Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/8f88de-daed-48d2-b701-6bb5fe665750/1/TKYCIQIu4F23JxsEDfGIzBctkEc.roa
File:                     TKYCIQIu4F23JxsEDfGIzBctkEc.roa (raw, json)
Hash identifier:          EAnr/9lW4r6/S4hhnfhRdmsx8JCo45r2zRW9cF9kcLo=
Subject key identifier:   4C:A6:02:21:02:2E:E0:5D:B7:27:1B:04:0D:F1:88:CC:17:2D:90:47
Certificate issuer:       /CN=abc1918c1f45e6ec17daca67a7ad193caf04b7b2
Certificate serial:       019420682AE5CE0ED3279F10B380809F6213
Authority key identifier: AB:C1:91:8C:1F:45:E6:EC:17:DA:CA:67:A7:AD:19:3C:AF:04:B7:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q8GRjB9F5uwX2spnp60ZPK8Et7I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/8f88de-daed-48d2-b701-6bb5fe665750/1/TKYCIQIu4F23JxsEDfGIzBctkEc.roa
Signing time:             Wed 01 Jan 2025 05:48:05 +0000
ROA not before:           Wed 01 Jan 2025 05:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215938
IP address blocks:        2a14:52c0:4042::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/8f88de-daed-48d2-b701-6bb5fe665750/1/q8GRjB9F5uwX2spnp60ZPK8Et7I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/8f88de-daed-48d2-b701-6bb5fe665750/1/q8GRjB9F5uwX2spnp60ZPK8Et7I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q8GRjB9F5uwX2spnp60ZPK8Et7I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 04:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:2a:e5:ce:0e:d3:27:9f:10:b3:80:80:9f:62:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abc1918c1f45e6ec17daca67a7ad193caf04b7b2
        Validity
            Not Before: Jan  1 05:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ca60221022ee05db7271b040df188cc172d9047
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:7f:a5:3b:e7:db:c2:35:38:ce:d1:68:63:ad:
                    8a:f6:07:75:b1:0c:aa:74:62:32:64:a9:ad:2c:20:
                    e9:82:87:42:a0:9a:bb:2d:5c:50:fe:d0:78:a5:0a:
                    2f:e8:54:35:c2:59:73:5c:be:10:93:fb:17:c6:f8:
                    d5:b3:8c:ca:85:bb:e8:24:71:d9:37:3a:ad:cf:3a:
                    7e:80:b0:c1:f3:c1:05:4c:9b:07:f6:c0:f0:39:33:
                    ab:52:ca:e3:25:25:4a:4b:df:9c:de:08:2a:9f:03:
                    98:67:5c:7c:15:1e:36:f1:fb:99:43:9d:b4:48:fb:
                    74:80:70:6d:0c:fa:08:19:f5:69:a0:62:84:6a:4e:
                    3b:47:29:08:92:f3:b7:fe:f9:6c:37:2c:34:38:ca:
                    e5:2f:c8:a6:33:f5:f4:6c:e7:fe:73:1b:0d:17:38:
                    01:55:4c:c9:87:6f:d4:dc:de:41:92:8e:ac:6d:fe:
                    26:7f:d6:76:91:6a:31:72:58:01:c6:44:fe:66:45:
                    ae:36:8c:50:ab:9a:17:8a:b7:a7:65:1b:b6:00:a5:
                    61:dc:56:ff:54:12:4d:e7:1c:0e:65:20:44:5d:56:
                    17:44:46:58:f3:af:f8:95:aa:f5:60:a9:98:d3:09:
                    c4:ce:cb:ca:63:e7:de:a1:01:6f:e7:cf:42:2b:5a:
                    1f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:A6:02:21:02:2E:E0:5D:B7:27:1B:04:0D:F1:88:CC:17:2D:90:47
            X509v3 Authority Key Identifier:
                keyid:AB:C1:91:8C:1F:45:E6:EC:17:DA:CA:67:A7:AD:19:3C:AF:04:B7:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q8GRjB9F5uwX2spnp60ZPK8Et7I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/8f88de-daed-48d2-b701-6bb5fe665750/1/TKYCIQIu4F23JxsEDfGIzBctkEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/8f88de-daed-48d2-b701-6bb5fe665750/1/q8GRjB9F5uwX2spnp60ZPK8Et7I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:52c0:4042::/48

    Signature Algorithm: sha256WithRSAEncryption
         a4:bd:9b:cb:5c:2a:b9:d5:86:53:1e:c8:f0:73:be:2b:3e:41:
         50:f6:9b:03:e8:a2:63:a3:ce:19:1d:ae:35:3e:98:94:bd:5d:
         a3:60:43:a1:62:11:de:41:7f:8e:9c:35:28:b0:06:36:cc:d2:
         86:f1:39:e9:cd:a7:0a:f4:36:97:3b:14:07:31:98:67:36:38:
         9a:7c:69:a7:f4:3b:43:ae:da:10:df:cd:1d:03:6f:a6:b3:29:
         01:0d:a1:5a:9b:7b:d4:20:d7:ff:58:9c:63:b0:21:af:71:a1:
         80:3e:43:c7:ec:d7:f7:bd:3c:ff:e4:f5:77:fa:d8:79:df:ee:
         41:af:b8:92:da:41:63:37:71:0f:e6:4a:4e:ee:d2:d7:0f:88:
         28:bf:af:9d:00:59:67:c5:81:52:f0:a4:bd:44:ba:30:44:bd:
         79:0b:81:76:9c:e5:64:6b:5f:f7:77:7d:9d:58:48:a0:8e:d1:
         8a:16:1e:d9:6f:58:cb:75:fc:a7:9b:97:a2:d8:c9:07:37:d1:
         b9:27:10:7a:b9:15:9b:a2:13:e2:54:28:77:79:bc:a7:86:f7:
         e3:cb:1f:9e:46:d5:ca:bc:5c:01:b5:6e:78:b7:27:7f:cd:aa:
         f1:f3:67:cb:11:98:5f:f4:55:76:69:0c:6e:c9:76:11:f8:c0:
         ac:f9:5e:ba
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQgaCrlzg7TJ58Qs4CAn2ITMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiYzE5MThjMWY0NWU2ZWMxN2RhY2E2N2E3YWQxOTNjYWYw
NGI3YjIwHhcNMjUwMTAxMDU0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2E2MDIyMTAyMmVlMDVkYjcyNzFiMDQwZGYxODhjYzE3MmQ5MDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3+lO+fbwjU4ztFoY62K9gd1sQyq
dGIyZKmtLCDpgodCoJq7LVxQ/tB4pQov6FQ1wllzXL4Qk/sXxvjVs4zKhbvoJHHZ
Nzqtzzp+gLDB88EFTJsH9sDwOTOrUsrjJSVKS9+c3ggqnwOYZ1x8FR428fuZQ520
SPt0gHBtDPoIGfVpoGKEak47RykIkvO3/vlsNyw0OMrlL8imM/X0bOf+cxsNFzgB
VUzJh2/U3N5Bko6sbf4mf9Z2kWoxclgBxkT+ZkWuNoxQq5oXirenZRu2AKVh3Fb/
VBJN5xwOZSBEXVYXREZY86/4lar1YKmY0wnEzsvKY+feoQFv589CK1ofBQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEymAiECLuBdtycbBA3xiMwXLZBHMB8GA1UdIwQY
MBaAFKvBkYwfRebsF9rKZ6etGTyvBLeyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcThHUmpCOUY1dXdYMnNwbnA2MFpQSzhFdDdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi84Zjg4ZGUtZGFlZC00OGQyLWI3MDEt
NmJiNWZlNjY1NzUwLzEvVEtZQ0lRSXU0RjIzSnhzRURmR0l6QmN0a0VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi84Zjg4ZGUtZGFlZC00OGQyLWI3MDEtNmJiNWZlNjY1NzUw
LzEvcThHUmpCOUY1dXdYMnNwbnA2MFpQSzhFdDdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhRSwEBC
MA0GCSqGSIb3DQEBCwUAA4IBAQCkvZvLXCq51YZTHsjwc74rPkFQ9psD6KJjo84Z
Ha41PpiUvV2jYEOhYhHeQX+OnDUosAY2zNKG8TnpzacK9DaXOxQHMZhnNjiafGmn
9DtDrtoQ380dA2+msykBDaFam3vUINf/WJxjsCGvcaGAPkPH7Nf3vTz/5PV3+th5
3+5Br7iS2kFjN3EP5kpO7tLXD4gov6+dAFlnxYFS8KS9RLowRL15C4F2nOVka1/3
d32dWEigjtGKFh7Zb1jLdfynm5ei2MkHN9G5JxB6uRWbohPiVCh3ebynhvfjyx+e
RtXKvFwBtW54tyd/zarx82fLEZhf9FV2aQxuyXYR+MCs+V66
-----END CERTIFICATE-----