Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/TZpcIN_3qrFDMhsUFiUvIDzp5cw.roa
File:                     TZpcIN_3qrFDMhsUFiUvIDzp5cw.roa (raw, json)
Hash identifier:          2kksWCVGFlKoJkyYncnw5MPsP9A8qOIdE0bExCCZehE=
Subject key identifier:   4D:9A:5C:20:DF:F7:AA:B1:43:32:1B:14:16:25:2F:20:3C:E9:E5:CC
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       0194221FFD71FD9FD6152B56D812C0012A4A
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/TZpcIN_3qrFDMhsUFiUvIDzp5cw.roa
Signing time:             Wed 01 Jan 2025 13:48:29 +0000
ROA not before:           Wed 01 Jan 2025 13:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6079
IP address blocks:        62.68.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:fd:71:fd:9f:d6:15:2b:56:d8:12:c0:01:2a:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Jan  1 13:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d9a5c20dff7aab143321b1416252f203ce9e5cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:c3:a8:04:db:e4:ac:f8:a6:e3:6f:8a:f0:56:
                    16:ef:cc:29:2b:ff:80:1f:06:cd:f4:b3:95:6c:ec:
                    75:cc:1c:29:79:a7:8f:ea:34:1a:0b:e4:12:d1:a7:
                    38:0a:3c:99:57:6d:39:41:a5:08:da:fe:4a:e5:39:
                    c6:c0:fa:3b:82:b1:45:64:c9:97:7f:ed:50:ad:29:
                    55:ba:02:9f:f1:fb:94:e7:e7:68:f1:b7:4e:93:af:
                    b4:1a:6c:a0:3b:cb:29:09:2a:d1:58:51:c4:2b:5e:
                    5c:b4:7e:06:07:cb:db:6d:c2:2d:b5:23:18:7f:2f:
                    1b:f7:69:bd:62:fb:70:40:da:07:7d:cb:3c:46:38:
                    6a:0a:cf:3c:b2:74:35:5d:8e:2a:13:8c:71:ec:10:
                    7c:4e:b4:e2:97:1b:3f:bf:e0:00:34:12:1f:12:f9:
                    63:6a:18:fc:00:d3:4f:8c:b9:fd:ad:94:8f:c5:71:
                    89:8e:9e:96:3b:21:f7:8d:b3:cd:48:44:59:61:b1:
                    22:59:27:56:b9:ed:65:97:f1:b6:26:e8:a4:5c:4f:
                    3f:85:31:52:f4:f8:6a:55:6a:02:a8:29:8a:b5:2a:
                    39:85:19:8e:18:af:81:bb:6e:2d:18:5f:16:37:c1:
                    cd:cf:fe:4d:68:3c:1b:cf:8f:d2:f1:2e:40:a9:a0:
                    bb:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:9A:5C:20:DF:F7:AA:B1:43:32:1B:14:16:25:2F:20:3C:E9:E5:CC
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/TZpcIN_3qrFDMhsUFiUvIDzp5cw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.68.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:90:c2:18:d7:61:5c:65:3f:8b:a1:f0:c2:60:fe:35:ab:99:
         8a:1b:9d:d1:0e:ae:29:50:c9:0d:d4:ea:57:61:3e:0d:19:35:
         be:25:96:6d:f9:46:a7:72:11:1c:2f:95:be:e7:4d:54:27:c5:
         5e:27:1a:b9:68:ac:f3:f5:da:23:c4:c2:4b:42:22:aa:6f:91:
         a8:8a:47:52:f5:65:96:1c:04:d5:2e:a3:84:0f:96:cf:d5:f1:
         d4:92:0e:03:0d:8d:f9:06:9c:93:73:b1:d4:10:4f:21:68:8d:
         15:ea:e2:1d:2a:f7:73:0b:30:68:c5:00:6f:8f:7c:76:c6:39:
         f5:f0:b9:12:2e:a0:96:97:da:ac:26:d5:00:d8:cc:76:71:91:
         79:a9:a0:a1:c6:86:66:e4:e6:ad:ad:d1:05:1f:0c:19:85:db:
         44:1f:62:fb:13:7a:ce:26:c8:d9:3e:a3:b9:00:35:f1:e9:ba:
         09:df:2b:18:fc:23:e7:09:3d:40:fb:ba:75:9a:89:91:3b:ee:
         b7:ab:bd:81:8e:7f:27:74:a4:d7:be:eb:2a:0f:e7:bd:e7:7e:
         f1:b9:2b:81:38:4f:6c:ab:32:e8:02:1c:01:bb:05:c2:6b:f4:
         ec:21:cd:fa:3e:18:9d:37:2d:bf:56:5f:d0:0c:cb:e2:75:7d:
         05:21:61:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH/1x/Z/WFStW2BLAASpKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjUwMTAxMTM0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDlhNWMyMGRmZjdhYWIxNDMzMjFiMTQxNjI1MmYyMDNjZTllNWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmcOoBNvkrPim42+K8FYW78wpK/+A
HwbN9LOVbOx1zBwpeaeP6jQaC+QS0ac4CjyZV205QaUI2v5K5TnGwPo7grFFZMmX
f+1QrSlVugKf8fuU5+do8bdOk6+0GmygO8spCSrRWFHEK15ctH4GB8vbbcIttSMY
fy8b92m9YvtwQNoHfcs8RjhqCs88snQ1XY4qE4xx7BB8TrTilxs/v+AANBIfEvlj
ahj8ANNPjLn9rZSPxXGJjp6WOyH3jbPNSERZYbEiWSdWue1ll/G2JuikXE8/hTFS
9PhqVWoCqCmKtSo5hRmOGK+Bu24tGF8WN8HNz/5NaDwbz4/S8S5AqaC7ywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE2aXCDf96qxQzIbFBYlLyA86eXMMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvVFpwY0lOXzNxckZETWhzVUZpVXZJRHpwNWN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkRdMA0G
CSqGSIb3DQEBCwUAA4IBAQAwkMIY12FcZT+LofDCYP41q5mKG53RDq4pUMkN1OpX
YT4NGTW+JZZt+UanchEcL5W+501UJ8VeJxq5aKzz9dojxMJLQiKqb5GoikdS9WWW
HATVLqOED5bP1fHUkg4DDY35BpyTc7HUEE8haI0V6uIdKvdzCzBoxQBvj3x2xjn1
8LkSLqCWl9qsJtUA2Mx2cZF5qaChxoZm5OatrdEFHwwZhdtEH2L7E3rOJsjZPqO5
ADXx6boJ3ysY/CPnCT1A+7p1momRO+63q72Bjn8ndKTXvusqD+e9537xuSuBOE9s
qzLoAhwBuwXCa/TsIc36PhidNy2/Vl/QDMvidX0FIWEi
-----END CERTIFICATE-----