Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/TzjezWebHSz6fdfD6rX_WZumF2s.roa
File:                     TzjezWebHSz6fdfD6rX_WZumF2s.roa (raw, json)
Hash identifier:          t5wR4CioofE98lmboG27Ls+8ApJWA+Wv0wKWlwa+C9c=
Subject key identifier:   4F:38:DE:CD:67:9B:1D:2C:FA:7D:D7:C3:EA:B5:FF:59:9B:A6:17:6B
Certificate issuer:       /CN=7415fec4ae76b24e4f02991649917b99b740044a
Certificate serial:       019426D99A22DF55808A6295BF83BD440425
Authority key identifier: 74:15:FE:C4:AE:76:B2:4E:4F:02:99:16:49:91:7B:99:B7:40:04:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/TzjezWebHSz6fdfD6rX_WZumF2s.roa
Signing time:             Thu 02 Jan 2025 11:49:42 +0000
ROA not before:           Thu 02 Jan 2025 11:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214417
IP address blocks:        92.42.102.0/24 maxlen: 24
                          185.225.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 06:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:9a:22:df:55:80:8a:62:95:bf:83:bd:44:04:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7415fec4ae76b24e4f02991649917b99b740044a
        Validity
            Not Before: Jan  2 11:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f38decd679b1d2cfa7dd7c3eab5ff599ba6176b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:26:e7:ab:9f:74:3c:f2:6e:77:c3:4b:cc:77:
                    ca:af:30:2b:e3:02:e7:c8:1c:2f:da:c0:f0:4b:2f:
                    22:0b:5d:aa:79:e4:16:d6:42:ff:c5:82:79:e0:2d:
                    27:2a:e1:04:fc:1c:d3:0a:d1:81:16:e9:60:74:bd:
                    ea:73:60:26:4e:e1:08:12:dd:8c:2a:30:58:e3:fd:
                    66:1d:2f:b2:77:01:de:6d:4d:ba:c8:33:45:8c:f7:
                    04:17:31:88:ad:dc:c3:07:da:ff:92:75:dd:84:54:
                    9b:e5:dd:e2:4f:bd:b7:a3:cf:77:1a:52:21:cf:26:
                    da:72:16:b6:7d:72:a8:40:8e:56:8f:c5:ee:e0:8c:
                    14:82:0a:ea:77:93:7d:de:09:0f:4a:fd:ce:67:03:
                    84:b5:d7:89:4a:98:54:47:fb:ac:c2:d1:3d:59:2f:
                    c9:c5:4a:ec:54:99:9e:75:4f:e7:d1:e9:e7:07:af:
                    63:ca:d4:c1:de:64:54:eb:52:d1:d3:50:3a:ce:d6:
                    ba:4d:8a:58:c3:e9:ef:a7:e9:27:fe:67:8e:ad:93:
                    dd:a7:31:37:02:53:df:f2:42:c8:b5:be:ff:66:8b:
                    db:82:8e:f3:96:a5:0f:b4:91:11:60:39:35:a7:85:
                    c3:59:cf:57:cc:30:5e:22:fb:ec:90:1a:31:e7:dc:
                    75:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:38:DE:CD:67:9B:1D:2C:FA:7D:D7:C3:EA:B5:FF:59:9B:A6:17:6B
            X509v3 Authority Key Identifier:
                keyid:74:15:FE:C4:AE:76:B2:4E:4F:02:99:16:49:91:7B:99:B7:40:04:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/TzjezWebHSz6fdfD6rX_WZumF2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.42.102.0/24
