Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/880eb2-fa65-47ca-8a00-6480c3d1f4e4/1/tQLpMzWhggFRaPArLGTk05lk01k.roa
File:                     tQLpMzWhggFRaPArLGTk05lk01k.roa (raw, json)
Hash identifier:          P+y8fJ+2C3g82TuNwhwHD803xPc8NxVrROXYDtDyQSk=
Subject key identifier:   B5:02:E9:33:35:A1:82:01:51:68:F0:2B:2C:64:E4:D3:99:64:D3:59
Certificate issuer:       /CN=b209308540c4df9b9bb7d6327fa7b5d49008068c
Certificate serial:       019251F16AC94E05F7FD894C8B57C6FE8B79
Authority key identifier: B2:09:30:85:40:C4:DF:9B:9B:B7:D6:32:7F:A7:B5:D4:90:08:06:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sgkwhUDE35ubt9Yyf6e11JAIBow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/880eb2-fa65-47ca-8a00-6480c3d1f4e4/1/tQLpMzWhggFRaPArLGTk05lk01k.roa
Signing time:             Thu 03 Oct 2024 10:33:48 +0000
ROA not before:           Thu 03 Oct 2024 10:33:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201746
IP address blocks:        94.158.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/880eb2-fa65-47ca-8a00-6480c3d1f4e4/1/sgkwhUDE35ubt9Yyf6e11JAIBow.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/880eb2-fa65-47ca-8a00-6480c3d1f4e4/1/sgkwhUDE35ubt9Yyf6e11JAIBow.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sgkwhUDE35ubt9Yyf6e11JAIBow.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:51:f1:6a:c9:4e:05:f7:fd:89:4c:8b:57:c6:fe:8b:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b209308540c4df9b9bb7d6327fa7b5d49008068c
        Validity
            Not Before: Oct  3 10:33:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b502e93335a182015168f02b2c64e4d39964d359
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:45:19:d0:3a:57:63:7b:0c:7f:19:14:20:9f:
                    eb:1d:77:6c:72:48:56:12:d0:98:59:10:9d:1f:dd:
                    6b:26:86:d3:f0:8d:a1:4a:f9:fe:c0:6a:0f:8f:64:
                    b1:59:12:77:cf:70:2c:72:5b:62:5e:2e:e5:75:65:
                    b4:ef:57:14:bf:f7:41:3b:5f:15:e2:4b:7e:40:bb:
                    8d:98:23:fc:52:b0:42:a5:0b:92:0f:61:87:2e:68:
                    8c:5e:2d:b0:fd:7f:37:27:95:3d:89:4f:bd:3c:79:
                    c8:cf:08:67:3c:a3:39:e9:1f:8a:b9:e8:75:9a:84:
                    03:19:29:43:a0:1e:e3:b3:7e:50:32:61:00:d4:84:
                    fd:54:fa:19:4b:9e:c4:e4:f0:65:36:86:f5:53:17:
                    e7:20:f2:b4:05:77:0d:67:75:e7:d0:af:8d:ab:fc:
                    1b:7b:0d:c7:96:18:9a:7c:55:c2:c0:95:f4:2e:7d:
                    e3:4e:14:9e:6f:f8:38:3f:f2:27:cc:21:4f:96:a4:
                    a1:09:34:15:5c:67:b9:7a:cf:68:75:ca:71:d2:08:
                    d8:9f:83:1a:cf:dd:a1:fa:da:fd:5d:1f:4a:b2:58:
                    7e:a5:cf:15:b0:10:07:02:aa:3e:17:a4:d7:60:90:
                    45:17:1b:ab:f5:3a:6c:13:92:08:8a:6d:75:51:10:
                    7d:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:02:E9:33:35:A1:82:01:51:68:F0:2B:2C:64:E4:D3:99:64:D3:59
            X509v3 Authority Key Identifier:
                keyid:B2:09:30:85:40:C4:DF:9B:9B:B7:D6:32:7F:A7:B5:D4:90:08:06:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sgkwhUDE35ubt9Yyf6e11JAIBow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/880eb2-fa65-47ca-8a00-6480c3d1f4e4/1/tQLpMzWhggFRaPArLGTk05lk01k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/880eb2-fa65-47ca-8a00-6480c3d1f4e4/1/sgkwhUDE35ubt9Yyf6e11JAIBow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.158.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:b6:2e:19:c2:42:24:d1:93:0c:c0:13:5f:20:6e:86:bb:37:
         57:5f:03:1c:2b:72:70:09:8d:90:a0:03:ba:44:94:60:35:dc:
         b9:84:bd:71:4c:3b:43:fb:c1:fd:28:03:fd:b6:fc:d2:43:e1:
         08:2b:ce:5c:55:41:ae:77:ef:a5:3d:cf:3f:a3:98:78:cb:a4:
         a9:8d:3b:be:0c:d5:fe:99:e2:8f:12:dc:3c:a3:aa:9c:4b:c7:
         82:5f:2e:4e:03:5f:86:e5:92:fb:71:9f:53:9a:06:09:e3:5c:
         f1:ff:7b:75:ce:56:e3:58:1b:8e:56:24:0a:99:3c:68:47:0f:
         df:cf:69:e4:8d:0a:b1:a0:f7:36:dd:51:13:55:02:d5:84:62:
         59:99:b9:23:c5:e2:b3:12:df:a3:4e:86:80:76:d6:2d:f4:5b:
         f1:cf:d1:61:fa:56:c8:56:2d:de:d8:47:f9:56:55:c8:c5:0f:
         34:c9:6c:86:9f:29:94:4b:46:51:03:ea:55:de:fb:d0:60:f0:
         83:6f:15:13:28:25:5c:8e:0d:a5:0c:73:a8:a0:f7:8c:d7:31:
         cc:d3:0b:91:d1:d5:b9:d3:ca:58:16:01:53:79:d1:48:55:f4:
         05:30:45:ba:0a:15:98:d1:92:3e:ee:a9:65:ac:54:3a:55:a8:
         e2:ee:3c:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJR8WrJTgX3/YlMi1fG/ot5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyMDkzMDg1NDBjNGRmOWI5YmI3ZDYzMjdmYTdiNWQ0OTAw
ODA2OGMwHhcNMjQxMDAzMTAzMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTAyZTkzMzM1YTE4MjAxNTE2OGYwMmIyYzY0ZTRkMzk5NjRkMzU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkkUZ0DpXY3sMfxkUIJ/rHXdsckhW
EtCYWRCdH91rJobT8I2hSvn+wGoPj2SxWRJ3z3AscltiXi7ldWW071cUv/dBO18V
4kt+QLuNmCP8UrBCpQuSD2GHLmiMXi2w/X83J5U9iU+9PHnIzwhnPKM56R+Kueh1
moQDGSlDoB7js35QMmEA1IT9VPoZS57E5PBlNob1UxfnIPK0BXcNZ3Xn0K+Nq/wb
ew3HlhiafFXCwJX0Ln3jThSeb/g4P/InzCFPlqShCTQVXGe5es9odcpx0gjYn4Ma
z92h+tr9XR9Kslh+pc8VsBAHAqo+F6TXYJBFFxur9TpsE5IIim11URB9kQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLUC6TM1oYIBUWjwKyxk5NOZZNNZMB8GA1UdIwQY
MBaAFLIJMIVAxN+bm7fWMn+ntdSQCAaMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2drd2hVREUzNXVidDlZeWY2ZTExSkFJQm93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi84ODBlYjItZmE2NS00N2NhLThhMDAt
NjQ4MGMzZDFmNGU0LzEvdFFMcE16V2hnZ0ZSYVBBckxHVGswNWxrMDFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi84ODBlYjItZmE2NS00N2NhLThhMDAtNjQ4MGMzZDFmNGU0
LzEvc2drd2hVREUzNXVidDlZeWY2ZTExSkFJQm93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXp7+MA0G
CSqGSIb3DQEBCwUAA4IBAQAiti4ZwkIk0ZMMwBNfIG6GuzdXXwMcK3JwCY2QoAO6
RJRgNdy5hL1xTDtD+8H9KAP9tvzSQ+EIK85cVUGud++lPc8/o5h4y6SpjTu+DNX+
meKPEtw8o6qcS8eCXy5OA1+G5ZL7cZ9TmgYJ41zx/3t1zlbjWBuOViQKmTxoRw/f
z2nkjQqxoPc23VETVQLVhGJZmbkjxeKzEt+jToaAdtYt9Fvxz9Fh+lbIVi3e2Ef5
VlXIxQ80yWyGnymUS0ZRA+pV3vvQYPCDbxUTKCVcjg2lDHOooPeM1zHM0wuR0dW5
08pYFgFTedFIVfQFMEW6ChWY0ZI+7qllrFQ6Vaji7jzr
-----END CERTIFICATE-----