Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/TACuL0mRuuSZ00EUuEDQYYgL9nY.roa
File:                     TACuL0mRuuSZ00EUuEDQYYgL9nY.roa (raw, json)
Hash identifier:          EEbhhtJ6TUNmkVK+nqQofMESLsYodUnzqvKr3ODtYdA=
Subject key identifier:   4C:00:AE:2F:49:91:BA:E4:99:D3:41:14:B8:40:D0:61:88:0B:F6:76
Certificate issuer:       /CN=f030658f16d2d88d34164592fcd4de13131f1695
Certificate serial:       0194221FA7471C2553652A2DBE3903D1FC27
Authority key identifier: F0:30:65:8F:16:D2:D8:8D:34:16:45:92:FC:D4:DE:13:13:1F:16:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8DBljxbS2I00FkWS_NTeExMfFpU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/TACuL0mRuuSZ00EUuEDQYYgL9nY.roa
Signing time:             Wed 01 Jan 2025 13:48:07 +0000
ROA not before:           Wed 01 Jan 2025 13:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209242
IP address blocks:        217.196.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/8DBljxbS2I00FkWS_NTeExMfFpU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/8DBljxbS2I00FkWS_NTeExMfFpU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8DBljxbS2I00FkWS_NTeExMfFpU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:a7:47:1c:25:53:65:2a:2d:be:39:03:d1:fc:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f030658f16d2d88d34164592fcd4de13131f1695
        Validity
            Not Before: Jan  1 13:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c00ae2f4991bae499d34114b840d061880bf676
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f8:cd:b4:e6:88:ba:ec:f8:10:4b:ba:42:dd:
                    4a:2c:24:bf:f9:76:99:54:90:6a:17:7b:fd:3a:62:
                    6f:17:ae:13:6a:42:12:e4:5f:be:dd:fd:cd:05:c8:
                    70:29:55:cf:c5:92:00:d0:0b:ed:cb:3e:f0:89:ff:
                    62:e3:bb:b4:53:9d:fc:3e:c3:39:b3:a8:7b:97:05:
                    5a:1a:f9:ae:da:aa:76:9c:82:94:df:5e:83:f2:b6:
                    30:c1:ca:f6:83:00:a1:23:0b:53:d0:97:4f:23:c6:
                    fd:b2:de:b7:06:26:f8:67:0d:42:27:72:61:23:6c:
                    72:51:14:b5:7f:91:70:5e:1e:c1:88:d3:74:e3:d4:
                    8d:89:a5:3f:ad:65:c7:bb:b7:33:c1:95:1d:4e:43:
                    74:91:b7:c3:52:07:92:31:a9:69:49:ec:00:02:7a:
                    32:16:33:d3:ec:8f:a7:80:14:6e:f7:7a:11:b4:7c:
                    72:f3:02:34:0f:3c:87:93:0a:c3:3d:9d:88:46:a7:
                    c8:9a:8b:34:83:76:3f:e7:2e:df:4e:93:61:7c:2a:
                    e5:97:11:89:d2:31:93:a1:c5:04:5f:e7:f3:1a:ae:
                    36:c5:0a:63:27:eb:7e:b3:ec:ab:fb:0d:51:1c:d1:
                    e4:c9:c1:82:a6:69:7d:77:82:e5:4e:3f:51:aa:30:
                    a5:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:00:AE:2F:49:91:BA:E4:99:D3:41:14:B8:40:D0:61:88:0B:F6:76
            X509v3 Authority Key Identifier:
