Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/bcf9a3-6963-43c3-b8dd-389a3098ec2a/1/TFll5ENpjCR3fFAI_0E-ikt6_GM.roa
File:                     TFll5ENpjCR3fFAI_0E-ikt6_GM.roa (raw, json)
Hash identifier:          cdCSDqZSpIOGUxCTSX+KjodpOB497W7vlYLMjlGxydw=
Subject key identifier:   4C:59:65:E4:43:69:8C:24:77:7C:50:08:FF:41:3E:8A:4B:7A:FC:63
Certificate issuer:       /CN=30747494ff4e26578d9deabe2ee6d004b3fe2d8c
Certificate serial:       0194244495298DE855C41329B7472C8DB8C0
Authority key identifier: 30:74:74:94:FF:4E:26:57:8D:9D:EA:BE:2E:E6:D0:04:B3:FE:2D:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MHR0lP9OJleNneq-LubQBLP-LYw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/bcf9a3-6963-43c3-b8dd-389a3098ec2a/1/TFll5ENpjCR3fFAI_0E-ikt6_GM.roa
Signing time:             Wed 01 Jan 2025 23:47:41 +0000
ROA not before:           Wed 01 Jan 2025 23:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34636
IP address blocks:        194.31.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/bcf9a3-6963-43c3-b8dd-389a3098ec2a/1/MHR0lP9OJleNneq-LubQBLP-LYw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/bcf9a3-6963-43c3-b8dd-389a3098ec2a/1/MHR0lP9OJleNneq-LubQBLP-LYw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MHR0lP9OJleNneq-LubQBLP-LYw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:95:29:8d:e8:55:c4:13:29:b7:47:2c:8d:b8:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30747494ff4e26578d9deabe2ee6d004b3fe2d8c
        Validity
            Not Before: Jan  1 23:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c5965e443698c24777c5008ff413e8a4b7afc63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:db:a2:2f:dc:79:c1:1a:15:30:ee:90:bf:68:
                    25:b7:b1:0a:18:43:82:7c:86:c1:24:f6:af:62:9c:
                    d8:00:15:ed:a1:ad:93:41:49:ae:62:79:39:42:ba:
                    99:9a:c8:8a:8f:ab:1c:d4:b5:3b:07:2c:83:ce:00:
                    62:20:5c:6c:6f:6c:11:81:10:2f:ca:d8:2c:e9:5e:
                    d3:97:44:18:0d:3e:79:3c:73:f7:da:0b:c7:94:41:
                    fa:15:b7:72:c6:a3:18:90:d5:6d:b0:9d:43:cf:c9:
                    95:80:1d:2e:6b:3b:b7:7d:76:e3:3a:2b:a7:c1:84:
                    46:b6:a8:57:df:18:e1:0c:e6:60:ef:8c:41:74:b9:
                    cd:b3:61:74:3c:92:b6:4f:55:69:8f:25:af:eb:04:
                    fb:7a:b7:40:20:9b:8d:cd:06:38:7a:b2:87:2a:c0:
                    1b:b2:af:b2:95:a6:ca:00:a2:b0:f8:08:5e:9c:dd:
                    5d:ff:4f:e5:89:c1:0f:08:b1:a1:f9:30:01:36:1e:
                    0c:de:93:d4:80:13:84:34:43:7f:1a:ed:df:3e:f2:
                    bb:73:38:07:73:31:9d:f3:35:23:19:60:6a:eb:12:
                    3e:06:5c:24:77:7f:ea:97:8b:8c:91:7a:41:4d:93:
                    41:4a:72:67:9e:de:24:e6:d0:be:9d:bd:ce:db:9f:
                    aa:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:59:65:E4:43:69:8C:24:77:7C:50:08:FF:41:3E:8A:4B:7A:FC:63
            X509v3 Authority Key Identifier:
