Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/25e972-2842-4514-8ade-c0166d97010d/1/TPjf70pa6qBZmpfYB0iX9CcL4Y4.roa
File:                     TPjf70pa6qBZmpfYB0iX9CcL4Y4.roa (raw, json)
Hash identifier:          swAbvLbVBmlLATlL/hX7o87L+INYtKkOcONzc8lraTI=
Subject key identifier:   4C:F8:DF:EF:4A:5A:EA:A0:59:9A:97:D8:07:48:97:F4:27:0B:E1:8E
Certificate issuer:       /CN=69726a961336fbe7820b3d748e812f495c872d35
Certificate serial:       019420D649986254D7D9A0D88B43986C94AB
Authority key identifier: 69:72:6A:96:13:36:FB:E7:82:0B:3D:74:8E:81:2F:49:5C:87:2D:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aXJqlhM2--eCCz10joEvSVyHLTU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/25e972-2842-4514-8ade-c0166d97010d/1/TPjf70pa6qBZmpfYB0iX9CcL4Y4.roa
Signing time:             Wed 01 Jan 2025 07:48:21 +0000
ROA not before:           Wed 01 Jan 2025 07:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210653
IP address blocks:        194.8.86.0/23 maxlen: 24
                          194.9.0.0/23 maxlen: 24
                          2a0f:ee80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/25e972-2842-4514-8ade-c0166d97010d/1/aXJqlhM2--eCCz10joEvSVyHLTU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/25e972-2842-4514-8ade-c0166d97010d/1/aXJqlhM2--eCCz10joEvSVyHLTU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aXJqlhM2--eCCz10joEvSVyHLTU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:49:98:62:54:d7:d9:a0:d8:8b:43:98:6c:94:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69726a961336fbe7820b3d748e812f495c872d35
        Validity
            Not Before: Jan  1 07:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4cf8dfef4a5aeaa0599a97d8074897f4270be18e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:00:f2:c4:c2:01:1d:71:c3:38:ca:f1:45:b3:
                    45:4a:80:01:ce:05:8c:2f:d4:af:bd:0c:8f:da:7b:
                    7a:be:41:06:76:9b:7e:d4:7d:e7:c4:03:18:1e:b6:
                    7c:de:13:bc:3a:10:8a:61:db:3f:e3:4a:b0:0b:79:
                    29:f1:9d:b1:17:96:c9:75:d0:73:f6:a3:59:a8:b6:
                    7c:c8:66:a8:af:21:ff:bb:72:a7:51:85:2e:36:4d:
                    cd:9e:a3:e0:67:2b:0d:af:8c:c6:b2:ee:23:0b:9c:
                    39:f2:85:bf:99:b5:49:d3:c3:b1:dd:ca:67:5c:ba:
                    63:c1:2e:bb:ed:5b:4f:30:e6:a3:cb:47:33:50:1c:
                    45:9b:e9:7b:25:6e:26:ca:0d:93:39:5b:19:2b:de:
                    07:b4:e0:5d:1b:08:3a:80:b7:92:2c:09:07:43:06:
                    d0:5e:d9:75:30:68:b2:28:32:73:91:72:00:14:f3:
                    87:7c:65:39:e8:40:1b:83:f6:30:4f:8c:d0:56:e8:
                    a5:e9:d1:6f:f6:18:87:f9:c8:a7:8e:cb:e4:47:c4:
                    a0:d2:9b:e6:c6:67:45:74:d8:ea:a1:c2:82:70:a1:
                    f7:5b:01:13:dd:80:9a:57:45:b3:00:77:fc:6c:a7:
                    99:e7:be:32:54:9f:07:9e:ad:9d:32:ef:82:9a:ce:
                    b8:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:F8:DF:EF:4A:5A:EA:A0:59:9A:97:D8:07:48:97:F4:27:0B:E1:8E
            X509v3 Authority Key Identifier:
                keyid:69:72:6A:96:13:36:FB:E7:82:0B:3D:74:8E:81:2F:49:5C:87:2D:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aXJqlhM2--eCCz10joEvSVyHLTU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/25e972-2842-4514-8ade-c0166d97010d/1/TPjf70pa6qBZmpfYB0iX9CcL4Y4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/25e972-2842-4514-8ade-c0166d97010d/1/aXJqlhM2--eCCz10joEvSVyHLTU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.8.86.0/23
                  194.9.0.0/23
                IPv6:
                  2a0f:ee80::/29

    Signature Algorithm: sha256WithRSAEncryption
         25:fc:6c:9f:c6:a0:2e:13:b1:c2:73:a5:06:4c:40:09:bc:9c:
         8e:12:b0:ca:20:53:09:b2:3e:fe:45:64:d0:58:ae:92:a9:77:
         93:32:fa:36:3f:c9:3c:d6:ff:01:93:43:2e:4c:e8:8a:ba:7e:
         59:45:b5:80:8c:55:07:21:03:c5:32:90:d7:30:42:f0:68:1d:
         90:ef:3d:9a:23:6c:f6:3f:d8:48:24:7c:3f:00:04:ba:c6:75:
         67:fc:8e:ae:f5:16:bf:f8:30:d5:98:a1:3f:1b:be:10:9e:af:
         36:64:50:75:61:40:c0:3d:93:26:aa:f9:7a:b1:77:7e:bd:b7:
         30:7a:9a:67:1f:5c:b1:56:4d:7e:0d:9a:f3:9b:47:d2:d2:d1:
         a7:ce:ad:56:ad:91:d9:8b:99:26:76:01:38:84:53:95:6b:16:
         25:19:a1:5b:68:46:e7:e9:20:57:0b:97:ec:51:70:a3:e6:f7:
         c2:0b:e6:45:ac:82:9e:47:ae:0a:d2:22:00:16:aa:bd:fc:f7:
         e2:a9:87:e7:66:ca:6c:6c:f1:2c:dc:4a:71:01:d8:12:a2:2c:
         c1:cf:21:08:46:86:91:ec:c6:df:f9:d7:73:d3:45:48:19:bc:
         07:9f:34:a5:b5:7b:d7:f1:a7:c1:2f:25:74:82:a2:c4:d8:a4:
         22:1d:30:0b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQg1kmYYlTX2aDYi0OYbJSrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5NzI2YTk2MTMzNmZiZTc4MjBiM2Q3NDhlODEyZjQ5NWM4
NzJkMzUwHhcNMjUwMTAxMDc0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2Y4ZGZlZjRhNWFlYWEwNTk5YTk3ZDgwNzQ4OTdmNDI3MGJlMThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ADyxMIBHXHDOMrxRbNFSoABzgWM
L9SvvQyP2nt6vkEGdpt+1H3nxAMYHrZ83hO8OhCKYds/40qwC3kp8Z2xF5bJddBz
9qNZqLZ8yGaoryH/u3KnUYUuNk3NnqPgZysNr4zGsu4jC5w58oW/mbVJ08Ox3cpn
XLpjwS677VtPMOajy0czUBxFm+l7JW4myg2TOVsZK94HtOBdGwg6gLeSLAkHQwbQ
Xtl1MGiyKDJzkXIAFPOHfGU56EAbg/YwT4zQVuil6dFv9hiH+cinjsvkR8Sg0pvm
xmdFdNjqocKCcKH3WwET3YCaV0WzAHf8bKeZ574yVJ8Hnq2dMu+Cms64oQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEz43+9KWuqgWZqX2AdIl/QnC+GOMB8GA1UdIwQY
MBaAFGlyapYTNvvnggs9dI6BL0lchy01MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVhKcWxoTTItLWVDQ3oxMGpvRXZTVnlITFRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS8yNWU5NzItMjg0Mi00NTE0LThhZGUt
YzAxNjZkOTcwMTBkLzEvVFBqZjcwcGE2cUJabXBmWUIwaVg5Q2NMNFk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS8yNWU5NzItMjg0Mi00NTE0LThhZGUtYzAxNjZkOTcwMTBk
LzEvYVhKcWxoTTItLWVDQ3oxMGpvRXZTVnlITFRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBwghWAwQB
wgkAMA0EAgACMAcDBQMqD+6AMA0GCSqGSIb3DQEBCwUAA4IBAQAl/GyfxqAuE7HC
c6UGTEAJvJyOErDKIFMJsj7+RWTQWK6SqXeTMvo2P8k81v8Bk0MuTOiKun5ZRbWA
jFUHIQPFMpDXMELwaB2Q7z2aI2z2P9hIJHw/AAS6xnVn/I6u9Ra/+DDVmKE/G74Q
nq82ZFB1YUDAPZMmqvl6sXd+vbcweppnH1yxVk1+DZrzm0fS0tGnzq1WrZHZi5km
dgE4hFOVaxYlGaFbaEbn6SBXC5fsUXCj5vfCC+ZFrIKeR64K0iIAFqq9/PfiqYfn
ZspsbPEs3EpxAdgSoizBzyEIRoaR7Mbf+ddz00VIGbwHnzSltXvX8afBLyV0gqLE
2KQiHTAL
-----END CERTIFICATE-----