Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/e1edab-2439-4a7c-984c-e6ff7ca3ecef/1/TpP1ghqsvudxwpVNjEnVhO4RWww.roa
File:                     TpP1ghqsvudxwpVNjEnVhO4RWww.roa (raw, json)
Hash identifier:          4+AlZPeiYc4qPwqWqByXnBYBTrZOMTJuwqjVuo2TCds=
Subject key identifier:   4E:93:F5:82:1A:AC:BE:E7:71:C2:95:4D:8C:49:D5:84:EE:11:5B:0C
Certificate issuer:       /CN=854e8383e8208936802362a09f36085a50fcd85a
Certificate serial:       019473B850320E425FE201BAE0EBA12DAF08
Authority key identifier: 85:4E:83:83:E8:20:89:36:80:23:62:A0:9F:36:08:5A:50:FC:D8:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hU6Dg-ggiTaAI2KgnzYIWlD82Fo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/e1edab-2439-4a7c-984c-e6ff7ca3ecef/1/TpP1ghqsvudxwpVNjEnVhO4RWww.roa
Signing time:             Fri 17 Jan 2025 10:04:06 +0000
ROA not before:           Fri 17 Jan 2025 10:04:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1103
IP address blocks:        137.56.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/e1edab-2439-4a7c-984c-e6ff7ca3ecef/1/hU6Dg-ggiTaAI2KgnzYIWlD82Fo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/e1edab-2439-4a7c-984c-e6ff7ca3ecef/1/hU6Dg-ggiTaAI2KgnzYIWlD82Fo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hU6Dg-ggiTaAI2KgnzYIWlD82Fo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 07:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:73:b8:50:32:0e:42:5f:e2:01:ba:e0:eb:a1:2d:af:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=854e8383e8208936802362a09f36085a50fcd85a
        Validity
            Not Before: Jan 17 10:04:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e93f5821aacbee771c2954d8c49d584ee115b0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:65:66:c0:58:2a:ba:d1:a4:6b:8e:3f:cc:05:
                    27:8e:13:27:8a:88:e4:d3:c8:a4:b7:61:ce:20:56:
                    97:37:ce:4a:4b:e2:56:69:86:19:7e:cf:4c:66:12:
                    d7:08:7a:50:87:d8:9a:2c:6a:92:3d:ee:cf:4c:87:
                    7e:08:3c:b3:59:8b:2a:d6:9f:f6:b7:a4:bf:32:34:
                    43:06:35:23:60:69:20:09:2b:3a:60:e5:ea:16:f8:
                    5d:47:5f:58:2e:8a:2c:c2:d1:17:e9:5c:dc:cd:99:
                    04:58:fe:c8:0b:90:7b:fe:b4:6f:cc:86:c2:34:12:
                    5d:07:6d:6d:6f:59:28:3f:1e:84:dc:2f:83:fa:69:
                    cc:9a:ea:f0:8e:fa:6c:da:c5:97:00:7d:ba:d9:14:
                    4f:dd:6a:46:30:de:20:c2:88:d3:1e:89:a2:17:d8:
                    2d:4a:4f:db:be:5e:1c:b7:9e:87:ee:0f:8c:66:97:
                    80:97:b5:fc:0a:df:62:f5:d8:64:c7:ee:17:5b:12:
                    0c:b6:d4:9c:91:49:ba:f2:82:03:6e:8a:28:0a:18:
                    0b:93:dd:fa:41:b0:d8:1b:4e:f2:75:c3:d2:9c:1e:
                    0e:7c:db:65:e2:00:6b:c7:52:c8:ce:22:a7:c9:62:
                    a2:d9:75:d2:51:87:7f:dc:12:06:e6:e1:9b:44:65:
                    94:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:93:F5:82:1A:AC:BE:E7:71:C2:95:4D:8C:49:D5:84:EE:11:5B:0C
            X509v3 Authority Key Identifier:
