Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/6e9dfd-ce47-4e61-a315-e5aa74700f9d/1/tbYt8CsTUjvQCfPmxRHFnIb3gng.roa
File:                     tbYt8CsTUjvQCfPmxRHFnIb3gng.roa (raw, json)
Hash identifier:          Wb48gd6AG1NXeN5IWX1LXBtrKALPG/kRfuLTU0uD7B0=
Subject key identifier:   B5:B6:2D:F0:2B:13:52:3B:D0:09:F3:E6:C5:11:C5:9C:86:F7:82:78
Certificate issuer:       /CN=4c61d118479b5222ef0f864167cac5b4c07cc219
Certificate serial:       019422FBBAF5F62BE84D187E4C78C3F401FB
Authority key identifier: 4C:61:D1:18:47:9B:52:22:EF:0F:86:41:67:CA:C5:B4:C0:7C:C2:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TGHRGEebUiLvD4ZBZ8rFtMB8whk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/6e9dfd-ce47-4e61-a315-e5aa74700f9d/1/tbYt8CsTUjvQCfPmxRHFnIb3gng.roa
Signing time:             Wed 01 Jan 2025 17:48:30 +0000
ROA not before:           Wed 01 Jan 2025 17:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196858
IP address blocks:        213.5.200.0/21 maxlen: 21
                          2001:67c:188c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/6e9dfd-ce47-4e61-a315-e5aa74700f9d/1/TGHRGEebUiLvD4ZBZ8rFtMB8whk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/6e9dfd-ce47-4e61-a315-e5aa74700f9d/1/TGHRGEebUiLvD4ZBZ8rFtMB8whk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TGHRGEebUiLvD4ZBZ8rFtMB8whk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:ba:f5:f6:2b:e8:4d:18:7e:4c:78:c3:f4:01:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c61d118479b5222ef0f864167cac5b4c07cc219
        Validity
            Not Before: Jan  1 17:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b5b62df02b13523bd009f3e6c511c59c86f78278
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:17:10:83:ea:e4:a6:db:27:0e:61:6f:e5:45:
                    f7:d9:f3:77:0d:56:fc:4e:b2:be:14:0d:88:6f:44:
                    2a:df:8c:7d:b2:2d:6b:5e:ab:58:25:f3:e0:27:92:
                    db:7d:19:28:b2:db:68:24:d3:56:ac:6c:2e:d1:0e:
                    3a:80:93:c8:63:d5:cd:fe:59:db:0b:c4:4f:a9:7a:
                    87:f5:cc:5e:a8:e6:ab:1b:a6:fb:0e:95:29:ff:93:
                    7a:e5:8d:e6:41:ee:5b:e7:c0:72:33:cc:ad:4c:06:
                    f7:60:05:e5:d8:1e:ac:31:b9:e6:30:d7:20:cb:0a:
                    51:80:0f:12:73:4a:cf:5d:26:03:72:d2:6e:0b:58:
                    ba:c7:30:97:8b:dd:06:ba:25:e7:64:89:b0:f6:f3:
                    d8:94:fc:f4:5a:f9:d4:02:0b:65:f3:a5:71:76:b2:
                    22:f3:37:54:93:84:47:b7:a7:fd:93:ae:8d:3c:14:
                    6e:0e:48:c0:77:33:1c:c0:f7:51:db:b2:3f:3d:ba:
                    60:07:48:df:02:ef:83:6f:f1:d2:f7:9d:ba:1e:bf:
                    cf:6d:10:df:d6:51:74:20:49:7a:ee:9f:87:13:27:
                    dd:01:c8:eb:60:43:a0:57:1e:86:12:d0:68:2d:b7:
                    dd:e0:9d:9b:c1:c5:66:1e:2d:42:5f:38:e4:fe:80:
                    8f:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:B6:2D:F0:2B:13:52:3B:D0:09:F3:E6:C5:11:C5:9C:86:F7:82:78
            X509v3 Authority Key Identifier:
                keyid:4C:61:D1:18:47:9B:52:22:EF:0F:86:41:67:CA:C5:B4:C0:7C:C2:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TGHRGEebUiLvD4ZBZ8rFtMB8whk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/6e9dfd-ce47-4e61-a315-e5aa74700f9d/1/tbYt8CsTUjvQCfPmxRHFnIb3gng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/6e9dfd-ce47-4e61-a315-e5aa74700f9d/1/TGHRGEebUiLvD4ZBZ8rFtMB8whk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.5.200.0/21
                IPv6:
                  2001:67c:188c::/48

    Signature Algorithm: sha256WithRSAEncryption
         5e:3b:8a:c0:41:03:03:3b:7d:df:cc:58:56:92:e9:ff:32:fd:
         03:5b:d9:09:b1:8d:98:a7:42:c7:19:d0:ff:3c:02:82:49:e3:
         2c:ef:63:c3:97:53:ad:06:85:e4:ca:7b:da:a5:83:1f:00:34:
         10:c5:f2:96:7f:63:64:ee:6c:42:f2:03:01:15:42:e4:79:72:
         d4:10:69:9c:4e:de:6a:27:35:a9:cc:f7:33:30:cd:e8:45:d1:
         e0:f7:04:67:87:ff:4c:50:d3:ac:15:bc:f5:f1:8b:08:fd:06:
         b1:01:ef:c5:c2:60:b5:e7:87:db:30:99:a2:11:04:2f:49:58:
         c4:fb:ab:2e:8f:3c:b2:df:83:a5:e1:a5:66:7e:36:d5:5f:5e:
         e9:86:7e:22:bf:eb:d4:ef:c9:e1:36:fc:a4:c0:ff:e5:60:58:
         81:d8:48:88:a7:f9:d7:e9:19:0d:14:4a:b0:78:15:8c:05:89:
         94:e5:40:76:91:80:52:be:af:ba:6e:b2:ca:2f:fc:80:5c:60:
         84:5a:35:db:15:ed:cd:a5:8e:bc:bc:bd:b9:ce:9d:88:0c:24:
         7a:84:49:59:9f:63:8b:9c:96:4b:b2:6c:1f:c2:c7:95:84:c6:
         f9:41:10:2c:05:3f:66:78:20:f1:2b:90:e4:a6:2d:bf:fd:94:
         96:32:2f:dd
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQi+7r19ivoTRh+THjD9AH7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjNjFkMTE4NDc5YjUyMjJlZjBmODY0MTY3Y2FjNWI0YzA3
Y2MyMTkwHhcNMjUwMTAxMTc0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWI2MmRmMDJiMTM1MjNiZDAwOWYzZTZjNTExYzU5Yzg2Zjc4Mjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhBcQg+rkptsnDmFv5UX32fN3DVb8
TrK+FA2Ib0Qq34x9si1rXqtYJfPgJ5LbfRkosttoJNNWrGwu0Q46gJPIY9XN/lnb
C8RPqXqH9cxeqOarG6b7DpUp/5N65Y3mQe5b58ByM8ytTAb3YAXl2B6sMbnmMNcg
ywpRgA8Sc0rPXSYDctJuC1i6xzCXi90GuiXnZImw9vPYlPz0WvnUAgtl86VxdrIi
8zdUk4RHt6f9k66NPBRuDkjAdzMcwPdR27I/PbpgB0jfAu+Db/HS9526Hr/PbRDf
1lF0IEl67p+HEyfdAcjrYEOgVx6GEtBoLbfd4J2bwcVmHi1CXzjk/oCPawIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLW2LfArE1I70Anz5sURxZyG94J4MB8GA1UdIwQY
MBaAFExh0RhHm1Ii7w+GQWfKxbTAfMIZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEdIUkdFZWJVaUx2RDRaQlo4ckZ0TUI4d2hrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC82ZTlkZmQtY2U0Ny00ZTYxLWEzMTUt
ZTVhYTc0NzAwZjlkLzEvdGJZdDhDc1RVanZRQ2ZQbXhSSEZuSWIzZ25nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC82ZTlkZmQtY2U0Ny00ZTYxLWEzMTUtZTVhYTc0NzAwZjlk
LzEvVEdIUkdFZWJVaUx2RDRaQlo4ckZ0TUI4d2hrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQD1QXIMA8E
AgACMAkDBwAgAQZ8GIwwDQYJKoZIhvcNAQELBQADggEBAF47isBBAwM7fd/MWFaS
6f8y/QNb2QmxjZinQscZ0P88AoJJ4yzvY8OXU60GheTKe9qlgx8ANBDF8pZ/Y2Tu
bELyAwEVQuR5ctQQaZxO3monNanM9zMwzehF0eD3BGeH/0xQ06wVvPXxiwj9BrEB
78XCYLXnh9swmaIRBC9JWMT7qy6PPLLfg6XhpWZ+NtVfXumGfiK/69TvyeE2/KTA
/+VgWIHYSIin+dfpGQ0USrB4FYwFiZTlQHaRgFK+r7pussov/IBcYIRaNdsV7c2l
jry8vbnOnYgMJHqESVmfY4uclkuybB/Cx5WExvlBECwFP2Z4IPErkOSmLb/9lJYy
L90=
-----END CERTIFICATE-----