Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/7b03d1-0e68-444f-9188-76e5ceb03fd9/1/TJqYJ8PgowX2_0fLvr-J92tN24Y.roa
File:                     TJqYJ8PgowX2_0fLvr-J92tN24Y.roa (raw, json)
Hash identifier:          SyEDMYr3gmhjsEM3DpobXAPSbcOSlzfmvEvbnyrm1xs=
Subject key identifier:   4C:9A:98:27:C3:E0:A3:05:F6:FF:47:CB:BE:BF:89:F7:6B:4D:DB:86
Certificate issuer:       /CN=1b3554498f3c8dd539c25a9d85348fab817eda23
Certificate serial:       01942143A20E423BA0EC0613E9A0FAD8DAFB
Authority key identifier: 1B:35:54:49:8F:3C:8D:D5:39:C2:5A:9D:85:34:8F:AB:81:7E:DA:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GzVUSY88jdU5wlqdhTSPq4F-2iM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/7b03d1-0e68-444f-9188-76e5ceb03fd9/1/TJqYJ8PgowX2_0fLvr-J92tN24Y.roa
Signing time:             Wed 01 Jan 2025 09:47:47 +0000
ROA not before:           Wed 01 Jan 2025 09:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60305
IP address blocks:        194.113.252.0/24 maxlen: 24
                          194.113.253.0/24 maxlen: 24
                          194.113.254.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/7b03d1-0e68-444f-9188-76e5ceb03fd9/1/GzVUSY88jdU5wlqdhTSPq4F-2iM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/7b03d1-0e68-444f-9188-76e5ceb03fd9/1/GzVUSY88jdU5wlqdhTSPq4F-2iM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GzVUSY88jdU5wlqdhTSPq4F-2iM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 15 Jan 2025 06:34:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:a2:0e:42:3b:a0:ec:06:13:e9:a0:fa:d8:da:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b3554498f3c8dd539c25a9d85348fab817eda23
        Validity
            Not Before: Jan  1 09:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c9a9827c3e0a305f6ff47cbbebf89f76b4ddb86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:c6:5b:8b:ba:93:35:8b:b4:3d:e8:97:a5:a7:
                    3b:90:d4:25:a2:db:d2:3e:63:6d:dd:80:29:ce:b2:
                    1c:7a:5d:a5:db:9e:7c:09:d3:0f:d3:97:f9:b9:04:
                    b6:cb:3b:cf:55:dd:c2:74:b3:a3:d1:ed:10:fc:b8:
                    cf:20:c2:d8:5d:00:e5:96:66:48:e6:bf:ef:15:70:
                    ec:cd:43:7b:2a:ed:ed:e8:cc:46:c4:19:3e:c7:c2:
                    5d:85:7d:b6:e4:ca:30:89:0d:4b:21:57:49:6f:f4:
                    cc:68:17:ec:f7:e6:54:4e:d3:a8:8c:ac:ab:bd:ac:
                    29:a1:ae:9f:df:4e:6f:fe:7c:1d:fb:6e:73:8e:aa:
                    40:9d:2e:8f:45:b7:de:83:15:27:53:53:08:6b:dc:
                    2d:32:e3:a8:40:1c:0f:69:17:89:b1:0f:f9:01:55:
                    82:00:45:f6:76:e9:a4:3d:ec:f3:90:af:59:a7:95:
                    63:a6:42:7b:ff:63:88:a7:8b:11:87:b7:20:93:c7:
                    0c:60:f0:5a:13:f3:ea:0f:ca:d5:d7:18:7b:4b:65:
                    36:34:b7:06:00:0e:66:48:ae:2d:4a:22:13:40:2d:
                    fd:ba:8e:ab:91:8e:36:93:b2:13:9b:d0:60:0b:e6:
                    16:06:1e:e1:d5:8d:08:28:f6:c6:a8:89:e0:4d:b2:
                    ca:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:9A:98:27:C3:E0:A3:05:F6:FF:47:CB:BE:BF:89:F7:6B:4D:DB:86