                keyid:85:4E:83:83:E8:20:89:36:80:23:62:A0:9F:36:08:5A:50:FC:D8:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hU6Dg-ggiTaAI2KgnzYIWlD82Fo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/e1edab-2439-4a7c-984c-e6ff7ca3ecef/1/TpP1ghqsvudxwpVNjEnVhO4RWww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/e1edab-2439-4a7c-984c-e6ff7ca3ecef/1/hU6Dg-ggiTaAI2KgnzYIWlD82Fo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  137.56.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         15:84:a5:74:5c:39:e3:9a:32:d2:8e:e0:e3:46:00:15:3d:a6:
         61:b0:0b:61:fc:9d:2b:4f:31:94:11:4c:86:b8:b1:f7:5c:66:
         5b:8b:c2:25:80:2d:b3:27:2c:7f:8f:80:1d:8c:9d:c2:20:2a:
         09:b2:8f:05:a6:b5:04:da:1a:6d:c8:b3:b7:ea:05:63:88:6d:
         2c:79:6f:c1:c6:19:ac:99:85:c0:3c:d8:bb:53:df:8b:5c:31:
         16:12:74:3c:a0:86:3c:bc:e6:10:df:e3:90:e7:3b:83:b4:99:
         5b:c6:bd:65:a3:a8:55:8f:f7:ff:1d:44:a0:4f:8f:3a:69:76:
         fc:f4:55:d4:42:6a:9f:2b:00:9e:2d:2b:fd:da:a5:51:00:c1:
         2e:ac:2d:22:a4:6d:a9:3b:d3:3d:b2:d0:be:02:a8:6d:cd:f4:
         f1:99:51:ce:46:55:83:ce:32:7f:da:3c:5a:f5:f5:22:9c:46:
         37:48:3e:1d:d9:8e:b3:fc:43:13:97:ee:e0:46:c0:30:64:4b:
         74:f8:be:3c:1a:9d:15:75:73:32:2b:7f:66:01:80:18:e3:2e:
         ab:04:9c:bd:37:c6:42:b0:9b:f1:4c:58:8b:92:a1:c5:ea:6a:
         01:1f:16:f3:57:34:1b:49:91:40:83:25:43:9f:89:8d:45:23:
         0f:c7:f1:c3
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZRzuFAyDkJf4gG64OuhLa8IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1NGU4MzgzZTgyMDg5MzY4MDIzNjJhMDlmMzYwODVhNTBm
Y2Q4NWEwHhcNMjUwMTE3MTAwNDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTkzZjU4MjFhYWNiZWU3NzFjMjk1NGQ4YzQ5ZDU4NGVlMTE1YjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh2VmwFgqutGka44/zAUnjhMniojk
08ikt2HOIFaXN85KS+JWaYYZfs9MZhLXCHpQh9iaLGqSPe7PTId+CDyzWYsq1p/2
t6S/MjRDBjUjYGkgCSs6YOXqFvhdR19YLooswtEX6VzczZkEWP7IC5B7/rRvzIbC
NBJdB21tb1koPx6E3C+D+mnMmurwjvps2sWXAH262RRP3WpGMN4gwojTHomiF9gt
Sk/bvl4ct56H7g+MZpeAl7X8Ct9i9dhkx+4XWxIMttSckUm68oIDboooChgLk936
QbDYG07ydcPSnB4OfNtl4gBrx1LIziKnyWKi2XXSUYd/3BIG5uGbRGWUnQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFE6T9YIarL7nccKVTYxJ1YTuEVsMMB8GA1UdIwQY
MBaAFIVOg4PoIIk2gCNioJ82CFpQ/NhaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFU2RGctZ2dpVGFBSTJLZ256WUlXbEQ4MkZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lMWVkYWItMjQzOS00YTdjLTk4NGMt
ZTZmZjdjYTNlY2VmLzEvVHBQMWdocXN2dWR4d3BWTmpFblZoTzRSV3d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lMWVkYWItMjQzOS00YTdjLTk4NGMtZTZmZjdjYTNlY2Vm
LzEvaFU2RGctZ2dpVGFBSTJLZ256WUlXbEQ4MkZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAiTgwDQYJ
KoZIhvcNAQELBQADggEBABWEpXRcOeOaMtKO4ONGABU9pmGwC2H8nStPMZQRTIa4
sfdcZluLwiWALbMnLH+PgB2MncIgKgmyjwWmtQTaGm3Is7fqBWOIbSx5b8HGGayZ
hcA82LtT34tcMRYSdDyghjy85hDf45DnO4O0mVvGvWWjqFWP9/8dRKBPjzppdvz0
VdRCap8rAJ4tK/3apVEAwS6sLSKkbak70z2y0L4CqG3N9PGZUc5GVYPOMn/aPFr1
9SKcRjdIPh3ZjrP8QxOX7uBGwDBkS3T4vjwanRV1czIrf2YBgBjjLqsEnL03xkKw
m/FMWIuSocXqagEfFvNXNBtJkUCDJUOfiY1FIw/H8cM=
-----END CERTIFICATE-----