Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/TiEyxKmyiS65-0wzRPZF8VUxgEI.roa
File:                     TiEyxKmyiS65-0wzRPZF8VUxgEI.roa (raw, json)
Hash identifier:          O61YlumzohkeBoQeKX9n1/69jzfPg7pNTilEHThyZVQ=
Subject key identifier:   4E:21:32:C4:A9:B2:89:2E:B9:FB:4C:33:44:F6:45:F1:55:31:80:42
Certificate issuer:       /CN=d31dd1a514d3a7e3dfdb8bfb75d7d24ed98d479f
Certificate serial:       01942143FA2A4A901C732A60134C17266231
Authority key identifier: D3:1D:D1:A5:14:D3:A7:E3:DF:DB:8B:FB:75:D7:D2:4E:D9:8D:47:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0x3RpRTTp-Pf24v7ddfSTtmNR58.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/TiEyxKmyiS65-0wzRPZF8VUxgEI.roa
Signing time:             Wed 01 Jan 2025 09:48:10 +0000
ROA not before:           Wed 01 Jan 2025 09:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8220
IP address blocks:        193.58.222.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/0x3RpRTTp-Pf24v7ddfSTtmNR58.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/0x3RpRTTp-Pf24v7ddfSTtmNR58.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0x3RpRTTp-Pf24v7ddfSTtmNR58.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 22:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:fa:2a:4a:90:1c:73:2a:60:13:4c:17:26:62:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d31dd1a514d3a7e3dfdb8bfb75d7d24ed98d479f
        Validity
            Not Before: Jan  1 09:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e2132c4a9b2892eb9fb4c3344f645f155318042
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:5b:28:a5:c5:27:f0:e7:81:68:94:20:b6:66:
                    a7:e5:05:cc:8e:3d:b9:43:e1:c4:e7:60:d6:61:52:
                    6a:b5:4d:0a:75:68:80:5d:46:c6:d5:fe:ef:c7:3b:
                    99:e5:40:c7:08:b4:2e:e7:33:29:2b:43:7d:00:17:
                    47:4e:13:ca:f1:46:11:6d:4d:87:94:5d:51:dc:b3:
                    d7:5f:c1:35:f8:78:46:b6:42:9f:65:6e:dc:7e:5c:
                    a4:d2:d7:74:b3:58:b2:45:8b:52:26:85:4b:50:68:
                    a3:06:b8:d6:a9:86:85:5b:56:78:24:85:5d:9f:6d:
                    35:d6:0e:5e:44:2a:31:16:3c:68:fd:42:04:c8:b8:
                    5c:48:c6:1f:93:dc:ec:a9:45:79:a2:27:7f:ef:f1:
                    04:44:03:e8:4d:fa:59:57:3c:c6:cc:5a:a8:3d:bb:
                    26:e0:b0:09:3c:37:f3:37:8c:cf:95:f1:77:25:f7:
                    0e:b1:43:3e:c0:b4:64:79:7f:88:aa:ac:f0:44:38:
                    bc:66:b7:0c:84:6c:9a:3d:1a:26:2b:40:f1:b4:a9:
                    58:c9:29:57:14:37:df:80:53:f4:72:26:e7:c4:3e:
                    09:b1:e4:21:86:c9:2e:31:d3:62:09:c1:6e:76:d6:
                    6f:9d:4c:b8:07:09:1c:aa:08:82:1d:a5:14:75:fa:
                    7d:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:21:32:C4:A9:B2:89:2E:B9:FB:4C:33:44:F6:45:F1:55:31:80:42
            X509v3 Authority Key Identifier:
                keyid:D3:1D:D1:A5:14:D3:A7:E3:DF:DB:8B:FB:75:D7:D2:4E:D9:8D:47:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0x3RpRTTp-Pf24v7ddfSTtmNR58.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/TiEyxKmyiS65-0wzRPZF8VUxgEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/0x3RpRTTp-Pf24v7ddfSTtmNR58.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.58.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b8:a0:bb:a7:b5:9d:2b:d5:c5:6a:1a:f1:58:60:1e:49:cb:ba:
         37:d8:0d:e1:dc:58:23:7b:ea:80:c2:0a:34:ec:50:96:1f:88:
         8f:a1:f6:78:68:20:aa:48:7d:68:82:ff:da:67:18:68:4c:60:
         06:ce:cb:b4:d2:4c:91:88:b0:4a:8e:8f:31:a3:7b:58:c9:83:
         af:eb:01:c9:70:4a:5a:11:53:82:d8:be:b3:0d:aa:63:ca:92:
         1a:0d:12:9f:bf:4f:2b:b7:77:7b:ef:57:88:78:7b:23:da:0e:
         42:bd:5f:62:59:6d:64:ce:8c:3e:69:fd:8c:b2:5c:56:fb:2b:
         e1:af:b2:84:2d:35:39:9e:1f:34:57:61:32:52:b4:41:5f:14:
         d6:8d:64:57:51:8f:35:ab:63:ba:19:4b:d1:22:d2:55:f2:9c:
         af:60:1e:4e:d5:00:ce:a1:18:ee:30:76:db:e6:f7:a1:ef:ad:
         05:05:8a:ba:04:12:db:ea:ab:41:86:1b:e8:96:f6:b1:8e:da:
         04:98:e8:9f:59:99:bc:02:5e:93:0f:73:63:0b:a5:69:67:7c:
         39:0c:de:9e:6c:4f:c8:06:40:75:fc:52:59:6f:74:49:da:2b:
         dc:de:8b:eb:29:c1:01:1c:72:a5:d7:94:91:42:79:1b:28:f4:
         74:45:50:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ/oqSpAccypgE0wXJmIxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzMWRkMWE1MTRkM2E3ZTNkZmRiOGJmYjc1ZDdkMjRlZDk4
ZDQ3OWYwHhcNMjUwMTAxMDk0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTIxMzJjNGE5YjI4OTJlYjlmYjRjMzM0NGY2NDVmMTU1MzE4MDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFsopcUn8OeBaJQgtman5QXMjj25
Q+HE52DWYVJqtU0KdWiAXUbG1f7vxzuZ5UDHCLQu5zMpK0N9ABdHThPK8UYRbU2H
lF1R3LPXX8E1+HhGtkKfZW7cflyk0td0s1iyRYtSJoVLUGijBrjWqYaFW1Z4JIVd
n2011g5eRCoxFjxo/UIEyLhcSMYfk9zsqUV5oid/7/EERAPoTfpZVzzGzFqoPbsm
4LAJPDfzN4zPlfF3JfcOsUM+wLRkeX+IqqzwRDi8ZrcMhGyaPRomK0DxtKlYySlX
FDffgFP0cibnxD4JseQhhskuMdNiCcFudtZvnUy4BwkcqgiCHaUUdfp9swIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE4hMsSpsokuuftMM0T2RfFVMYBCMB8GA1UdIwQY
MBaAFNMd0aUU06fj39uL+3XX0k7ZjUefMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHgzUnBSVFRwLVBmMjR2N2RkZlNUdG1OUjU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9mMjQ3OGYtYzUwMy00MmMyLTk0YjIt
YjE2NmFlMmVmMjg3LzEvVGlFeXhLbXlpUzY1LTB3elJQWkY4VlV4Z0VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9mMjQ3OGYtYzUwMy00MmMyLTk0YjItYjE2NmFlMmVmMjg3
LzEvMHgzUnBSVFRwLVBmMjR2N2RkZlNUdG1OUjU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwTreMA0G
CSqGSIb3DQEBCwUAA4IBAQC4oLuntZ0r1cVqGvFYYB5Jy7o32A3h3Fgje+qAwgo0
7FCWH4iPofZ4aCCqSH1ogv/aZxhoTGAGzsu00kyRiLBKjo8xo3tYyYOv6wHJcEpa
EVOC2L6zDapjypIaDRKfv08rt3d771eIeHsj2g5CvV9iWW1kzow+af2MslxW+yvh
r7KELTU5nh80V2EyUrRBXxTWjWRXUY81q2O6GUvRItJV8pyvYB5O1QDOoRjuMHbb
5veh760FBYq6BBLb6qtBhhvolvaxjtoEmOifWZm8Al6TD3NjC6VpZ3w5DN6ebE/I
BkB1/FJZb3RJ2ivc3ovrKcEBHHKl15SRQnkbKPR0RVDI
-----END CERTIFICATE-----