                keyid:30:74:74:94:FF:4E:26:57:8D:9D:EA:BE:2E:E6:D0:04:B3:FE:2D:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MHR0lP9OJleNneq-LubQBLP-LYw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/bcf9a3-6963-43c3-b8dd-389a3098ec2a/1/TFll5ENpjCR3fFAI_0E-ikt6_GM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/bcf9a3-6963-43c3-b8dd-389a3098ec2a/1/MHR0lP9OJleNneq-LubQBLP-LYw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:50:8a:62:d9:2a:58:58:1b:df:b2:53:37:ce:31:98:ef:14:
         ee:b7:f5:89:d0:cb:2a:72:c0:8c:bc:6b:5a:0f:88:2e:bf:3c:
         ba:08:e3:e5:1d:b5:ef:fa:1b:e1:6c:0d:ad:b8:a6:99:15:c0:
         6b:9d:e6:4e:95:68:6b:7e:b8:c6:bb:85:70:f9:86:a8:84:90:
         99:25:92:5e:3d:ef:0d:72:85:04:8f:5c:70:1a:fc:61:62:fd:
         82:79:d5:84:73:a4:6d:67:52:55:9d:af:86:a8:30:a3:0c:38:
         fe:2b:bc:ec:14:8f:99:31:63:9f:b7:ea:91:6d:16:db:3b:27:
         09:60:8e:f0:63:e1:e0:35:23:a2:19:90:ea:6b:ab:bf:cc:38:
         79:db:3f:14:90:5c:c1:5a:aa:5e:d0:89:26:35:f9:36:03:00:
         4b:b0:d1:a2:22:85:c9:12:c5:0b:6b:08:03:de:82:4c:dc:c5:
         14:6c:3c:c3:2f:0a:e9:22:d7:84:fd:2f:50:1e:9d:d9:be:c8:
         43:b0:6b:78:5d:f8:8e:00:6f:a1:4d:7e:5e:21:e3:ca:25:fa:
         50:ac:55:50:a1:ab:52:68:69:c0:06:4d:a8:2d:bc:86:6b:87:
         16:f2:32:61:cc:dc:22:99:d0:e8:cc:67:79:e1:53:33:3a:3f:
         b9:9c:bf:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRJUpjehVxBMpt0csjbjAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwNzQ3NDk0ZmY0ZTI2NTc4ZDlkZWFiZTJlZTZkMDA0YjNm
ZTJkOGMwHhcNMjUwMTAxMjM0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzU5NjVlNDQzNjk4YzI0Nzc3YzUwMDhmZjQxM2U4YTRiN2FmYzYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqduiL9x5wRoVMO6Qv2glt7EKGEOC
fIbBJPavYpzYABXtoa2TQUmuYnk5QrqZmsiKj6sc1LU7ByyDzgBiIFxsb2wRgRAv
ytgs6V7Tl0QYDT55PHP32gvHlEH6FbdyxqMYkNVtsJ1Dz8mVgB0uazu3fXbjOiun
wYRGtqhX3xjhDOZg74xBdLnNs2F0PJK2T1VpjyWv6wT7erdAIJuNzQY4erKHKsAb
sq+ylabKAKKw+AhenN1d/0/licEPCLGh+TABNh4M3pPUgBOENEN/Gu3fPvK7czgH
czGd8zUjGWBq6xI+Blwkd3/ql4uMkXpBTZNBSnJnnt4k5tC+nb3O25+qwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFExZZeRDaYwkd3xQCP9BPopLevxjMB8GA1UdIwQY
MBaAFDB0dJT/TiZXjZ3qvi7m0ASz/i2MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUhSMGxQOU9KbGVObmVxLUx1YlFCTFAtTFl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC9iY2Y5YTMtNjk2My00M2MzLWI4ZGQt
Mzg5YTMwOThlYzJhLzEvVEZsbDVFTnBqQ1IzZkZBSV8wRS1pa3Q2X0dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC9iY2Y5YTMtNjk2My00M2MzLWI4ZGQtMzg5YTMwOThlYzJh
LzEvTUhSMGxQOU9KbGVObmVxLUx1YlFCTFAtTFl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwh9sMA0G
CSqGSIb3DQEBCwUAA4IBAQCxUIpi2SpYWBvfslM3zjGY7xTut/WJ0MsqcsCMvGta
D4guvzy6COPlHbXv+hvhbA2tuKaZFcBrneZOlWhrfrjGu4Vw+YaohJCZJZJePe8N
coUEj1xwGvxhYv2CedWEc6RtZ1JVna+GqDCjDDj+K7zsFI+ZMWOft+qRbRbbOycJ
YI7wY+HgNSOiGZDqa6u/zDh52z8UkFzBWqpe0IkmNfk2AwBLsNGiIoXJEsULawgD
3oJM3MUUbDzDLwrpIteE/S9QHp3ZvshDsGt4XfiOAG+hTX5eIePKJfpQrFVQoatS
aGnABk2oLbyGa4cW8jJhzNwimdDozGd54VMzOj+5nL9G
-----END CERTIFICATE-----