a:61:f4:d0:da:68:16:1c:
         1e:2c:77:f1:a6:64:e5:36:1f:51:85:ed:6e:b3:70:f6:5f:b8:
         cc:18:43:40:63:28:6d:5c:ad:e1:e1:41:0f:c2:54:8f:29:c9:
         17:55:ff:e3:af:14:b2:ff:8a:9a:d7:39:bc:22:de:df:90:56:
         49:ef:a0:a3:8d:9e:bf:72:10:d1:bc:09:a4:7b:b3:b9:dd:1b:
         92:5f:13:a8:68:b4:a3:8b:31:1d:c3:61:73:c7:6a:c2:55:6e:
         ab:f5:cb:2b:46:3c:c2:18:a7:27:12:a3:49:94:e0:59:9a:5b:
         f3:c3:ea:7e:ed:85:04:a7:3a:ca:dc:f5:5f:ce:b5:0e:86:21:
         ca:5d:b0:63:4a:b5:59:6a:45:8c:3b:40:af:cc:2b:70:67:54:
         cd:70:6e:b8:5b:87:bd:d3:37:17:be:b4:4a:e3:2e:e5:fe:cd:
         88:25:66:53
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQhsZN7G3kSoSQAW5nLqlbvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1YjM0NTU2MmQ1NzE4YjZjNGIyMDZiMWFlMzA0ZmM2ODQz
NmFkYjIwHhcNMjUwMTAxMTE0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGZlMGRhZjc5MzVkYzA3Zjc1MmQ5NmU3MDY3NGViYzg4MzJlZWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCDmCXPL4aYj3HjLAzsdJpgnkpDx
B+rbQTfZdYKIUNsWAu4gwuuv8UI4kIRqAeh5GfY5hmAF2NjL5+JbdMz8/lwbSmCX
8brLzhzdawYRNWA1D7cV6Kg9fCuiZx42+jKWtkb175LaJj5Pb+QhDEadwyzqnwps
NXGl8BBekIijm8hZF/YZzz75R9ONO+gPeHuhHUNMLB2YlqW7g7BqIPpthqtDbrVN
kggN7lU1Sj84kv2jvEkM/tj0ak3UJHkt9ss8AvGB0cg0L10LkPSjQKiNacS8sqYo
UQCtx/bRA6Riv7FSNQHiiMA1w+VunBiuC4GCSYT9htL/C49Bhr44aaSw0wIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFLT+Da95NdwH91LZbnBnTryIMu7mMB8GA1UdIwQY
MBaAFHWzRVYtVxi2xLIGsa4wT8aENq2yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGJORlZpMVhHTGJFc2dheHJqQlB4b1EycmJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8zMGVhZWUtMWFkNy00ZTczLWE0ZGMt
OGFlNTFmNjJkMjE4LzEvdFA0TnIzazEzQWYzVXRsdWNHZE92SWd5N3VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8zMGVhZWUtMWFkNy00ZTczLWE0ZGMtOGFlNTFmNjJkMjE4
LzEvZGJORlZpMVhHTGJFc2dheHJqQlB4b1EycmJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAkH8wDQYJ
KoZIhvcNAQELBQADggEBADyssxqQF8akWd73URGaS8aDY/e6UcfzPCjdskPnhn0P
eD5m543xlqJmg0Ioi/7OWICfA0yQ64W/clHblyYVH93fWIYpMLOALjFAkAg1NTtT
2oBKYfTQ2mgWHB4sd/GmZOU2H1GF7W6zcPZfuMwYQ0BjKG1creHhQQ/CVI8pyRdV
/+OvFLL/iprXObwi3t+QVknvoKONnr9yENG8CaR7s7ndG5JfE6hotKOLMR3DYXPH
asJVbqv1yytGPMIYpycSo0mU4FmaW/PD6n7thQSnOsrc9V/OtQ6GIcpdsGNKtVlq
RYw7QK/MK3BnVM1wbrhbh73TNxe+tErjLuX+zYglZlM=
-----END CERTIFICATE-----