Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/4f17fa-d5e8-439d-87a2-df32a25c5f2f/1/TC7wZtb8eH22VqPATxdM0AYHsBI.roa
File:                     TC7wZtb8eH22VqPATxdM0AYHsBI.roa (raw, json)
Hash identifier:          WSEkQ29EN6gMplRxrm+JsVbPQFVHYc/Oyz8wGNQAkUY=
Subject key identifier:   4C:2E:F0:66:D6:FC:78:7D:B6:56:A3:C0:4F:17:4C:D0:06:07:B0:12
Certificate issuer:       /CN=9cce1600f50735960f86d621cd4f5f59f879a0e8
Certificate serial:       0194704C28D800C69DABA75C5F7AEB66523E
Authority key identifier: 9C:CE:16:00:F5:07:35:96:0F:86:D6:21:CD:4F:5F:59:F8:79:A0:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nM4WAPUHNZYPhtYhzU9fWfh5oOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/4f17fa-d5e8-439d-87a2-df32a25c5f2f/1/TC7wZtb8eH22VqPATxdM0AYHsBI.roa
Signing time:             Thu 16 Jan 2025 18:07:06 +0000
ROA not before:           Thu 16 Jan 2025 18:07:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25697
IP address blocks:        62.164.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/4f17fa-d5e8-439d-87a2-df32a25c5f2f/1/nM4WAPUHNZYPhtYhzU9fWfh5oOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/4f17fa-d5e8-439d-87a2-df32a25c5f2f/1/nM4WAPUHNZYPhtYhzU9fWfh5oOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nM4WAPUHNZYPhtYhzU9fWfh5oOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:70:4c:28:d8:00:c6:9d:ab:a7:5c:5f:7a:eb:66:52:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cce1600f50735960f86d621cd4f5f59f879a0e8
        Validity
            Not Before: Jan 16 18:07:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c2ef066d6fc787db656a3c04f174cd00607b012
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e4:db:db:71:53:24:99:95:12:f4:8c:63:a2:
                    e6:c6:39:57:10:3a:92:6e:90:7d:47:69:df:0e:63:
                    6a:8e:bf:dc:a8:e6:40:5d:bc:21:7a:b1:76:cc:94:
                    21:08:45:35:00:46:bd:41:ec:7b:32:10:62:39:ee:
                    f6:d1:c4:37:b5:f7:70:2e:fe:64:0f:de:f1:89:45:
                    28:fa:b0:46:33:2d:66:fa:31:71:b2:71:5c:c0:59:
                    14:20:da:9e:50:e1:d4:92:86:3e:7a:0d:cf:be:6d:
                    fb:c3:96:cd:cc:79:99:aa:c6:18:08:32:51:8c:77:
                    a3:65:3b:99:65:82:ec:7e:5e:38:70:db:23:ff:3e:
                    60:4a:4a:41:6c:72:7f:65:5f:80:f9:66:d4:84:ff:
                    0e:e5:01:6f:56:83:62:f9:05:45:7e:ac:d4:89:16:
                    e0:f3:a3:f3:74:59:9c:c9:d9:7d:7c:98:73:fc:9a:
                    55:ac:b6:bc:d8:7b:ad:6e:03:6a:ba:0c:ef:bd:4e:
                    bc:62:af:94:35:89:8c:fd:c4:6d:f3:e0:72:2a:1e:
                    de:c0:74:2e:74:f7:73:6e:79:3b:c8:c3:de:f1:fd:
                    a4:82:89:bd:26:81:53:69:57:15:ae:2a:59:70:5c:
                    88:f2:8f:10:a0:c8:34:de:c2:08:fc:ab:e5:79:14:
                    ac:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:2E:F0:66:D6:FC:78:7D:B6:56:A3:C0:4F:17:4C:D0:06:07:B0:12
            X509v3 Authority Key Identifier:
