Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/767d6d-36c8-403b-81b0-b4aaa23fdaa9/1/tbYCEHCORQD2jU1FhjpVeyl7yzw.roa
File:                     tbYCEHCORQD2jU1FhjpVeyl7yzw.roa (raw, json)
Hash identifier:          UJRgmyhwhn7tm70C5e/aIyFO87+Jd/xNlqZSp90NpM0=
Subject key identifier:   B5:B6:02:10:70:8E:45:00:F6:8D:4D:45:86:3A:55:7B:29:7B:CB:3C
Certificate issuer:       /CN=9a5e76f929d21b586f42e30f7d9b00399b3dcbf0
Certificate serial:       019421B1CE034E8E5248363BB9AA5183F248
Authority key identifier: 9A:5E:76:F9:29:D2:1B:58:6F:42:E3:0F:7D:9B:00:39:9B:3D:CB:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ml52-SnSG1hvQuMPfZsAOZs9y_A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/767d6d-36c8-403b-81b0-b4aaa23fdaa9/1/tbYCEHCORQD2jU1FhjpVeyl7yzw.roa
Signing time:             Wed 01 Jan 2025 11:48:08 +0000
ROA not before:           Wed 01 Jan 2025 11:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199856
IP address blocks:        195.88.70.0/24 maxlen: 24
                          2a13:c300::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/767d6d-36c8-403b-81b0-b4aaa23fdaa9/1/ml52-SnSG1hvQuMPfZsAOZs9y_A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/767d6d-36c8-403b-81b0-b4aaa23fdaa9/1/ml52-SnSG1hvQuMPfZsAOZs9y_A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ml52-SnSG1hvQuMPfZsAOZs9y_A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:ce:03:4e:8e:52:48:36:3b:b9:aa:51:83:f2:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a5e76f929d21b586f42e30f7d9b00399b3dcbf0
        Validity
            Not Before: Jan  1 11:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b5b60210708e4500f68d4d45863a557b297bcb3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:37:59:79:90:a4:83:b4:50:22:72:03:b6:6d:
                    f3:90:68:55:2b:ff:29:2d:4e:0e:a6:8b:19:e9:0d:
                    c1:75:89:96:15:4e:8a:86:e3:cb:63:f3:a2:f5:2f:
                    86:0d:da:d5:62:60:70:ab:29:c3:15:20:e7:cd:1a:
                    c5:38:7f:fe:49:4b:03:7a:bf:73:ca:c6:12:e2:e3:
                    98:31:c2:1b:f4:da:04:28:cd:2b:7e:55:7f:a9:3a:
                    f5:de:24:47:d6:37:2b:85:22:43:0a:77:cc:fd:0b:
                    81:01:1f:d7:3b:3a:0e:ba:dd:55:b1:dd:65:45:87:
                    26:df:6a:68:9c:25:e4:09:47:4e:68:4c:dc:e9:f6:
                    ef:20:3e:60:f2:74:47:68:c9:21:9b:25:07:aa:9b:
                    cc:32:db:ac:21:1e:49:c1:c2:de:37:80:59:46:c4:
                    40:d1:6f:c4:bf:91:c0:7e:16:c9:f9:69:1f:ad:c4:
                    36:c9:e2:8a:c7:f9:51:18:df:84:79:74:63:c2:f1:
                    c1:16:06:89:65:02:3c:7d:97:46:ad:e7:28:ae:4a:
                    27:39:7a:f2:7b:23:c0:f9:f2:63:38:9c:6f:66:29:
                    1e:31:b3:c9:20:0e:96:71:a6:40:d5:d4:35:df:b5:
                    c8:e9:53:59:d8:72:a4:7b:42:93:72:1c:98:92:db:
                    eb:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:B6:02:10:70:8E:45:00:F6:8D:4D:45:86:3A:55:7B:29:7B:CB:3C
            X509v3 Authority Key Identifier:
                keyid:9A:5E:76:F9:29:D2:1B:58:6F:42:E3:0F:7D:9B:00:39:9B:3D:CB:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ml52-SnSG1hvQuMPfZsAOZs9y_A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/767d6d-36c8-403b-81b0-b4aaa23fdaa9/1/tbYCEHCORQD2jU1FhjpVeyl7yzw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/767d6d-36c8-403b-81b0-b4aaa23fdaa9/1/ml52-SnSG1hvQuMPfZsAOZs9y_A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.70.0/24
                IPv6:
                  2a13:c300::/29

    Signature Algorithm: sha256WithRSAEncryption
         a0:92:b7:c9:53:f0:c8:97:4e:c9:d2:b3:a4:f4:5e:a5:57:2d:
         cd:2d:0b:4d:48:6b:38:37:f0:5b:0d:6a:85:9a:0b:a7:15:5b:
         e7:da:28:60:93:3a:39:aa:e8:27:cf:28:12:11:78:a9:55:b0:
         aa:e4:23:82:f7:80:52:9e:28:2b:26:03:e3:d0:c4:77:cb:c9:
         64:7b:b4:59:fa:88:fc:1f:06:ed:3f:97:5c:e7:09:f8:4e:a2:
         ca:d6:12:23:be:45:0a:ac:c8:3e:db:5c:37:88:d7:d6:d2:e8:
         8a:72:87:f8:d8:eb:d1:08:88:59:fc:23:2a:a6:fd:4e:c4:5d:
         70:d5:51:f2:3b:e5:ec:42:fe:ba:9a:22:27:50:3b:eb:41:57:
         47:d0:1c:7d:50:de:f2:4e:ce:68:c3:77:0b:bf:cc:cc:eb:0c:
         2e:94:95:48:27:a7:8c:c8:cf:ff:b6:4e:62:03:b5:61:dd:85:
         6e:e8:14:cb:f3:05:80:54:a0:65:b0:e6:e8:c2:de:50:17:ed:
         ed:49:a8:24:c8:47:ef:43:05:73:cd:ba:a4:7d:42:0a:a1:bd:
         02:87:fe:09:10:46:54:5d:ef:db:a8:3a:9c:db:24:ec:7f:b6:
         5c:65:af:5a:e4:79:69:d5:62:a4:8f:70:ad:bd:81:06:71:d1:
         dd:f4:7d:5c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhsc4DTo5SSDY7uapRg/JIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNWU3NmY5MjlkMjFiNTg2ZjQyZTMwZjdkOWIwMDM5OWIz
ZGNiZjAwHhcNMjUwMTAxMTE0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWI2MDIxMDcwOGU0NTAwZjY4ZDRkNDU4NjNhNTU3YjI5N2JjYjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5DdZeZCkg7RQInIDtm3zkGhVK/8p
LU4OposZ6Q3BdYmWFU6KhuPLY/Oi9S+GDdrVYmBwqynDFSDnzRrFOH/+SUsDer9z
ysYS4uOYMcIb9NoEKM0rflV/qTr13iRH1jcrhSJDCnfM/QuBAR/XOzoOut1Vsd1l
RYcm32ponCXkCUdOaEzc6fbvID5g8nRHaMkhmyUHqpvMMtusIR5JwcLeN4BZRsRA
0W/Ev5HAfhbJ+WkfrcQ2yeKKx/lRGN+EeXRjwvHBFgaJZQI8fZdGrecorkonOXry
eyPA+fJjOJxvZikeMbPJIA6WcaZA1dQ137XI6VNZ2HKke0KTchyYktvrrQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLW2AhBwjkUA9o1NRYY6VXspe8s8MB8GA1UdIwQY
MBaAFJpedvkp0htYb0LjD32bADmbPcvwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWw1Mi1TblNHMWh2UXVNUGZac0FPWnM5eV9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS83NjdkNmQtMzZjOC00MDNiLTgxYjAt
YjRhYWEyM2ZkYWE5LzEvdGJZQ0VIQ09SUUQyalUxRmhqcFZleWw3eXp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS83NjdkNmQtMzZjOC00MDNiLTgxYjAtYjRhYWEyM2ZkYWE5
LzEvbWw1Mi1TblNHMWh2UXVNUGZac0FPWnM5eV9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAw1hGMA0E
AgACMAcDBQMqE8MAMA0GCSqGSIb3DQEBCwUAA4IBAQCgkrfJU/DIl07J0rOk9F6l
Vy3NLQtNSGs4N/BbDWqFmgunFVvn2ihgkzo5qugnzygSEXipVbCq5COC94BSnigr
JgPj0MR3y8lke7RZ+oj8HwbtP5dc5wn4TqLK1hIjvkUKrMg+21w3iNfW0uiKcof4
2OvRCIhZ/CMqpv1OxF1w1VHyO+XsQv66miInUDvrQVdH0Bx9UN7yTs5ow3cLv8zM
6wwulJVIJ6eMyM//tk5iA7Vh3YVu6BTL8wWAVKBlsObowt5QF+3tSagkyEfvQwVz
zbqkfUIKob0Ch/4JEEZUXe/bqDqc2yTsf7ZcZa9a5Hlp1WKkj3CtvYEGcdHd9H1c
-----END CERTIFICATE-----