Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/cbbedc-b7bc-4255-bc41-e36e8d293ae0/1/tsrNBESAlUjzygDHgS7gEuqfQn0.roa
File:                     tsrNBESAlUjzygDHgS7gEuqfQn0.roa (raw, json)
Hash identifier:          6Jn0pVJqrN6B9jn7fLfe3kxST0CupCM2snjZV9wb1no=
Subject key identifier:   B6:CA:CD:04:44:80:95:48:F3:CA:00:C7:81:2E:E0:12:EA:9F:42:7D
Certificate issuer:       /CN=1404e18e8616705ec0f290e57ca829a82f5f96c2
Certificate serial:       0195F0629ED91A42F660F03495951179AE5F
Authority key identifier: 14:04:E1:8E:86:16:70:5E:C0:F2:90:E5:7C:A8:29:A8:2F:5F:96:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FAThjoYWcF7A8pDlfKgpqC9flsI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/cbbedc-b7bc-4255-bc41-e36e8d293ae0/1/tsrNBESAlUjzygDHgS7gEuqfQn0.roa
Signing time:             Tue 01 Apr 2025 08:05:49 +0000
ROA not before:           Tue 01 Apr 2025 08:05:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31673
IP address blocks:        185.88.188.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/cbbedc-b7bc-4255-bc41-e36e8d293ae0/1/FAThjoYWcF7A8pDlfKgpqC9flsI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/cbbedc-b7bc-4255-bc41-e36e8d293ae0/1/FAThjoYWcF7A8pDlfKgpqC9flsI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FAThjoYWcF7A8pDlfKgpqC9flsI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 11:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f0:62:9e:d9:1a:42:f6:60:f0:34:95:95:11:79:ae:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1404e18e8616705ec0f290e57ca829a82f5f96c2
        Validity
            Not Before: Apr  1 08:05:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b6cacd0444809548f3ca00c7812ee012ea9f427d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ff:f0:a0:3b:dc:23:cc:aa:e9:f0:43:50:25:
                    b9:d5:23:b5:81:d5:cc:e7:b1:ac:0d:b8:74:e1:52:
                    67:8b:3d:68:59:cc:d1:84:36:c6:e6:38:aa:fd:16:
                    4d:8a:b9:4a:94:08:a2:fe:6a:e9:a9:dd:a0:c9:71:
                    9b:f3:16:70:c9:63:28:e8:95:c5:19:18:5f:39:44:
                    9b:cb:04:a9:b7:cd:fc:0b:d1:c2:08:a0:f9:82:93:
                    80:5f:27:e5:15:65:95:ae:72:db:a1:96:fd:de:70:
                    0e:9d:ed:e7:e2:75:e2:21:fc:6a:56:c0:b1:33:2d:
                    74:a5:18:33:84:f6:fe:e7:67:f9:ab:66:85:4e:cc:
                    ef:ae:31:98:fd:4f:b9:46:02:28:56:aa:04:97:58:
                    f0:7d:be:36:f6:61:1d:b9:8d:54:b4:f2:5e:c8:84:
                    c3:3d:71:50:37:58:55:1b:5d:19:ee:01:f0:f6:1d:
                    5f:88:64:38:c6:6d:89:4b:c1:a0:33:44:ff:8e:50:
                    99:16:53:91:32:d8:67:99:79:0d:f1:c3:9a:ce:c6:
                    60:ec:65:2b:78:f1:14:ea:4b:f7:78:3e:4d:21:c3:
                    b8:de:d6:18:fc:49:5f:57:bf:b0:d2:78:c9:ba:32:
                    9d:e9:2a:59:59:1a:71:4d:a8:12:b2:99:84:92:08:
                    b8:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:CA:CD:04:44:80:95:48:F3:CA:00:C7:81:2E:E0:12:EA:9F:42:7D
            X509v3 Authority Key Identifier:
