Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/_TDYA4JrZGUt-GGHL5bnvHjHJVE.roa
File:                     _TDYA4JrZGUt-GGHL5bnvHjHJVE.roa (raw, json)
Hash identifier:          nUAqzK16311Ox8sqhCQ0j74tfnNox6VtiVuEJ25ju6c=
Subject key identifier:   FD:30:D8:03:82:6B:64:65:2D:F8:61:87:2F:96:E7:BC:78:C7:25:51
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       019695DBCDA697C7A861951CF9CFE5C7C23C
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/_TDYA4JrZGUt-GGHL5bnvHjHJVE.roa
Signing time:             Sat 03 May 2025 11:15:32 +0000
ROA not before:           Sat 03 May 2025 11:15:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        45.67.202.0/24 maxlen: 24
                          194.41.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 May 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:95:db:cd:a6:97:c7:a8:61:95:1c:f9:cf:e5:c7:c2:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: May  3 11:15:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fd30d803826b64652df861872f96e7bc78c72551
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:44:30:dc:fa:7d:a5:d9:14:f6:ba:72:34:43:
                    be:02:65:41:fc:f8:f8:60:83:9e:39:dd:74:2e:84:
                    6d:31:5f:5c:fb:2e:70:3a:68:9f:6d:1b:f9:e5:2c:
                    cc:2b:bf:e6:01:09:a4:b5:2d:46:98:b8:83:05:0e:
                    17:60:b0:cb:30:66:2d:74:63:5e:a0:77:d6:4a:19:
                    5c:01:33:22:6e:23:b9:fe:c7:c5:42:20:72:7e:b6:
                    91:2f:75:b1:79:1f:0f:6c:2c:43:4a:ec:e5:cc:cf:
                    d8:ff:94:e4:88:af:30:3c:ba:0a:0a:28:ae:82:4a:
                    e8:74:14:81:9c:bb:09:72:3a:2b:0e:74:73:61:75:
                    56:d4:6e:0d:33:42:47:32:fb:c3:41:97:51:2a:aa:
                    03:8e:ee:53:11:67:49:4a:0c:d1:39:b5:aa:f5:c6:
                    4c:e3:13:b9:c6:39:ec:bc:ae:b7:ed:dd:ac:ed:8f:
                    24:2d:77:a8:02:2c:2f:65:94:d8:f4:76:ef:39:68:
                    23:1d:e4:94:ba:b6:c2:1f:c2:3b:47:c4:c2:06:a1:
                    24:a6:3f:65:39:1d:4b:c4:5c:39:2f:e5:e9:5f:ab:
                    68:9c:62:79:8a:c0:e7:ed:b1:3a:a4:22:63:1a:dc:
                    08:c9:48:3a:3c:7a:ca:15:d9:d6:7b:52:eb:01:29:
                    2b:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:30:D8:03:82:6B:64:65:2D:F8:61:87:2F:96:E7:BC:78:C7:25:51
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/_TDYA4JrZGUt-GGHL5bnvHjHJVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.202.0/24
                  194.41.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:b7:e3:e7:d4:79:0d:8e:f7:2b:21:30:60:47:d4:76:ec:f6:
         ef:aa:c1:6c:2c:c0:b4:9d:08:01:ba:5f:ee:8c:61:f6:9a:55:
         bc:10:56:eb:33:8e:34:6f:5a:e4:91:08:5a:a9:85:60:f7:eb:
         1a:08:26:c4:74:63:37:ad:95:d6:94:c9:02:de:82:33:a8:6f:
         e4:a3:43:af:f0:05:42:32:e5:aa:8b:cd:e4:28:d6:48:c7:eb:
         82:5d:25:f1:37:9b:27:0e:26:bb:8f:3f:02:fa:69:1a:de:b0:
         cd:bd:18:59:7f:cb:1d:72:cd:ff:ef:8c:e3:67:ab:fe:b3:68:
         7f:96:98:96:3b:35:50:33:ca:ec:e2:be:ad:e1:b8:7c:f3:97:
         be:97:8b:e0:10:9e:62:9a:17:d6:64:98:eb:98:32:6e:ca:98:
         41:c6:6e:9a:db:90:a5:6d:ad:d5:ca:1f:b7:16:84:e0:02:f7:
         af:73:70:5d:1e:13:92:f0:84:c5:60:40:f2:c9:e7:95:75:d8:
         63:b8:dc:1c:2b:a6:d2:77:19:84:43:ee:d9:03:01:39:7d:87:
         ee:3f:e2:5d:9d:3f:47:2d:23:6a:8b:82:79:77:15:2c:22:b0:
         d7:9e:24:41:fe:a6:26:34:61:15:38:56:ee:7e:e2:7b:99:6c:
         47:a2:a4:67
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZaV282ml8eoYZUc+c/lx8I8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjUwNTAzMTExNTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDMwZDgwMzgyNmI2NDY1MmRmODYxODcyZjk2ZTdiYzc4YzcyNTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4EQw3Pp9pdkU9rpyNEO+AmVB/Pj4
YIOeOd10LoRtMV9c+y5wOmifbRv55SzMK7/mAQmktS1GmLiDBQ4XYLDLMGYtdGNe
oHfWShlcATMibiO5/sfFQiByfraRL3WxeR8PbCxDSuzlzM/Y/5TkiK8wPLoKCiiu
gkrodBSBnLsJcjorDnRzYXVW1G4NM0JHMvvDQZdRKqoDju5TEWdJSgzRObWq9cZM
4xO5xjnsvK637d2s7Y8kLXeoAiwvZZTY9HbvOWgjHeSUurbCH8I7R8TCBqEkpj9l
OR1LxFw5L+XpX6tonGJ5isDn7bE6pCJjGtwIyUg6PHrKFdnWe1LrASkrMwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP0w2AOCa2RlLfhhhy+W57x4xyVRMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvX1REWUE0SnJaR1V0LUdHSEw1Ym52SGpISlZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALUPKAwQA
wilyMA0GCSqGSIb3DQEBCwUAA4IBAQA4t+Pn1HkNjvcrITBgR9R27PbvqsFsLMC0
nQgBul/ujGH2mlW8EFbrM440b1rkkQhaqYVg9+saCCbEdGM3rZXWlMkC3oIzqG/k
o0Ov8AVCMuWqi83kKNZIx+uCXSXxN5snDia7jz8C+mka3rDNvRhZf8sdcs3/74zj
Z6v+s2h/lpiWOzVQM8rs4r6t4bh885e+l4vgEJ5imhfWZJjrmDJuyphBxm6a25Cl
ba3Vyh+3FoTgAvevc3BdHhOS8ITFYEDyyeeVddhjuNwcK6bSdxmEQ+7ZAwE5fYfu
P+JdnT9HLSNqi4J5dxUsIrDXniRB/qYmNGEVOFbufuJ7mWxHoqRn
-----END CERTIFICATE-----