Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/516412-5f5a-4b38-82b7-a6732dcd1398/1/tFhiLjE_x6ntaURfWA3IYuyQkY8.roa
File:                     tFhiLjE_x6ntaURfWA3IYuyQkY8.roa (raw, json)
Hash identifier:          ro3HfbcTzO9HdiyA8mU/a+hvQqF1uykWHi+tS+T8Jt4=
Subject key identifier:   B4:58:62:2E:31:3F:C7:A9:ED:69:44:5F:58:0D:C8:62:EC:90:91:8F
Certificate issuer:       /CN=ee499d741cf7a688ffc2c976813db7c51ebc4749
Certificate serial:       0196CB421ED145CB4B7157A5F1CB68BF35FA
Authority key identifier: EE:49:9D:74:1C:F7:A6:88:FF:C2:C9:76:81:3D:B7:C5:1E:BC:47:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7kmddBz3poj_wsl2gT23xR68R0k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/516412-5f5a-4b38-82b7-a6732dcd1398/1/tFhiLjE_x6ntaURfWA3IYuyQkY8.roa
Signing time:             Tue 13 May 2025 20:07:10 +0000
ROA not before:           Tue 13 May 2025 20:07:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212872
IP address blocks:        193.9.60.0/22 maxlen: 22
                          194.1.236.0/22 maxlen: 22
                          2a05:5940::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/516412-5f5a-4b38-82b7-a6732dcd1398/1/7kmddBz3poj_wsl2gT23xR68R0k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/516412-5f5a-4b38-82b7-a6732dcd1398/1/7kmddBz3poj_wsl2gT23xR68R0k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7kmddBz3poj_wsl2gT23xR68R0k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 12 Jun 2025 08:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:cb:42:1e:d1:45:cb:4b:71:57:a5:f1:cb:68:bf:35:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee499d741cf7a688ffc2c976813db7c51ebc4749
        Validity
            Not Before: May 13 20:07:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b458622e313fc7a9ed69445f580dc862ec90918f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:94:ec:70:87:50:dd:7c:43:76:d3:37:d3:29:
                    f2:c8:5b:67:7a:da:1c:20:65:4d:96:ed:07:9f:c9:
                    83:eb:b3:69:19:ba:09:c6:17:30:fd:04:21:bc:ad:
                    f4:15:a7:66:b2:df:74:8c:6f:1f:7e:3b:08:ac:d1:
                    2c:e8:ce:39:13:df:04:96:65:ad:d7:51:2f:b0:73:
                    d8:dc:09:57:dd:47:a0:9a:f6:69:14:54:e6:9c:2b:
                    65:70:92:37:dd:a1:b1:9d:1a:5e:92:67:0a:83:93:
                    34:ff:22:ab:4d:34:da:32:6c:fd:e3:9d:a5:4b:9e:
                    34:83:cd:73:ec:d8:cf:1b:2c:e0:97:9b:32:e0:2d:
                    0e:f8:ca:5a:4b:ff:78:5f:64:9b:f3:82:0d:d4:5d:
                    04:b5:9e:d5:7e:b3:08:70:ed:06:52:35:48:99:b0:
                    e1:17:d8:00:da:9a:cd:92:7e:9c:44:9f:20:15:b1:
                    4c:88:4d:2e:2f:cb:cd:f7:b5:fd:c2:8e:ed:fb:87:
                    50:3e:b0:38:57:81:cd:34:b1:17:9f:5c:fe:b0:ec:
                    0b:3c:68:57:c7:9c:8d:50:f7:d1:48:5d:4f:75:bc:
                    ec:51:c7:e2:4c:61:28:73:a0:20:00:37:8e:2f:38:
                    f8:90:e1:44:a4:cf:ac:74:c6:4a:72:d8:e0:99:b6:
                    34:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:58:62:2E:31:3F:C7:A9:ED:69:44:5F:58:0D:C8:62:EC:90:91:8F
            X509v3 Authority Key Identifier:
