Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/tTkbfZxula834alUiiKULvFUhEY.roa
File:                     tTkbfZxula834alUiiKULvFUhEY.roa (raw, json)
Hash identifier:          53gfHOJtFDupMS3Pl17R4clQixHqHEmtoBj+F2KX9dc=
Subject key identifier:   B5:39:1B:7D:9C:6E:95:AF:37:E1:A9:54:8A:22:94:2E:F1:54:84:46
Certificate issuer:       /CN=bba35cf8ab6f3eaa2aebadd9e2373dec0893625e
Certificate serial:       0194221FB5ADDF15E414C634EE5C91C16491
Authority key identifier: BB:A3:5C:F8:AB:6F:3E:AA:2A:EB:AD:D9:E2:37:3D:EC:08:93:62:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u6Nc-KtvPqoq663Z4jc97AiTYl4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/tTkbfZxula834alUiiKULvFUhEY.roa
Signing time:             Wed 01 Jan 2025 13:48:10 +0000
ROA not before:           Wed 01 Jan 2025 13:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398849
IP address blocks:        157.23.224.0/20 maxlen: 24
                          2a0e:bbc0:8000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/u6Nc-KtvPqoq663Z4jc97AiTYl4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/u6Nc-KtvPqoq663Z4jc97AiTYl4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u6Nc-KtvPqoq663Z4jc97AiTYl4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:b5:ad:df:15:e4:14:c6:34:ee:5c:91:c1:64:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bba35cf8ab6f3eaa2aebadd9e2373dec0893625e
        Validity
            Not Before: Jan  1 13:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b5391b7d9c6e95af37e1a9548a22942ef1548446
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:ae:5d:3d:29:2c:9c:c3:89:e9:3b:c2:e9:d9:
                    15:72:8d:13:f6:26:bf:8e:a7:1b:3c:dd:9f:37:95:
                    0c:49:83:7f:5e:5b:9c:03:8f:36:6b:2c:0b:26:85:
                    84:c2:74:20:89:93:ed:6f:5b:8e:1b:f7:aa:48:06:
                    38:bd:0e:97:39:46:8b:00:aa:0f:3e:16:9c:51:62:
                    85:27:90:a5:9d:05:95:c7:d7:0b:46:97:d9:cd:23:
                    94:2e:b3:f6:71:6f:d3:c1:06:5a:23:31:ed:af:cd:
                    a7:01:b5:65:a5:6d:28:0d:dd:f4:64:87:6c:9f:bb:
                    78:56:86:5d:10:87:40:e2:11:58:b5:60:f5:50:df:
                    46:81:16:9c:76:ec:16:83:ea:20:98:b6:a9:96:74:
                    dc:7d:c5:f0:05:65:fb:fe:d7:5d:3f:c2:c0:f2:cc:
                    3b:4c:d3:87:ab:a4:28:52:32:22:0b:cc:e9:b4:e7:
                    f7:dc:e1:c2:a3:81:cd:df:78:6f:5a:3c:41:5a:55:
                    1b:78:1f:5b:df:5e:a8:2e:01:97:35:7b:4a:d4:b7:
                    41:5d:28:b9:77:f3:54:0c:40:1f:b5:40:e0:a4:a5:
                    85:4c:b5:bc:1e:15:72:79:ea:a9:d8:e6:64:bb:ea:
                    05:d1:54:17:2e:8a:8c:93:31:33:7e:c0:c6:c5:05:
                    b5:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:39:1B:7D:9C:6E:95:AF:37:E1:A9:54:8A:22:94:2E:F1:54:84:46
            X509v3 Authority Key Identifier:
                keyid:BB:A3:5C:F8:AB:6F:3E:AA:2A:EB:AD:D9:E2:37:3D:EC:08:93:62:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u6Nc-KtvPqoq663Z4jc97AiTYl4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/tTkbfZxula834alUiiKULvFUhEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/u6Nc-KtvPqoq663Z4jc97AiTYl4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.23.224.0/20
                IPv6:
                  2a0e:bbc0:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         43:4b:33:32:e9:f8:81:41:b0:9a:7e:0d:8b:63:c6:e6:2d:10:
         1d:f1:1b:3d:d6:c0:b6:ec:f3:06:a8:32:78:ec:2f:7c:a4:17:
         20:46:fb:fb:e1:61:75:73:2c:13:eb:63:0d:72:47:b5:15:9a:
         7f:dd:4d:85:93:ba:bc:52:da:96:8b:29:1c:bf:ac:6b:a0:86:
         b8:91:84:c4:3d:19:eb:9d:a1:26:c7:95:ea:33:e1:7e:75:8a:
         fa:0d:92:61:fb:17:fc:17:41:e3:41:e1:68:63:c5:83:3a:af:
         95:e9:74:40:1b:24:a1:df:e8:75:04:13:44:79:86:bc:a6:a2:
         24:17:07:ce:b5:9f:b2:43:08:3b:84:8e:44:60:d0:4f:78:ed:
         0f:f8:e4:c9:7b:54:8b:39:53:42:ea:84:80:10:9d:35:b5:b6:
         97:7a:25:6d:8b:dc:25:ad:4f:02:0e:c2:8e:61:33:91:8c:9f:
         49:01:c2:0c:15:b4:18:60:30:ed:1e:45:5c:2d:b3:49:f1:02:
         71:af:ab:39:bf:6c:17:0d:86:28:03:a7:5a:2f:86:d7:92:14:
         d6:26:f8:1c:b1:c4:63:f1:ab:2e:d9:40:c7:17:83:0b:76:4b:
         8f:9b:1b:6f:88:a4:49:57:f7:75:7b:09:bf:95:00:1c:f7:41:
         dc:de:95:f8
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQiH7Wt3xXkFMY07lyRwWSRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiYTM1Y2Y4YWI2ZjNlYWEyYWViYWRkOWUyMzczZGVjMDg5
MzYyNWUwHhcNMjUwMTAxMTM0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTM5MWI3ZDljNmU5NWFmMzdlMWE5NTQ4YTIyOTQyZWYxNTQ4NDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA065dPSksnMOJ6TvC6dkVco0T9ia/
jqcbPN2fN5UMSYN/XlucA482aywLJoWEwnQgiZPtb1uOG/eqSAY4vQ6XOUaLAKoP
PhacUWKFJ5ClnQWVx9cLRpfZzSOULrP2cW/TwQZaIzHtr82nAbVlpW0oDd30ZIds
n7t4VoZdEIdA4hFYtWD1UN9GgRacduwWg+ogmLaplnTcfcXwBWX7/tddP8LA8sw7
TNOHq6QoUjIiC8zptOf33OHCo4HN33hvWjxBWlUbeB9b316oLgGXNXtK1LdBXSi5
d/NUDEAftUDgpKWFTLW8HhVyeeqp2OZku+oF0VQXLoqMkzEzfsDGxQW1EQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFLU5G32cbpWvN+GpVIoilC7xVIRGMB8GA1UdIwQY
MBaAFLujXPirbz6qKuut2eI3PewIk2JeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTZOYy1LdHZQcW9xNjYzWjRqYzk3QWlUWWw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9hMGUwMWEtOWJiYy00NGVlLTk4YTMt
NTk3YjZlMjQ5MmFiLzEvdFRrYmZaeHVsYTgzNGFsVWlpS1VMdkZVaEVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9hMGUwMWEtOWJiYy00NGVlLTk4YTMtNTk3YjZlMjQ5MmFi
LzEvdTZOYy1LdHZQcW9xNjYzWjRqYzk3QWlUWWw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQEnRfgMA4E
AgACMAgDBgAqDrvAgDANBgkqhkiG9w0BAQsFAAOCAQEAQ0szMun4gUGwmn4Ni2PG
5i0QHfEbPdbAtuzzBqgyeOwvfKQXIEb7++FhdXMsE+tjDXJHtRWaf91NhZO6vFLa
lospHL+sa6CGuJGExD0Z652hJseV6jPhfnWK+g2SYfsX/BdB40HhaGPFgzqvlel0
QBskod/odQQTRHmGvKaiJBcHzrWfskMIO4SORGDQT3jtD/jkyXtUizlTQuqEgBCd
NbW2l3olbYvcJa1PAg7CjmEzkYyfSQHCDBW0GGAw7R5FXC2zSfECca+rOb9sFw2G
KAOnWi+G15IU1ib4HLHEY/GrLtlAxxeDC3ZLj5sbb4ikSVf3dXsJv5UAHPdB3N6V
+A==
-----END CERTIFICATE-----