Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/ff3618-7032-4143-9374-ba1418d22087/1/Tz90Wvu7GQ9v16xjtv3fYSRjDy8.roa
File:                     Tz90Wvu7GQ9v16xjtv3fYSRjDy8.roa (raw, json)
Hash identifier:          /VeLcpXw8PuMvzvcyJgx3jKW0zDlptf/ULhrAgfV2dQ=
Subject key identifier:   4F:3F:74:5A:FB:BB:19:0F:6F:D7:AC:63:B6:FD:DF:61:24:63:0F:2F
Certificate issuer:       /CN=5ce1aae0c93ad04b7298082b68bf6a54fa68bcf0
Certificate serial:       0194266B53FE96F08BB96F81E6350EC8BD81
Authority key identifier: 5C:E1:AA:E0:C9:3A:D0:4B:72:98:08:2B:68:BF:6A:54:FA:68:BC:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XOGq4Mk60EtymAgraL9qVPpovPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/ff3618-7032-4143-9374-ba1418d22087/1/Tz90Wvu7GQ9v16xjtv3fYSRjDy8.roa
Signing time:             Thu 02 Jan 2025 09:49:15 +0000
ROA not before:           Thu 02 Jan 2025 09:49:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44901
IP address blocks:        185.196.101.0/24 maxlen: 24
                          185.196.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/ff3618-7032-4143-9374-ba1418d22087/1/XOGq4Mk60EtymAgraL9qVPpovPA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/ff3618-7032-4143-9374-ba1418d22087/1/XOGq4Mk60EtymAgraL9qVPpovPA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XOGq4Mk60EtymAgraL9qVPpovPA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:53:fe:96:f0:8b:b9:6f:81:e6:35:0e:c8:bd:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ce1aae0c93ad04b7298082b68bf6a54fa68bcf0
        Validity
            Not Before: Jan  2 09:49:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f3f745afbbb190f6fd7ac63b6fddf6124630f2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:b4:b4:dd:65:a3:dd:04:85:5e:aa:61:2b:80:
                    dc:75:e6:87:ec:d0:a8:17:2b:a1:e9:e1:e7:44:3a:
                    89:e2:bf:48:c2:a3:87:ba:c7:a8:77:df:01:1a:aa:
                    fd:fe:64:13:47:43:f5:8e:01:c0:6a:50:ea:2d:4a:
                    7d:64:49:d3:68:bb:11:89:3c:a0:a2:9a:de:ad:93:
                    dc:5c:22:1f:de:b6:a6:45:bd:f3:af:9d:53:ae:58:
                    72:1a:bd:2d:e2:0a:44:dd:28:0e:81:55:c2:be:11:
                    fd:2a:b2:71:11:5e:be:c4:94:52:9c:17:44:7b:37:
                    3d:5c:77:55:a6:a6:3a:41:8a:c0:c0:74:e9:ac:43:
                    32:09:1f:c6:23:f3:de:53:ea:d3:2b:c3:bd:93:20:
                    d3:bd:cb:0f:5b:73:39:f9:0b:2b:8a:ff:93:6c:99:
                    b3:99:be:d5:c6:ef:41:7e:47:5d:27:8f:7f:59:2a:
                    65:50:c1:9f:56:87:70:95:eb:8e:4d:48:62:24:9d:
                    33:42:7c:68:a1:06:12:79:a3:12:1c:e0:72:f9:4d:
                    c5:0a:41:f1:17:d2:1b:89:27:0d:94:d3:2d:9a:31:
                    de:17:84:f0:2d:e2:de:ee:de:25:c1:6a:e3:33:29:
                    20:52:25:7d:d4:96:8b:d9:95:e6:16:b5:a3:d2:cc:
                    f6:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:3F:74:5A:FB:BB:19:0F:6F:D7:AC:63:B6:FD:DF:61:24:63:0F:2F
            X509v3 Authority Key Identifier:
                keyid:5C:E1:AA:E0:C9:3A:D0:4B:72:98:08:2B:68:BF:6A:54:FA:68:BC:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XOGq4Mk60EtymAgraL9qVPpovPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/ff3618-7032-4143-9374-ba1418d22087/1/Tz90Wvu7GQ9v16xjtv3fYSRjDy8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/ff3618-7032-4143-9374-ba1418d22087/1/XOGq4Mk60EtymAgraL9qVPpovPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.196.101.0/24
                  185.196.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:b7:b3:9b:30:1b:58:7c:07:0c:2c:b1:ce:cd:ca:20:0a:76:
         dd:3e:96:fd:7d:58:32:3d:6a:05:c7:ff:b2:3a:c4:b3:ff:d5:
         24:6b:1c:d3:6e:a7:aa:7f:ac:51:f2:eb:b8:80:d3:c5:69:d5:
         c5:ba:3b:11:98:34:9d:33:66:77:48:6f:f5:46:09:5c:f2:16:
         09:8d:2e:bc:62:13:91:03:0b:6e:bf:e9:23:db:a4:e9:3c:7c:
         35:17:b2:8f:7d:e1:13:6e:d4:7b:37:b0:12:81:6f:90:26:bc:
         95:4b:aa:b5:9f:af:04:28:fd:88:1b:59:0c:a1:ab:b2:43:77:
         ba:d7:04:e8:b7:6d:6e:51:0b:85:7e:21:3c:5d:5c:a3:de:63:
         74:0c:79:d2:e4:b3:36:b4:ba:e3:e5:67:42:e0:35:7d:18:14:
         1d:4c:b1:ab:55:ee:3b:97:fa:a1:f8:f4:20:8f:80:1b:39:8e:
         29:0d:e0:c3:03:ca:43:41:81:c9:13:33:23:4f:98:df:6d:8c:
         10:0f:0c:2b:4c:05:66:93:04:a5:71:ec:7f:96:59:c8:d9:9d:
         4a:d9:fc:9a:be:c8:01:1d:56:31:36:6b:d4:71:4f:3a:54:f3:
         d8:52:21:9a:0e:96:9c:ed:ab:b2:75:96:3c:01:44:38:c9:c4:
         b0:42:32:03
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQma1P+lvCLuW+B5jUOyL2BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjZTFhYWUwYzkzYWQwNGI3Mjk4MDgyYjY4YmY2YTU0ZmE2
OGJjZjAwHhcNMjUwMTAyMDk0OTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjNmNzQ1YWZiYmIxOTBmNmZkN2FjNjNiNmZkZGY2MTI0NjMwZjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm7S03WWj3QSFXqphK4DcdeaH7NCo
Fyuh6eHnRDqJ4r9IwqOHuseod98BGqr9/mQTR0P1jgHAalDqLUp9ZEnTaLsRiTyg
oprerZPcXCIf3ramRb3zr51TrlhyGr0t4gpE3SgOgVXCvhH9KrJxEV6+xJRSnBdE
ezc9XHdVpqY6QYrAwHTprEMyCR/GI/PeU+rTK8O9kyDTvcsPW3M5+Qsriv+TbJmz
mb7Vxu9BfkddJ49/WSplUMGfVodwleuOTUhiJJ0zQnxooQYSeaMSHOBy+U3FCkHx
F9IbiScNlNMtmjHeF4TwLeLe7t4lwWrjMykgUiV91JaL2ZXmFrWj0sz2WQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE8/dFr7uxkPb9esY7b932EkYw8vMB8GA1UdIwQY
MBaAFFzhquDJOtBLcpgIK2i/alT6aLzwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWE9HcTRNazYwRXR5bUFncmFMOXFWUHBvdlBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mZjM2MTgtNzAzMi00MTQzLTkzNzQt
YmExNDE4ZDIyMDg3LzEvVHo5MFd2dTdHUTl2MTZ4anR2M2ZZU1JqRHk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mZjM2MTgtNzAzMi00MTQzLTkzNzQtYmExNDE4ZDIyMDg3
LzEvWE9HcTRNazYwRXR5bUFncmFMOXFWUHBvdlBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAucRlAwQA
ucRnMA0GCSqGSIb3DQEBCwUAA4IBAQADt7ObMBtYfAcMLLHOzcogCnbdPpb9fVgy
PWoFx/+yOsSz/9UkaxzTbqeqf6xR8uu4gNPFadXFujsRmDSdM2Z3SG/1Rglc8hYJ
jS68YhORAwtuv+kj26TpPHw1F7KPfeETbtR7N7ASgW+QJryVS6q1n68EKP2IG1kM
oauyQ3e61wTot21uUQuFfiE8XVyj3mN0DHnS5LM2tLrj5WdC4DV9GBQdTLGrVe47
l/qh+PQgj4AbOY4pDeDDA8pDQYHJEzMjT5jfbYwQDwwrTAVmkwSlcex/llnI2Z1K
2fyavsgBHVYxNmvUcU86VPPYUiGaDpac7auydZY8AUQ4ycSwQjID
-----END CERTIFICATE-----