Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/75b838-4ece-4998-8ad8-17d31dee8e12/1/TcxQ_LIgSlnQjiSbvcx7DOq2_Zc.roa
File:                     TcxQ_LIgSlnQjiSbvcx7DOq2_Zc.roa (raw, json)
Hash identifier:          v9utTlGogD+SmAb7nxAo7ersLZspEGf0TY5tMFbjRB8=
Subject key identifier:   4D:CC:50:FC:B2:20:4A:59:D0:8E:24:9B:BD:CC:7B:0C:EA:B6:FD:97
Certificate issuer:       /CN=ba9efca86dea70d3ee90181678c8eb30e6916d1d
Certificate serial:       019422203D3102418EC642BF9CE4EE3049B5
Authority key identifier: BA:9E:FC:A8:6D:EA:70:D3:EE:90:18:16:78:C8:EB:30:E6:91:6D:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/up78qG3qcNPukBgWeMjrMOaRbR0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/75b838-4ece-4998-8ad8-17d31dee8e12/1/TcxQ_LIgSlnQjiSbvcx7DOq2_Zc.roa
Signing time:             Wed 01 Jan 2025 13:48:45 +0000
ROA not before:           Wed 01 Jan 2025 13:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56472
IP address blocks:        80.86.48.0/20 maxlen: 24
                          185.22.36.0/22 maxlen: 24
                          2a02:29a0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/75b838-4ece-4998-8ad8-17d31dee8e12/1/up78qG3qcNPukBgWeMjrMOaRbR0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/75b838-4ece-4998-8ad8-17d31dee8e12/1/up78qG3qcNPukBgWeMjrMOaRbR0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/up78qG3qcNPukBgWeMjrMOaRbR0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:3d:31:02:41:8e:c6:42:bf:9c:e4:ee:30:49:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9efca86dea70d3ee90181678c8eb30e6916d1d
        Validity
            Not Before: Jan  1 13:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4dcc50fcb2204a59d08e249bbdcc7b0ceab6fd97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:43:f9:a5:0d:32:ad:7e:c2:af:73:09:25:40:
                    27:6e:89:ee:29:24:7e:5d:23:30:3e:9e:a7:db:1f:
                    08:53:79:25:8a:19:6c:36:20:fc:b3:7d:64:20:93:
                    92:1e:25:de:f5:bf:75:12:ca:d6:65:1e:aa:9b:f4:
                    29:a1:27:02:af:ee:f1:4f:90:3e:1e:11:25:fe:de:
                    5a:40:43:02:6f:e5:f1:c6:74:86:a9:58:ee:71:a1:
                    29:5d:3a:6c:e2:54:95:bc:81:83:f1:ab:20:59:c9:
                    2e:bd:ab:ba:3d:5f:8c:de:79:22:44:d4:6d:ba:59:
                    13:23:7b:07:98:18:52:07:8d:78:13:92:ec:cf:87:
                    7e:4e:9f:62:54:35:9b:3d:b2:ff:da:3b:92:fc:82:
                    68:13:88:25:6a:e3:a7:1d:2b:8f:6d:9c:ab:c6:41:
                    2f:bc:9f:55:fb:94:05:4b:90:91:26:f8:54:ce:63:
                    c0:0c:76:55:52:bf:ac:d8:f2:da:f4:3a:2f:01:5d:
                    0b:73:1d:67:a2:2d:0a:78:17:72:d7:8a:7d:79:a3:
                    f3:6b:62:67:18:57:d9:33:e0:0f:c4:c8:6e:14:8d:
                    96:99:61:f1:cb:a2:30:10:2a:a3:02:00:d1:70:24:
                    65:00:b4:a8:45:2f:0c:1c:fb:ef:16:4f:99:84:98:
                    b0:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:CC:50:FC:B2:20:4A:59:D0:8E:24:9B:BD:CC:7B:0C:EA:B6:FD:97
            X509v3 Authority Key Identifier:
                keyid:BA:9E:FC:A8:6D:EA:70:D3:EE:90:18:16:78:C8:EB:30:E6:91:6D:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/up78qG3qcNPukBgWeMjrMOaRbR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/75b838-4ece-4998-8ad8-17d31dee8e12/1/TcxQ_LIgSlnQjiSbvcx7DOq2_Zc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/75b838-4ece-4998-8ad8-17d31dee8e12/1/up78qG3qcNPukBgWeMjrMOaRbR0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.86.48.0/20
                  185.22.36.0/22
                IPv6:
                  2a02:29a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         38:40:34:a8:56:ac:50:d3:42:e0:d2:45:63:de:e1:25:ab:22:
         b2:60:fe:ac:e3:cf:38:06:76:2c:67:54:39:9d:30:56:9f:85:
         f3:ba:f6:2a:fa:44:2a:01:af:c4:87:aa:44:95:d7:c7:45:80:
         24:9e:b8:2b:ad:0a:28:c1:79:64:1d:42:e8:98:ae:3d:b0:a5:
         2c:12:e1:2a:24:96:cc:d5:08:92:a6:c1:9e:22:4c:69:34:e9:
         3b:e2:fa:b1:30:2a:a0:bb:eb:1f:1c:f2:d9:77:56:e3:5b:6f:
         8d:56:ce:09:fa:92:7d:f9:9c:a3:8b:a2:16:71:4b:1f:8b:e9:
         15:89:90:e3:35:5c:0c:25:05:a9:9f:8f:af:9d:55:d8:b2:a6:
         19:dd:d9:29:9d:37:f4:9b:c7:5e:3b:42:99:61:79:71:fc:24:
         f9:ed:e7:7e:67:21:10:62:45:5a:f6:16:1b:37:33:b4:40:fe:
         d0:88:52:7c:d0:2e:74:74:73:2d:02:36:6a:c4:f2:63:5e:30:
         1f:18:ad:73:98:62:99:db:2f:41:79:a4:23:15:03:09:8d:3d:
         44:1a:dd:d7:86:c1:73:5b:6e:d3:74:c3:69:ee:ab:06:ac:cf:
         da:26:e3:d9:a0:c7:01:53:79:89:a4:65:bb:09:33:fd:8c:4d:
         7a:da:9a:85
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQiID0xAkGOxkK/nOTuMEm1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOWVmY2E4NmRlYTcwZDNlZTkwMTgxNjc4YzhlYjMwZTY5
MTZkMWQwHhcNMjUwMTAxMTM0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGNjNTBmY2IyMjA0YTU5ZDA4ZTI0OWJiZGNjN2IwY2VhYjZmZDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokP5pQ0yrX7Cr3MJJUAnbonuKSR+
XSMwPp6n2x8IU3klihlsNiD8s31kIJOSHiXe9b91EsrWZR6qm/QpoScCr+7xT5A+
HhEl/t5aQEMCb+XxxnSGqVjucaEpXTps4lSVvIGD8asgWckuvau6PV+M3nkiRNRt
ulkTI3sHmBhSB414E5Lsz4d+Tp9iVDWbPbL/2juS/IJoE4glauOnHSuPbZyrxkEv
vJ9V+5QFS5CRJvhUzmPADHZVUr+s2PLa9DovAV0Lcx1noi0KeBdy14p9eaPza2Jn
GFfZM+APxMhuFI2WmWHxy6IwECqjAgDRcCRlALSoRS8MHPvvFk+ZhJiwwQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFE3MUPyyIEpZ0I4km73Mewzqtv2XMB8GA1UdIwQY
MBaAFLqe/Kht6nDT7pAYFnjI6zDmkW0dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXA3OHFHM3FjTlB1a0JnV2VNanJNT2FSYlIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi83NWI4MzgtNGVjZS00OTk4LThhZDgt
MTdkMzFkZWU4ZTEyLzEvVGN4UV9MSWdTbG5RamlTYnZjeDdET3EyX1pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi83NWI4MzgtNGVjZS00OTk4LThhZDgtMTdkMzFkZWU4ZTEy
LzEvdXA3OHFHM3FjTlB1a0JnV2VNanJNT2FSYlIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEUFYwAwQC
uRYkMA0EAgACMAcDBQAqAimgMA0GCSqGSIb3DQEBCwUAA4IBAQA4QDSoVqxQ00Lg
0kVj3uElqyKyYP6s4884BnYsZ1Q5nTBWn4XzuvYq+kQqAa/Eh6pEldfHRYAknrgr
rQoowXlkHULomK49sKUsEuEqJJbM1QiSpsGeIkxpNOk74vqxMCqgu+sfHPLZd1bj
W2+NVs4J+pJ9+Zyji6IWcUsfi+kViZDjNVwMJQWpn4+vnVXYsqYZ3dkpnTf0m8de
O0KZYXlx/CT57ed+ZyEQYkVa9hYbNzO0QP7QiFJ80C50dHMtAjZqxPJjXjAfGK1z
mGKZ2y9BeaQjFQMJjT1EGt3XhsFzW27TdMNp7qsGrM/aJuPZoMcBU3mJpGW7CTP9
jE162pqF
-----END CERTIFICATE-----