Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/56f526-53de-4c9d-b401-abf0b594646f/1/TVn-Y7E7IobUSc1lBZ87Jn2oZSg.roa
File:                     TVn-Y7E7IobUSc1lBZ87Jn2oZSg.roa (raw, json)
Hash identifier:          Fgfl42WUlPTuS1ibiKRw2bENqH1KQguOsM9djfPJakE=
Subject key identifier:   4D:59:FE:63:B1:3B:22:86:D4:49:CD:65:05:9F:3B:26:7D:A8:65:28
Certificate issuer:       /CN=03364fcedd691357733cd5ccd7029db8e61d1e3a
Certificate serial:       019662A1B0F403235BE248BFEEC831366016
Authority key identifier: 03:36:4F:CE:DD:69:13:57:73:3C:D5:CC:D7:02:9D:B8:E6:1D:1E:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AzZPzt1pE1dzPNXM1wKduOYdHjo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/56f526-53de-4c9d-b401-abf0b594646f/1/TVn-Y7E7IobUSc1lBZ87Jn2oZSg.roa
Signing time:             Wed 23 Apr 2025 12:31:25 +0000
ROA not before:           Wed 23 Apr 2025 12:31:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213659
IP address blocks:        185.84.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/56f526-53de-4c9d-b401-abf0b594646f/1/AzZPzt1pE1dzPNXM1wKduOYdHjo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/56f526-53de-4c9d-b401-abf0b594646f/1/AzZPzt1pE1dzPNXM1wKduOYdHjo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AzZPzt1pE1dzPNXM1wKduOYdHjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 20:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:62:a1:b0:f4:03:23:5b:e2:48:bf:ee:c8:31:36:60:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03364fcedd691357733cd5ccd7029db8e61d1e3a
        Validity
            Not Before: Apr 23 12:31:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d59fe63b13b2286d449cd65059f3b267da86528
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:de:5a:87:c3:36:10:f7:df:f1:bc:76:ba:bc:
                    a5:e6:57:17:b2:80:b3:6a:05:7e:0e:28:9d:9c:ea:
                    15:31:64:f8:aa:21:31:65:6c:8b:48:6d:70:6d:13:
                    20:a4:f5:7a:61:07:9e:8a:c7:54:0a:89:17:d1:94:
                    2f:2e:19:37:85:6a:1c:9c:71:3f:d0:a0:17:da:69:
                    8d:f7:d1:a2:0a:37:ba:5c:86:69:75:ca:4b:5a:eb:
                    c3:cb:48:c6:a3:1b:c0:db:69:5f:d5:b8:ba:af:91:
                    43:35:4d:b9:5b:79:6e:bf:e5:08:07:7d:8b:dd:36:
                    90:4b:fb:b7:d4:b5:84:12:a5:69:bd:e6:7b:e4:05:
                    cc:05:38:6c:58:9b:69:25:e1:af:2e:7c:86:e3:b0:
                    75:e4:14:5c:11:4c:4d:3e:7c:76:0d:c9:2e:0e:1e:
                    9c:d5:f3:fa:20:72:b3:12:5b:d5:7d:e3:fc:e3:85:
                    ce:e0:2e:d5:04:10:92:3e:73:b0:38:6a:80:b9:28:
                    f6:2a:d9:6c:6a:32:71:d9:ed:35:2e:91:6b:11:3e:
                    61:69:e6:d4:30:cf:0d:a8:8d:d7:e7:4b:fe:d2:f9:
                    11:4e:e6:62:a9:2f:1a:4a:57:bb:e7:ca:28:71:3c:
                    24:c5:b5:f0:00:2a:dd:22:e2:0f:fa:e4:43:4e:f8:
                    6e:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:59:FE:63:B1:3B:22:86:D4:49:CD:65:05:9F:3B:26:7D:A8:65:28
            X509v3 Authority Key Identifier:
