Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/9dcc25-5b0a-4c3e-9149-5a8230e7643a/1/tuMifPTkCbCL7ajrwo0EzPnXWPw.roa
File:                     tuMifPTkCbCL7ajrwo0EzPnXWPw.roa (raw, json)
Hash identifier:          jC33EY0cA4p2GJTzlFhrTlf/kii333WPsx2l9xMoLj4=
Subject key identifier:   B6:E3:22:7C:F4:E4:09:B0:8B:ED:A8:EB:C2:8D:04:CC:F9:D7:58:FC
Certificate issuer:       /CN=1502af713e36e52c71866c8a9ebdacf3d8629b68
Certificate serial:       01941F8C246266C0E4FE11C50BBA16961136
Authority key identifier: 15:02:AF:71:3E:36:E5:2C:71:86:6C:8A:9E:BD:AC:F3:D8:62:9B:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FQKvcT425SxxhmyKnr2s89him2g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/9dcc25-5b0a-4c3e-9149-5a8230e7643a/1/tuMifPTkCbCL7ajrwo0EzPnXWPw.roa
Signing time:             Wed 01 Jan 2025 01:47:45 +0000
ROA not before:           Wed 01 Jan 2025 01:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2852
IP address blocks:        146.102.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/9dcc25-5b0a-4c3e-9149-5a8230e7643a/1/FQKvcT425SxxhmyKnr2s89him2g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/9dcc25-5b0a-4c3e-9149-5a8230e7643a/1/FQKvcT425SxxhmyKnr2s89him2g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FQKvcT425SxxhmyKnr2s89him2g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 19:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:24:62:66:c0:e4:fe:11:c5:0b:ba:16:96:11:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1502af713e36e52c71866c8a9ebdacf3d8629b68
        Validity
            Not Before: Jan  1 01:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b6e3227cf4e409b08beda8ebc28d04ccf9d758fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:42:b3:2f:ca:87:b7:8a:2e:54:ab:89:45:bb:
                    a1:e4:29:7c:b8:e4:6a:88:c9:cd:aa:61:57:2a:5b:
                    a3:65:a2:10:04:ed:95:2c:da:94:9c:76:57:92:f1:
                    36:92:7f:ac:95:72:7b:fe:10:3b:aa:10:5b:0f:60:
                    63:ab:5d:82:d3:f0:22:ac:87:dc:ba:7a:4f:ca:c5:
                    ac:fd:45:7a:49:7e:ab:1e:c0:a2:b9:e7:f0:ac:49:
                    e1:5d:86:b3:4f:bf:5a:ed:8a:43:82:57:77:5a:2b:
                    52:56:85:e9:27:2a:f5:5d:8f:86:05:39:54:0e:26:
                    f4:4d:fa:a7:58:a8:c9:00:92:3d:83:4b:b1:19:df:
                    38:05:f0:53:82:ab:43:53:ec:f0:77:08:6b:c6:14:
                    e7:10:46:13:4a:06:75:91:aa:9b:47:31:ed:a5:aa:
                    73:eb:c4:a3:54:6a:27:ef:13:58:b3:98:45:81:45:
                    dd:4e:f2:14:14:cc:74:31:a8:d5:07:1c:ae:af:80:
                    3c:fc:f9:b7:48:74:b3:fe:da:e0:ba:db:1d:dd:cf:
                    b1:e5:1e:26:20:4a:5c:82:1d:78:bc:30:f7:b4:ff:
                    96:e9:19:44:c8:96:84:cc:94:6f:66:fb:ae:f3:25:
                    a0:40:df:4f:34:92:28:b3:4b:38:ee:42:bb:f7:b7:
                    c9:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:E3:22:7C:F4:E4:09:B0:8B:ED:A8:EB:C2:8D:04:CC:F9:D7:58:FC
            X509v3 Authority Key Identifier:
