Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/TGiwblau9vQbavBSn9XwumDVk7I.roa
File:                     TGiwblau9vQbavBSn9XwumDVk7I.roa (raw, json)
Hash identifier:          PUi0h0Vu1h2zla5gN/4AvJhh+6VPshGAasVZ8Z6yurE=
Subject key identifier:   4C:68:B0:6E:56:AE:F6:F4:1B:6A:F0:52:9F:D5:F0:BA:60:D5:93:B2
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143FA2C9317E55146C6998E208F726C
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/TGiwblau9vQbavBSn9XwumDVk7I.roa
Signing time:             Wed 01 Jan 2025 09:48:10 +0000
ROA not before:           Wed 01 Jan 2025 09:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     151872
IP address blocks:        109.176.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:fa:2c:93:17:e5:51:46:c6:99:8e:20:8f:72:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c68b06e56aef6f41b6af0529fd5f0ba60d593b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:89:57:6f:c1:ad:e7:ee:c0:d2:00:7b:5f:f8:
                    b6:c2:89:48:b2:8e:41:09:3b:89:03:3b:bb:d6:f9:
                    aa:c9:09:4e:84:6d:08:99:e6:c6:2f:24:61:75:bd:
                    00:47:4c:c2:2b:4b:75:cd:96:f8:58:a1:11:fb:2a:
                    98:9d:8a:70:05:26:0c:63:91:a1:9e:aa:98:45:32:
                    ca:cd:04:a5:f7:98:d4:c4:4e:69:5e:c7:62:5a:7a:
                    7b:cc:bf:16:46:20:fc:64:1f:dd:02:44:25:51:16:
                    76:06:de:5e:c0:67:bc:06:5a:06:81:da:73:3c:d5:
                    8b:c4:50:24:9c:9c:69:f6:02:b3:5f:06:69:d4:db:
                    62:3f:c2:ac:90:66:54:66:ef:af:03:c6:e3:62:16:
                    87:e8:2b:b4:5d:bf:c0:3b:c9:3b:b1:0b:5a:35:11:
                    30:7f:d4:f6:93:39:5d:5c:84:a5:c5:70:75:f5:b8:
                    2d:c2:d6:a9:78:53:f1:f2:a0:2d:17:ed:0d:fe:0a:
                    71:0f:fc:c6:b0:8f:71:65:f7:33:46:55:50:83:4d:
                    07:72:1e:17:9a:a8:cd:e7:b6:62:31:d6:8f:9e:1e:
                    7a:bc:dc:aa:6b:f1:87:67:21:88:33:fd:14:b3:7a:
                    92:f6:56:d2:56:1b:eb:c5:31:bc:00:16:c3:f2:cf:
                    ff:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:68:B0:6E:56:AE:F6:F4:1B:6A:F0:52:9F:D5:F0:BA:60:D5:93:B2
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/TGiwblau9vQbavBSn9XwumDVk7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:ee:89:1f:c2:6e:18:b1:99:bb:16:00:8d:9a:8f:5d:0f:40:
         9c:7a:93:25:d1:84:1f:d4:84:ed:53:ea:a5:a7:8f:f1:97:ef:
         a8:32:b8:65:58:92:4b:c9:74:c3:a8:62:77:d1:ac:18:2e:10:
         da:4b:64:f3:67:99:9b:10:af:3e:67:ab:07:38:53:80:a2:68:
         63:dd:3d:e1:e7:38:5e:c7:63:47:68:40:b8:f2:0b:90:c7:c9:
         45:bb:a6:f2:20:de:3a:3a:77:41:04:b4:bf:8b:bc:9e:f7:a5:
         e8:92:a9:71:49:6f:5f:3e:2f:f2:5e:4a:d1:36:24:67:bd:66:
         5d:f4:82:02:dd:eb:42:26:53:c8:24:63:21:5d:74:90:64:e6:
         d1:fc:f3:41:ac:b4:51:2c:fe:62:73:1f:f2:7a:9f:b9:d1:40:
         06:80:5c:88:1a:5b:6b:0c:12:e3:55:11:75:d5:49:b7:20:25:
         44:ef:97:ad:2d:fe:d6:5e:06:15:e2:7c:97:2e:a4:b1:15:4d:
         b5:98:45:1e:d7:4b:7d:5f:7b:05:d2:2f:bd:62:60:8e:33:eb:
         17:a0:b5:85:12:c5:4e:94:02:bd:86:ea:75:cd:54:03:98:f7:
         b9:d7:55:7e:ae:b5:0b:98:e8:e4:54:d0:39:08:cd:88:3f:52:
         eb:8b:9c:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ/oskxflUUbGmY4gj3JsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzY4YjA2ZTU2YWVmNmY0MWI2YWYwNTI5ZmQ1ZjBiYTYwZDU5M2IyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj4lXb8Gt5+7A0gB7X/i2wolIso5B
CTuJAzu71vmqyQlOhG0ImebGLyRhdb0AR0zCK0t1zZb4WKER+yqYnYpwBSYMY5Gh
nqqYRTLKzQSl95jUxE5pXsdiWnp7zL8WRiD8ZB/dAkQlURZ2Bt5ewGe8BloGgdpz
PNWLxFAknJxp9gKzXwZp1NtiP8KskGZUZu+vA8bjYhaH6Cu0Xb/AO8k7sQtaNREw
f9T2kzldXISlxXB19bgtwtapeFPx8qAtF+0N/gpxD/zGsI9xZfczRlVQg00Hch4X
mqjN57ZiMdaPnh56vNyqa/GHZyGIM/0Us3qS9lbSVhvrxTG8ABbD8s//KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFExosG5Wrvb0G2rwUp/V8Lpg1ZOyMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVEdpd2JsYXU5dlFiYXZCU245WHd1bURWazdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbAWMA0G
CSqGSIb3DQEBCwUAA4IBAQCQ7okfwm4YsZm7FgCNmo9dD0CcepMl0YQf1ITtU+ql
p4/xl++oMrhlWJJLyXTDqGJ30awYLhDaS2TzZ5mbEK8+Z6sHOFOAomhj3T3h5zhe
x2NHaEC48guQx8lFu6byIN46OndBBLS/i7ye96XokqlxSW9fPi/yXkrRNiRnvWZd
9IIC3etCJlPIJGMhXXSQZObR/PNBrLRRLP5icx/yep+50UAGgFyIGltrDBLjVRF1
1Um3ICVE75etLf7WXgYV4nyXLqSxFU21mEUe10t9X3sF0i+9YmCOM+sXoLWFEsVO
lAK9hup1zVQDmPe511V+rrULmOjkVNA5CM2IP1Lri5xk
-----END CERTIFICATE-----