                keyid:9C:CE:16:00:F5:07:35:96:0F:86:D6:21:CD:4F:5F:59:F8:79:A0:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nM4WAPUHNZYPhtYhzU9fWfh5oOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/4f17fa-d5e8-439d-87a2-df32a25c5f2f/1/TC7wZtb8eH22VqPATxdM0AYHsBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/4f17fa-d5e8-439d-87a2-df32a25c5f2f/1/nM4WAPUHNZYPhtYhzU9fWfh5oOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.164.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:ee:c3:81:1c:44:d6:c9:c6:5f:06:d8:24:3d:55:87:7f:eb:
         3d:51:6f:25:b5:f0:cc:a0:7b:ca:07:72:37:07:de:b7:78:1c:
         f9:f1:31:8d:a3:1f:54:1a:1f:92:1f:4a:68:85:a9:93:1c:a6:
         49:77:cc:bf:06:95:9d:96:95:02:ea:45:35:cd:67:6c:b3:87:
         f6:14:f6:f9:f1:52:c7:bf:44:48:41:3b:25:0f:33:a8:d1:c7:
         5a:fa:98:ac:39:ca:8f:bb:80:51:0a:32:f8:5a:3e:21:b4:e3:
         dd:51:1d:9f:12:db:c0:87:57:66:6b:76:cc:fb:32:74:ae:6f:
         9a:d6:2e:8a:9c:1a:19:16:bb:a5:f2:22:0f:3c:af:a3:02:29:
         11:8a:95:3b:9e:64:d6:c3:86:21:d3:2a:85:db:22:b3:c3:80:
         5b:29:82:8e:2d:19:e5:c7:b1:f5:1e:27:bc:4c:fd:de:46:4b:
         25:b4:a9:9d:96:b9:f2:15:d2:c0:08:a9:27:4c:14:75:86:fd:
         2c:69:01:7f:58:60:54:b0:ab:d2:77:51:72:ed:60:97:08:94:
         31:43:22:a1:bd:8a:38:33:83:c3:05:b0:de:89:89:3d:12:28:
         4d:42:8c:84:52:35:3e:22:8a:9f:c0:2a:db:11:50:73:11:bd:
         64:79:b0:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRwTCjYAMadq6dcX3rrZlI+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljY2UxNjAwZjUwNzM1OTYwZjg2ZDYyMWNkNGY1ZjU5Zjg3
OWEwZTgwHhcNMjUwMTE2MTgwNzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzJlZjA2NmQ2ZmM3ODdkYjY1NmEzYzA0ZjE3NGNkMDA2MDdiMDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAouTb23FTJJmVEvSMY6LmxjlXEDqS
bpB9R2nfDmNqjr/cqOZAXbwherF2zJQhCEU1AEa9Qex7MhBiOe720cQ3tfdwLv5k
D97xiUUo+rBGMy1m+jFxsnFcwFkUINqeUOHUkoY+eg3Pvm37w5bNzHmZqsYYCDJR
jHejZTuZZYLsfl44cNsj/z5gSkpBbHJ/ZV+A+WbUhP8O5QFvVoNi+QVFfqzUiRbg
86PzdFmcydl9fJhz/JpVrLa82HutbgNqugzvvU68Yq+UNYmM/cRt8+ByKh7ewHQu
dPdzbnk7yMPe8f2kgom9JoFTaVcVripZcFyI8o8QoMg03sII/KvleRSsjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEwu8GbW/Hh9tlajwE8XTNAGB7ASMB8GA1UdIwQY
MBaAFJzOFgD1BzWWD4bWIc1PX1n4eaDoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbk00V0FQVUhOWllQaHRZaHpVOWZXZmg1b09nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My80ZjE3ZmEtZDVlOC00MzlkLTg3YTIt
ZGYzMmEyNWM1ZjJmLzEvVEM3d1p0YjhlSDIyVnFQQVR4ZE0wQVlIc0JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My80ZjE3ZmEtZDVlOC00MzlkLTg3YTItZGYzMmEyNWM1ZjJm
LzEvbk00V0FQVUhOWllQaHRZaHpVOWZXZmg1b09nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPqSZMA0G
CSqGSIb3DQEBCwUAA4IBAQBI7sOBHETWycZfBtgkPVWHf+s9UW8ltfDMoHvKB3I3
B963eBz58TGNox9UGh+SH0pohamTHKZJd8y/BpWdlpUC6kU1zWdss4f2FPb58VLH
v0RIQTslDzOo0cda+pisOcqPu4BRCjL4Wj4htOPdUR2fEtvAh1dma3bM+zJ0rm+a
1i6KnBoZFrul8iIPPK+jAikRipU7nmTWw4Yh0yqF2yKzw4BbKYKOLRnlx7H1Hie8
TP3eRksltKmdlrnyFdLACKknTBR1hv0saQF/WGBUsKvSd1Fy7WCXCJQxQyKhvYo4
M4PDBbDeiYk9EihNQoyEUjU+IoqfwCrbEVBzEb1kebC3
-----END CERTIFICATE-----