Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/tLtgUfd0ui74NFHNYFQ3DTMpTpY.roa
File:                     tLtgUfd0ui74NFHNYFQ3DTMpTpY.roa (raw, json)
Hash identifier:          t0Rcfn+Zo7QZAW0FXDZgWJxfMhFkyCKBVpW7cC1Ejw4=
Subject key identifier:   B4:BB:60:51:F7:74:BA:2E:F8:34:51:CD:60:54:37:0D:33:29:4E:96
Certificate issuer:       /CN=e6c2e0d3fdc215a389c7043ca5a1a06be2c558ef
Certificate serial:       0195848F6DF0E72D79CDB29A351E67488364
Authority key identifier: E6:C2:E0:D3:FD:C2:15:A3:89:C7:04:3C:A5:A1:A0:6B:E2:C5:58:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5sLg0_3CFaOJxwQ8paGga-LFWO8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/tLtgUfd0ui74NFHNYFQ3DTMpTpY.roa
Signing time:             Tue 11 Mar 2025 09:35:47 +0000
ROA not before:           Tue 11 Mar 2025 09:35:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209630
IP address blocks:        193.169.194.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/5sLg0_3CFaOJxwQ8paGga-LFWO8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/5sLg0_3CFaOJxwQ8paGga-LFWO8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5sLg0_3CFaOJxwQ8paGga-LFWO8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 06:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:84:8f:6d:f0:e7:2d:79:cd:b2:9a:35:1e:67:48:83:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6c2e0d3fdc215a389c7043ca5a1a06be2c558ef
        Validity
            Not Before: Mar 11 09:35:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4bb6051f774ba2ef83451cd6054370d33294e96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:22:5d:0e:ef:c7:1c:8b:50:5d:07:9e:92:d0:
                    65:ea:ac:f1:f4:dc:f9:5f:73:59:9e:55:26:24:70:
                    76:a3:d6:9f:62:9e:7e:0f:de:ff:b4:9e:bd:79:c7:
                    e7:3a:8a:8e:09:fb:7a:3b:5d:2a:cd:a0:19:d8:fc:
                    9a:e6:f2:10:47:d3:bd:ad:7c:20:13:e1:5f:ae:2c:
                    cc:c8:64:c9:02:da:aa:74:08:c0:7f:41:20:ea:d1:
                    2c:db:52:c4:4b:f1:ce:24:47:e4:16:1f:ef:3e:0c:
                    bf:07:0d:ca:ff:1f:b8:71:d7:44:5b:56:6d:bc:f0:
                    cd:49:d3:8c:a8:d3:b5:ab:07:d1:97:5e:7f:89:a3:
                    9d:63:95:55:51:f2:e8:69:b4:44:2a:ca:9e:1a:c1:
                    1e:83:53:85:26:9f:39:5c:16:83:4e:5a:88:2e:44:
                    5e:5d:55:89:2e:d0:7d:70:34:91:cd:cb:a8:1d:77:
                    9d:5f:49:1b:2c:8f:8f:42:e7:36:ab:e8:6a:ff:d1:
                    d3:d1:d9:89:88:c7:fc:ba:c3:16:af:aa:6a:b9:bf:
                    a3:29:0e:cb:56:82:d6:0b:39:eb:82:98:39:de:7d:
                    86:c8:2a:64:8a:ff:09:37:e9:3b:5f:48:bd:01:c8:
                    5e:9f:dd:b9:fb:5c:6b:46:0e:46:b3:f5:dc:a6:3d:
                    1b:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:BB:60:51:F7:74:BA:2E:F8:34:51:CD:60:54:37:0D:33:29:4E:96
            X509v3 Authority Key Identifier:
                keyid:E6:C2:E0:D3:FD:C2:15:A3:89:C7:04:3C:A5:A1:A0:6B:E2:C5:58:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5sLg0_3CFaOJxwQ8paGga-LFWO8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/tLtgUfd0ui74NFHNYFQ3DTMpTpY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/5sLg0_3CFaOJxwQ8paGga-LFWO8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.169.194.0/23

    Signature Algorithm: sha256WithRSAEncryption
         33:b3:35:3f:47:c8:5e:7c:cb:8f:82:da:43:23:6f:3c:dc:95:
         29:d0:2b:89:4c:69:73:ae:34:fb:65:47:11:48:d3:d0:2c:76:
         1f:cd:79:90:ae:88:db:7e:56:a1:5a:e4:98:eb:99:9d:68:8d:
         a2:35:1f:62:5d:e9:ed:e7:a0:11:21:dc:22:83:9c:a2:43:00:
         fe:c4:e5:42:4a:78:5c:95:a7:10:a9:c3:4a:b0:12:db:e9:d3:
         f8:99:fe:dc:81:13:68:5a:a3:91:27:f3:85:a6:6c:4b:02:6f:
         32:4f:79:e3:d2:78:8f:a1:45:e1:b8:07:2b:41:a7:d6:0f:39:
         53:ba:65:15:7f:1a:18:8e:9e:3c:57:51:57:8e:05:e4:db:b4:
         51:6d:a9:19:06:f2:35:3a:e4:d3:85:f4:c6:78:da:cf:1c:73:
         af:62:3a:cc:d3:6b:d1:ed:6a:92:57:43:9e:98:2c:07:6e:59:
         d7:72:67:e6:e7:44:0f:d1:d2:c6:03:5d:1c:61:7a:cd:ba:1c:
         6c:9b:32:ab:68:0c:33:0f:48:43:55:1f:1e:7a:53:bb:7f:a1:
         cb:a6:cb:10:59:13:99:0b:97:a9:6c:6a:4b:ae:41:05:43:39:
         04:a7:ed:41:7e:13:1a:88:46:ba:29:87:25:89:3d:20:70:4b:
         ba:6a:73:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWEj23w5y15zbKaNR5nSINkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2YzJlMGQzZmRjMjE1YTM4OWM3MDQzY2E1YTFhMDZiZTJj
NTU4ZWYwHhcNMjUwMzExMDkzNTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGJiNjA1MWY3NzRiYTJlZjgzNDUxY2Q2MDU0MzcwZDMzMjk0ZTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCJdDu/HHItQXQeektBl6qzx9Nz5
X3NZnlUmJHB2o9afYp5+D97/tJ69ecfnOoqOCft6O10qzaAZ2Pya5vIQR9O9rXwg
E+FfrizMyGTJAtqqdAjAf0Eg6tEs21LES/HOJEfkFh/vPgy/Bw3K/x+4cddEW1Zt
vPDNSdOMqNO1qwfRl15/iaOdY5VVUfLoabREKsqeGsEeg1OFJp85XBaDTlqILkRe
XVWJLtB9cDSRzcuoHXedX0kbLI+PQuc2q+hq/9HT0dmJiMf8usMWr6pqub+jKQ7L
VoLWCznrgpg53n2GyCpkiv8JN+k7X0i9Achen925+1xrRg5Gs/Xcpj0b2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLS7YFH3dLou+DRRzWBUNw0zKU6WMB8GA1UdIwQY
MBaAFObC4NP9whWjiccEPKWhoGvixVjvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXNMZzBfM0NGYU9KeHdROHBhR2dhLUxGV084LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8yOTE3NmItMTAzOC00NDE3LWJkYWQt
ZjNlMDUyYmFiMTQ0LzEvdEx0Z1VmZDB1aTc0TkZITllGUTNEVE1wVHBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8yOTE3NmItMTAzOC00NDE3LWJkYWQtZjNlMDUyYmFiMTQ0
LzEvNXNMZzBfM0NGYU9KeHdROHBhR2dhLUxGV084LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwanCMA0G
CSqGSIb3DQEBCwUAA4IBAQAzszU/R8hefMuPgtpDI2883JUp0CuJTGlzrjT7ZUcR
SNPQLHYfzXmQrojbflahWuSY65mdaI2iNR9iXent56ARIdwig5yiQwD+xOVCSnhc
lacQqcNKsBLb6dP4mf7cgRNoWqORJ/OFpmxLAm8yT3nj0niPoUXhuAcrQafWDzlT
umUVfxoYjp48V1FXjgXk27RRbakZBvI1OuTThfTGeNrPHHOvYjrM02vR7WqSV0Oe
mCwHblnXcmfm50QP0dLGA10cYXrNuhxsmzKraAwzD0hDVR8eelO7f6HLpssQWROZ
C5epbGpLrkEFQzkEp+1BfhMaiEa6KYcliT0gcEu6anM8
-----END CERTIFICATE-----