Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/aba260-0850-4460-8053-94ca9c165779/1/TrL7vyhk-vrmOcVyXUhkgoFF8IM.roa
File:                     TrL7vyhk-vrmOcVyXUhkgoFF8IM.roa (raw, json)
Hash identifier:          Hfs6eqQDDmF2iRkKQ4LyqXry5vY1cydb2ruM4NvmGtg=
Subject key identifier:   4E:B2:FB:BF:28:64:FA:FA:E6:39:C5:72:5D:48:64:82:81:45:F0:83
Certificate issuer:       /CN=11362f3cfb94b9223c78433197c4e0ca12dbd70a
Certificate serial:       019427478D7D77414E6317485F6FF66398A7
Authority key identifier: 11:36:2F:3C:FB:94:B9:22:3C:78:43:31:97:C4:E0:CA:12:DB:D7:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ETYvPPuUuSI8eEMxl8TgyhLb1wo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/aba260-0850-4460-8053-94ca9c165779/1/TrL7vyhk-vrmOcVyXUhkgoFF8IM.roa
Signing time:             Thu 02 Jan 2025 13:49:47 +0000
ROA not before:           Thu 02 Jan 2025 13:49:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49788
IP address blocks:        193.0.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/aba260-0850-4460-8053-94ca9c165779/1/ETYvPPuUuSI8eEMxl8TgyhLb1wo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/aba260-0850-4460-8053-94ca9c165779/1/ETYvPPuUuSI8eEMxl8TgyhLb1wo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ETYvPPuUuSI8eEMxl8TgyhLb1wo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:8d:7d:77:41:4e:63:17:48:5f:6f:f6:63:98:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11362f3cfb94b9223c78433197c4e0ca12dbd70a
        Validity
            Not Before: Jan  2 13:49:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4eb2fbbf2864fafae639c5725d4864828145f083
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:8b:cb:f2:e1:2b:fb:88:51:cf:07:05:77:c4:
                    84:c9:8e:ac:af:0b:ae:7e:20:55:da:1c:af:34:a3:
                    95:a0:2f:0c:0d:df:9a:74:2a:ea:b3:c7:4a:49:1e:
                    95:b5:36:54:14:a0:59:78:eb:14:95:50:51:97:0d:
                    76:36:a3:bf:c0:0a:f5:89:5b:e0:cb:8e:5d:0a:69:
                    82:12:19:26:5a:09:34:ed:19:fd:47:ff:2f:df:a2:
                    bd:df:a9:c4:09:b9:da:bc:df:08:b7:5a:a7:ea:bf:
                    73:93:f0:85:2f:8f:96:66:c9:e2:2b:84:c8:c0:57:
                    48:b4:db:1f:d8:8d:7b:f7:55:72:b7:fc:57:7a:04:
                    22:df:40:46:38:cc:30:56:71:68:4e:98:be:12:ce:
                    34:4f:0b:76:bb:84:01:13:bb:53:a6:bf:7c:8e:27:
                    12:da:2a:99:a3:b4:fa:c0:92:8e:d5:86:04:5b:03:
                    8c:50:d5:7d:76:3c:3e:6c:ff:9e:92:9d:14:5c:52:
                    9f:11:c2:9b:0c:94:24:d5:91:e5:96:c7:f9:02:37:
                    ad:2a:e0:d2:1b:5f:48:d0:68:19:e8:be:93:a8:78:
                    ea:06:26:a3:4b:63:f2:37:32:89:42:a6:61:d4:c2:
                    3a:03:9c:81:6a:12:53:5f:fb:aa:b2:c8:e3:c3:39:
                    42:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:B2:FB:BF:28:64:FA:FA:E6:39:C5:72:5D:48:64:82:81:45:F0:83
            X509v3 Authority Key Identifier:
                keyid:11:36:2F:3C:FB:94:B9:22:3C:78:43:31:97:C4:E0:CA:12:DB:D7:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ETYvPPuUuSI8eEMxl8TgyhLb1wo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/aba260-0850-4460-8053-94ca9c165779/1/TrL7vyhk-vrmOcVyXUhkgoFF8IM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/aba260-0850-4460-8053-94ca9c165779/1/ETYvPPuUuSI8eEMxl8TgyhLb1wo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:52:f1:be:09:f7:a7:9a:f7:04:83:18:e1:1c:10:82:b0:e9:
         a0:ab:08:d0:63:b9:07:bc:37:1a:9e:a5:4a:46:e5:12:45:44:
         96:f8:79:f3:08:f6:60:14:9c:c4:51:9b:7b:d6:7d:64:5c:32:
         0e:dd:a2:84:eb:7c:f4:60:b2:b4:0f:95:60:e4:2f:7d:35:52:
         63:6e:a2:e1:7a:76:70:46:45:4c:e4:37:18:bc:67:4d:50:06:
         f0:dd:a3:3c:b3:c6:82:6e:55:0a:3c:80:6f:79:68:66:31:05:
         e2:e3:5d:ab:e4:33:2a:dc:73:1b:90:7c:65:d0:7b:87:1a:df:
         90:a4:4e:82:bc:17:46:fc:16:f5:d9:4a:7f:b1:bf:50:d2:b6:
         6d:8d:e2:e8:55:81:0a:36:3c:d6:ec:34:28:f9:8f:84:2f:65:
         0f:a6:59:07:0c:12:d3:33:cc:10:b0:e6:3b:95:10:77:16:ce:
         5d:ad:6c:99:43:b8:ae:1b:2a:a2:d2:4c:bb:8d:d5:08:9e:2a:
         6c:9a:8b:74:f7:a4:29:ba:8e:83:a9:a6:2a:b0:75:8b:ac:8a:
         0c:c0:a3:e5:88:b7:28:31:ce:bf:8a:54:76:35:4d:62:37:fd:
         e5:4d:a4:90:fa:81:ce:80:73:05:6d:fa:6c:ed:27:12:86:e1:
         ea:4e:80:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR419d0FOYxdIX2/2Y5inMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMzYyZjNjZmI5NGI5MjIzYzc4NDMzMTk3YzRlMGNhMTJk
YmQ3MGEwHhcNMjUwMTAyMTM0OTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWIyZmJiZjI4NjRmYWZhZTYzOWM1NzI1ZDQ4NjQ4MjgxNDVmMDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5ovL8uEr+4hRzwcFd8SEyY6srwuu
fiBV2hyvNKOVoC8MDd+adCrqs8dKSR6VtTZUFKBZeOsUlVBRlw12NqO/wAr1iVvg
y45dCmmCEhkmWgk07Rn9R/8v36K936nECbnavN8It1qn6r9zk/CFL4+WZsniK4TI
wFdItNsf2I1791Vyt/xXegQi30BGOMwwVnFoTpi+Es40Twt2u4QBE7tTpr98jicS
2iqZo7T6wJKO1YYEWwOMUNV9djw+bP+ekp0UXFKfEcKbDJQk1ZHllsf5AjetKuDS
G19I0GgZ6L6TqHjqBiajS2PyNzKJQqZh1MI6A5yBahJTX/uqssjjwzlCuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE6y+78oZPr65jnFcl1IZIKBRfCDMB8GA1UdIwQY
MBaAFBE2Lzz7lLkiPHhDMZfE4MoS29cKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVRZdlBQdVV1U0k4ZUVNeGw4VGd5aExiMXdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9hYmEyNjAtMDg1MC00NDYwLTgwNTMt
OTRjYTljMTY1Nzc5LzEvVHJMN3Z5aGstdnJtT2NWeVhVaGtnb0ZGOElNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9hYmEyNjAtMDg1MC00NDYwLTgwNTMtOTRjYTljMTY1Nzc5
LzEvRVRZdlBQdVV1U0k4ZUVNeGw4VGd5aExiMXdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQDeMA0G
CSqGSIb3DQEBCwUAA4IBAQBQUvG+CfenmvcEgxjhHBCCsOmgqwjQY7kHvDcanqVK
RuUSRUSW+HnzCPZgFJzEUZt71n1kXDIO3aKE63z0YLK0D5Vg5C99NVJjbqLhenZw
RkVM5DcYvGdNUAbw3aM8s8aCblUKPIBveWhmMQXi412r5DMq3HMbkHxl0HuHGt+Q
pE6CvBdG/Bb12Up/sb9Q0rZtjeLoVYEKNjzW7DQo+Y+EL2UPplkHDBLTM8wQsOY7
lRB3Fs5drWyZQ7iuGyqi0ky7jdUInipsmot096Qpuo6DqaYqsHWLrIoMwKPliLco
Mc6/ilR2NU1iN/3lTaSQ+oHOgHMFbfps7ScShuHqToAz
-----END CERTIFICATE-----