Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/TYNpquTJrzSR51OOloKWFzDGt3U.roa
File:                     TYNpquTJrzSR51OOloKWFzDGt3U.roa (raw, json)
Hash identifier:          PXkC4vPi8mTT3NZRiH+aIHNnUKiyXfVEegc48VEpnOo=
Subject key identifier:   4D:83:69:AA:E4:C9:AF:34:91:E7:53:8E:96:82:96:17:30:C6:B7:75
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       0195FB870C3E5343E7027A1540B577996B49
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/TYNpquTJrzSR51OOloKWFzDGt3U.roa
Signing time:             Thu 03 Apr 2025 12:01:26 +0000
ROA not before:           Thu 03 Apr 2025 12:01:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205574
IP address blocks:        192.71.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:fb:87:0c:3e:53:43:e7:02:7a:15:40:b5:77:99:6b:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Apr  3 12:01:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d8369aae4c9af3491e7538e9682961730c6b775
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:9a:04:4d:68:b1:56:27:91:10:f8:d5:45:82:
                    72:3b:ee:77:6e:c9:57:6d:d7:82:2c:ba:19:2d:78:
                    a2:20:34:40:b2:09:16:5f:85:c9:e2:53:ad:cf:1d:
                    2f:f7:cd:d2:0e:5f:d5:b7:98:94:fb:07:13:f5:8c:
                    8b:48:87:ed:8a:48:eb:4a:3d:e5:33:7a:62:aa:6c:
                    27:82:56:f7:35:44:5e:e5:83:a7:e3:80:52:0c:4b:
                    6d:7e:88:e9:ed:95:01:b5:76:38:26:ca:b5:67:ae:
                    d9:5c:65:45:b5:3e:32:96:2c:ca:6f:cd:b9:ed:7c:
                    2c:c1:5a:47:3e:a9:99:46:4c:da:0a:44:24:2a:9d:
                    18:dc:7e:95:66:0d:51:a6:a5:9a:c8:45:26:f3:ab:
                    a6:c3:eb:29:98:48:52:57:5c:54:75:b2:16:bb:92:
                    9a:c3:b5:59:a1:e0:fa:4c:c7:09:c6:37:7f:42:91:
                    e0:b6:19:03:ae:25:3f:07:50:7d:35:29:78:8f:11:
                    80:b0:08:65:2a:d6:0f:e3:5f:3a:94:2f:c2:65:4e:
                    37:03:7e:dc:4a:cd:d5:7e:f8:db:a1:c0:27:f6:fe:
                    86:4f:2d:43:73:ae:ed:b1:c4:37:df:dc:56:af:e4:
                    3a:60:96:3b:04:95:e0:23:d0:cc:26:47:72:bb:cc:
                    9c:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:83:69:AA:E4:C9:AF:34:91:E7:53:8E:96:82:96:17:30:C6:B7:75
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/TYNpquTJrzSR51OOloKWFzDGt3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.71.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:0a:30:d7:2f:be:f9:3f:48:c4:2b:c0:2e:2d:0f:f1:c4:15:
         5f:62:de:08:0e:48:99:24:b2:f4:d9:7c:72:78:57:f3:a6:5a:
         58:93:ca:2d:04:af:55:a4:42:e7:ce:c2:28:e3:fa:b3:f5:19:
         ab:54:74:3f:58:b8:2a:80:8a:df:dd:b4:58:8e:1b:01:92:a4:
         d7:e3:80:3c:cf:f3:7e:6f:e3:c5:cf:9c:8f:9d:0a:ae:4e:55:
         e0:45:b1:d7:db:e3:af:a7:be:8e:81:78:67:3a:ec:08:c4:23:
         86:78:07:1b:f8:15:22:0a:94:d4:0a:bd:c5:80:d9:f3:af:56:
         53:64:e0:15:d0:de:12:c7:20:1e:3c:70:7e:61:e6:ea:8b:b3:
         b2:f2:d8:35:3a:3b:b0:7f:21:d7:51:f2:29:41:f0:47:22:b7:
         b8:e8:9b:4a:e4:90:a4:97:f4:66:46:57:01:83:7c:33:a3:39:
         84:76:4d:02:e5:d0:fa:b1:97:0c:72:28:9d:4a:1a:e0:4d:ef:
         93:07:de:a7:15:8f:38:fa:07:74:8a:82:22:75:45:ad:f8:ca:
         e3:d6:21:8b:8c:38:8d:42:aa:ca:5a:fe:01:22:91:52:09:52:
         d1:71:4c:e7:bd:0d:94:85:a0:72:fd:47:a9:d7:3a:3b:d9:fe:
         77:ef:15:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZX7hww+U0PnAnoVQLV3mWtJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwNDAzMTIwMTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDgzNjlhYWU0YzlhZjM0OTFlNzUzOGU5NjgyOTYxNzMwYzZiNzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5oETWixVieREPjVRYJyO+53bslX
bdeCLLoZLXiiIDRAsgkWX4XJ4lOtzx0v983SDl/Vt5iU+wcT9YyLSIftikjrSj3l
M3piqmwnglb3NURe5YOn44BSDEttfojp7ZUBtXY4Jsq1Z67ZXGVFtT4ylizKb825
7XwswVpHPqmZRkzaCkQkKp0Y3H6VZg1RpqWayEUm86umw+spmEhSV1xUdbIWu5Ka
w7VZoeD6TMcJxjd/QpHgthkDriU/B1B9NSl4jxGAsAhlKtYP4186lC/CZU43A37c
Ss3VfvjbocAn9v6GTy1Dc67tscQ339xWr+Q6YJY7BJXgI9DMJkdyu8ycyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE2Daarkya80kedTjpaClhcwxrd1MB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvVFlOcHF1VEpyelNSNTFPT2xvS1dGekRHdDNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwEcQMA0G
CSqGSIb3DQEBCwUAA4IBAQC2CjDXL775P0jEK8AuLQ/xxBVfYt4IDkiZJLL02Xxy
eFfzplpYk8otBK9VpELnzsIo4/qz9RmrVHQ/WLgqgIrf3bRYjhsBkqTX44A8z/N+
b+PFz5yPnQquTlXgRbHX2+Ovp76OgXhnOuwIxCOGeAcb+BUiCpTUCr3FgNnzr1ZT
ZOAV0N4SxyAePHB+Yebqi7Oy8tg1OjuwfyHXUfIpQfBHIre46JtK5JCkl/RmRlcB
g3wzozmEdk0C5dD6sZcMciidShrgTe+TB96nFY84+gd0ioIidUWt+Mrj1iGLjDiN
QqrKWv4BIpFSCVLRcUznvQ2UhaBy/Uep1zo72f537xUn
-----END CERTIFICATE-----