                keyid:14:04:E1:8E:86:16:70:5E:C0:F2:90:E5:7C:A8:29:A8:2F:5F:96:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FAThjoYWcF7A8pDlfKgpqC9flsI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/cbbedc-b7bc-4255-bc41-e36e8d293ae0/1/tsrNBESAlUjzygDHgS7gEuqfQn0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/cbbedc-b7bc-4255-bc41-e36e8d293ae0/1/FAThjoYWcF7A8pDlfKgpqC9flsI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a1:fc:96:64:29:03:34:05:1c:35:e4:52:93:4a:e9:5c:1c:89:
         47:91:5c:c3:5e:24:32:98:61:4a:b6:55:93:79:15:2a:96:a2:
         ee:58:aa:ca:3a:07:1c:fc:c3:25:a0:ce:33:be:e8:fa:c8:49:
         ca:52:59:85:fe:18:c0:a1:9a:65:61:77:cc:58:6a:c7:fb:fd:
         cd:53:fd:13:51:39:93:d3:18:5b:6b:17:22:ae:fa:8e:9d:e6:
         5c:83:e3:88:c3:ac:53:6b:9a:23:64:ad:2d:5a:36:d3:b8:6e:
         6b:d8:7c:00:3d:ae:75:cd:3c:2e:b9:95:44:75:f7:5c:96:7d:
         e7:05:bf:45:3d:c3:59:34:fa:9e:66:47:1a:34:4e:61:10:b9:
         b1:24:db:40:f5:ad:5d:ef:c0:24:b7:1f:f1:53:2c:0f:41:59:
         a8:e7:26:87:b1:b7:56:c9:79:13:72:8a:76:e3:97:0e:9d:bb:
         09:d9:dd:53:01:05:65:33:6e:18:d0:b3:1c:a1:b2:03:40:d7:
         88:1c:d4:bf:5e:2c:49:c6:ec:80:5b:6d:fb:cd:4b:1e:cd:3b:
         f9:5c:ce:fe:32:82:42:a3:82:b5:b9:c1:00:ee:b4:3b:32:3d:
         3a:e3:a8:b1:ea:9b:0d:fc:b2:2a:a8:d6:81:47:e5:a8:df:e3:
         28:fc:1c:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXwYp7ZGkL2YPA0lZURea5fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0MDRlMThlODYxNjcwNWVjMGYyOTBlNTdjYTgyOWE4MmY1
Zjk2YzIwHhcNMjUwNDAxMDgwNTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmNhY2QwNDQ0ODA5NTQ4ZjNjYTAwYzc4MTJlZTAxMmVhOWY0MjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsP/woDvcI8yq6fBDUCW51SO1gdXM
57GsDbh04VJniz1oWczRhDbG5jiq/RZNirlKlAii/mrpqd2gyXGb8xZwyWMo6JXF
GRhfOUSbywSpt838C9HCCKD5gpOAXyflFWWVrnLboZb93nAOne3n4nXiIfxqVsCx
My10pRgzhPb+52f5q2aFTszvrjGY/U+5RgIoVqoEl1jwfb429mEduY1UtPJeyITD
PXFQN1hVG10Z7gHw9h1fiGQ4xm2JS8GgM0T/jlCZFlORMthnmXkN8cOazsZg7GUr
ePEU6kv3eD5NIcO43tYY/ElfV7+w0njJujKd6SpZWRpxTagSspmEkgi4aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLbKzQREgJVI88oAx4Eu4BLqn0J9MB8GA1UdIwQY
MBaAFBQE4Y6GFnBewPKQ5XyoKagvX5bCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkFUaGpvWVdjRjdBOHBEbGZLZ3BxQzlmbHNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9jYmJlZGMtYjdiYy00MjU1LWJjNDEt
ZTM2ZThkMjkzYWUwLzEvdHNyTkJFU0FsVWp6eWdESGdTN2dFdXFmUW4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9jYmJlZGMtYjdiYy00MjU1LWJjNDEtZTM2ZThkMjkzYWUw
LzEvRkFUaGpvWVdjRjdBOHBEbGZLZ3BxQzlmbHNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVi8MA0G
CSqGSIb3DQEBCwUAA4IBAQCh/JZkKQM0BRw15FKTSulcHIlHkVzDXiQymGFKtlWT
eRUqlqLuWKrKOgcc/MMloM4zvuj6yEnKUlmF/hjAoZplYXfMWGrH+/3NU/0TUTmT
0xhbaxcirvqOneZcg+OIw6xTa5ojZK0tWjbTuG5r2HwAPa51zTwuuZVEdfdcln3n
Bb9FPcNZNPqeZkcaNE5hELmxJNtA9a1d78Aktx/xUywPQVmo5yaHsbdWyXkTcop2
45cOnbsJ2d1TAQVlM24Y0LMcobIDQNeIHNS/XixJxuyAW237zUsezTv5XM7+MoJC
o4K1ucEA7rQ7Mj0646ix6psN/LIqqNaBR+Wo3+Mo/Bxk
-----END CERTIFICATE-----