Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/b18f32-473c-4d9e-ab85-7bd0cfa239f6/1/TY3bJpTGwSql-13Pjck1BzHDr8I.roa
File:                     TY3bJpTGwSql-13Pjck1BzHDr8I.roa (raw, json)
Hash identifier:          B/70euLBU/mf/YMvD1qZRHP7TxQr60sKZhW4C66SeVY=
Subject key identifier:   4D:8D:DB:26:94:C6:C1:2A:A5:FB:5D:CF:8D:C9:35:07:31:C3:AF:C2
Certificate issuer:       /CN=e156a785bf7fe4d7c4a5c6b721214f0e96f3aec9
Certificate serial:       0194236A2D63201DD89F8ACCBA560AD44E62
Authority key identifier: E1:56:A7:85:BF:7F:E4:D7:C4:A5:C6:B7:21:21:4F:0E:96:F3:AE:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4Vanhb9_5NfEpca3ISFPDpbzrsk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/b18f32-473c-4d9e-ab85-7bd0cfa239f6/1/TY3bJpTGwSql-13Pjck1BzHDr8I.roa
Signing time:             Wed 01 Jan 2025 19:49:08 +0000
ROA not before:           Wed 01 Jan 2025 19:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1213
IP address blocks:        147.252.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/b18f32-473c-4d9e-ab85-7bd0cfa239f6/1/4Vanhb9_5NfEpca3ISFPDpbzrsk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/b18f32-473c-4d9e-ab85-7bd0cfa239f6/1/4Vanhb9_5NfEpca3ISFPDpbzrsk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4Vanhb9_5NfEpca3ISFPDpbzrsk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:2d:63:20:1d:d8:9f:8a:cc:ba:56:0a:d4:4e:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e156a785bf7fe4d7c4a5c6b721214f0e96f3aec9
        Validity
            Not Before: Jan  1 19:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d8ddb2694c6c12aa5fb5dcf8dc9350731c3afc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:41:54:66:ef:ad:d5:02:c6:b3:fd:51:0e:2e:
                    62:12:f2:6d:97:1f:d5:bc:0f:62:8a:2a:de:e0:75:
                    d1:7b:e7:bb:e9:a5:c1:b6:75:a4:7f:b8:a2:d3:63:
                    82:6b:de:c5:df:f8:b5:ac:34:21:74:66:be:60:3c:
                    76:79:c1:fd:3c:4d:52:d3:68:eb:e2:05:90:a8:a6:
                    a2:09:a4:b7:f4:80:af:fe:a3:a2:ff:53:07:48:ea:
                    c7:56:f5:01:90:94:d5:eb:4f:23:6e:f2:73:e6:94:
                    0d:4a:1d:9f:1a:36:91:c9:a7:a7:f9:e1:34:7a:ac:
                    f7:05:7d:09:2b:d1:c5:e0:57:4e:3f:b1:6d:37:f6:
                    91:94:ed:ca:6a:02:fd:9c:d9:af:02:2b:3f:fd:ea:
                    5a:da:d5:03:21:11:4c:a6:d1:c6:1c:b4:6a:a5:4b:
                    02:13:80:7a:c2:e2:0c:be:fd:07:41:b2:e4:14:2f:
                    59:73:cb:d2:b0:1e:02:04:c2:dd:67:5e:de:08:0e:
                    d6:d5:dd:22:54:1f:c7:26:06:03:65:85:b1:e6:ca:
                    b4:75:e5:14:94:03:f6:bb:42:ac:7c:80:f9:d6:de:
                    e4:36:b8:41:f2:6f:eb:7f:fc:76:7b:72:99:fb:41:
                    37:6f:7c:8a:1b:46:bd:50:81:5f:74:3d:2d:16:38:
                    ad:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:8D:DB:26:94:C6:C1:2A:A5:FB:5D:CF:8D:C9:35:07:31:C3:AF:C2
            X509v3 Authority Key Identifier:
