Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/d60fd8-03d5-4aab-9dab-2e20a79f7145/1/Tzl5NFiih_Oo3si8dnUw8wkuo2I.roa
File:                     Tzl5NFiih_Oo3si8dnUw8wkuo2I.roa (raw, json)
Hash identifier:          6Qg5GxXMwFQB8Qi2Ip90XrbOE+HYQ3G3PbvVVea81ok=
Subject key identifier:   4F:39:79:34:58:A2:87:F3:A8:DE:C8:BC:76:75:30:F3:09:2E:A3:62
Certificate issuer:       /CN=7bcb127c7cd778607296b88386e894ae1de385bf
Certificate serial:       01966593D92961E09C401445F30513E228FA
Authority key identifier: 7B:CB:12:7C:7C:D7:78:60:72:96:B8:83:86:E8:94:AE:1D:E3:85:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e8sSfHzXeGBylriDhuiUrh3jhb8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/d60fd8-03d5-4aab-9dab-2e20a79f7145/1/Tzl5NFiih_Oo3si8dnUw8wkuo2I.roa
Signing time:             Thu 24 Apr 2025 02:15:10 +0000
ROA not before:           Thu 24 Apr 2025 02:15:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        46.174.168.0/21 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/d60fd8-03d5-4aab-9dab-2e20a79f7145/1/e8sSfHzXeGBylriDhuiUrh3jhb8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/d60fd8-03d5-4aab-9dab-2e20a79f7145/1/e8sSfHzXeGBylriDhuiUrh3jhb8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e8sSfHzXeGBylriDhuiUrh3jhb8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:65:93:d9:29:61:e0:9c:40:14:45:f3:05:13:e2:28:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bcb127c7cd778607296b88386e894ae1de385bf
        Validity
            Not Before: Apr 24 02:15:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f39793458a287f3a8dec8bc767530f3092ea362
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:3a:60:65:a7:c5:36:1f:d5:1d:32:89:3b:53:
                    91:77:4a:a8:ad:5d:0d:11:f8:7b:00:95:3a:17:8a:
                    be:1a:05:2a:28:50:85:af:70:1c:04:2b:7a:c5:22:
                    ae:61:a8:95:c0:d8:27:b9:0a:6b:50:b3:00:f1:99:
                    fc:f9:34:2c:09:21:58:92:ed:2b:ce:ee:5d:69:f3:
                    25:00:d8:e0:70:75:9e:80:18:5d:38:a7:bd:8b:c7:
                    3a:f2:e4:2c:5b:53:7c:21:a6:d6:ac:64:60:8e:4c:
                    72:2d:99:09:0c:cf:ab:bc:fe:e6:89:01:be:fa:bd:
                    38:5f:cf:33:08:7e:62:47:a9:a4:ba:eb:98:cb:89:
                    79:c4:9a:d4:39:34:88:aa:53:da:03:f2:80:19:85:
                    06:60:d0:50:80:0a:5b:1d:42:97:11:62:52:25:0b:
                    be:86:b7:dc:46:05:63:57:9d:47:e7:af:8b:8c:df:
                    1a:94:a6:28:8a:13:8f:31:4d:21:32:a6:c6:3e:3f:
                    51:90:e5:8f:e2:65:2d:d4:81:b7:aa:3c:6f:48:0a:
                    8d:94:2f:e5:38:7c:e2:91:6c:44:92:98:41:95:41:
                    e2:d9:10:eb:e7:22:bf:f8:20:00:cf:81:a0:88:a6:
                    bf:ba:35:69:13:bf:f8:8b:85:39:52:8a:0e:71:6a:
                    76:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:39:79:34:58:A2:87:F3:A8:DE:C8:BC:76:75:30:F3:09:2E:A3:62
            X509v3 Authority Key Identifier:
                keyid:7B:CB:12:7C:7C:D7:78:60:72:96:B8:83:86:E8:94:AE:1D:E3:85:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8sSfHzXeGBylriDhuiUrh3jhb8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/d60fd8-03d5-4aab-9dab-2e20a79f7145/1/Tzl5NFiih_Oo3si8dnUw8wkuo2I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/d60fd8-03d5-4aab-9dab-2e20a79f7145/1/e8sSfHzXeGBylriDhuiUrh3jhb8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.174.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3d:aa:8d:ff:88:1c:7f:20:8d:af:8d:99:f8:dc:50:d2:d1:ab:
         b0:bd:53:47:ae:30:c8:c4:83:a5:da:e0:84:fb:12:4c:fa:de:
         bf:5b:46:ed:f6:8e:b4:92:3a:1d:83:b0:a4:c4:9f:8e:ce:2b:
         0a:37:59:1d:20:55:3d:6a:4e:d7:cf:1f:10:6b:2e:74:70:65:
         e4:11:9d:ca:50:1d:36:5e:9f:8a:4c:95:12:30:81:67:78:c0:
         86:39:c5:9c:6a:a7:b9:50:9c:1d:6a:51:4f:55:ae:84:c6:55:
         04:32:b0:c0:5b:ad:3c:18:6a:84:99:a3:6a:b9:2b:9f:f6:c2:
         e6:02:61:28:1f:d9:eb:95:d6:62:3f:07:bf:fe:ba:39:93:78:
         d8:f4:11:f9:22:2b:77:cd:7b:24:78:45:be:24:ec:aa:ae:40:
         9f:15:c1:6a:ec:e2:e3:ae:e8:78:81:07:99:f4:06:a1:a3:64:
         04:bb:56:df:f6:39:75:61:74:92:07:ef:02:6b:4e:c8:fe:4f:
         23:d3:d6:23:44:dc:74:bc:ba:d5:e8:d2:8f:de:17:69:f8:84:
         fb:7a:18:d6:0a:85:db:69:f7:94:2f:13:b0:1f:30:de:ed:30:
         58:15:52:3a:38:c9:c9:25:d9:94:b2:87:9c:f8:20:a7:7a:b9:
         be:05:cd:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZlk9kpYeCcQBRF8wUT4ij6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiY2IxMjdjN2NkNzc4NjA3Mjk2Yjg4Mzg2ZTg5NGFlMWRl
Mzg1YmYwHhcNMjUwNDI0MDIxNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjM5NzkzNDU4YTI4N2YzYThkZWM4YmM3Njc1MzBmMzA5MmVhMzYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozpgZafFNh/VHTKJO1ORd0qorV0N
Efh7AJU6F4q+GgUqKFCFr3AcBCt6xSKuYaiVwNgnuQprULMA8Zn8+TQsCSFYku0r
zu5dafMlANjgcHWegBhdOKe9i8c68uQsW1N8IabWrGRgjkxyLZkJDM+rvP7miQG+
+r04X88zCH5iR6mkuuuYy4l5xJrUOTSIqlPaA/KAGYUGYNBQgApbHUKXEWJSJQu+
hrfcRgVjV51H56+LjN8alKYoihOPMU0hMqbGPj9RkOWP4mUt1IG3qjxvSAqNlC/l
OHzikWxEkphBlUHi2RDr5yK/+CAAz4GgiKa/ujVpE7/4i4U5UooOcWp20QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE85eTRYoofzqN7IvHZ1MPMJLqNiMB8GA1UdIwQY
MBaAFHvLEnx813hgcpa4g4bolK4d44W/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZThzU2ZIelhlR0J5bHJpRGh1aVVyaDNqaGI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9kNjBmZDgtMDNkNS00YWFiLTlkYWIt
MmUyMGE3OWY3MTQ1LzEvVHpsNU5GaWloX09vM3NpOGRuVXc4d2t1bzJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9kNjBmZDgtMDNkNS00YWFiLTlkYWItMmUyMGE3OWY3MTQ1
LzEvZThzU2ZIelhlR0J5bHJpRGh1aVVyaDNqaGI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDLq6oMA0G
CSqGSIb3DQEBCwUAA4IBAQA9qo3/iBx/II2vjZn43FDS0auwvVNHrjDIxIOl2uCE
+xJM+t6/W0bt9o60kjodg7CkxJ+OzisKN1kdIFU9ak7Xzx8Qay50cGXkEZ3KUB02
Xp+KTJUSMIFneMCGOcWcaqe5UJwdalFPVa6ExlUEMrDAW608GGqEmaNquSuf9sLm
AmEoH9nrldZiPwe//ro5k3jY9BH5Iit3zXskeEW+JOyqrkCfFcFq7OLjruh4gQeZ
9Aaho2QEu1bf9jl1YXSSB+8Ca07I/k8j09YjRNx0vLrV6NKP3hdp+IT7ehjWCoXb
afeULxOwHzDe7TBYFVI6OMnJJdmUsoec+CCnerm+Bc2F
-----END CERTIFICATE-----