Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/TxUte2UJ9SRYfI0Kkfto-EOhFA0.roa
File:                     TxUte2UJ9SRYfI0Kkfto-EOhFA0.roa (raw, json)
Hash identifier:          jgnG8ECsuht9mADq610Na72eHRyPpWoKaV58yYAI49E=
Subject key identifier:   4F:15:2D:7B:65:09:F5:24:58:7C:8D:0A:91:FB:68:F8:43:A1:14:0D
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       0194B78138D026BC233CCBE55C794A7F9736
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/TxUte2UJ9SRYfI0Kkfto-EOhFA0.roa
Signing time:             Thu 30 Jan 2025 13:58:06 +0000
ROA not before:           Thu 30 Jan 2025 13:58:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        150.241.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b7:81:38:d0:26:bc:23:3c:cb:e5:5c:79:4a:7f:97:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jan 30 13:58:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f152d7b6509f524587c8d0a91fb68f843a1140d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:ca:e9:1d:c5:94:4e:17:5b:63:fc:fb:17:dc:
                    de:ed:98:a0:ce:6e:b9:18:e7:2c:42:d8:4e:32:82:
                    7a:91:96:87:f7:bc:9a:95:1a:26:e9:3d:b5:8c:1b:
                    3d:93:70:52:b0:f7:0a:04:dd:67:98:94:94:6b:5a:
                    ee:16:53:e3:15:c1:96:7b:59:de:ea:ab:07:1f:63:
                    c5:0b:7b:b9:01:b8:a0:10:85:37:61:e6:32:79:c4:
                    8d:a2:35:b8:22:19:8e:3d:cf:ad:c3:97:de:83:a5:
                    ac:6b:8d:a2:c7:19:78:97:69:86:a7:cd:fa:74:f7:
                    27:5c:5b:7c:d4:38:d4:37:5f:4d:a0:9a:5f:d6:1c:
                    b0:21:79:f9:55:5f:74:44:10:02:b9:48:cb:cc:b5:
                    89:2e:fd:a1:1d:54:ee:23:c8:5c:37:59:ad:8d:f0:
                    5d:8a:9a:26:9e:e3:6c:6b:2e:75:e4:80:87:93:c8:
                    9b:06:65:1b:97:d9:d0:02:4f:3e:69:29:5e:24:3a:
                    43:66:e4:e8:f4:54:a8:ab:4e:0a:80:13:24:73:19:
                    62:5f:ea:ef:c1:ee:2e:ba:f7:cb:30:22:cc:2f:0d:
                    4d:9d:f4:e2:20:4d:82:f4:41:d6:ca:55:f0:0e:48:
                    06:6c:d9:29:a5:43:c9:d3:bd:f8:58:ee:2a:43:bc:
                    04:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:15:2D:7B:65:09:F5:24:58:7C:8D:0A:91:FB:68:F8:43:A1:14:0D
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/TxUte2UJ9SRYfI0Kkfto-EOhFA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.241.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:dc:ad:62:2f:f7:9a:98:bd:dc:10:b4:5b:03:1d:3b:92:87:
         48:0d:af:84:22:71:d0:5f:e5:f0:a2:c8:f8:14:8d:8d:43:b9:
         53:16:24:53:48:12:d6:cf:b8:58:51:91:3c:4c:6f:63:f7:04:
         01:55:44:1d:18:26:e9:38:80:f4:21:9d:21:39:02:e4:f7:15:
         52:0f:9e:5b:13:35:cb:c2:00:24:c2:d0:fb:ba:0a:00:3a:4f:
         8d:b4:5f:c9:62:33:10:72:37:0e:a1:5a:9f:a4:1c:b4:39:0f:
         a8:a4:08:3b:05:e8:5d:27:da:cb:e4:29:fb:6a:4c:56:e1:4a:
         e1:5d:59:67:df:db:89:3f:33:65:5e:5c:0c:cb:cf:b2:62:30:
         c5:db:89:41:95:e2:79:b5:59:59:f0:a0:90:a8:35:39:fa:13:
         32:96:1f:87:14:1c:da:5f:26:3e:7d:71:ab:d8:06:cf:46:e8:
         18:08:b8:de:a5:2e:08:5b:84:21:d3:a1:70:0a:c4:f9:52:5f:
         19:40:5d:1b:db:5f:f4:99:73:02:de:3c:ec:6d:e9:37:e1:f2:
         f7:c9:32:68:26:fe:68:a6:51:a2:42:9a:29:e4:3c:98:bd:f4:
         a8:1e:09:ca:c8:b4:66:47:26:a0:85:d4:4d:f1:83:ef:b8:87:
         be:46:6b:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZS3gTjQJrwjPMvlXHlKf5c2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwMTMwMTM1ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjE1MmQ3YjY1MDlmNTI0NTg3YzhkMGE5MWZiNjhmODQzYTExNDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8rpHcWUThdbY/z7F9ze7Zigzm65
GOcsQthOMoJ6kZaH97yalRom6T21jBs9k3BSsPcKBN1nmJSUa1ruFlPjFcGWe1ne
6qsHH2PFC3u5AbigEIU3YeYyecSNojW4IhmOPc+tw5feg6Wsa42ixxl4l2mGp836
dPcnXFt81DjUN19NoJpf1hywIXn5VV90RBACuUjLzLWJLv2hHVTuI8hcN1mtjfBd
ipomnuNsay515ICHk8ibBmUbl9nQAk8+aSleJDpDZuTo9FSoq04KgBMkcxliX+rv
we4uuvfLMCLMLw1NnfTiIE2C9EHWylXwDkgGbNkppUPJ0734WO4qQ7wEswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE8VLXtlCfUkWHyNCpH7aPhDoRQNMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvVHhVdGUyVUo5U1JZZkkwS2tmdG8tRU9oRkEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlvF5MA0G
CSqGSIb3DQEBCwUAA4IBAQAX3K1iL/eamL3cELRbAx07kodIDa+EInHQX+Xwosj4
FI2NQ7lTFiRTSBLWz7hYUZE8TG9j9wQBVUQdGCbpOID0IZ0hOQLk9xVSD55bEzXL
wgAkwtD7ugoAOk+NtF/JYjMQcjcOoVqfpBy0OQ+opAg7BehdJ9rL5Cn7akxW4Urh
XVln39uJPzNlXlwMy8+yYjDF24lBleJ5tVlZ8KCQqDU5+hMylh+HFBzaXyY+fXGr
2AbPRugYCLjepS4IW4Qh06FwCsT5Ul8ZQF0b21/0mXMC3jzsbek34fL3yTJoJv5o
plGiQpop5DyYvfSoHgnKyLRmRyaghdRN8YPvuIe+Rmv9
-----END CERTIFICATE-----