                keyid:E1:56:A7:85:BF:7F:E4:D7:C4:A5:C6:B7:21:21:4F:0E:96:F3:AE:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4Vanhb9_5NfEpca3ISFPDpbzrsk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/b18f32-473c-4d9e-ab85-7bd0cfa239f6/1/TY3bJpTGwSql-13Pjck1BzHDr8I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/b18f32-473c-4d9e-ab85-7bd0cfa239f6/1/4Vanhb9_5NfEpca3ISFPDpbzrsk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.252.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a0:af:d6:32:bf:f6:d6:ae:cf:ab:09:d8:be:7e:33:da:27:77:
         8b:e5:8a:2d:0a:5b:4a:83:fa:a7:6d:97:8e:8c:5d:26:bd:99:
         0d:84:d5:2d:ae:c2:5f:9d:ff:39:30:e4:11:56:fd:7f:89:11:
         98:f3:d1:9a:95:0a:8a:f2:eb:e1:2e:83:e5:ec:31:e1:4b:d0:
         0d:9b:9f:f1:11:26:b3:f6:7e:34:74:8f:4d:01:ff:7c:45:c8:
         0d:59:9e:3a:b9:67:85:c2:ac:cc:e8:d7:3e:7e:cf:b9:14:85:
         df:f8:4b:38:07:7a:d6:8b:f6:2b:f9:27:37:a2:ea:af:38:ee:
         0e:0c:d1:31:16:27:88:62:91:d3:9e:d8:43:99:6b:0f:63:81:
         4c:50:03:60:f1:1e:95:6c:33:c5:4b:35:4b:29:03:1a:41:b2:
         a3:74:85:c7:70:1a:19:f4:13:f5:da:33:00:c1:d7:96:bd:85:
         d8:2f:e1:40:7c:32:80:69:d4:26:19:32:20:d6:88:13:c8:d1:
         dd:66:f3:08:bf:6a:99:23:86:dc:84:04:ef:0e:a9:e5:e3:a1:
         80:53:f3:6d:be:09:db:d2:7c:8b:61:7b:ef:c9:75:4e:8c:8e:
         e6:49:60:b8:2f:6f:1e:dd:e7:ba:ec:0e:83:a6:a1:18:7e:18:
         8b:80:cc:32
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQjai1jIB3Yn4rMulYK1E5iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNTZhNzg1YmY3ZmU0ZDdjNGE1YzZiNzIxMjE0ZjBlOTZm
M2FlYzkwHhcNMjUwMTAxMTk0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDhkZGIyNjk0YzZjMTJhYTVmYjVkY2Y4ZGM5MzUwNzMxYzNhZmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6kFUZu+t1QLGs/1RDi5iEvJtlx/V
vA9iiire4HXRe+e76aXBtnWkf7ii02OCa97F3/i1rDQhdGa+YDx2ecH9PE1S02jr
4gWQqKaiCaS39ICv/qOi/1MHSOrHVvUBkJTV608jbvJz5pQNSh2fGjaRyaen+eE0
eqz3BX0JK9HF4FdOP7FtN/aRlO3KagL9nNmvAis//epa2tUDIRFMptHGHLRqpUsC
E4B6wuIMvv0HQbLkFC9Zc8vSsB4CBMLdZ17eCA7W1d0iVB/HJgYDZYWx5sq0deUU
lAP2u0KsfID51t7kNrhB8m/rf/x2e3KZ+0E3b3yKG0a9UIFfdD0tFjitSQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFE2N2yaUxsEqpftdz43JNQcxw6/CMB8GA1UdIwQY
MBaAFOFWp4W/f+TXxKXGtyEhTw6W867JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFZhbmhiOV81TmZFcGNhM0lTRlBEcGJ6cnNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9iMThmMzItNDczYy00ZDllLWFiODUt
N2JkMGNmYTIzOWY2LzEvVFkzYkpwVEd3U3FsLTEzUGpjazFCekhEcjhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9iMThmMzItNDczYy00ZDllLWFiODUtN2JkMGNmYTIzOWY2
LzEvNFZhbmhiOV81TmZFcGNhM0lTRlBEcGJ6cnNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAk/wwDQYJ
KoZIhvcNAQELBQADggEBAKCv1jK/9tauz6sJ2L5+M9ond4vlii0KW0qD+qdtl46M
XSa9mQ2E1S2uwl+d/zkw5BFW/X+JEZjz0ZqVCory6+Eug+XsMeFL0A2bn/ERJrP2
fjR0j00B/3xFyA1Znjq5Z4XCrMzo1z5+z7kUhd/4SzgHetaL9iv5Jzei6q847g4M
0TEWJ4hikdOe2EOZaw9jgUxQA2DxHpVsM8VLNUspAxpBsqN0hcdwGhn0E/XaMwDB
15a9hdgv4UB8MoBp1CYZMiDWiBPI0d1m8wi/apkjhtyEBO8OqeXjoYBT822+CdvS
fIthe+/JdU6MjuZJYLgvbx7d57rsDoOmoRh+GIuAzDI=
-----END CERTIFICATE-----