                keyid:EE:49:9D:74:1C:F7:A6:88:FF:C2:C9:76:81:3D:B7:C5:1E:BC:47:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7kmddBz3poj_wsl2gT23xR68R0k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/516412-5f5a-4b38-82b7-a6732dcd1398/1/tFhiLjE_x6ntaURfWA3IYuyQkY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/516412-5f5a-4b38-82b7-a6732dcd1398/1/7kmddBz3poj_wsl2gT23xR68R0k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.9.60.0/22
                  194.1.236.0/22
                IPv6:
                  2a05:5940::/29

    Signature Algorithm: sha256WithRSAEncryption
         85:83:50:ef:6f:71:c3:38:c8:ca:44:b5:84:31:e2:2c:87:1a:
         9e:52:b3:7d:a9:64:54:a5:65:a7:18:df:d8:4e:00:84:89:ad:
         2a:9b:d3:af:42:de:40:23:d1:8f:ae:58:af:af:65:40:00:7d:
         5e:df:00:6a:9e:1d:43:93:fd:cb:b6:7d:cc:2b:5f:c4:b6:f0:
         f0:c7:af:cb:df:bc:60:ec:aa:6b:3d:47:9b:ab:e6:a5:fa:85:
         52:97:cd:a9:5f:24:33:55:97:48:f1:2f:95:74:c6:0c:a0:cc:
         59:6c:3d:07:48:b7:e5:44:20:83:79:b9:79:4f:e7:71:77:62:
         16:8f:b3:fd:8d:b2:26:78:97:14:36:20:48:e5:d6:60:b8:d7:
         73:ad:b1:d1:a3:d0:8b:38:30:9e:6f:52:a2:a7:a4:74:b9:27:
         89:cf:7d:9e:f4:0b:ac:c0:f1:d6:16:3f:e1:da:06:ed:36:a1:
         24:84:c2:64:04:02:92:5e:0d:75:ae:6e:a6:a4:57:90:7b:5b:
         19:8e:ee:77:39:c5:ed:75:1a:c5:9f:0e:bd:e6:1d:71:5e:a0:
         a9:13:57:d3:a0:54:d0:33:80:4f:11:87:bd:15:97:8a:f0:5b:
         c7:77:6f:85:c0:79:47:4e:00:6b:17:13:b7:86:8c:4c:71:1d:
         25:cb:03:d0
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZbLQh7RRctLcVel8ctovzX6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlNDk5ZDc0MWNmN2E2ODhmZmMyYzk3NjgxM2RiN2M1MWVi
YzQ3NDkwHhcNMjUwNTEzMjAwNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDU4NjIyZTMxM2ZjN2E5ZWQ2OTQ0NWY1ODBkYzg2MmVjOTA5MThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzJTscIdQ3XxDdtM30ynyyFtnetoc
IGVNlu0Hn8mD67NpGboJxhcw/QQhvK30Fadmst90jG8ffjsIrNEs6M45E98ElmWt
11EvsHPY3AlX3UegmvZpFFTmnCtlcJI33aGxnRpekmcKg5M0/yKrTTTaMmz9452l
S540g81z7NjPGyzgl5sy4C0O+MpaS/94X2Sb84IN1F0EtZ7VfrMIcO0GUjVImbDh
F9gA2prNkn6cRJ8gFbFMiE0uL8vN97X9wo7t+4dQPrA4V4HNNLEXn1z+sOwLPGhX
x5yNUPfRSF1PdbzsUcfiTGEoc6AgADeOLzj4kOFEpM+sdMZKctjgmbY0eQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLRYYi4xP8ep7WlEX1gNyGLskJGPMB8GA1UdIwQY
MBaAFO5JnXQc96aI/8LJdoE9t8UevEdJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2ttZGRCejNwb2pfd3NsMmdUMjN4UjY4UjBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81MTY0MTItNWY1YS00YjM4LTgyYjct
YTY3MzJkY2QxMzk4LzEvdEZoaUxqRV94Nm50YVVSZldBM0lZdXlRa1k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81MTY0MTItNWY1YS00YjM4LTgyYjctYTY3MzJkY2QxMzk4
LzEvN2ttZGRCejNwb2pfd3NsMmdUMjN4UjY4UjBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCwQk8AwQC
wgHsMA0EAgACMAcDBQMqBVlAMA0GCSqGSIb3DQEBCwUAA4IBAQCFg1Dvb3HDOMjK
RLWEMeIshxqeUrN9qWRUpWWnGN/YTgCEia0qm9OvQt5AI9GPrlivr2VAAH1e3wBq
nh1Dk/3Ltn3MK1/EtvDwx6/L37xg7KprPUebq+al+oVSl82pXyQzVZdI8S+VdMYM
oMxZbD0HSLflRCCDebl5T+dxd2IWj7P9jbImeJcUNiBI5dZguNdzrbHRo9CLODCe
b1Kip6R0uSeJz32e9AuswPHWFj/h2gbtNqEkhMJkBAKSXg11rm6mpFeQe1sZju53
OcXtdRrFnw695h1xXqCpE1fToFTQM4BPEYe9FZeK8FvHd2+FwHlHTgBrFxO3hoxM
cR0lywPQ
-----END CERTIFICATE-----