                keyid:15:02:AF:71:3E:36:E5:2C:71:86:6C:8A:9E:BD:AC:F3:D8:62:9B:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FQKvcT425SxxhmyKnr2s89him2g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/9dcc25-5b0a-4c3e-9149-5a8230e7643a/1/tuMifPTkCbCL7ajrwo0EzPnXWPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/9dcc25-5b0a-4c3e-9149-5a8230e7643a/1/FQKvcT425SxxhmyKnr2s89him2g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.102.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4d:2f:7e:b2:0d:bd:0e:a4:33:70:89:20:25:01:84:22:67:77:
         09:b3:45:2b:96:50:a4:15:84:b0:65:36:e3:9f:c5:c1:13:1e:
         11:a7:ee:27:50:56:65:39:e9:ac:73:d4:05:0a:c1:d1:73:1d:
         38:79:63:07:6f:85:12:de:70:5e:56:df:70:de:de:5a:af:85:
         21:82:10:55:18:1a:42:53:11:9a:f7:03:b0:14:78:9c:ec:32:
         4a:09:1b:f9:93:25:ff:df:f8:81:20:c9:98:6a:26:b6:96:ac:
         03:c4:83:57:be:01:0c:0d:ad:c4:be:a6:3f:14:39:ef:45:3b:
         a7:08:52:f5:66:ed:9a:f2:9a:b6:fa:35:e0:a3:4e:1d:21:4d:
         73:79:9f:23:e5:2d:44:bf:75:69:98:a9:85:19:b8:7f:3f:55:
         94:2d:3b:1c:7c:95:e7:47:1b:4d:12:96:c0:14:f2:35:d4:38:
         c5:20:7a:1a:18:02:e1:69:89:15:69:2d:82:4e:a4:c6:58:be:
         a2:05:d4:fa:ab:8e:68:72:38:f5:5b:f7:a9:33:6d:fb:be:ad:
         3f:ca:dc:55:f8:cb:b3:a4:b3:21:6b:5d:31:26:12:8e:e2:f4:
         84:1e:bc:ba:b2:34:3b:af:9e:02:f0:f7:a3:ed:93:34:8d:d5:
         57:1b:14:22
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQfjCRiZsDk/hHFC7oWlhE2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1MDJhZjcxM2UzNmU1MmM3MTg2NmM4YTllYmRhY2YzZDg2
MjliNjgwHhcNMjUwMTAxMDE0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmUzMjI3Y2Y0ZTQwOWIwOGJlZGE4ZWJjMjhkMDRjY2Y5ZDc1OGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnkKzL8qHt4ouVKuJRbuh5Cl8uORq
iMnNqmFXKlujZaIQBO2VLNqUnHZXkvE2kn+slXJ7/hA7qhBbD2Bjq12C0/AirIfc
unpPysWs/UV6SX6rHsCiuefwrEnhXYazT79a7YpDgld3WitSVoXpJyr1XY+GBTlU
Dib0TfqnWKjJAJI9g0uxGd84BfBTgqtDU+zwdwhrxhTnEEYTSgZ1kaqbRzHtpapz
68SjVGon7xNYs5hFgUXdTvIUFMx0MajVBxyur4A8/Pm3SHSz/trgutsd3c+x5R4m
IEpcgh14vDD3tP+W6RlEyJaEzJRvZvuu8yWgQN9PNJIos0s47kK797fJBwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFLbjInz05Amwi+2o68KNBMz511j8MB8GA1UdIwQY
MBaAFBUCr3E+NuUscYZsip69rPPYYptoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlFLdmNUNDI1U3h4aG15S25yMnM4OWhpbTJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS85ZGNjMjUtNWIwYS00YzNlLTkxNDkt
NWE4MjMwZTc2NDNhLzEvdHVNaWZQVGtDYkNMN2FqcndvMEV6UG5YV1B3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS85ZGNjMjUtNWIwYS00YzNlLTkxNDktNWE4MjMwZTc2NDNh
LzEvRlFLdmNUNDI1U3h4aG15S25yMnM4OWhpbTJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAkmYwDQYJ
KoZIhvcNAQELBQADggEBAE0vfrINvQ6kM3CJICUBhCJndwmzRSuWUKQVhLBlNuOf
xcETHhGn7idQVmU56axz1AUKwdFzHTh5YwdvhRLecF5W33De3lqvhSGCEFUYGkJT
EZr3A7AUeJzsMkoJG/mTJf/f+IEgyZhqJraWrAPEg1e+AQwNrcS+pj8UOe9FO6cI
UvVm7Zrymrb6NeCjTh0hTXN5nyPlLUS/dWmYqYUZuH8/VZQtOxx8ledHG00SlsAU
8jXUOMUgehoYAuFpiRVpLYJOpMZYvqIF1PqrjmhyOPVb96kzbfu+rT/K3FX4y7Ok
syFrXTEmEo7i9IQevLqyNDuvngLw96PtkzSN1VcbFCI=
-----END CERTIFICATE-----