Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/TdH4VD6T_W7SNxHyfXSkewIXlcU.roa
File:                     TdH4VD6T_W7SNxHyfXSkewIXlcU.roa (raw, json)
Hash identifier:          HVZZjaWlI31wWUg78IHwXGlTps+LYdv9vaJeYnF13Bo=
Subject key identifier:   4D:D1:F8:54:3E:93:FD:6E:D2:37:11:F2:7D:74:A4:7B:02:17:95:C5
Certificate issuer:       /CN=9da140e8028e6d537600e0888a9af5a971c5db46
Certificate serial:       01941FFA3E30A028F9A588C2942196F44F3B
Authority key identifier: 9D:A1:40:E8:02:8E:6D:53:76:00:E0:88:8A:9A:F5:A9:71:C5:DB:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/naFA6AKObVN2AOCIipr1qXHF20Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/TdH4VD6T_W7SNxHyfXSkewIXlcU.roa
Signing time:             Wed 01 Jan 2025 03:48:01 +0000
ROA not before:           Wed 01 Jan 2025 03:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1299
IP address blocks:        192.89.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/naFA6AKObVN2AOCIipr1qXHF20Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/naFA6AKObVN2AOCIipr1qXHF20Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/naFA6AKObVN2AOCIipr1qXHF20Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 23:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:3e:30:a0:28:f9:a5:88:c2:94:21:96:f4:4f:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9da140e8028e6d537600e0888a9af5a971c5db46
        Validity
            Not Before: Jan  1 03:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4dd1f8543e93fd6ed23711f27d74a47b021795c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:98:e3:c4:13:47:bd:89:96:42:ec:32:dd:20:
                    2e:75:34:96:9a:9b:62:73:4c:e5:6a:b8:5d:01:d6:
                    79:0c:f3:29:08:7f:81:5e:6f:e8:b7:65:d0:a3:83:
                    85:2d:40:2c:b8:5a:0e:bc:a1:3d:b4:ce:36:46:25:
                    9b:35:8d:83:dc:ff:a3:75:28:06:3a:5f:b0:7e:f1:
                    8a:db:76:e9:da:11:63:97:21:e2:69:d0:a8:b3:91:
                    50:7e:26:0e:b3:45:18:55:f1:df:8b:fa:f5:2f:b0:
                    d5:aa:55:c7:96:db:4b:3e:5f:e1:4d:a8:a1:18:f2:
                    20:66:b1:fa:5c:10:ce:dc:76:1f:92:fb:03:90:a7:
                    8f:f5:1e:e8:42:79:77:b3:b7:0c:b7:22:d0:aa:20:
                    65:d7:ea:16:de:7a:3e:fc:f6:ee:12:ac:f5:86:a8:
                    55:44:30:97:ef:f1:89:f9:19:77:1f:2a:76:57:a2:
                    99:16:75:bc:cf:a4:6d:b1:09:36:29:53:6e:02:b1:
                    af:42:dc:8b:8a:f1:a7:20:17:b2:3a:c6:35:b1:3e:
                    fa:57:fb:e6:e2:11:22:f3:5b:8a:02:57:5c:4c:77:
                    2c:8d:c3:80:e3:1b:01:76:9b:20:51:4f:41:45:d2:
                    ae:a9:37:10:f5:35:b5:f7:d6:bb:b9:1a:9d:e8:17:
                    cf:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:D1:F8:54:3E:93:FD:6E:D2:37:11:F2:7D:74:A4:7B:02:17:95:C5
            X509v3 Authority Key Identifier:
                keyid:9D:A1:40:E8:02:8E:6D:53:76:00:E0:88:8A:9A:F5:A9:71:C5:DB:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/naFA6AKObVN2AOCIipr1qXHF20Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/TdH4VD6T_W7SNxHyfXSkewIXlcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/naFA6AKObVN2AOCIipr1qXHF20Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.89.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:b2:b8:45:57:f5:ed:ec:f1:d8:78:33:cc:fd:32:0b:8e:2f:
         0a:2e:16:ab:ee:6c:60:2d:36:0a:91:88:09:39:ac:58:6d:97:
         49:75:99:aa:fa:47:0d:ed:ed:ad:b8:d9:15:83:e7:5b:ec:2b:
         f3:2a:a7:8d:bb:28:14:5a:19:99:97:03:20:18:68:be:c5:3d:
         5b:60:27:13:5c:db:62:83:0d:6c:ae:4a:ae:58:19:50:75:1a:
         e7:e1:77:15:98:52:12:d0:5d:89:1f:ee:65:69:b8:21:1f:84:
         14:4a:e4:42:bf:d7:a9:7b:4e:c9:0d:15:a9:80:fb:33:16:84:
         8f:56:58:3d:fe:6c:d0:8f:f1:60:12:05:c6:87:84:7e:50:71:
         c9:5f:ba:23:d5:2e:ce:c6:d8:ee:68:75:23:5f:ee:b3:e7:2e:
         08:ba:22:2c:7d:f9:cb:4d:73:0d:d9:3d:1b:19:b2:39:52:e4:
         1b:8c:ed:c8:e5:74:fa:45:4b:e1:71:7d:1e:0d:c3:e6:f8:aa:
         27:11:f8:6d:f5:7a:5e:3b:60:5e:c4:1e:a8:06:74:f3:9c:d2:
         99:43:b8:a1:da:3a:ea:fb:74:b6:2b:9b:e7:8c:26:e0:b9:f6:
         f3:9e:1b:e3:a4:96:ee:79:81:5e:c9:f0:da:94:29:cc:b9:57:
         b6:39:87:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+j4woCj5pYjClCGW9E87MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkYTE0MGU4MDI4ZTZkNTM3NjAwZTA4ODhhOWFmNWE5NzFj
NWRiNDYwHhcNMjUwMTAxMDM0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGQxZjg1NDNlOTNmZDZlZDIzNzExZjI3ZDc0YTQ3YjAyMTc5NWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpjjxBNHvYmWQuwy3SAudTSWmpti
c0zlarhdAdZ5DPMpCH+BXm/ot2XQo4OFLUAsuFoOvKE9tM42RiWbNY2D3P+jdSgG
Ol+wfvGK23bp2hFjlyHiadCos5FQfiYOs0UYVfHfi/r1L7DVqlXHlttLPl/hTaih
GPIgZrH6XBDO3HYfkvsDkKeP9R7oQnl3s7cMtyLQqiBl1+oW3no+/PbuEqz1hqhV
RDCX7/GJ+Rl3Hyp2V6KZFnW8z6RtsQk2KVNuArGvQtyLivGnIBeyOsY1sT76V/vm
4hEi81uKAldcTHcsjcOA4xsBdpsgUU9BRdKuqTcQ9TW199a7uRqd6BfPIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE3R+FQ+k/1u0jcR8n10pHsCF5XFMB8GA1UdIwQY
MBaAFJ2hQOgCjm1TdgDgiIqa9alxxdtGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmFGQTZBS09iVk4yQU9DSWlwcjFxWEhGMjBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8xMjY3NTUtZWVkZC00MGIxLTk1ZTgt
YTRjYThiOWMyMDViLzEvVGRINFZENlRfVzdTTnhIeWZYU2tld0lYbGNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8xMjY3NTUtZWVkZC00MGIxLTk1ZTgtYTRjYThiOWMyMDVi
LzEvbmFGQTZBS09iVk4yQU9DSWlwcjFxWEhGMjBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwFnaMA0G
CSqGSIb3DQEBCwUAA4IBAQBtsrhFV/Xt7PHYeDPM/TILji8KLhar7mxgLTYKkYgJ
OaxYbZdJdZmq+kcN7e2tuNkVg+db7CvzKqeNuygUWhmZlwMgGGi+xT1bYCcTXNti
gw1srkquWBlQdRrn4XcVmFIS0F2JH+5labghH4QUSuRCv9epe07JDRWpgPszFoSP
Vlg9/mzQj/FgEgXGh4R+UHHJX7oj1S7OxtjuaHUjX+6z5y4IuiIsffnLTXMN2T0b
GbI5UuQbjO3I5XT6RUvhcX0eDcPm+KonEfht9XpeO2BexB6oBnTznNKZQ7ih2jrq
+3S2K5vnjCbgufbznhvjpJbueYFeyfDalCnMuVe2OYcG
-----END CERTIFICATE-----