Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/c6d984-6bfc-4602-9d58-ab2d5e7d4a7b/1/ThrNo6kiekZ1KA2l01FtFpnY2fk.roa
File:                     ThrNo6kiekZ1KA2l01FtFpnY2fk.roa (raw, json)
Hash identifier:          sguoljLucbHptttLjY2jSVxQGOBsjlswaEqE7sugblE=
Subject key identifier:   4E:1A:CD:A3:A9:22:7A:46:75:28:0D:A5:D3:51:6D:16:99:D8:D9:F9
Certificate issuer:       /CN=9a393ef16027fc03bc5c045ff9289d4bbb7ff364
Certificate serial:       019423693A81DD77B58F695FCD943EFDA47D
Authority key identifier: 9A:39:3E:F1:60:27:FC:03:BC:5C:04:5F:F9:28:9D:4B:BB:7F:F3:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mjk-8WAn_AO8XARf-SidS7t_82Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/c6d984-6bfc-4602-9d58-ab2d5e7d4a7b/1/ThrNo6kiekZ1KA2l01FtFpnY2fk.roa
Signing time:             Wed 01 Jan 2025 19:48:06 +0000
ROA not before:           Wed 01 Jan 2025 19:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2200
IP address blocks:        138.195.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/c6d984-6bfc-4602-9d58-ab2d5e7d4a7b/1/mjk-8WAn_AO8XARf-SidS7t_82Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/c6d984-6bfc-4602-9d58-ab2d5e7d4a7b/1/mjk-8WAn_AO8XARf-SidS7t_82Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mjk-8WAn_AO8XARf-SidS7t_82Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:3a:81:dd:77:b5:8f:69:5f:cd:94:3e:fd:a4:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a393ef16027fc03bc5c045ff9289d4bbb7ff364
        Validity
            Not Before: Jan  1 19:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e1acda3a9227a4675280da5d3516d1699d8d9f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:0b:59:c1:04:e9:7c:de:9c:ac:8d:ac:2b:9d:
                    56:1b:32:9e:5e:62:b8:86:fa:2c:ae:72:31:13:ba:
                    b4:88:23:aa:83:46:38:1f:bc:34:cf:72:4b:0d:85:
                    01:e5:e0:b8:e7:80:8f:93:37:67:bc:0b:ba:f3:d4:
                    0e:2b:e9:24:24:7f:24:8b:e4:33:28:22:49:38:b1:
                    c1:a5:97:56:72:9b:3f:8c:8b:7b:67:83:71:26:69:
                    de:9c:aa:9f:44:29:2b:a0:b8:c7:a3:98:70:1b:34:
                    6d:43:47:14:f9:81:b9:43:42:75:07:53:a7:4a:99:
                    80:ff:ba:b0:57:27:37:14:68:30:e1:cc:40:f9:73:
                    3a:e2:c6:76:eb:79:11:05:95:cf:f2:ba:96:fe:9d:
                    88:56:55:86:2e:c6:f1:7b:95:4f:e4:a0:6a:bc:c1:
                    f2:35:66:06:24:69:54:ed:44:4d:a2:0e:1a:d7:fb:
                    79:d5:9c:e0:7e:f1:26:7c:10:62:6b:5c:6d:a5:61:
                    3b:9a:61:a2:f2:9c:3e:1d:a4:73:09:0d:55:23:40:
                    d3:dd:4b:41:f3:e5:ab:83:58:ed:17:0d:c2:c4:8f:
                    00:da:e7:86:19:de:f4:a0:7d:a3:e2:08:1d:99:ba:
                    1e:dc:63:80:23:ce:04:16:8f:2a:c2:e5:71:c0:ba:
                    77:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:1A:CD:A3:A9:22:7A:46:75:28:0D:A5:D3:51:6D:16:99:D8:D9:F9
            X509v3 Authority Key Identifier:
