Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/8a5cc2-c542-4c9b-8077-bc7977396d9b/1/TvqtU6kGEWNG1Cpdb9p7065y7Us.roa
File:                     TvqtU6kGEWNG1Cpdb9p7065y7Us.roa (raw, json)
Hash identifier:          feIhe0HlEu5dhdmycewb1eBF/nryf3+/l635UbwMTEY=
Subject key identifier:   4E:FA:AD:53:A9:06:11:63:46:D4:2A:5D:6F:DA:7B:D3:AE:72:ED:4B
Certificate issuer:       /CN=f5a291224f82bc6d26b519ed7afbe25cb32c115c
Certificate serial:       0195DC2FB89E2C273F3BFA9DD23AF8D9D2AA
Authority key identifier: F5:A2:91:22:4F:82:BC:6D:26:B5:19:ED:7A:FB:E2:5C:B3:2C:11:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9aKRIk-CvG0mtRntevviXLMsEVw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/8a5cc2-c542-4c9b-8077-bc7977396d9b/1/TvqtU6kGEWNG1Cpdb9p7065y7Us.roa
Signing time:             Fri 28 Mar 2025 09:57:49 +0000
ROA not before:           Fri 28 Mar 2025 09:57:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9141
IP address blocks:        193.238.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/8a5cc2-c542-4c9b-8077-bc7977396d9b/1/9aKRIk-CvG0mtRntevviXLMsEVw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/8a5cc2-c542-4c9b-8077-bc7977396d9b/1/9aKRIk-CvG0mtRntevviXLMsEVw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9aKRIk-CvG0mtRntevviXLMsEVw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:dc:2f:b8:9e:2c:27:3f:3b:fa:9d:d2:3a:f8:d9:d2:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a291224f82bc6d26b519ed7afbe25cb32c115c
        Validity
            Not Before: Mar 28 09:57:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4efaad53a906116346d42a5d6fda7bd3ae72ed4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:b1:15:cf:f7:54:5a:19:d0:8b:34:67:41:ff:
                    3d:49:df:f7:ea:43:1d:fe:f9:e1:c8:46:00:e4:53:
                    c6:49:ab:a6:ac:c7:4f:ff:21:09:f8:e8:df:78:27:
                    b5:25:f5:40:d6:17:0f:1c:e0:5c:62:e5:fd:e0:84:
                    44:01:82:c0:15:56:36:72:45:69:60:03:57:fe:99:
                    a8:2e:b7:d1:64:b3:22:dd:22:28:aa:9c:a7:07:f2:
                    05:70:c3:f5:af:95:85:8f:0a:0c:4d:8a:a4:b4:65:
                    78:98:4d:22:18:a1:18:af:0b:84:19:f1:ea:2c:d0:
                    aa:59:97:e0:5a:dc:63:0e:60:52:c4:37:ac:22:91:
                    f8:75:2f:e7:e2:a1:83:d2:df:ae:fe:7d:84:25:60:
                    e7:cd:9a:fa:4d:73:35:ae:8d:b9:f1:26:56:bf:ed:
                    c4:10:ed:d1:f2:c7:1a:df:d9:2e:01:ad:3c:40:91:
                    d3:a2:ba:b7:d9:4b:05:1a:b9:3d:f1:d5:35:23:d2:
                    49:07:e5:34:56:ba:e7:91:ab:ac:d2:0d:85:28:ba:
                    a3:08:35:55:ff:19:ab:5d:e0:a3:d8:d3:53:53:07:
                    5c:87:29:57:13:ab:e5:95:85:ca:2b:5a:8d:b8:6a:
                    30:ce:5f:34:98:d2:35:46:d0:cb:d0:d1:ff:0b:d1:
                    49:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:FA:AD:53:A9:06:11:63:46:D4:2A:5D:6F:DA:7B:D3:AE:72:ED:4B
            X509v3 Authority Key Identifier:
                keyid:F5:A2:91:22:4F:82:BC:6D:26:B5:19:ED:7A:FB:E2:5C:B3:2C:11:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9aKRIk-CvG0mtRntevviXLMsEVw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/8a5cc2-c542-4c9b-8077-bc7977396d9b/1/TvqtU6kGEWNG1Cpdb9p7065y7Us.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/8a5cc2-c542-4c9b-8077-bc7977396d9b/1/9aKRIk-CvG0mtRntevviXLMsEVw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.238.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:0e:ab:10:25:7b:29:3a:83:42:dc:03:7f:8d:34:9f:d3:13:
         32:a6:54:ce:6d:ac:72:15:0e:f7:28:45:77:80:b1:d2:9b:9a:
         cc:0a:c0:6e:17:08:49:10:89:40:b4:27:e3:52:89:3b:6b:63:
         68:a3:20:5f:fd:30:b7:d5:fd:14:3d:bc:52:26:58:fc:f0:04:
         58:ce:6c:0e:cc:e9:f4:93:e3:83:fd:db:d9:37:32:da:0a:d4:
         d0:40:21:ef:b4:90:c1:1f:99:44:3a:46:9d:f8:b4:94:61:28:
         8f:70:50:d6:0c:25:6c:15:9c:48:2c:27:03:f4:34:5c:3e:3a:
         0d:73:bf:e4:11:3b:d9:ec:a8:9d:0c:ac:a7:12:68:8c:f7:b0:
         36:53:1f:26:34:d9:03:b3:5f:f0:66:e7:6c:11:20:48:95:b9:
         ca:1a:b7:29:e9:ed:6f:e7:9b:a0:18:fb:da:ea:f5:ad:eb:ed:
         15:75:66:30:11:8b:7c:9a:34:78:8d:33:28:1a:37:05:68:2f:
         17:25:c1:fb:67:1b:5e:f5:ae:92:40:6e:87:c3:ad:97:49:0b:
         2f:2a:56:18:27:3d:1c:d7:34:bb:3b:f9:62:74:50:a0:7e:3e:
         ea:22:88:0f:34:e7:3a:5f:c0:52:5b:9b:bd:65:3d:55:32:7d:
         00:3b:20:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXcL7ieLCc/O/qd0jr42dKqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1YTI5MTIyNGY4MmJjNmQyNmI1MTllZDdhZmJlMjVjYjMy
YzExNWMwHhcNMjUwMzI4MDk1NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWZhYWQ1M2E5MDYxMTYzNDZkNDJhNWQ2ZmRhN2JkM2FlNzJlZDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8rEVz/dUWhnQizRnQf89Sd/36kMd
/vnhyEYA5FPGSaumrMdP/yEJ+OjfeCe1JfVA1hcPHOBcYuX94IREAYLAFVY2ckVp
YANX/pmoLrfRZLMi3SIoqpynB/IFcMP1r5WFjwoMTYqktGV4mE0iGKEYrwuEGfHq
LNCqWZfgWtxjDmBSxDesIpH4dS/n4qGD0t+u/n2EJWDnzZr6TXM1ro258SZWv+3E
EO3R8sca39kuAa08QJHTorq32UsFGrk98dU1I9JJB+U0Vrrnkaus0g2FKLqjCDVV
/xmrXeCj2NNTUwdchylXE6vllYXKK1qNuGowzl80mNI1RtDL0NH/C9FJwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE76rVOpBhFjRtQqXW/ae9Oucu1LMB8GA1UdIwQY
MBaAFPWikSJPgrxtJrUZ7Xr74lyzLBFcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWFLUklrLUN2RzBtdFJudGV2dmlYTE1zRVZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC84YTVjYzItYzU0Mi00YzliLTgwNzct
YmM3OTc3Mzk2ZDliLzEvVHZxdFU2a0dFV05HMUNwZGI5cDcwNjV5N1VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC84YTVjYzItYzU0Mi00YzliLTgwNzctYmM3OTc3Mzk2ZDli
LzEvOWFLUklrLUN2RzBtdFJudGV2dmlYTE1zRVZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwe4YMA0G
CSqGSIb3DQEBCwUAA4IBAQAADqsQJXspOoNC3AN/jTSf0xMyplTObaxyFQ73KEV3
gLHSm5rMCsBuFwhJEIlAtCfjUok7a2NooyBf/TC31f0UPbxSJlj88ARYzmwOzOn0
k+OD/dvZNzLaCtTQQCHvtJDBH5lEOkad+LSUYSiPcFDWDCVsFZxILCcD9DRcPjoN
c7/kETvZ7KidDKynEmiM97A2Ux8mNNkDs1/wZudsESBIlbnKGrcp6e1v55ugGPva
6vWt6+0VdWYwEYt8mjR4jTMoGjcFaC8XJcH7Zxte9a6SQG6Hw62XSQsvKlYYJz0c
1zS7O/lidFCgfj7qIogPNOc6X8BSW5u9ZT1VMn0AOyBh
-----END CERTIFICATE-----