Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/8c6395-646a-47a2-b4b6-c6f6e3f28956/1/TSugCU0pqUpliat_toqMDIoNIEc.roa
File:                     TSugCU0pqUpliat_toqMDIoNIEc.roa (raw, json)
Hash identifier:          wndd5eFIU8yCHwaZ5EgfwtAvzQXellC4WrfhfkeDZ9U=
Subject key identifier:   4D:2B:A0:09:4D:29:A9:4A:65:89:AB:7F:B6:8A:8C:0C:8A:0D:20:47
Certificate issuer:       /CN=b2deb3765f539f1ec3f00213ff834085b7c8c76f
Certificate serial:       019421B1D60E531F369AF370D7BE76155758
Authority key identifier: B2:DE:B3:76:5F:53:9F:1E:C3:F0:02:13:FF:83:40:85:B7:C8:C7:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/st6zdl9Tnx7D8AIT_4NAhbfIx28.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/8c6395-646a-47a2-b4b6-c6f6e3f28956/1/TSugCU0pqUpliat_toqMDIoNIEc.roa
Signing time:             Wed 01 Jan 2025 11:48:10 +0000
ROA not before:           Wed 01 Jan 2025 11:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43641
IP address blocks:        194.9.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/8c6395-646a-47a2-b4b6-c6f6e3f28956/1/st6zdl9Tnx7D8AIT_4NAhbfIx28.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/8c6395-646a-47a2-b4b6-c6f6e3f28956/1/st6zdl9Tnx7D8AIT_4NAhbfIx28.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/st6zdl9Tnx7D8AIT_4NAhbfIx28.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:d6:0e:53:1f:36:9a:f3:70:d7:be:76:15:57:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2deb3765f539f1ec3f00213ff834085b7c8c76f
        Validity
            Not Before: Jan  1 11:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d2ba0094d29a94a6589ab7fb68a8c0c8a0d2047
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:6e:5f:4c:69:1f:ad:c9:a1:09:0a:af:1f:24:
                    33:ab:3c:af:6b:dd:2f:fc:d7:69:e8:15:04:b0:e6:
                    23:c5:41:ec:3f:a3:73:ab:64:d4:4a:c5:44:4c:58:
                    06:12:db:32:c9:d5:99:3b:58:bb:60:bc:11:19:b6:
                    68:47:25:10:03:01:db:a9:2f:47:3e:ce:12:16:ba:
                    37:94:02:85:46:f5:84:c5:6b:87:18:15:79:4b:e7:
                    29:77:9e:94:d3:da:f5:17:56:69:ab:13:4b:b0:00:
                    99:40:6f:7f:1b:3a:fb:ad:23:04:4b:56:92:87:8c:
                    ac:c0:1f:81:b8:a4:55:ac:f3:18:c8:7a:33:5a:ea:
                    aa:2d:f2:14:46:5a:09:bf:cc:4d:8c:0a:a0:11:53:
                    cf:6e:fc:51:c0:67:26:ec:d1:58:71:8a:d1:4d:5a:
                    92:e0:4d:cf:13:7c:91:8b:04:f0:df:df:41:ac:de:
                    f1:bc:5e:f0:46:35:bb:f3:92:ed:41:03:89:10:6c:
                    5b:58:81:1c:e5:6d:e2:b3:c0:0a:0b:12:71:f4:8e:
                    6d:61:ed:de:68:6f:e8:01:c8:6e:9d:91:be:1b:c0:
                    28:ac:04:f5:cc:c4:0d:ad:e9:5c:2a:0a:18:b1:8b:
                    fc:6a:53:3c:13:b2:71:1c:dd:d2:6b:12:cd:55:a3:
                    0e:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:2B:A0:09:4D:29:A9:4A:65:89:AB:7F:B6:8A:8C:0C:8A:0D:20:47
            X509v3 Authority Key Identifier:
                keyid:B2:DE:B3:76:5F:53:9F:1E:C3:F0:02:13:FF:83:40:85:B7:C8:C7:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/st6zdl9Tnx7D8AIT_4NAhbfIx28.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/8c6395-646a-47a2-b4b6-c6f6e3f28956/1/TSugCU0pqUpliat_toqMDIoNIEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/8c6395-646a-47a2-b4b6-c6f6e3f28956/1/st6zdl9Tnx7D8AIT_4NAhbfIx28.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.9.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:8c:d2:d1:f7:ce:c7:4a:d5:ee:83:01:f2:6a:89:61:1d:05:
         88:6d:b9:fe:bf:0d:15:d5:75:29:6f:ad:95:c9:0e:cc:2e:5c:
         88:d0:19:ce:29:30:41:74:0e:68:85:41:50:01:6b:7c:39:03:
         ce:ce:74:91:2c:9e:ee:b6:50:71:96:5e:25:70:cc:69:db:fa:
         2c:6c:27:07:1c:e0:2a:88:fc:74:fb:a8:bb:13:46:1f:ff:d2:
         50:bc:e0:f6:b7:c3:ec:d5:f0:1c:20:92:07:e1:79:60:48:8e:
         72:2e:df:12:2b:82:b9:f3:06:bd:81:c2:8b:c6:3f:c1:d2:03:
         91:32:a7:9a:90:92:b4:22:ce:99:63:1d:53:95:cb:b7:58:f4:
         73:88:a9:04:0b:9f:51:f7:e6:f5:d2:3f:60:f1:16:0f:f8:94:
         f5:dd:64:3d:df:42:40:fe:23:b4:67:3c:2d:a0:c9:28:0a:a4:
         44:b2:cb:49:0e:68:59:74:9d:85:61:4e:20:11:4e:25:b1:6f:
         28:9b:cd:e7:0d:5e:e3:12:5e:2e:92:99:1f:2b:54:bb:dc:77:
         6c:df:1e:f4:9c:85:75:23:a5:01:88:d6:b3:03:db:c4:2b:25:
         63:a4:ba:77:74:22:e3:40:1d:79:48:c4:d9:35:10:57:c4:df:
         d2:e5:3c:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsdYOUx82mvNw1752FVdYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyZGViMzc2NWY1MzlmMWVjM2YwMDIxM2ZmODM0MDg1Yjdj
OGM3NmYwHhcNMjUwMTAxMTE0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDJiYTAwOTRkMjlhOTRhNjU4OWFiN2ZiNjhhOGMwYzhhMGQyMDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvG5fTGkfrcmhCQqvHyQzqzyva90v
/Ndp6BUEsOYjxUHsP6Nzq2TUSsVETFgGEtsyydWZO1i7YLwRGbZoRyUQAwHbqS9H
Ps4SFro3lAKFRvWExWuHGBV5S+cpd56U09r1F1ZpqxNLsACZQG9/Gzr7rSMES1aS
h4yswB+BuKRVrPMYyHozWuqqLfIURloJv8xNjAqgEVPPbvxRwGcm7NFYcYrRTVqS
4E3PE3yRiwTw399BrN7xvF7wRjW785LtQQOJEGxbWIEc5W3is8AKCxJx9I5tYe3e
aG/oAchunZG+G8AorAT1zMQNrelcKgoYsYv8alM8E7JxHN3SaxLNVaMOOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE0roAlNKalKZYmrf7aKjAyKDSBHMB8GA1UdIwQY
MBaAFLLes3ZfU58ew/ACE/+DQIW3yMdvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3Q2emRsOVRueDdEOEFJVF80TkFoYmZJeDI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC84YzYzOTUtNjQ2YS00N2EyLWI0YjYt
YzZmNmUzZjI4OTU2LzEvVFN1Z0NVMHBxVXBsaWF0X3RvcU1ESW9OSUVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC84YzYzOTUtNjQ2YS00N2EyLWI0YjYtYzZmNmUzZjI4OTU2
LzEvc3Q2emRsOVRueDdEOEFJVF80TkFoYmZJeDI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgl3MA0G
CSqGSIb3DQEBCwUAA4IBAQCJjNLR987HStXugwHyaolhHQWIbbn+vw0V1XUpb62V
yQ7MLlyI0BnOKTBBdA5ohUFQAWt8OQPOznSRLJ7utlBxll4lcMxp2/osbCcHHOAq
iPx0+6i7E0Yf/9JQvOD2t8Ps1fAcIJIH4XlgSI5yLt8SK4K58wa9gcKLxj/B0gOR
MqeakJK0Is6ZYx1Tlcu3WPRziKkEC59R9+b10j9g8RYP+JT13WQ930JA/iO0Zzwt
oMkoCqREsstJDmhZdJ2FYU4gEU4lsW8om83nDV7jEl4ukpkfK1S73Hds3x70nIV1
I6UBiNazA9vEKyVjpLp3dCLjQB15SMTZNRBXxN/S5Tzk
-----END CERTIFICATE-----