Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/TJcT2DJKq9sbzduugmROupXys-s.roa
File:                     TJcT2DJKq9sbzduugmROupXys-s.roa (raw, json)
Hash identifier:          945dsBaVvuzrinluSo92NkW9CX506XM50XuIK87H/WU=
Subject key identifier:   4C:97:13:D8:32:4A:AB:DB:1B:CD:DB:AE:82:64:4E:BA:95:F2:B3:EB
Certificate issuer:       /CN=4f9ac6fe2031adde03668240e3c5d91ec6711e1e
Certificate serial:       0194221F578C18BC7E8F1C7B6136087C6B72
Authority key identifier: 4F:9A:C6:FE:20:31:AD:DE:03:66:82:40:E3:C5:D9:1E:C6:71:1E:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5rG_iAxrd4DZoJA48XZHsZxHh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/TJcT2DJKq9sbzduugmROupXys-s.roa
Signing time:             Wed 01 Jan 2025 13:47:46 +0000
ROA not before:           Wed 01 Jan 2025 13:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44863
IP address blocks:        185.93.185.0/24 maxlen: 24
                          185.93.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/T5rG_iAxrd4DZoJA48XZHsZxHh4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/T5rG_iAxrd4DZoJA48XZHsZxHh4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T5rG_iAxrd4DZoJA48XZHsZxHh4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Apr 2025 07:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:57:8c:18:bc:7e:8f:1c:7b:61:36:08:7c:6b:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9ac6fe2031adde03668240e3c5d91ec6711e1e
        Validity
            Not Before: Jan  1 13:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c9713d8324aabdb1bcddbae82644eba95f2b3eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:fa:6d:41:d8:74:d8:8f:eb:29:65:36:bf:c3:
                    3d:9f:79:27:93:37:a1:e4:a0:55:cf:18:d8:82:0d:
                    74:fd:85:cd:b3:f0:33:0d:58:53:88:ef:a8:95:e8:
                    b5:03:61:dc:ae:82:db:b9:aa:6f:a9:45:aa:55:25:
                    b5:49:06:7f:22:36:a3:f4:0a:73:dd:1e:a2:bd:0f:
                    bc:1b:af:f6:59:25:2d:d6:7d:66:c2:a1:81:bf:10:
                    74:4e:49:cd:f2:6e:f7:4a:48:17:70:61:d7:03:7b:
                    b6:78:a9:1d:f5:ff:fc:34:de:67:e1:3c:4b:42:81:
                    6f:a7:14:d1:b6:4e:47:3d:db:b7:21:17:fa:b5:4f:
                    13:b1:04:f2:de:47:2d:3c:33:e8:b4:ee:b8:ab:4d:
                    57:90:ad:5e:d7:e5:ff:e5:4d:b5:b0:ca:fd:d8:f9:
                    b4:2b:d5:f6:a9:64:f2:8e:eb:ad:52:e3:62:c1:f5:
                    a4:cb:8b:21:2c:ec:96:6e:5e:d4:f6:db:26:79:60:
                    71:6a:db:2e:6b:8a:23:c2:ca:28:2d:50:46:ca:48:
                    32:4f:78:e6:25:9a:1c:7a:e4:3b:83:48:ca:bf:a8:
                    df:89:aa:38:53:2e:1d:83:4b:c0:a1:04:da:8d:b4:
                    85:1b:e8:71:ba:5b:0d:ed:6e:1d:37:79:45:dd:a7:
                    f7:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:97:13:D8:32:4A:AB:DB:1B:CD:DB:AE:82:64:4E:BA:95:F2:B3:EB
            X509v3 Authority Key Identifier:
                keyid:4F:9A:C6:FE:20:31:AD:DE:03:66:82:40:E3:C5:D9:1E:C6:71:1E:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5rG_iAxrd4DZoJA48XZHsZxHh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/TJcT2DJKq9sbzduugmROupXys-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/T5rG_iAxrd4DZoJA48XZHsZxHh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.185.0/24
                  185.93.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:1e:3c:0c:6d:c1:47:e5:ee:4e:88:8a:c8:94:8f:86:23:88:
         2b:e8:fc:89:25:4c:c1:19:06:1c:6a:03:f7:a8:d1:09:58:54:
         c0:59:21:72:39:18:3b:4e:0a:55:5a:a9:19:d7:bd:07:d2:f8:
         ca:a1:f1:90:f0:a3:d6:6b:af:e4:01:57:a4:5e:68:a3:3c:a9:
         f0:b2:b7:0a:45:ae:f2:fe:36:ed:9f:e7:b2:3f:83:65:a7:39:
         ef:3c:ee:58:19:d7:db:f6:8b:04:44:ff:7e:0f:0f:00:fa:98:
         4b:18:ca:83:f4:00:e7:ea:f6:09:ee:78:ac:32:33:ad:8e:4d:
         3a:6f:92:06:9c:c4:01:92:71:b1:ce:7a:dd:09:f6:0b:9d:15:
         9c:d6:76:54:38:5f:fd:68:78:8a:64:a6:80:d8:ce:2b:72:b9:
         e9:8e:3a:98:6f:39:88:f0:72:2c:31:a3:41:c3:3a:0b:34:8f:
         25:20:ef:3b:5d:c4:da:53:65:f1:40:43:f9:e9:8e:22:b4:c7:
         0a:02:d6:b4:d3:51:89:28:23:ff:b4:b3:57:84:05:e4:e6:a1:
         b5:91:d7:95:c4:fb:6c:8d:6e:44:38:9b:a7:16:d2:0e:cb:51:
         ca:66:23:93:7c:9a:9f:90:ed:32:9e:36:b2:e5:8c:05:14:18:
         61:ff:91:96
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiH1eMGLx+jxx7YTYIfGtyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOWFjNmZlMjAzMWFkZGUwMzY2ODI0MGUzYzVkOTFlYzY3
MTFlMWUwHhcNMjUwMTAxMTM0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Yzk3MTNkODMyNGFhYmRiMWJjZGRiYWU4MjY0NGViYTk1ZjJiM2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/ptQdh02I/rKWU2v8M9n3knkzeh
5KBVzxjYgg10/YXNs/AzDVhTiO+olei1A2HcroLbuapvqUWqVSW1SQZ/Ijaj9Apz
3R6ivQ+8G6/2WSUt1n1mwqGBvxB0TknN8m73SkgXcGHXA3u2eKkd9f/8NN5n4TxL
QoFvpxTRtk5HPdu3IRf6tU8TsQTy3kctPDPotO64q01XkK1e1+X/5U21sMr92Pm0
K9X2qWTyjuutUuNiwfWky4shLOyWbl7U9tsmeWBxatsua4ojwsooLVBGykgyT3jm
JZoceuQ7g0jKv6jfiao4Uy4dg0vAoQTajbSFG+hxulsN7W4dN3lF3af30wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEyXE9gySqvbG83broJkTrqV8rPrMB8GA1UdIwQY
MBaAFE+axv4gMa3eA2aCQOPF2R7GcR4eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVyR19pQXhyZDREWm9KQTQ4WFpIc1p4SGg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi84NDdmZmEtOWYzOC00NjEwLTk4ZTct
NTI4YTYzYmU0Yzg3LzEvVEpjVDJESktxOXNiemR1dWdtUk91cFh5cy1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi84NDdmZmEtOWYzOC00NjEwLTk4ZTctNTI4YTYzYmU0Yzg3
LzEvVDVyR19pQXhyZDREWm9KQTQ4WFpIc1p4SGg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuV25AwQA
uV27MA0GCSqGSIb3DQEBCwUAA4IBAQBpHjwMbcFH5e5OiIrIlI+GI4gr6PyJJUzB
GQYcagP3qNEJWFTAWSFyORg7TgpVWqkZ170H0vjKofGQ8KPWa6/kAVekXmijPKnw
srcKRa7y/jbtn+eyP4NlpznvPO5YGdfb9osERP9+Dw8A+phLGMqD9ADn6vYJ7nis
MjOtjk06b5IGnMQBknGxznrdCfYLnRWc1nZUOF/9aHiKZKaA2M4rcrnpjjqYbzmI
8HIsMaNBwzoLNI8lIO87XcTaU2XxQEP56Y4itMcKAta001GJKCP/tLNXhAXk5qG1
kdeVxPtsjW5EOJunFtIOy1HKZiOTfJqfkO0ynjay5YwFFBhh/5GW
-----END CERTIFICATE-----