Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/tBCiClZ01i6bRTFcoV9J9olvPiQ.roa
File:                     tBCiClZ01i6bRTFcoV9J9olvPiQ.roa (raw, json)
Hash identifier:          F04EUBkZe5J5GkXs7KwkzKr7Lxa3zzkxl/rd7ozso6E=
Subject key identifier:   B4:10:A2:0A:56:74:D6:2E:9B:45:31:5C:A1:5F:49:F6:89:6F:3E:24
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       01941F8CAFE4B5832AB89157823220B2527A
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/tBCiClZ01i6bRTFcoV9J9olvPiQ.roa
Signing time:             Wed 01 Jan 2025 01:48:21 +0000
ROA not before:           Wed 01 Jan 2025 01:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59631
IP address blocks:        176.121.64.0/21 maxlen: 24
                          185.83.104.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:af:e4:b5:83:2a:b8:91:57:82:32:20:b2:52:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 01:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b410a20a5674d62e9b45315ca15f49f6896f3e24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:b4:78:d8:1e:cc:0d:4a:ac:a0:57:77:15:33:
                    7f:61:9b:b8:82:ad:b7:94:b9:17:a5:97:c7:29:d6:
                    f7:06:ee:0d:85:1b:04:08:c3:e2:16:e1:0b:19:83:
                    fc:91:b8:51:73:14:14:38:de:f6:e6:39:75:ef:37:
                    46:8c:f3:2d:ec:f5:ce:1f:ba:d5:fb:03:f5:8e:f2:
                    a8:35:9d:b9:4e:3d:7a:60:3e:f1:6b:4b:c2:95:f9:
                    6a:f8:9b:14:df:6c:30:68:86:0b:bb:6f:02:3b:ab:
                    61:55:b0:d1:98:f7:98:85:00:78:84:e5:53:7f:db:
                    37:06:f6:e5:8a:96:a6:a2:2d:66:57:f9:fe:43:07:
                    90:d9:ba:ab:33:88:82:74:dc:e3:c1:d4:9d:92:bd:
                    73:91:d0:9c:62:40:cf:29:ab:6a:01:da:53:95:f9:
                    ea:a3:bc:81:d5:12:3a:e5:31:8d:77:bf:96:2e:4b:
                    04:32:ad:54:26:55:fd:1d:71:99:1e:d0:0d:4a:6b:
                    18:3c:39:f9:15:8c:cb:ac:75:59:ef:37:ec:3f:ef:
                    84:8c:c1:fb:7e:81:38:b7:9b:74:c7:76:7f:71:eb:
                    06:7a:7a:fb:c2:15:61:b8:65:26:4d:7a:5b:87:0b:
                    e4:81:b5:49:fb:45:dd:9c:87:cf:3c:51:ec:6a:e2:
                    d3:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:10:A2:0A:56:74:D6:2E:9B:45:31:5C:A1:5F:49:F6:89:6F:3E:24
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/tBCiClZ01i6bRTFcoV9J9olvPiQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.121.64.0/21
                  185.83.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b1:00:80:51:7b:2e:45:7b:f0:19:6f:98:a2:f2:90:af:df:b3:
         0f:e9:dc:98:73:7c:a4:2d:4f:42:8a:19:d2:d9:99:7a:4a:79:
         95:71:30:f5:ce:26:42:a4:a4:08:e1:32:56:3c:0a:c0:c6:a4:
         90:ba:b8:10:0f:41:a9:3a:f4:07:7e:89:ae:c3:7d:53:d2:78:
         16:48:36:40:c4:79:91:02:f3:42:89:8b:fc:df:15:4a:19:1a:
         77:94:e6:05:54:81:05:a0:49:f5:ca:97:77:5f:6e:52:9f:90:
         f1:f3:4e:c6:4f:0d:e4:bb:37:70:e2:d0:ad:98:45:63:5c:54:
         c6:bf:11:b5:ae:07:54:84:1b:56:83:03:f9:05:be:28:75:bd:
         62:d0:0d:6d:a1:44:a9:87:71:5d:f2:59:ed:c1:64:9e:cc:a3:
         46:33:cb:8b:24:83:a3:4b:a1:9f:e2:a1:a4:93:33:8b:56:39:
         c8:02:62:a4:bf:eb:cd:a1:e6:58:12:85:38:3f:72:f7:4c:4e:
         29:f5:65:b6:6c:eb:a6:47:a7:63:7a:cd:72:68:0e:56:df:b6:
         0c:fa:e4:00:4e:8a:34:78:8b:52:dc:a6:10:2e:2d:e8:73:6c:
         98:84:f4:73:36:d0:16:bd:f3:6b:98:97:9a:5f:31:fc:43:46:
         db:09:d4:9a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQfjK/ktYMquJFXgjIgslJ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjUwMTAxMDE0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDEwYTIwYTU2NzRkNjJlOWI0NTMxNWNhMTVmNDlmNjg5NmYzZTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7bR42B7MDUqsoFd3FTN/YZu4gq23
lLkXpZfHKdb3Bu4NhRsECMPiFuELGYP8kbhRcxQUON725jl17zdGjPMt7PXOH7rV
+wP1jvKoNZ25Tj16YD7xa0vClflq+JsU32wwaIYLu28CO6thVbDRmPeYhQB4hOVT
f9s3Bvblipamoi1mV/n+QweQ2bqrM4iCdNzjwdSdkr1zkdCcYkDPKatqAdpTlfnq
o7yB1RI65TGNd7+WLksEMq1UJlX9HXGZHtANSmsYPDn5FYzLrHVZ7zfsP++EjMH7
foE4t5t0x3Z/cesGenr7whVhuGUmTXpbhwvkgbVJ+0XdnIfPPFHsauLT7wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLQQogpWdNYum0UxXKFfSfaJbz4kMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvdEJDaUNsWjAxaTZiUlRGY29WOUo5b2x2UGlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDsHlAAwQC
uVNoMA0GCSqGSIb3DQEBCwUAA4IBAQCxAIBRey5Fe/AZb5ii8pCv37MP6dyYc3yk
LU9CihnS2Zl6SnmVcTD1ziZCpKQI4TJWPArAxqSQurgQD0GpOvQHfomuw31T0ngW
SDZAxHmRAvNCiYv83xVKGRp3lOYFVIEFoEn1ypd3X25Sn5Dx807GTw3kuzdw4tCt
mEVjXFTGvxG1rgdUhBtWgwP5Bb4odb1i0A1toUSph3Fd8lntwWSezKNGM8uLJIOj
S6Gf4qGkkzOLVjnIAmKkv+vNoeZYEoU4P3L3TE4p9WW2bOumR6djes1yaA5W37YM
+uQAToo0eItS3KYQLi3oc2yYhPRzNtAWvfNrmJeaXzH8Q0bbCdSa
-----END CERTIFICATE-----