Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/7beb04-317b-448a-82ed-565b1447037b/1/Ti73dcIrlh5auWtScVzVwqOqQSk.roa
File:                     Ti73dcIrlh5auWtScVzVwqOqQSk.roa (raw, json)
Hash identifier:          bD54N27Ykt/wu2s+Dy6sKxGGg/cuSXB3DUKzM/XaSZM=
Subject key identifier:   4E:2E:F7:75:C2:2B:96:1E:5A:B9:6B:52:71:5C:D5:C2:A3:AA:41:29
Certificate issuer:       /CN=d275d7a8bac0477f5509dff11b9195ca60df87da
Certificate serial:       019426D96D289D30B418FE2E2265E78B5EC4
Authority key identifier: D2:75:D7:A8:BA:C0:47:7F:55:09:DF:F1:1B:91:95:CA:60:DF:87:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0nXXqLrAR39VCd_xG5GVymDfh9o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/7beb04-317b-448a-82ed-565b1447037b/1/Ti73dcIrlh5auWtScVzVwqOqQSk.roa
Signing time:             Thu 02 Jan 2025 11:49:30 +0000
ROA not before:           Thu 02 Jan 2025 11:49:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209483
IP address blocks:        171.22.156.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/7beb04-317b-448a-82ed-565b1447037b/1/0nXXqLrAR39VCd_xG5GVymDfh9o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/7beb04-317b-448a-82ed-565b1447037b/1/0nXXqLrAR39VCd_xG5GVymDfh9o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0nXXqLrAR39VCd_xG5GVymDfh9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 14 May 2025 14:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:6d:28:9d:30:b4:18:fe:2e:22:65:e7:8b:5e:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d275d7a8bac0477f5509dff11b9195ca60df87da
        Validity
            Not Before: Jan  2 11:49:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e2ef775c22b961e5ab96b52715cd5c2a3aa4129
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:4f:aa:0d:d7:f8:dc:3e:7b:f3:9d:29:b2:e3:
                    d2:41:d5:ee:e6:22:a1:94:4d:37:31:1c:eb:bd:43:
                    5c:86:3f:e1:b0:bd:1f:8b:53:f1:f5:93:04:b9:e6:
                    89:9c:0e:d6:a4:c7:ff:cf:25:ea:b7:d7:8b:e2:bb:
                    b3:07:97:cd:6c:d7:87:cc:31:bd:f3:8a:fc:fe:8e:
                    bb:09:23:14:ea:5e:11:ea:e8:ef:19:92:d4:ce:93:
                    47:06:b1:32:01:37:bd:8a:f3:46:ed:cb:ff:8b:1f:
                    82:db:3e:57:0c:c1:09:b5:77:79:f7:19:eb:17:b1:
                    37:8f:9b:12:4b:7e:87:29:d8:27:c2:1a:50:2c:2e:
                    87:42:4b:d0:43:ca:de:d5:41:ed:a8:bc:bd:ac:18:
                    a8:31:c2:a9:b1:41:c0:27:48:76:bc:11:81:d6:ca:
                    e9:4f:8f:74:e4:c1:73:6a:e5:01:53:81:09:4c:9b:
                    70:91:92:dc:06:1f:c0:30:fe:d7:b8:33:db:c9:f3:
                    6a:29:42:63:de:34:4c:ca:c7:db:df:35:c6:da:3c:
                    e9:af:d3:38:a6:95:29:c8:69:df:31:81:b0:9d:21:
                    6f:57:b8:f7:54:6f:ed:9b:9b:60:fb:75:e9:2c:b6:
                    0c:b8:0d:b6:46:b5:ee:b4:56:f4:a4:49:38:b0:e4:
                    89:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:2E:F7:75:C2:2B:96:1E:5A:B9:6B:52:71:5C:D5:C2:A3:AA:41:29
            X509v3 Authority Key Identifier:
                keyid:D2:75:D7:A8:BA:C0:47:7F:55:09:DF:F1:1B:91:95:CA:60:DF:87:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0nXXqLrAR39VCd_xG5GVymDfh9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/7beb04-317b-448a-82ed-565b1447037b/1/Ti73dcIrlh5auWtScVzVwqOqQSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/7beb04-317b-448a-82ed-565b1447037b/1/0nXXqLrAR39VCd_xG5GVymDfh9o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         aa:14:d1:18:b7:6e:61:92:ce:15:1d:b5:c9:8f:84:24:76:dc:
         94:65:4b:05:db:dc:b4:7d:0a:e9:5d:09:38:04:36:59:55:4c:
         2b:e7:c2:06:7d:8c:f4:f7:7a:81:91:5d:a2:9a:c0:ab:e5:e2:
         0a:72:b2:6d:e9:5c:df:9f:cf:f9:b6:51:22:b8:83:71:1e:a2:
         5e:a2:00:93:35:5c:cd:03:43:77:d8:99:81:b0:6c:46:7b:9f:
         3e:51:e2:73:fc:58:cf:e8:24:52:92:89:a6:8e:a2:11:bb:42:
         e6:59:a9:c5:ae:52:e2:6a:42:50:74:9b:5c:9e:8c:ab:6d:05:
         2e:94:75:09:c3:e1:65:38:03:ab:f0:78:c6:f5:08:35:24:da:
         b0:22:18:bc:16:fb:ce:93:90:58:d0:db:76:4e:da:43:6a:c5:
         9a:7f:bc:0b:68:50:80:8e:1f:93:e1:3a:23:07:5c:16:c7:c5:
         7b:a4:cb:9a:d9:41:53:bc:5a:2e:5c:bc:a3:da:e6:5a:f2:da:
         ba:f4:5f:89:6b:fa:79:0c:e8:37:32:c6:2c:42:d4:aa:c6:41:
         2f:1a:c4:e7:f3:16:13:92:e4:92:02:fd:ff:9b:c8:43:db:b5:
         88:cd:5d:19:1e:54:4a:72:ce:4c:0e:61:0c:43:1c:e7:e6:ca:
         c2:6a:f0:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2W0onTC0GP4uImXni17EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNzVkN2E4YmFjMDQ3N2Y1NTA5ZGZmMTFiOTE5NWNhNjBk
Zjg3ZGEwHhcNMjUwMTAyMTE0OTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTJlZjc3NWMyMmI5NjFlNWFiOTZiNTI3MTVjZDVjMmEzYWE0MTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA30+qDdf43D57850psuPSQdXu5iKh
lE03MRzrvUNchj/hsL0fi1Px9ZMEueaJnA7WpMf/zyXqt9eL4ruzB5fNbNeHzDG9
84r8/o67CSMU6l4R6ujvGZLUzpNHBrEyATe9ivNG7cv/ix+C2z5XDMEJtXd59xnr
F7E3j5sSS36HKdgnwhpQLC6HQkvQQ8re1UHtqLy9rBioMcKpsUHAJ0h2vBGB1srp
T4905MFzauUBU4EJTJtwkZLcBh/AMP7XuDPbyfNqKUJj3jRMysfb3zXG2jzpr9M4
ppUpyGnfMYGwnSFvV7j3VG/tm5tg+3XpLLYMuA22RrXutFb0pEk4sOSJIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE4u93XCK5YeWrlrUnFc1cKjqkEpMB8GA1UdIwQY
MBaAFNJ116i6wEd/VQnf8RuRlcpg34faMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG5YWHFMckFSMzlWQ2RfeEc1R1Z5bURmaDlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS83YmViMDQtMzE3Yi00NDhhLTgyZWQt
NTY1YjE0NDcwMzdiLzEvVGk3M2RjSXJsaDVhdVd0U2NWelZ3cU9xUVNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS83YmViMDQtMzE3Yi00NDhhLTgyZWQtNTY1YjE0NDcwMzdi
LzEvMG5YWHFMckFSMzlWQ2RfeEc1R1Z5bURmaDlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCqxacMA0G
CSqGSIb3DQEBCwUAA4IBAQCqFNEYt25hks4VHbXJj4QkdtyUZUsF29y0fQrpXQk4
BDZZVUwr58IGfYz093qBkV2imsCr5eIKcrJt6Vzfn8/5tlEiuINxHqJeogCTNVzN
A0N32JmBsGxGe58+UeJz/FjP6CRSkommjqIRu0LmWanFrlLiakJQdJtcnoyrbQUu
lHUJw+FlOAOr8HjG9Qg1JNqwIhi8FvvOk5BY0Nt2TtpDasWaf7wLaFCAjh+T4Toj
B1wWx8V7pMua2UFTvFouXLyj2uZa8tq69F+Ja/p5DOg3MsYsQtSqxkEvGsTn8xYT
kuSSAv3/m8hD27WIzV0ZHlRKcs5MDmEMQxzn5srCavB3
-----END CERTIFICATE-----