                keyid:03:36:4F:CE:DD:69:13:57:73:3C:D5:CC:D7:02:9D:B8:E6:1D:1E:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AzZPzt1pE1dzPNXM1wKduOYdHjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/56f526-53de-4c9d-b401-abf0b594646f/1/TVn-Y7E7IobUSc1lBZ87Jn2oZSg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/56f526-53de-4c9d-b401-abf0b594646f/1/AzZPzt1pE1dzPNXM1wKduOYdHjo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.84.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d2:75:9b:44:af:b5:f2:39:b9:d3:88:a9:94:6d:d4:34:71:48:
         46:2d:d3:60:a9:cd:60:36:54:0d:68:d9:9b:0e:4b:c1:fe:b2:
         9f:f2:0a:bc:6e:9c:1b:c3:31:a7:af:56:ce:47:b9:6f:ad:19:
         99:14:7b:2b:97:56:72:47:ac:68:e1:be:dd:80:7f:c9:a9:d6:
         cb:7d:3a:8d:d7:a0:ef:2b:07:42:dd:92:dc:f9:c2:30:76:e1:
         1a:b1:c8:e0:de:bd:9b:7d:94:ec:09:d1:20:fe:52:46:10:f1:
         53:83:60:1d:d7:ff:57:6f:26:5a:de:92:9c:17:80:c8:23:72:
         53:b8:f4:c4:c0:9d:d0:93:47:17:91:70:9b:8b:ff:8b:dd:d8:
         d1:a7:00:2e:4f:59:d0:31:73:fc:74:49:14:08:2e:4d:44:1f:
         7d:da:5a:2f:4d:74:a8:f9:5b:8b:d8:15:5e:a2:6c:1c:cf:38:
         6b:4b:dd:68:b5:20:00:c8:b5:a0:bf:f4:58:e7:33:64:93:83:
         73:90:ca:83:6a:4e:b3:69:a6:b1:aa:3f:67:cb:d2:94:ed:6c:
         8f:63:2d:4a:88:f8:38:77:5c:83:f5:e0:42:83:ae:68:3c:f2:
         15:fb:65:e5:d5:63:12:4a:37:51:23:78:a9:e0:91:33:82:e8:
         51:33:83:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZiobD0AyNb4ki/7sgxNmAWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzMzY0ZmNlZGQ2OTEzNTc3MzNjZDVjY2Q3MDI5ZGI4ZTYx
ZDFlM2EwHhcNMjUwNDIzMTIzMTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDU5ZmU2M2IxM2IyMjg2ZDQ0OWNkNjUwNTlmM2IyNjdkYTg2NTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA595ah8M2EPff8bx2uryl5lcXsoCz
agV+DiidnOoVMWT4qiExZWyLSG1wbRMgpPV6YQeeisdUCokX0ZQvLhk3hWocnHE/
0KAX2mmN99GiCje6XIZpdcpLWuvDy0jGoxvA22lf1bi6r5FDNU25W3luv+UIB32L
3TaQS/u31LWEEqVpveZ75AXMBThsWJtpJeGvLnyG47B15BRcEUxNPnx2DckuDh6c
1fP6IHKzElvVfeP844XO4C7VBBCSPnOwOGqAuSj2KtlsajJx2e01LpFrET5haebU
MM8NqI3X50v+0vkRTuZiqS8aSle758oocTwkxbXwACrdIuIP+uRDTvhuBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE1Z/mOxOyKG1EnNZQWfOyZ9qGUoMB8GA1UdIwQY
MBaAFAM2T87daRNXczzVzNcCnbjmHR46MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXpaUHp0MXBFMWR6UE5YTTF3S2R1T1lkSGpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi81NmY1MjYtNTNkZS00YzlkLWI0MDEt
YWJmMGI1OTQ2NDZmLzEvVFZuLVk3RTdJb2JVU2MxbEJaODdKbjJvWlNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi81NmY1MjYtNTNkZS00YzlkLWI0MDEtYWJmMGI1OTQ2NDZm
LzEvQXpaUHp0MXBFMWR6UE5YTTF3S2R1T1lkSGpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVScMA0G
CSqGSIb3DQEBCwUAA4IBAQDSdZtEr7XyObnTiKmUbdQ0cUhGLdNgqc1gNlQNaNmb
DkvB/rKf8gq8bpwbwzGnr1bOR7lvrRmZFHsrl1ZyR6xo4b7dgH/JqdbLfTqN16Dv
KwdC3ZLc+cIwduEascjg3r2bfZTsCdEg/lJGEPFTg2Ad1/9XbyZa3pKcF4DII3JT
uPTEwJ3Qk0cXkXCbi/+L3djRpwAuT1nQMXP8dEkUCC5NRB992lovTXSo+VuL2BVe
omwczzhrS91otSAAyLWgv/RY5zNkk4NzkMqDak6zaaaxqj9ny9KU7WyPYy1KiPg4
d1yD9eBCg65oPPIV+2Xl1WMSSjdRI3ip4JEzguhRM4MP
-----END CERTIFICATE-----