Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/TIIGVgwECkZ_YJO8kknuBYiukXU.roa
File:                     TIIGVgwECkZ_YJO8kknuBYiukXU.roa (raw, json)
Hash identifier:          kRa3HcCalpPnC/Uvlx/CGfvGwSjg7A/i6ZjtR+4DmNw=
Subject key identifier:   4C:82:06:56:0C:04:0A:46:7F:60:93:BC:92:49:EE:05:88:AE:91:75
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019423D713573041DA352C1DF2264D182C7C
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/TIIGVgwECkZ_YJO8kknuBYiukXU.roa
Signing time:             Wed 01 Jan 2025 21:48:05 +0000
ROA not before:           Wed 01 Jan 2025 21:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56975
IP address blocks:        185.212.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:13:57:30:41:da:35:2c:1d:f2:26:4d:18:2c:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  1 21:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c8206560c040a467f6093bc9249ee0588ae9175
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:48:8f:71:2e:11:67:9d:ed:a8:43:78:54:5b:
                    e3:62:6b:f2:f8:57:b1:7c:68:28:ad:e0:fb:4f:2b:
                    9c:61:de:18:e0:fd:6f:0d:3f:53:6e:ae:86:33:3f:
                    45:c9:12:c7:9d:06:5e:86:6c:55:49:37:27:5b:1e:
                    d2:b3:75:8f:b6:2e:e2:67:46:41:cf:20:48:b3:3a:
                    cf:f4:bd:66:be:dd:2b:63:f4:58:f8:71:c7:65:cf:
                    21:0f:18:72:a7:d7:c6:56:28:fd:7d:6c:d6:2e:25:
                    7e:af:a4:1a:88:d9:5c:00:24:e6:06:66:58:5c:67:
                    37:d9:d5:ab:e9:a6:7c:30:79:a0:e7:e8:c7:d8:16:
                    66:72:bc:f9:5f:77:87:5e:03:e1:6d:4a:0e:af:19:
                    1c:33:f2:c8:bc:e1:74:79:d0:a3:8e:89:07:1f:58:
                    22:e3:02:09:45:6a:fa:bd:6d:7a:05:04:ff:40:f6:
                    9f:b3:d5:ad:b8:fc:63:72:af:5e:32:10:e6:7c:a8:
                    ab:c8:ce:73:ae:87:f3:e9:36:fd:08:b4:89:3b:a1:
                    d4:3b:a0:de:8a:67:d5:27:1c:e4:2f:7a:50:63:af:
                    64:91:a2:1a:fc:42:00:f1:b7:65:1e:f7:a6:d4:67:
                    4b:60:77:51:b1:dc:d6:97:15:2f:b2:3d:c8:c6:85:
                    dc:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:82:06:56:0C:04:0A:46:7F:60:93:BC:92:49:EE:05:88:AE:91:75
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/TIIGVgwECkZ_YJO8kknuBYiukXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:d6:a4:d1:da:88:5b:1a:13:3f:98:f8:9f:ca:9b:13:08:c3:
         8c:76:8b:15:9e:5a:8d:d5:a2:b2:f1:8c:13:37:99:83:da:ed:
         d5:0f:bc:4f:d9:28:7e:8e:81:48:3f:2c:1a:ee:89:4c:b4:21:
         a9:60:4b:5e:7d:cd:00:93:92:c6:07:75:20:4e:ae:00:c9:d8:
         ca:aa:74:09:a1:46:5d:d9:8f:e1:0d:a1:3b:c8:5b:3f:b5:8a:
         83:04:90:6c:67:67:f7:18:0e:ef:6b:13:2a:0b:1d:69:3b:7c:
         6f:2b:8b:e5:b2:f6:eb:cb:2b:e9:23:a5:72:5f:38:74:c8:da:
         46:54:92:ab:6c:b5:88:d8:0d:61:e9:86:f1:b3:d0:3e:13:3e:
         a7:4d:23:90:98:9c:67:e7:10:d4:33:73:ba:01:04:54:a3:71:
         77:3f:14:3f:95:d2:43:f8:85:32:67:40:a1:86:7b:ad:48:01:
         2b:04:48:4a:c8:0a:60:cf:7c:95:f3:8d:2e:98:3d:91:9f:0c:
         d9:57:75:e2:16:74:40:f2:eb:92:14:6a:bc:a3:86:a6:95:db:
         da:bb:f1:3c:b2:d7:92:d0:0a:d9:93:14:fa:07:8a:f3:fc:37:
         d2:d1:c3:8d:78:a9:f8:de:40:70:bc:d4:f6:02:b1:ce:1e:94:
         4d:c2:c0:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1xNXMEHaNSwd8iZNGCx8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwMTAxMjE0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzgyMDY1NjBjMDQwYTQ2N2Y2MDkzYmM5MjQ5ZWUwNTg4YWU5MTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzUiPcS4RZ53tqEN4VFvjYmvy+Fex
fGgoreD7TyucYd4Y4P1vDT9Tbq6GMz9FyRLHnQZehmxVSTcnWx7Ss3WPti7iZ0ZB
zyBIszrP9L1mvt0rY/RY+HHHZc8hDxhyp9fGVij9fWzWLiV+r6QaiNlcACTmBmZY
XGc32dWr6aZ8MHmg5+jH2BZmcrz5X3eHXgPhbUoOrxkcM/LIvOF0edCjjokHH1gi
4wIJRWr6vW16BQT/QPafs9WtuPxjcq9eMhDmfKiryM5zrofz6Tb9CLSJO6HUO6De
imfVJxzkL3pQY69kkaIa/EIA8bdlHvem1GdLYHdRsdzWlxUvsj3IxoXcjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEyCBlYMBApGf2CTvJJJ7gWIrpF1MB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvVElJR1Znd0VDa1pfWUpPOGtrbnVCWWl1a1hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudSXMA0G
CSqGSIb3DQEBCwUAA4IBAQA+1qTR2ohbGhM/mPifypsTCMOMdosVnlqN1aKy8YwT
N5mD2u3VD7xP2Sh+joFIPywa7olMtCGpYEtefc0Ak5LGB3UgTq4AydjKqnQJoUZd
2Y/hDaE7yFs/tYqDBJBsZ2f3GA7vaxMqCx1pO3xvK4vlsvbryyvpI6VyXzh0yNpG
VJKrbLWI2A1h6Ybxs9A+Ez6nTSOQmJxn5xDUM3O6AQRUo3F3PxQ/ldJD+IUyZ0Ch
hnutSAErBEhKyApgz3yV840umD2RnwzZV3XiFnRA8uuSFGq8o4amldvau/E8steS
0ArZkxT6B4rz/DfS0cONeKn43kBwvNT2ArHOHpRNwsAx
-----END CERTIFICATE-----