Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/TuhSGWpWiAR-_CuGAjKur_UHqfI.roa
File:                     TuhSGWpWiAR-_CuGAjKur_UHqfI.roa (raw, json)
Hash identifier:          g694Dtf0skboCvcn1cXKy53zJxoz5Cd0t1C15ptQmrU=
Subject key identifier:   4E:E8:52:19:6A:56:88:04:7E:FC:2B:86:02:32:AE:AF:F5:07:A9:F2
Certificate issuer:       /CN=111d6814375271d1a3cbd12155db11d2bd41a8d3
Certificate serial:       01942445A77F03A1E74B31AE2D29E5E77B3A
Authority key identifier: 11:1D:68:14:37:52:71:D1:A3:CB:D1:21:55:DB:11:D2:BD:41:A8:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ER1oFDdScdGjy9EhVdsR0r1BqNM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/TuhSGWpWiAR-_CuGAjKur_UHqfI.roa
Signing time:             Wed 01 Jan 2025 23:48:52 +0000
ROA not before:           Wed 01 Jan 2025 23:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3169
IP address blocks:        155.133.62.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/ER1oFDdScdGjy9EhVdsR0r1BqNM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/ER1oFDdScdGjy9EhVdsR0r1BqNM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ER1oFDdScdGjy9EhVdsR0r1BqNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:a7:7f:03:a1:e7:4b:31:ae:2d:29:e5:e7:7b:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=111d6814375271d1a3cbd12155db11d2bd41a8d3
        Validity
            Not Before: Jan  1 23:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ee852196a5688047efc2b860232aeaff507a9f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:0d:cc:15:f1:5b:4c:3c:5a:99:10:20:0c:4e:
                    8a:3d:30:69:2a:f2:e0:7d:e9:60:89:53:95:2e:71:
                    41:51:2d:c2:8a:6e:02:9b:f4:44:68:a8:dc:69:5e:
                    62:b4:a5:38:3e:ab:3b:47:c2:ce:98:50:71:4e:64:
                    af:0e:4d:dd:b4:81:8c:b7:e6:9b:59:c6:bc:69:c7:
                    a6:c4:8a:97:48:93:2c:a6:46:46:ac:de:1c:0d:50:
                    da:8e:e6:b5:1a:9a:28:ef:12:b7:f8:13:6f:b3:9c:
                    94:f4:db:41:e0:cc:97:5a:59:a0:07:5f:ea:ab:64:
                    b1:06:d6:4f:49:95:2a:9f:e0:cb:d5:b6:4f:68:d8:
                    ce:90:19:9b:2f:d6:13:01:e5:33:7c:ef:30:c6:36:
                    dc:7c:16:f3:05:c0:74:77:4a:27:4a:52:25:88:e3:
                    e8:a3:14:6d:6b:82:bd:e3:a3:70:4e:82:ef:73:61:
                    78:b4:24:c2:6c:d0:1f:1b:f6:4e:68:30:ed:c1:13:
                    ef:c7:4c:2a:b7:45:5e:a8:91:f7:9b:6c:6c:57:2a:
                    bb:e1:3b:bd:42:7f:b6:e2:2e:e3:a5:dc:c6:b8:2a:
                    cf:38:f1:66:fe:fc:e3:30:8c:61:3e:c2:e4:1a:2c:
                    7e:9d:6f:8a:ba:27:d2:50:59:ba:53:1d:8c:96:f1:
                    c7:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:E8:52:19:6A:56:88:04:7E:FC:2B:86:02:32:AE:AF:F5:07:A9:F2
            X509v3 Authority Key Identifier:
                keyid:11:1D:68:14:37:52:71:D1:A3:CB:D1:21:55:DB:11:D2:BD:41:A8:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ER1oFDdScdGjy9EhVdsR0r1BqNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/TuhSGWpWiAR-_CuGAjKur_UHqfI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/ER1oFDdScdGjy9EhVdsR0r1BqNM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.133.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6f:10:36:94:c7:25:53:3f:e9:9c:7e:46:a9:6f:1b:29:22:e5:
         d4:2f:92:10:b3:40:e5:8b:8a:23:d5:5f:6b:31:21:f7:36:ed:
         70:b7:9d:c3:c4:f6:3a:07:ec:4b:09:93:4b:f1:ab:da:ee:a3:
         fb:09:70:df:09:e3:37:98:29:79:41:d2:ba:00:19:ba:8e:59:
         cf:d8:54:81:a0:5f:eb:c6:f8:4c:9f:ae:17:33:1f:69:04:89:
         9e:53:10:09:8f:66:2f:83:fa:53:99:e7:60:58:88:74:72:cb:
         fb:ca:60:bd:9c:7b:fd:a5:49:74:4d:00:c3:c5:7e:16:57:66:
         46:24:5f:c2:30:8e:31:cf:88:3e:33:70:d6:07:7e:f1:ac:5d:
         32:95:c0:67:64:ea:ca:7f:ef:1d:d9:6c:62:33:5a:e3:79:92:
         52:1b:c9:b4:b2:b4:28:1b:bb:8b:3e:af:87:b7:84:0e:47:0f:
         6a:98:f3:db:97:05:9f:fe:9e:50:3c:7b:07:0d:26:80:bf:2a:
         09:ea:2a:ce:91:a5:59:0f:0d:c2:4a:ac:d1:e5:5b:91:2c:73:
         76:b7:65:5b:55:2a:93:13:01:e5:99:f3:33:f8:7d:49:90:32:
         1e:d7:9b:09:b0:06:1b:79:37:db:88:22:d7:9c:8a:c0:2d:33:
         34:c0:52:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRad/A6HnSzGuLSnl53s6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMWQ2ODE0Mzc1MjcxZDFhM2NiZDEyMTU1ZGIxMWQyYmQ0
MWE4ZDMwHhcNMjUwMTAxMjM0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWU4NTIxOTZhNTY4ODA0N2VmYzJiODYwMjMyYWVhZmY1MDdhOWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAng3MFfFbTDxamRAgDE6KPTBpKvLg
felgiVOVLnFBUS3Cim4Cm/REaKjcaV5itKU4Pqs7R8LOmFBxTmSvDk3dtIGMt+ab
Wca8acemxIqXSJMspkZGrN4cDVDajua1Gpoo7xK3+BNvs5yU9NtB4MyXWlmgB1/q
q2SxBtZPSZUqn+DL1bZPaNjOkBmbL9YTAeUzfO8wxjbcfBbzBcB0d0onSlIliOPo
oxRta4K946NwToLvc2F4tCTCbNAfG/ZOaDDtwRPvx0wqt0VeqJH3m2xsVyq74Tu9
Qn+24i7jpdzGuCrPOPFm/vzjMIxhPsLkGix+nW+KuifSUFm6Ux2MlvHHzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE7oUhlqVogEfvwrhgIyrq/1B6nyMB8GA1UdIwQY
MBaAFBEdaBQ3UnHRo8vRIVXbEdK9QajTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVIxb0ZEZFNjZEdqeTlFaFZkc1IwcjFCcU5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9hOGIxNGItZmIyNS00N2Y4LThiMGQt
MjcxZDI1ZTIwNTc0LzEvVHVoU0dXcFdpQVItX0N1R0FqS3VyX1VIcWZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9hOGIxNGItZmIyNS00N2Y4LThiMGQtMjcxZDI1ZTIwNTc0
LzEvRVIxb0ZEZFNjZEdqeTlFaFZkc1IwcjFCcU5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBm4U+MA0G
CSqGSIb3DQEBCwUAA4IBAQBvEDaUxyVTP+mcfkapbxspIuXUL5IQs0Dli4oj1V9r
MSH3Nu1wt53DxPY6B+xLCZNL8ava7qP7CXDfCeM3mCl5QdK6ABm6jlnP2FSBoF/r
xvhMn64XMx9pBImeUxAJj2Yvg/pTmedgWIh0csv7ymC9nHv9pUl0TQDDxX4WV2ZG
JF/CMI4xz4g+M3DWB37xrF0ylcBnZOrKf+8d2WxiM1rjeZJSG8m0srQoG7uLPq+H
t4QORw9qmPPblwWf/p5QPHsHDSaAvyoJ6irOkaVZDw3CSqzR5VuRLHN2t2VbVSqT
EwHlmfMz+H1JkDIe15sJsAYbeTfbiCLXnIrALTM0wFLe
-----END CERTIFICATE-----