                keyid:9A:39:3E:F1:60:27:FC:03:BC:5C:04:5F:F9:28:9D:4B:BB:7F:F3:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mjk-8WAn_AO8XARf-SidS7t_82Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c6d984-6bfc-4602-9d58-ab2d5e7d4a7b/1/ThrNo6kiekZ1KA2l01FtFpnY2fk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c6d984-6bfc-4602-9d58-ab2d5e7d4a7b/1/mjk-8WAn_AO8XARf-SidS7t_82Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.195.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         ad:f2:7f:ee:72:00:be:64:83:0b:29:96:a5:44:1e:84:5f:29:
         85:d0:52:1f:fb:54:23:57:59:4e:4b:d4:02:2c:e0:da:7d:4b:
         38:6c:86:1b:13:e6:bc:67:c7:6a:d9:31:ca:a2:e9:5e:df:4c:
         84:68:0c:0b:28:3a:5e:57:6b:1d:6c:2b:da:ca:06:e4:e0:a2:
         ea:ce:c4:b0:82:d6:da:25:08:9a:22:87:8b:a0:2d:da:59:43:
         e9:30:64:3a:45:21:e1:5d:93:2d:21:28:3f:74:de:da:d9:d6:
         1d:96:ef:bf:bf:0e:3e:bc:f3:a2:1a:fc:84:9b:73:37:e4:a4:
         a5:29:d2:9c:a8:df:fe:1b:bf:21:ea:6d:f2:e8:0d:f4:6b:17:
         62:6c:b4:6b:aa:95:c8:5d:c0:d2:88:14:8b:42:fd:cc:76:38:
         81:2a:62:57:b4:ad:5d:07:2b:7a:82:12:f5:32:a5:70:88:b4:
         31:72:d7:30:98:ca:a7:55:19:31:dd:74:b4:8c:b1:d0:71:30:
         7c:48:7e:f7:41:ad:40:2c:d5:c8:17:c7:bc:41:19:ec:89:61:
         9a:07:65:23:c8:c7:85:a4:a3:0b:a2:51:29:db:c5:6f:8b:6c:
         5c:d5:aa:c7:82:f4:b1:80:b0:56:68:f2:6e:2a:87:52:e0:c7:
         04:32:d3:07
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQjaTqB3Xe1j2lfzZQ+/aR9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMzkzZWYxNjAyN2ZjMDNiYzVjMDQ1ZmY5Mjg5ZDRiYmI3
ZmYzNjQwHhcNMjUwMTAxMTk0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTFhY2RhM2E5MjI3YTQ2NzUyODBkYTVkMzUxNmQxNjk5ZDhkOWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQtZwQTpfN6crI2sK51WGzKeXmK4
hvosrnIxE7q0iCOqg0Y4H7w0z3JLDYUB5eC454CPkzdnvAu689QOK+kkJH8ki+Qz
KCJJOLHBpZdWcps/jIt7Z4NxJmnenKqfRCkroLjHo5hwGzRtQ0cU+YG5Q0J1B1On
SpmA/7qwVyc3FGgw4cxA+XM64sZ263kRBZXP8rqW/p2IVlWGLsbxe5VP5KBqvMHy
NWYGJGlU7URNog4a1/t51ZzgfvEmfBBia1xtpWE7mmGi8pw+HaRzCQ1VI0DT3UtB
8+Wrg1jtFw3CxI8A2ueGGd70oH2j4ggdmboe3GOAI84EFo8qwuVxwLp3XwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFE4azaOpInpGdSgNpdNRbRaZ2Nn5MB8GA1UdIwQY
MBaAFJo5PvFgJ/wDvFwEX/konUu7f/NkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWprLThXQW5fQU84WEFSZi1TaWRTN3RfODJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9jNmQ5ODQtNmJmYy00NjAyLTlkNTgt
YWIyZDVlN2Q0YTdiLzEvVGhyTm82a2lla1oxS0EybDAxRnRGcG5ZMmZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9jNmQ5ODQtNmJmYy00NjAyLTlkNTgtYWIyZDVlN2Q0YTdi
LzEvbWprLThXQW5fQU84WEFSZi1TaWRTN3RfODJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAisMwDQYJ
KoZIhvcNAQELBQADggEBAK3yf+5yAL5kgwsplqVEHoRfKYXQUh/7VCNXWU5L1AIs
4Np9SzhshhsT5rxnx2rZMcqi6V7fTIRoDAsoOl5Xax1sK9rKBuTgourOxLCC1tol
CJoih4ugLdpZQ+kwZDpFIeFdky0hKD903trZ1h2W77+/Dj6886Ia/ISbczfkpKUp
0pyo3/4bvyHqbfLoDfRrF2JstGuqlchdwNKIFItC/cx2OIEqYle0rV0HK3qCEvUy
pXCItDFy1zCYyqdVGTHddLSMsdBxMHxIfvdBrUAs1cgXx7xBGeyJYZoHZSPIx4Wk
owuiUSnbxW+LbFzVqseC9LGAsFZo8m4qh1LgxwQy0wc=
-----END CERTIFICATE-----