Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/5c7c7d-4d2e-483c-89cd-26816ca92ca0/1/TtR01kMsO10JvirQ4o5KaXzKuaw.roa
File:                     TtR01kMsO10JvirQ4o5KaXzKuaw.roa (raw, json)
Hash identifier:          Od31Xh8Fn1FlG/ZaZR87smAKpKOnGxw4sc59LmfJc+g=
Subject key identifier:   4E:D4:74:D6:43:2C:3B:5D:09:BE:2A:D0:E2:8E:4A:69:7C:CA:B9:AC
Certificate issuer:       /CN=1954e32570bbfb9af11c2381e81c797c2f40087c
Certificate serial:       01942068163AAF9EF73DBC151DDF940ED7DE
Authority key identifier: 19:54:E3:25:70:BB:FB:9A:F1:1C:23:81:E8:1C:79:7C:2F:40:08:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GVTjJXC7-5rxHCOB6Bx5fC9ACHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/5c7c7d-4d2e-483c-89cd-26816ca92ca0/1/TtR01kMsO10JvirQ4o5KaXzKuaw.roa
Signing time:             Wed 01 Jan 2025 05:47:59 +0000
ROA not before:           Wed 01 Jan 2025 05:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213050
IP address blocks:        144.2.168.0/22 maxlen: 24
                          149.3.168.0/24 maxlen: 24
                          2a0c:6ac0::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/5c7c7d-4d2e-483c-89cd-26816ca92ca0/1/GVTjJXC7-5rxHCOB6Bx5fC9ACHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/5c7c7d-4d2e-483c-89cd-26816ca92ca0/1/GVTjJXC7-5rxHCOB6Bx5fC9ACHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GVTjJXC7-5rxHCOB6Bx5fC9ACHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:16:3a:af:9e:f7:3d:bc:15:1d:df:94:0e:d7:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1954e32570bbfb9af11c2381e81c797c2f40087c
        Validity
            Not Before: Jan  1 05:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ed474d6432c3b5d09be2ad0e28e4a697ccab9ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:97:f1:8e:95:63:dc:2b:71:08:8e:88:f2:45:
                    8b:57:24:14:8a:90:65:e8:5b:84:94:83:d1:b3:09:
                    fb:74:54:f6:f0:cf:45:1d:52:e2:0d:82:13:40:dd:
                    79:1f:7a:5b:da:aa:fd:ca:b5:2f:7d:3b:87:97:ce:
                    cb:09:ee:39:61:49:07:9d:37:e0:d5:16:a2:f3:a6:
                    c2:0c:10:8d:8b:05:80:64:c5:de:b9:bc:d0:72:bf:
                    ce:ad:e2:8b:69:50:1e:85:9a:b3:e3:1d:72:98:92:
                    91:60:6c:cd:7d:64:f5:66:6f:48:d5:6b:80:98:17:
                    ab:11:2a:01:60:ec:d9:a5:5f:89:90:79:d7:91:db:
                    c0:84:e7:3e:8b:94:d2:ac:72:ac:2d:8e:c1:2c:d1:
                    11:b6:8b:df:94:bd:c6:8f:60:3e:ea:12:68:ed:bb:
                    df:a4:16:9e:3d:81:92:74:f0:80:94:b1:20:48:0c:
                    94:94:d0:c7:dd:ad:5d:46:88:54:8a:92:14:8c:44:
                    26:6f:28:46:8c:90:56:a9:98:88:8d:4a:43:37:8e:
                    65:35:3b:14:5b:90:e3:d4:c6:f6:b9:2b:c1:00:88:
                    29:93:b1:21:ae:53:7b:50:af:17:b6:ea:c2:74:42:
                    2e:8d:e3:f0:84:21:4e:0d:84:45:ee:04:29:fa:fa:
                    73:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:D4:74:D6:43:2C:3B:5D:09:BE:2A:D0:E2:8E:4A:69:7C:CA:B9:AC
            X509v3 Authority Key Identifier:
                keyid:19:54:E3:25:70:BB:FB:9A:F1:1C:23:81:E8:1C:79:7C:2F:40:08:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GVTjJXC7-5rxHCOB6Bx5fC9ACHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/5c7c7d-4d2e-483c-89cd-26816ca92ca0/1/TtR01kMsO10JvirQ4o5KaXzKuaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/5c7c7d-4d2e-483c-89cd-26816ca92ca0/1/GVTjJXC7-5rxHCOB6Bx5fC9ACHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.2.168.0/22
                  149.3.168.0/24
                IPv6:
                  2a0c:6ac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         67:94:cc:e6:64:aa:af:a1:d4:6b:5c:3e:f8:45:a4:4a:9c:90:
         fc:18:d0:4d:c1:11:22:a9:65:54:f7:7d:a0:d5:f1:cc:5b:08:
         6e:45:44:5c:84:f1:1b:78:9b:51:a1:4f:e3:c7:cf:b0:47:ce:
         fa:fd:f3:60:d0:2f:92:05:5f:72:eb:53:01:9d:ce:44:61:89:
         ca:f4:03:03:23:e3:17:b5:06:47:07:76:42:13:24:00:11:d1:
         e3:9c:dc:9c:09:54:98:9d:9b:e9:72:2b:7b:4d:5c:51:8d:e9:
         56:db:dc:a4:94:dd:d6:ac:13:54:5f:bb:97:83:d2:1e:b0:ce:
         1a:65:7b:ea:eb:1c:9e:c7:32:cc:c4:12:af:84:d6:8a:18:35:
         2d:23:1b:38:b1:bc:af:95:1d:b7:e3:55:65:61:06:b7:50:90:
         04:45:2d:42:07:4a:b8:cc:be:15:1a:6d:c8:de:cc:24:35:ee:
         6b:98:a8:79:6c:8a:2e:f3:de:6e:85:ef:9b:0a:1d:fa:b9:4b:
         0d:15:e4:cc:54:24:be:05:3e:d3:8f:d7:9b:51:32:00:46:cd:
         41:bb:a3:f1:a2:18:fc:a5:c2:09:fe:36:fb:ab:5a:00:f8:ae:
         14:9f:05:4a:24:65:65:11:85:a5:56:74:79:db:10:a7:72:38:
         29:fa:60:60
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQgaBY6r573PbwVHd+UDtfeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NTRlMzI1NzBiYmZiOWFmMTFjMjM4MWU4MWM3OTdjMmY0
MDA4N2MwHhcNMjUwMTAxMDU0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWQ0NzRkNjQzMmMzYjVkMDliZTJhZDBlMjhlNGE2OTdjY2FiOWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAupfxjpVj3CtxCI6I8kWLVyQUipBl
6FuElIPRswn7dFT28M9FHVLiDYITQN15H3pb2qr9yrUvfTuHl87LCe45YUkHnTfg
1Rai86bCDBCNiwWAZMXeubzQcr/OreKLaVAehZqz4x1ymJKRYGzNfWT1Zm9I1WuA
mBerESoBYOzZpV+JkHnXkdvAhOc+i5TSrHKsLY7BLNERtovflL3Gj2A+6hJo7bvf
pBaePYGSdPCAlLEgSAyUlNDH3a1dRohUipIUjEQmbyhGjJBWqZiIjUpDN45lNTsU
W5Dj1Mb2uSvBAIgpk7EhrlN7UK8XturCdEIujePwhCFODYRF7gQp+vpzowIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFE7UdNZDLDtdCb4q0OKOSml8yrmsMB8GA1UdIwQY
MBaAFBlU4yVwu/ua8RwjgegceXwvQAh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1ZUakpYQzctNXJ4SENPQjZCeDVmQzlBQ0h3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC81YzdjN2QtNGQyZS00ODNjLTg5Y2Qt
MjY4MTZjYTkyY2EwLzEvVHRSMDFrTXNPMTBKdmlyUTRvNUthWHpLdWF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC81YzdjN2QtNGQyZS00ODNjLTg5Y2QtMjY4MTZjYTkyY2Ew
LzEvR1ZUakpYQzctNXJ4SENPQjZCeDVmQzlBQ0h3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCkAKoAwQA
lQOoMA0EAgACMAcDBQMqDGrAMA0GCSqGSIb3DQEBCwUAA4IBAQBnlMzmZKqvodRr
XD74RaRKnJD8GNBNwREiqWVU932g1fHMWwhuRURchPEbeJtRoU/jx8+wR876/fNg
0C+SBV9y61MBnc5EYYnK9AMDI+MXtQZHB3ZCEyQAEdHjnNycCVSYnZvpcit7TVxR
jelW29yklN3WrBNUX7uXg9IesM4aZXvq6xyexzLMxBKvhNaKGDUtIxs4sbyvlR23
41VlYQa3UJAERS1CB0q4zL4VGm3I3swkNe5rmKh5bIou895uhe+bCh36uUsNFeTM
VCS+BT7Tj9ebUTIARs1Bu6Pxohj8pcIJ/jb7q1oA+K4UnwVKJGVlEYWlVnR52xCn
cjgp+mBg
-----END CERTIFICATE-----