Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/d8c58d-8d24-4280-91fd-48b1664d40d5/1/TLZrPYGbv3OSz3l-n9m1uFTtYyY.roa
File:                     TLZrPYGbv3OSz3l-n9m1uFTtYyY.roa (raw, json)
Hash identifier:          BAfT0SDdeatk44A0MoM3KqLiELOkYEeVNpqrfHgFPvo=
Subject key identifier:   4C:B6:6B:3D:81:9B:BF:73:92:CF:79:7E:9F:D9:B5:B8:54:ED:63:26
Certificate issuer:       /CN=37d27fc24443fcdd4b1b65cfc8078c4a14289f9e
Certificate serial:       019422FBAD33E277CF9F24372AB92BEC2D13
Authority key identifier: 37:D2:7F:C2:44:43:FC:DD:4B:1B:65:CF:C8:07:8C:4A:14:28:9F:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N9J_wkRD_N1LG2XPyAeMShQon54.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/d8c58d-8d24-4280-91fd-48b1664d40d5/1/TLZrPYGbv3OSz3l-n9m1uFTtYyY.roa
Signing time:             Wed 01 Jan 2025 17:48:26 +0000
ROA not before:           Wed 01 Jan 2025 17:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203576
IP address blocks:        5.252.96.0/24 maxlen: 32
                          5.252.97.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/d8c58d-8d24-4280-91fd-48b1664d40d5/1/N9J_wkRD_N1LG2XPyAeMShQon54.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/d8c58d-8d24-4280-91fd-48b1664d40d5/1/N9J_wkRD_N1LG2XPyAeMShQon54.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N9J_wkRD_N1LG2XPyAeMShQon54.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:ad:33:e2:77:cf:9f:24:37:2a:b9:2b:ec:2d:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37d27fc24443fcdd4b1b65cfc8078c4a14289f9e
        Validity
            Not Before: Jan  1 17:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4cb66b3d819bbf7392cf797e9fd9b5b854ed6326
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:47:d4:42:87:07:b9:5f:f5:8b:8c:96:bc:70:
                    47:9d:38:6d:21:aa:cc:7c:22:f0:54:8b:c5:ef:6f:
                    3a:04:ea:0a:21:27:c8:5b:55:3b:b7:b4:59:ba:5a:
                    21:e1:9f:9f:4e:85:18:5b:92:fb:98:57:53:2b:a1:
                    35:97:f0:e4:b2:4e:02:c4:2e:20:63:d0:17:96:5d:
                    85:6c:1e:c3:f0:b8:57:13:3f:b5:49:12:87:49:d9:
                    9e:d3:2a:bb:a1:16:69:54:4a:ff:17:e7:74:85:c9:
                    35:e9:39:11:42:b2:aa:aa:c5:05:0b:05:1b:8f:b0:
                    35:79:0f:ab:15:da:ec:a1:f3:a3:1a:e4:12:c0:a0:
                    81:fb:7f:48:75:a8:d2:00:58:e2:4e:6f:e0:78:dc:
                    c1:88:0e:61:1c:df:c8:52:69:43:53:d3:6f:15:24:
                    4b:ed:22:c4:4e:9d:ed:10:02:21:0b:f4:da:b0:e7:
                    6f:9a:11:aa:00:3c:eb:4c:a6:12:19:b2:8a:1d:05:
                    93:e8:85:d4:57:9f:04:85:f3:4f:53:59:24:d4:10:
                    43:83:56:2d:e2:22:ac:b4:6c:a3:2e:9a:01:0f:66:
                    dc:28:32:9a:ab:7d:66:f3:c4:69:fd:ca:1f:34:21:
                    d4:af:c6:a4:75:10:d2:35:d0:35:63:56:e2:29:94:
                    21:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:B6:6B:3D:81:9B:BF:73:92:CF:79:7E:9F:D9:B5:B8:54:ED:63:26
            X509v3 Authority Key Identifier:
