Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/tet1UpkNF4m49gaNV1wqX_41RwU.roa
File:                     tet1UpkNF4m49gaNV1wqX_41RwU.roa (raw, json)
Hash identifier:          UvbgTGODLvjXSaKQKlrI6Smp2EaxWDnRTLvohVvGsXY=
Subject key identifier:   B5:EB:75:52:99:0D:17:89:B8:F6:06:8D:57:5C:2A:5F:FE:35:47:05
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       0194244487CBF3C2B25F5CF6E42BCAAF311B
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/tet1UpkNF4m49gaNV1wqX_41RwU.roa
Signing time:             Wed 01 Jan 2025 23:47:38 +0000
ROA not before:           Wed 01 Jan 2025 23:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     22773
IP address blocks:        185.213.150.0/24 maxlen: 24
                          185.254.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:87:cb:f3:c2:b2:5f:5c:f6:e4:2b:ca:af:31:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  1 23:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b5eb7552990d1789b8f6068d575c2a5ffe354705
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:3a:09:aa:c2:eb:a1:9f:11:5e:f2:53:6f:16:
                    c7:2c:5a:31:7d:dd:02:75:18:02:d0:1d:da:5f:b6:
                    c0:2c:fe:c1:af:86:f6:0c:9d:ee:6f:19:71:7f:da:
                    18:29:28:c9:e2:c6:60:44:df:5b:8f:ef:6d:1a:db:
                    66:1e:0d:a7:de:8b:58:a6:09:66:5e:a1:52:9e:42:
                    d6:d4:f1:af:6d:92:df:e2:0a:70:3d:98:34:d7:9f:
                    a5:16:70:6a:1d:99:f2:4b:20:69:45:ba:82:53:e6:
                    70:96:ff:5c:86:e7:cf:83:93:c8:1b:a4:b3:c0:93:
                    d7:98:d0:a8:4f:7f:a4:9d:35:35:d2:ba:e1:ef:84:
                    31:47:96:09:47:31:b9:44:07:89:3b:54:10:1e:b2:
                    1e:1d:43:0c:fe:a9:e5:d3:80:73:d3:86:97:f7:13:
                    2b:01:0b:b9:3e:38:23:bf:a6:a8:9c:90:1b:64:7e:
                    65:a1:4f:24:da:89:14:f8:79:63:ac:1e:6a:e6:7a:
                    25:5e:25:d5:57:af:ee:74:ae:ed:08:d0:f8:8e:d8:
                    44:dd:2b:f2:c2:f5:37:cf:99:4e:83:a2:60:a4:90:
                    05:ec:b9:2f:31:9a:d9:48:d0:0d:9c:98:13:a5:51:
                    17:8b:73:cf:b7:89:13:95:5b:ae:aa:72:a2:78:f6:
                    52:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:EB:75:52:99:0D:17:89:B8:F6:06:8D:57:5C:2A:5F:FE:35:47:05
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/tet1UpkNF4m49gaNV1wqX_41RwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.213.150.0/24
                  185.254.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:3e:dd:a5:aa:bf:d1:f8:b2:fc:1c:d6:00:d2:ce:dd:65:3a:
         32:09:87:9c:2b:1f:f5:ab:cc:77:86:13:2f:14:32:5d:b1:f9:
         cf:a8:47:08:56:81:bf:68:28:a9:ce:1c:43:5c:b5:0f:e6:f6:
         f0:e7:17:b1:5b:56:d6:2d:54:34:6f:02:ea:aa:5c:a9:dc:9a:
         a2:cf:b2:87:f5:bd:22:15:a9:36:b9:34:d2:84:81:39:6c:54:
         53:cf:10:9d:13:67:92:a8:bb:38:36:ae:f6:e3:62:ae:e5:5f:
         f7:7e:a6:af:19:d5:bc:21:e2:08:dc:41:76:a3:9b:34:9d:6c:
         93:f1:bc:10:57:00:ce:21:cd:57:a6:ca:16:9f:3e:d9:7a:de:
         2a:37:59:fc:8c:6d:67:f1:84:1f:4a:40:08:43:78:0c:1e:b0:
         a8:90:ad:4d:f4:13:d2:42:8b:40:4f:92:68:f4:cc:94:d4:4f:
         a2:81:6d:81:b9:77:43:11:8c:8a:96:2a:58:8e:3f:42:08:dd:
         a4:bf:2c:69:0d:58:fb:cb:ff:47:cf:8b:86:9e:68:94:f0:6c:
         37:a5:e1:e2:91:b7:cb:4b:6a:27:94:a1:ec:f0:5e:13:fa:be:
         fa:4c:bc:ac:00:2c:3e:c0:a4:a6:11:41:ea:60:78:89:1e:be:
         6c:76:d6:00
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQkRIfL88KyX1z25CvKrzEbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjUwMTAxMjM0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWViNzU1Mjk5MGQxNzg5YjhmNjA2OGQ1NzVjMmE1ZmZlMzU0NzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtToJqsLroZ8RXvJTbxbHLFoxfd0C
dRgC0B3aX7bALP7Br4b2DJ3ubxlxf9oYKSjJ4sZgRN9bj+9tGttmHg2n3otYpglm
XqFSnkLW1PGvbZLf4gpwPZg015+lFnBqHZnySyBpRbqCU+Zwlv9chufPg5PIG6Sz
wJPXmNCoT3+knTU10rrh74QxR5YJRzG5RAeJO1QQHrIeHUMM/qnl04Bz04aX9xMr
AQu5Pjgjv6aonJAbZH5loU8k2okU+HljrB5q5nolXiXVV6/udK7tCND4jthE3Svy
wvU3z5lOg6JgpJAF7LkvMZrZSNANnJgTpVEXi3PPt4kTlVuuqnKiePZSiwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLXrdVKZDReJuPYGjVdcKl/+NUcFMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvdGV0MVVwa05GNG00OWdhTlYxd3FYXzQxUndVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAudWWAwQA
uf5IMA0GCSqGSIb3DQEBCwUAA4IBAQBlPt2lqr/R+LL8HNYA0s7dZToyCYecKx/1
q8x3hhMvFDJdsfnPqEcIVoG/aCipzhxDXLUP5vbw5xexW1bWLVQ0bwLqqlyp3Jqi
z7KH9b0iFak2uTTShIE5bFRTzxCdE2eSqLs4Nq7242Ku5V/3fqavGdW8IeII3EF2
o5s0nWyT8bwQVwDOIc1XpsoWnz7Zet4qN1n8jG1n8YQfSkAIQ3gMHrCokK1N9BPS
QotAT5Jo9MyU1E+igW2BuXdDEYyKlipYjj9CCN2kvyxpDVj7y/9Hz4uGnmiU8Gw3
peHikbfLS2onlKHs8F4T+r76TLysACw+wKSmEUHqYHiJHr5sdtYA
-----END CERTIFICATE-----