            X509v3 Authority Key Identifier:
                keyid:1B:35:54:49:8F:3C:8D:D5:39:C2:5A:9D:85:34:8F:AB:81:7E:DA:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GzVUSY88jdU5wlqdhTSPq4F-2iM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/7b03d1-0e68-444f-9188-76e5ceb03fd9/1/TJqYJ8PgowX2_0fLvr-J92tN24Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/7b03d1-0e68-444f-9188-76e5ceb03fd9/1/GzVUSY88jdU5wlqdhTSPq4F-2iM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         30:f4:7a:68:44:36:5a:a8:c4:15:8b:71:84:1b:55:1b:ff:8a:
         3f:f6:bf:e3:94:78:f7:f7:38:1d:1b:42:ea:1c:12:fb:c5:9f:
         0a:14:13:5c:66:2c:ca:94:e8:32:28:0f:88:ae:b2:25:87:4d:
         a2:43:5b:6c:3d:67:18:06:be:6f:6d:3e:61:3e:0a:aa:87:a3:
         9b:55:ce:56:34:58:38:c4:98:33:b8:5f:0b:46:ee:1f:3d:a1:
         cf:8f:2b:b1:e5:64:47:70:cf:4c:9e:ad:e3:76:0b:c5:0d:f8:
         c7:33:a4:a7:81:25:e0:af:65:d0:fd:2a:83:b4:97:04:dc:bb:
         57:a7:9d:7b:75:3d:ae:e5:0e:d2:78:5e:ff:4c:ee:98:a9:55:
         34:21:30:2b:0a:2c:fc:9f:58:ba:bd:65:cd:a6:bd:81:37:a9:
         df:51:cf:93:df:f0:d7:e5:49:bc:bb:b7:20:c0:77:1c:27:2a:
         e5:dc:f2:e5:0d:a0:c4:90:b5:21:ec:48:a1:58:fe:b7:b7:74:
         19:2d:22:cb:4b:a7:6d:2b:06:fc:10:b6:dc:ba:f9:90:22:f7:
         51:82:04:52:77:d3:8d:bb:46:d8:4d:2c:9c:8f:73:b2:43:66:
         fe:42:04:a0:cf:30:49:73:97:39:78:30:1d:27:4f:20:b9:ca:
         8a:6d:00:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ6IOQjug7AYT6aD62Nr7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMzU1NDQ5OGYzYzhkZDUzOWMyNWE5ZDg1MzQ4ZmFiODE3
ZWRhMjMwHhcNMjUwMTAxMDk0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzlhOTgyN2MzZTBhMzA1ZjZmZjQ3Y2JiZWJmODlmNzZiNGRkYjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8Zbi7qTNYu0PeiXpac7kNQlotvS
PmNt3YApzrIcel2l2558CdMP05f5uQS2yzvPVd3CdLOj0e0Q/LjPIMLYXQDllmZI
5r/vFXDszUN7Ku3t6MxGxBk+x8JdhX225MowiQ1LIVdJb/TMaBfs9+ZUTtOojKyr
vawpoa6f305v/nwd+25zjqpAnS6PRbfegxUnU1MIa9wtMuOoQBwPaReJsQ/5AVWC
AEX2dumkPezzkK9Zp5VjpkJ7/2OIp4sRh7cgk8cMYPBaE/PqD8rV1xh7S2U2NLcG
AA5mSK4tSiITQC39uo6rkY42k7ITm9BgC+YWBh7h1Y0IKPbGqIngTbLKRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEyamCfD4KMF9v9Hy76/ifdrTduGMB8GA1UdIwQY
MBaAFBs1VEmPPI3VOcJanYU0j6uBftojMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3pWVVNZODhqZFU1d2xxZGhUU1BxNEYtMmlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy83YjAzZDEtMGU2OC00NDRmLTkxODgt
NzZlNWNlYjAzZmQ5LzEvVEpxWUo4UGdvd1gyXzBmTHZyLUo5MnROMjRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy83YjAzZDEtMGU2OC00NDRmLTkxODgtNzZlNWNlYjAzZmQ5
LzEvR3pWVVNZODhqZFU1d2xxZGhUU1BxNEYtMmlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwnH8MA0G
CSqGSIb3DQEBCwUAA4IBAQAw9HpoRDZaqMQVi3GEG1Ub/4o/9r/jlHj39zgdG0Lq
HBL7xZ8KFBNcZizKlOgyKA+IrrIlh02iQ1tsPWcYBr5vbT5hPgqqh6ObVc5WNFg4
xJgzuF8LRu4fPaHPjyux5WRHcM9Mnq3jdgvFDfjHM6SngSXgr2XQ/SqDtJcE3LtX
p517dT2u5Q7SeF7/TO6YqVU0ITArCiz8n1i6vWXNpr2BN6nfUc+T3/DX5Um8u7cg
wHccJyrl3PLlDaDEkLUh7EihWP63t3QZLSLLS6dtKwb8ELbcuvmQIvdRggRSd9ON
u0bYTSycj3OyQ2b+QgSgzzBJc5c5eDAdJ08gucqKbQCL
-----END CERTIFICATE-----