Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/TpidxIcIDH7qMzjdG4EzKj84NAw.roa
File:                     TpidxIcIDH7qMzjdG4EzKj84NAw.roa (raw, json)
Hash identifier:          Glxoua5vrEh1EMLgjWxp94n77uY1kZgqfejNf/mViKA=
Subject key identifier:   4E:98:9D:C4:87:08:0C:7E:EA:33:38:DD:1B:81:33:2A:3F:38:34:0C
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019423D71D367ECF94F7E14187C3EB1DA314
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/TpidxIcIDH7qMzjdG4EzKj84NAw.roa
Signing time:             Wed 01 Jan 2025 21:48:07 +0000
ROA not before:           Wed 01 Jan 2025 21:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201624
IP address blocks:        176.118.199.0/24 maxlen: 24
                          193.238.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:1d:36:7e:cf:94:f7:e1:41:87:c3:eb:1d:a3:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  1 21:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e989dc487080c7eea3338dd1b81332a3f38340c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c8:28:98:d2:43:09:90:ed:9a:30:a8:a1:b4:
                    bc:cf:f0:b6:39:c5:f3:d6:a5:72:e4:59:03:11:dc:
                    7d:3c:62:f0:63:fd:43:05:4a:c6:bb:89:8f:30:47:
                    e3:c5:8d:3e:80:95:81:de:74:dd:92:b3:86:9b:94:
                    38:42:4a:ae:30:e5:9a:cf:72:78:c1:7a:59:78:06:
                    b2:bc:4d:5a:6d:4f:6a:c3:a8:2e:68:75:06:99:8d:
                    7e:8d:83:e3:9e:c6:43:f8:1a:1a:a3:7e:77:59:ca:
                    09:11:a4:d3:a5:74:0b:05:cd:72:35:e6:53:3d:9c:
                    8a:93:f7:61:9b:b0:c5:a3:c6:6d:fe:24:4f:8e:fe:
                    a8:c5:80:81:cc:1e:93:c7:ef:dc:09:d4:48:25:7c:
                    b5:41:72:1e:23:81:a8:56:3b:74:dd:c8:af:53:96:
                    ad:85:b3:45:1e:81:73:49:1e:3e:b1:a8:49:b0:b0:
                    be:f0:77:27:fb:49:ba:18:77:1c:cb:35:fa:8a:0f:
                    66:9e:22:69:3e:c7:d2:68:d4:c7:98:82:0b:32:09:
                    8e:36:68:88:cf:f6:b0:a4:fb:dc:b5:ff:e3:08:00:
                    a7:21:f0:e2:ac:14:5d:c9:ea:a0:52:99:23:90:67:
                    c8:a4:a4:ed:4e:ee:7b:6d:cf:2d:ba:03:da:13:4c:
                    92:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:98:9D:C4:87:08:0C:7E:EA:33:38:DD:1B:81:33:2A:3F:38:34:0C
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/TpidxIcIDH7qMzjdG4EzKj84NAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.118.199.0/24
                  193.238.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:f5:75:fa:18:e2:fd:f3:02:4c:92:28:5f:7f:08:b5:6a:c1:
         83:e9:94:96:3a:0f:fa:b1:8b:3e:ac:75:d2:d7:d2:cd:5d:5c:
         ed:64:30:c9:f3:44:3c:39:25:30:2f:e3:dc:b0:c9:b1:fa:20:
         45:3a:d3:98:a9:b8:f0:86:02:10:24:62:87:f4:90:4b:82:08:
         7b:9e:88:28:23:91:1f:18:82:7b:c6:1e:de:94:64:b5:97:86:
         ad:6c:8b:c0:73:57:e5:3f:1e:e5:a2:93:b1:8a:05:e2:b4:bf:
         29:97:c3:a2:a8:e2:0b:e6:1b:78:e5:c2:67:93:f5:ff:99:ef:
         4e:6f:17:b2:e9:2e:7f:36:0a:06:69:e3:08:67:2a:dc:23:e5:
         96:3e:64:3c:30:e0:40:d1:dc:51:6b:da:84:b4:00:95:98:5b:
         21:65:9c:41:a0:f7:b9:84:22:d9:cb:b4:ef:88:8a:d9:27:b3:
         4f:21:f8:04:61:36:4e:5b:3a:1d:fa:dd:f3:63:a1:2d:b5:e7:
         af:e4:f3:81:37:34:ca:33:30:b5:b6:79:64:fe:a7:65:16:ad:
         ab:97:7a:85:1f:e0:15:39:cc:2f:10:8d:f9:07:0c:04:0e:27:
         51:c1:fb:b4:ff:bb:02:9b:8b:86:7d:40:b6:c2:17:ba:1d:dc:
         de:77:31:b7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQj1x02fs+U9+FBh8PrHaMUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwMTAxMjE0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTk4OWRjNDg3MDgwYzdlZWEzMzM4ZGQxYjgxMzMyYTNmMzgzNDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsgomNJDCZDtmjCoobS8z/C2OcXz
1qVy5FkDEdx9PGLwY/1DBUrGu4mPMEfjxY0+gJWB3nTdkrOGm5Q4QkquMOWaz3J4
wXpZeAayvE1abU9qw6guaHUGmY1+jYPjnsZD+Boao353WcoJEaTTpXQLBc1yNeZT
PZyKk/dhm7DFo8Zt/iRPjv6oxYCBzB6Tx+/cCdRIJXy1QXIeI4GoVjt03civU5at
hbNFHoFzSR4+sahJsLC+8Hcn+0m6GHccyzX6ig9mniJpPsfSaNTHmIILMgmONmiI
z/awpPvctf/jCACnIfDirBRdyeqgUpkjkGfIpKTtTu57bc8tugPaE0ySZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE6YncSHCAx+6jM43RuBMyo/ODQMMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvVHBpZHhJY0lESDdxTXpqZEc0RXpLajg0TkF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsHbHAwQA
we4sMA0GCSqGSIb3DQEBCwUAA4IBAQBY9XX6GOL98wJMkihffwi1asGD6ZSWOg/6
sYs+rHXS19LNXVztZDDJ80Q8OSUwL+PcsMmx+iBFOtOYqbjwhgIQJGKH9JBLggh7
nogoI5EfGIJ7xh7elGS1l4atbIvAc1flPx7lopOxigXitL8pl8OiqOIL5ht45cJn
k/X/me9Obxey6S5/NgoGaeMIZyrcI+WWPmQ8MOBA0dxRa9qEtACVmFshZZxBoPe5
hCLZy7TviIrZJ7NPIfgEYTZOWzod+t3zY6Etteev5POBNzTKMzC1tnlk/qdlFq2r
l3qFH+AVOcwvEI35BwwEDidRwfu0/7sCm4uGfUC2whe6HdzedzG3
-----END CERTIFICATE-----