                  185.225.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:08:f1:1b:99:bd:75:74:33:a1:7a:61:07:9c:40:f9:47:ac:
         bd:fc:6c:27:8b:22:67:23:1f:22:45:fb:0c:3b:2b:86:03:0e:
         64:55:91:74:02:8e:5a:44:03:6c:b2:c6:49:7f:01:51:fa:0a:
         80:6e:84:82:1a:c8:bd:45:a9:36:9d:54:5d:ca:8e:39:6f:a3:
         40:be:9c:09:fb:c0:1c:4a:bc:3e:78:3f:42:8b:d9:34:e8:91:
         06:04:d6:97:ca:b2:8e:f4:ad:b1:e9:4e:c2:e3:c0:8f:17:55:
         89:2c:af:1f:b1:61:61:6b:91:aa:b8:e0:e7:ca:9b:44:9f:81:
         a6:24:8f:94:6b:b1:96:33:d9:97:88:c4:c4:c3:d2:86:f4:40:
         ba:d7:47:87:98:3c:e7:d2:3a:d0:4c:98:dc:0d:80:c5:23:8f:
         81:83:35:28:ec:8b:da:c8:93:c8:6e:57:a2:84:92:c3:71:3c:
         3b:73:4c:3d:d5:9e:a2:6e:4f:f4:7a:c6:e1:e2:59:8b:e7:6c:
         6d:01:72:00:ff:82:d0:68:6b:a6:63:ba:20:c8:80:17:2b:d9:
         05:78:51:59:b5:45:23:e3:e6:51:e2:41:d1:6e:43:58:49:7d:
         ed:bd:c0:f5:65:f8:66:8f:ce:d6:d1:58:b7:11:2e:d6:d5:fc:
         9c:d8:7a:8a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQm2Zoi31WAimKVv4O9RAQlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0MTVmZWM0YWU3NmIyNGU0ZjAyOTkxNjQ5OTE3Yjk5Yjc0
MDA0NGEwHhcNMjUwMTAyMTE0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjM4ZGVjZDY3OWIxZDJjZmE3ZGQ3YzNlYWI1ZmY1OTliYTYxNzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCbnq590PPJud8NLzHfKrzAr4wLn
yBwv2sDwSy8iC12qeeQW1kL/xYJ54C0nKuEE/BzTCtGBFulgdL3qc2AmTuEIEt2M
KjBY4/1mHS+ydwHebU26yDNFjPcEFzGIrdzDB9r/knXdhFSb5d3iT723o893GlIh
zybacha2fXKoQI5Wj8Xu4IwUggrqd5N93gkPSv3OZwOEtdeJSphUR/uswtE9WS/J
xUrsVJmedU/n0ennB69jytTB3mRU61LR01A6zta6TYpYw+nvp+kn/meOrZPdpzE3
AlPf8kLItb7/Zovbgo7zlqUPtJERYDk1p4XDWc9XzDBeIvvskBox59x1LQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE843s1nmx0s+n3Xw+q1/1mbphdrMB8GA1UdIwQY
MBaAFHQV/sSudrJOTwKZFkmRe5m3QARKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEJYLXhLNTJzazVQQXBrV1NaRjdtYmRBQkVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy85ODc5NzktOTY5My00NWUzLTg1YmEt
ZWQ1MzU4YjZkYTMxLzEvVHpqZXpXZWJIU3o2ZmRmRDZyWF9XWnVtRjJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy85ODc5NzktOTY5My00NWUzLTg1YmEtZWQ1MzU4YjZkYTMx
LzEvZEJYLXhLNTJzazVQQXBrV1NaRjdtYmRBQkVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXCpmAwQA
ueHKMA0GCSqGSIb3DQEBCwUAA4IBAQCdCPEbmb11dDOhemEHnED5R6y9/GwniyJn
Ix8iRfsMOyuGAw5kVZF0Ao5aRANsssZJfwFR+gqAboSCGsi9Rak2nVRdyo45b6NA
vpwJ+8AcSrw+eD9Ci9k06JEGBNaXyrKO9K2x6U7C48CPF1WJLK8fsWFha5GquODn
yptEn4GmJI+Ua7GWM9mXiMTEw9KG9EC610eHmDzn0jrQTJjcDYDFI4+BgzUo7Iva
yJPIbleihJLDcTw7c0w91Z6ibk/0esbh4lmL52xtAXIA/4LQaGumY7ogyIAXK9kF
eFFZtUUj4+ZR4kHRbkNYSX3tvcD1Zfhmj87W0Vi3ES7W1fyc2HqK
-----END CERTIFICATE-----