Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/5e3070-422a-4b58-800a-dba7ccac94e2/1/T-Yw2cTI2wr-Y-TJOoMJXVh3bJU.roa
File:                     T-Yw2cTI2wr-Y-TJOoMJXVh3bJU.roa (raw, json)
Hash identifier:          0NqJgy30YTXcCM9pl9HQ+jtoeVufCCiGR0QgwmWh8es=
Subject key identifier:   4F:E6:30:D9:C4:C8:DB:0A:FE:63:E4:C9:3A:83:09:5D:58:77:6C:95
Certificate issuer:       /CN=ff4ccdb12fc22eb857f86c565a8bc5151d0532b0
Certificate serial:       019421B2332B59263E5EA8711387AE8408A9
Authority key identifier: FF:4C:CD:B1:2F:C2:2E:B8:57:F8:6C:56:5A:8B:C5:15:1D:05:32:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_0zNsS_CLrhX-GxWWovFFR0FMrA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/5e3070-422a-4b58-800a-dba7ccac94e2/1/T-Yw2cTI2wr-Y-TJOoMJXVh3bJU.roa
Signing time:             Wed 01 Jan 2025 11:48:34 +0000
ROA not before:           Wed 01 Jan 2025 11:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     553
IP address blocks:        129.206.0.0/16 maxlen: 16
                          147.142.0.0/16 maxlen: 16
                          192.100.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/5e3070-422a-4b58-800a-dba7ccac94e2/1/_0zNsS_CLrhX-GxWWovFFR0FMrA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/5e3070-422a-4b58-800a-dba7ccac94e2/1/_0zNsS_CLrhX-GxWWovFFR0FMrA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_0zNsS_CLrhX-GxWWovFFR0FMrA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:33:2b:59:26:3e:5e:a8:71:13:87:ae:84:08:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff4ccdb12fc22eb857f86c565a8bc5151d0532b0
        Validity
            Not Before: Jan  1 11:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4fe630d9c4c8db0afe63e4c93a83095d58776c95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:80:d4:a4:82:b8:97:30:d9:b0:80:e4:a5:d0:
                    50:20:3b:b1:99:12:56:3f:4f:cb:30:ca:6b:d6:d6:
                    22:ce:05:16:dd:18:ac:c0:00:35:77:de:c5:28:6f:
                    51:59:02:75:44:75:83:fd:ed:76:c2:b8:0b:b4:e0:
                    99:4b:39:0b:6a:52:ac:14:7c:a4:7c:74:b4:3b:f9:
                    20:fb:81:9c:14:15:20:f0:0a:b9:f8:39:fb:66:a8:
                    2a:2f:db:8c:bb:08:33:ae:f0:04:79:c8:68:a4:c8:
                    5c:d7:65:f7:18:92:55:a6:32:b8:08:8e:9f:7c:58:
                    03:20:fe:13:e5:9a:fa:6f:97:fc:4a:c1:56:e4:05:
                    4e:aa:95:bd:8d:44:bd:c3:5c:b8:5e:45:b2:ef:a0:
                    aa:dd:c1:84:d0:95:15:fa:48:4c:dd:f4:36:46:e5:
                    af:4c:c3:7c:9a:00:48:94:e5:f1:84:c8:99:d4:7b:
                    1b:1d:47:4b:36:e9:47:83:f2:b0:3d:82:fc:da:7b:
                    cb:33:41:0a:c6:78:53:a7:1b:62:45:e8:f3:18:9c:
                    f0:61:c8:ac:6f:80:e9:5b:ee:7f:3f:71:75:b6:1f:
                    da:03:c7:db:32:81:60:ad:80:2d:de:11:c3:89:e8:
                    16:06:54:85:bc:23:1f:ad:c9:63:f2:be:a4:e0:30:
                    ec:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:E6:30:D9:C4:C8:DB:0A:FE:63:E4:C9:3A:83:09:5D:58:77:6C:95
            X509v3 Authority Key Identifier:
                keyid:FF:4C:CD:B1:2F:C2:2E:B8:57:F8:6C:56:5A:8B:C5:15:1D:05:32:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_0zNsS_CLrhX-GxWWovFFR0FMrA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/5e3070-422a-4b58-800a-dba7ccac94e2/1/T-Yw2cTI2wr-Y-TJOoMJXVh3bJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/5e3070-422a-4b58-800a-dba7ccac94e2/1/_0zNsS_CLrhX-GxWWovFFR0FMrA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  129.206.0.0/16
                  147.142.0.0/16
                  192.100.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:bd:ed:a6:4e:b6:b8:55:34:95:b4:28:a3:f7:69:c3:4a:4b:
         79:d9:db:ed:89:99:61:72:56:98:3f:4d:29:aa:5c:e2:f8:b7:
         c2:5b:2c:df:39:27:89:58:b7:28:82:a3:f1:51:69:87:81:07:
         49:75:58:c1:c8:8e:a2:46:4e:20:af:11:dc:fd:35:c4:07:42:
         f2:f3:db:f1:e5:59:19:2d:a2:58:97:c8:17:d0:55:00:5d:b5:
         11:62:15:6a:80:5d:5a:92:72:cb:8f:58:0c:87:3a:96:99:ee:
         32:7e:71:ba:1a:34:d5:39:cd:e1:d8:05:8e:4e:5d:0b:3e:fa:
         c2:0f:02:67:c1:df:76:46:48:a8:ca:b6:3f:99:08:44:75:f2:
         33:77:2e:3f:f6:8d:be:ef:e4:48:d7:4f:ad:d1:2b:15:c1:6a:
         d6:38:10:64:1d:f6:94:2a:ba:73:66:2d:fd:fb:58:7b:6f:cd:
         03:d2:21:62:ee:03:4a:db:61:fa:d0:fc:b4:eb:9e:ac:9a:95:
         9d:c6:e3:49:01:97:f1:b8:37:2e:b4:80:bd:39:22:39:5e:4e:
         dc:fe:4f:e3:7d:6a:00:a2:47:d4:d6:4c:44:a4:46:6c:09:27:
         eb:0a:b3:5e:11:5f:d5:a1:47:1d:16:4c:56:52:2d:09:8e:c5:
         62:c3:3c:51
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZQhsjMrWSY+XqhxE4euhAipMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNGNjZGIxMmZjMjJlYjg1N2Y4NmM1NjVhOGJjNTE1MWQw
NTMyYjAwHhcNMjUwMTAxMTE0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmU2MzBkOWM0YzhkYjBhZmU2M2U0YzkzYTgzMDk1ZDU4Nzc2Yzk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIDUpIK4lzDZsIDkpdBQIDuxmRJW
P0/LMMpr1tYizgUW3RiswAA1d97FKG9RWQJ1RHWD/e12wrgLtOCZSzkLalKsFHyk
fHS0O/kg+4GcFBUg8Aq5+Dn7ZqgqL9uMuwgzrvAEechopMhc12X3GJJVpjK4CI6f
fFgDIP4T5Zr6b5f8SsFW5AVOqpW9jUS9w1y4XkWy76Cq3cGE0JUV+khM3fQ2RuWv
TMN8mgBIlOXxhMiZ1HsbHUdLNulHg/KwPYL82nvLM0EKxnhTpxtiRejzGJzwYcis
b4DpW+5/P3F1th/aA8fbMoFgrYAt3hHDiegWBlSFvCMfrclj8r6k4DDssQIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFE/mMNnEyNsK/mPkyTqDCV1Yd2yVMB8GA1UdIwQY
MBaAFP9MzbEvwi64V/hsVlqLxRUdBTKwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzB6TnNTX0NMcmhYLUd4V1dvdkZGUjBGTXJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy81ZTMwNzAtNDIyYS00YjU4LTgwMGEt
ZGJhN2NjYWM5NGUyLzEvVC1ZdzJjVEkyd3ItWS1USk9vTUpYVmgzYkpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy81ZTMwNzAtNDIyYS00YjU4LTgwMGEtZGJhN2NjYWM5NGUy
LzEvXzB6TnNTX0NMcmhYLUd4V1dvdkZGUjBGTXJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAATAQAwMAgc4DAwCT
jgMEAMBkYjANBgkqhkiG9w0BAQsFAAOCAQEAFL3tpk62uFU0lbQoo/dpw0pLednb
7YmZYXJWmD9NKapc4vi3wlss3zkniVi3KIKj8VFph4EHSXVYwciOokZOIK8R3P01
xAdC8vPb8eVZGS2iWJfIF9BVAF21EWIVaoBdWpJyy49YDIc6lpnuMn5xuho01TnN
4dgFjk5dCz76wg8CZ8HfdkZIqMq2P5kIRHXyM3cuP/aNvu/kSNdPrdErFcFq1jgQ
ZB32lCq6c2Yt/ftYe2/NA9IhYu4DStth+tD8tOuerJqVncbjSQGX8bg3LrSAvTki
OV5O3P5P431qAKJH1NZMRKRGbAkn6wqzXhFf1aFHHRZMVlItCY7FYsM8UQ==
-----END CERTIFICATE-----