                keyid:37:D2:7F:C2:44:43:FC:DD:4B:1B:65:CF:C8:07:8C:4A:14:28:9F:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N9J_wkRD_N1LG2XPyAeMShQon54.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/d8c58d-8d24-4280-91fd-48b1664d40d5/1/TLZrPYGbv3OSz3l-n9m1uFTtYyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/d8c58d-8d24-4280-91fd-48b1664d40d5/1/N9J_wkRD_N1LG2XPyAeMShQon54.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         20:39:a7:0e:57:1d:54:00:3d:7e:4b:7d:b0:e0:ca:6e:f0:5c:
         16:16:0e:61:95:99:44:f3:f1:4e:36:2f:e4:36:5e:a8:3e:75:
         9f:c8:a1:05:15:36:23:52:d7:a6:3d:2a:4f:a3:f5:c0:83:c3:
         88:31:3c:51:4d:cd:a8:55:9d:78:3e:86:d9:d4:2e:c8:93:19:
         be:68:fa:b3:96:db:81:f4:5a:c7:19:27:67:a0:a9:6a:86:37:
         16:00:8b:82:de:75:fc:52:cc:9e:e2:6e:e1:63:68:09:47:a1:
         20:71:86:8d:77:2d:1b:da:a5:1a:09:a1:d3:1e:16:10:3a:e8:
         64:f5:3d:cc:b2:50:be:e8:48:4b:94:e4:6d:31:9c:10:25:18:
         9f:64:d4:6a:c2:18:3f:4f:fc:26:e9:93:5f:2c:e1:2c:d9:e8:
         2b:0a:4a:92:2e:cb:b1:9a:64:a5:b0:3b:65:cb:fc:00:de:3a:
         67:96:d3:e5:4f:78:b5:76:d2:71:f0:9c:39:02:2c:b3:35:1b:
         bd:13:12:da:17:e1:44:21:ce:f5:63:3c:5e:eb:d1:84:b9:76:
         3a:43:c8:8e:a9:78:47:35:54:8c:e6:fb:e9:9c:53:5e:a3:bb:
         ff:6a:94:4b:10:78:56:e4:93:ce:50:3a:48:49:1f:6f:3b:b1:
         4e:e7:58:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+60z4nfPnyQ3Krkr7C0TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZDI3ZmMyNDQ0M2ZjZGQ0YjFiNjVjZmM4MDc4YzRhMTQy
ODlmOWUwHhcNMjUwMTAxMTc0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2I2NmIzZDgxOWJiZjczOTJjZjc5N2U5ZmQ5YjViODU0ZWQ2MzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuUfUQocHuV/1i4yWvHBHnThtIarM
fCLwVIvF7286BOoKISfIW1U7t7RZuloh4Z+fToUYW5L7mFdTK6E1l/Dksk4CxC4g
Y9AXll2FbB7D8LhXEz+1SRKHSdme0yq7oRZpVEr/F+d0hck16TkRQrKqqsUFCwUb
j7A1eQ+rFdrsofOjGuQSwKCB+39IdajSAFjiTm/geNzBiA5hHN/IUmlDU9NvFSRL
7SLETp3tEAIhC/TasOdvmhGqADzrTKYSGbKKHQWT6IXUV58EhfNPU1kk1BBDg1Yt
4iKstGyjLpoBD2bcKDKaq31m88Rp/cofNCHUr8akdRDSNdA1Y1biKZQhjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEy2az2Bm79zks95fp/ZtbhU7WMmMB8GA1UdIwQY
MBaAFDfSf8JEQ/zdSxtlz8gHjEoUKJ+eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjlKX3drUkRfTjFMRzJYUHlBZU1TaFFvbjU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9kOGM1OGQtOGQyNC00MjgwLTkxZmQt
NDhiMTY2NGQ0MGQ1LzEvVExaclBZR2J2M09TejNsLW45bTF1RlR0WXlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9kOGM1OGQtOGQyNC00MjgwLTkxZmQtNDhiMTY2NGQ0MGQ1
LzEvTjlKX3drUkRfTjFMRzJYUHlBZU1TaFFvbjU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBfxgMA0G
CSqGSIb3DQEBCwUAA4IBAQAgOacOVx1UAD1+S32w4Mpu8FwWFg5hlZlE8/FONi/k
Nl6oPnWfyKEFFTYjUtemPSpPo/XAg8OIMTxRTc2oVZ14PobZ1C7Ikxm+aPqzltuB
9FrHGSdnoKlqhjcWAIuC3nX8Usye4m7hY2gJR6EgcYaNdy0b2qUaCaHTHhYQOuhk
9T3MslC+6EhLlORtMZwQJRifZNRqwhg/T/wm6ZNfLOEs2egrCkqSLsuxmmSlsDtl
y/wA3jpnltPlT3i1dtJx8Jw5AiyzNRu9ExLaF+FEIc71Yzxe69GEuXY6Q8iOqXhH
NVSM5vvpnFNeo7v/apRLEHhW5JPOUDpISR9vO7FO51jq
-----END CERTIFICATE-----