                keyid:F0:30:65:8F:16:D2:D8:8D:34:16:45:92:FC:D4:DE:13:13:1F:16:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8DBljxbS2I00FkWS_NTeExMfFpU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/TACuL0mRuuSZ00EUuEDQYYgL9nY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/8DBljxbS2I00FkWS_NTeExMfFpU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.196.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:98:82:b6:c2:d9:92:f2:a7:b0:c9:2c:2e:4c:13:99:da:ce:
         8d:b2:6c:2e:04:66:85:0e:bb:c2:49:ca:c6:bd:6f:16:51:3b:
         a8:c4:4e:2d:36:b3:b7:1e:90:5e:3b:00:67:67:51:ff:3b:d6:
         bf:59:13:7b:be:89:80:d8:4a:7f:66:95:bc:41:4f:89:22:37:
         44:e6:70:e8:b7:bd:59:d3:cb:bd:52:b0:86:f2:e9:9c:45:2c:
         69:18:91:b7:d6:f4:51:2a:f8:05:d3:f3:48:63:7d:65:c2:28:
         b9:47:4a:99:bf:7d:1f:32:cc:7b:89:b4:cb:52:7a:16:84:35:
         ab:2e:51:97:3a:91:6c:ba:2a:f5:be:9c:61:1e:f3:ad:46:8f:
         51:39:32:5d:da:80:7f:e6:ac:41:4c:cf:47:0e:73:c7:6d:17:
         bc:32:47:29:f9:44:52:70:85:1b:07:b0:c0:d7:6e:1f:84:78:
         55:60:d5:8f:0f:3b:e3:d7:74:b6:cb:e8:78:43:50:24:bc:28:
         e6:e2:5c:aa:3a:c2:d1:c7:d2:a0:e2:56:0d:71:6d:02:b5:a5:
         ee:f8:0b:57:f0:34:05:2d:c2:b5:e7:f4:c3:fd:0f:e8:10:f6:
         af:0f:bb:ad:60:f9:74:76:c8:6f:61:a8:a4:c3:68:07:fb:20:
         43:8e:e4:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH6dHHCVTZSotvjkD0fwnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMzA2NThmMTZkMmQ4OGQzNDE2NDU5MmZjZDRkZTEzMTMx
ZjE2OTUwHhcNMjUwMTAxMTM0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzAwYWUyZjQ5OTFiYWU0OTlkMzQxMTRiODQwZDA2MTg4MGJmNjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfjNtOaIuuz4EEu6Qt1KLCS/+XaZ
VJBqF3v9OmJvF64TakIS5F++3f3NBchwKVXPxZIA0Avtyz7wif9i47u0U538PsM5
s6h7lwVaGvmu2qp2nIKU316D8rYwwcr2gwChIwtT0JdPI8b9st63Bib4Zw1CJ3Jh
I2xyURS1f5FwXh7BiNN049SNiaU/rWXHu7czwZUdTkN0kbfDUgeSMalpSewAAnoy
FjPT7I+ngBRu93oRtHxy8wI0DzyHkwrDPZ2IRqfImos0g3Y/5y7fTpNhfCrllxGJ
0jGTocUEX+fzGq42xQpjJ+t+s+yr+w1RHNHkycGCpml9d4LlTj9RqjClwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEwAri9JkbrkmdNBFLhA0GGIC/Z2MB8GA1UdIwQY
MBaAFPAwZY8W0tiNNBZFkvzU3hMTHxaVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOERCbGp4YlMySTAwRmtXU19OVGVFeE1mRnBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi82NjkzZTMtODljYS00NGExLWE4YjYt
ODk0ODA1Mjg5Y2MwLzEvVEFDdUwwbVJ1dVNaMDBFVXVFRFFZWWdMOW5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi82NjkzZTMtODljYS00NGExLWE4YjYtODk0ODA1Mjg5Y2Mw
LzEvOERCbGp4YlMySTAwRmtXU19OVGVFeE1mRnBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2cRgMA0G
CSqGSIb3DQEBCwUAA4IBAQC0mIK2wtmS8qewySwuTBOZ2s6NsmwuBGaFDrvCScrG
vW8WUTuoxE4tNrO3HpBeOwBnZ1H/O9a/WRN7vomA2Ep/ZpW8QU+JIjdE5nDot71Z
08u9UrCG8umcRSxpGJG31vRRKvgF0/NIY31lwii5R0qZv30fMsx7ibTLUnoWhDWr
LlGXOpFsuir1vpxhHvOtRo9ROTJd2oB/5qxBTM9HDnPHbRe8Mkcp+URScIUbB7DA
124fhHhVYNWPDzvj13S2y+h4Q1AkvCjm4lyqOsLRx9Kg4lYNcW0CtaXu+AtX8DQF
LcK15/TD/Q/oEPavD7utYPl0dshvYaikw2gH+yBDjuRu
-----END CERTIFICATE-----