Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/tJg_b0sGh_gtMiTyawx2rI1Rw-Q.roa
File:                     tJg_b0sGh_gtMiTyawx2rI1Rw-Q.roa (raw, json)
Hash identifier:          JFtw0OIso0GxeYQl3tGoKBIFlcyljrcv3hUq9+VLYnQ=
Subject key identifier:   B4:98:3F:6F:4B:06:87:F8:2D:32:24:F2:6B:0C:76:AC:8D:51:C3:E4
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       0194228D2030F267B7F416BD295D377C378E
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/tJg_b0sGh_gtMiTyawx2rI1Rw-Q.roa
Signing time:             Wed 01 Jan 2025 15:47:41 +0000
ROA not before:           Wed 01 Jan 2025 15:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8441
IP address blocks:        80.253.4.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 02:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:20:30:f2:67:b7:f4:16:bd:29:5d:37:7c:37:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 15:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4983f6f4b0687f82d3224f26b0c76ac8d51c3e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:07:01:3c:77:2d:5f:6e:2a:08:3b:d7:15:1b:
                    ce:03:d5:b7:67:46:d7:c9:74:8e:c3:19:4d:2c:f3:
                    0b:4a:ce:83:75:64:dc:4d:d5:90:e3:75:56:30:fa:
                    74:80:e7:7d:0f:1e:d7:cd:3b:48:be:3e:a0:80:02:
                    28:89:77:7f:db:02:cc:06:4f:40:ec:47:fd:65:29:
                    8c:9e:95:0e:21:d9:4a:c8:5c:2c:04:4b:ff:67:4a:
                    d8:5a:fb:31:85:b7:07:04:5a:be:09:f4:7e:3f:76:
                    ce:ab:2c:27:43:df:a0:d2:d2:c9:9f:2e:45:c5:ff:
                    23:6e:1e:b6:1b:5e:12:a0:40:de:e0:08:f2:84:15:
                    bc:28:ce:c3:01:53:f7:74:14:67:4f:32:86:28:6d:
                    48:59:92:fb:2b:47:4d:bb:bb:0f:d1:cd:86:fe:57:
                    40:f0:bf:d6:5c:a3:a8:81:c3:e0:08:3d:66:0b:ee:
                    f3:52:c6:aa:79:79:96:ca:f3:e8:0a:bd:2b:8d:fc:
                    a7:c4:44:9c:54:2a:58:71:3b:fc:61:26:22:f4:d9:
                    fd:3e:19:0c:e5:e4:62:0d:4f:12:c2:4f:45:c2:1b:
                    b5:5a:c1:99:ac:69:f0:c1:96:f4:ad:d1:83:90:59:
                    ad:d2:b9:e6:62:1e:99:59:1d:60:ac:31:24:4b:97:
                    cf:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:98:3F:6F:4B:06:87:F8:2D:32:24:F2:6B:0C:76:AC:8D:51:C3:E4
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/tJg_b0sGh_gtMiTyawx2rI1Rw-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.253.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:ec:76:c1:44:ad:f4:83:5a:6e:21:ad:5b:4c:37:97:e2:bf:
         c8:0a:f0:c4:5d:68:22:83:37:99:8b:27:27:a1:c3:ae:75:e7:
         40:c4:ae:1c:1f:49:82:4d:20:5b:00:42:46:e6:0d:1b:71:77:
         8f:c8:a2:e4:93:90:ca:5b:e9:3c:02:02:eb:ae:cc:cb:c5:d2:
         2f:ee:1a:82:da:28:12:9c:06:27:9e:fb:8a:e0:32:8b:1f:95:
         78:28:cf:d4:a0:16:f2:7b:26:b0:29:b2:46:a6:d7:87:0a:de:
         94:b5:45:43:47:5f:90:38:e5:e8:a9:1d:11:93:7b:a3:4b:4b:
         fc:ac:c9:f9:7a:17:c7:d2:ec:f2:9c:ed:c1:60:5c:62:8c:fd:
         36:5f:7c:fe:d4:47:2b:1b:bd:e3:d8:3b:5b:8d:7d:8a:43:da:
         9b:cf:06:8f:75:c0:76:ec:15:06:a8:f1:51:07:59:c1:b1:84:
         ac:2c:f6:72:2c:d2:73:7d:21:cd:fc:fc:e1:fd:d1:8c:bd:46:
         9c:16:cb:74:92:a7:d7:3e:6a:13:39:3a:67:59:54:2a:60:b5:
         97:58:04:ef:9d:f8:91:d7:4a:36:ae:c1:c8:01:e0:08:d3:f0:
         e7:43:65:6e:3e:83:37:c4:23:85:2a:ca:e1:9a:17:9b:30:71:
         70:31:9a:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijSAw8me39Ba9KV03fDeOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjUwMTAxMTU0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDk4M2Y2ZjRiMDY4N2Y4MmQzMjI0ZjI2YjBjNzZhYzhkNTFjM2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0gcBPHctX24qCDvXFRvOA9W3Z0bX
yXSOwxlNLPMLSs6DdWTcTdWQ43VWMPp0gOd9Dx7XzTtIvj6ggAIoiXd/2wLMBk9A
7Ef9ZSmMnpUOIdlKyFwsBEv/Z0rYWvsxhbcHBFq+CfR+P3bOqywnQ9+g0tLJny5F
xf8jbh62G14SoEDe4AjyhBW8KM7DAVP3dBRnTzKGKG1IWZL7K0dNu7sP0c2G/ldA
8L/WXKOogcPgCD1mC+7zUsaqeXmWyvPoCr0rjfynxEScVCpYcTv8YSYi9Nn9PhkM
5eRiDU8Swk9Fwhu1WsGZrGnwwZb0rdGDkFmt0rnmYh6ZWR1grDEkS5fPNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLSYP29LBof4LTIk8msMdqyNUcPkMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvdEpnX2Iwc0doX2d0TWlUeWF3eDJySTFSdy1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUP0EMA0G
CSqGSIb3DQEBCwUAA4IBAQAP7HbBRK30g1puIa1bTDeX4r/ICvDEXWgigzeZiycn
ocOudedAxK4cH0mCTSBbAEJG5g0bcXePyKLkk5DKW+k8AgLrrszLxdIv7hqC2igS
nAYnnvuK4DKLH5V4KM/UoBbyeyawKbJGpteHCt6UtUVDR1+QOOXoqR0Rk3ujS0v8
rMn5ehfH0uzynO3BYFxijP02X3z+1EcrG73j2DtbjX2KQ9qbzwaPdcB27BUGqPFR
B1nBsYSsLPZyLNJzfSHN/Pzh/dGMvUacFst0kqfXPmoTOTpnWVQqYLWXWATvnfiR
10o2rsHIAeAI0/DnQ2VuPoM3xCOFKsrhmhebMHFwMZpN
-----END CERTIFICATE-----