Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/ff7d33-e4f7-43c0-924b-6b2d46924c6f/1/tCgTknJsUGIZk18TWezCXzHQU5I.roa
File:                     tCgTknJsUGIZk18TWezCXzHQU5I.roa (raw, json)
Hash identifier:          tR17Yc+N/XzXhgVXqLpf8c9z0uZa3zE6Xhfnn0ohCic=
Subject key identifier:   B4:28:13:92:72:6C:50:62:19:93:5F:13:59:EC:C2:5F:31:D0:53:92
Certificate issuer:       /CN=9e4b3281b08e6b5ec1fdeb0d0440528ed934dc3f
Certificate serial:       018CC64AD4A392A8780723B4766772DDAB97
Authority key identifier: 9E:4B:32:81:B0:8E:6B:5E:C1:FD:EB:0D:04:40:52:8E:D9:34:DC:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nksygbCOa17B_esNBEBSjtk03D8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/ff7d33-e4f7-43c0-924b-6b2d46924c6f/1/tCgTknJsUGIZk18TWezCXzHQU5I.roa
Signing time:             Mon 01 Jan 2024 18:30:42 +0000
ROA not before:           Mon 01 Jan 2024 18:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51207
IP address blocks:        78.240.0.0/13 maxlen: 13

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/ff7d33-e4f7-43c0-924b-6b2d46924c6f/1/nksygbCOa17B_esNBEBSjtk03D8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/ff7d33-e4f7-43c0-924b-6b2d46924c6f/1/nksygbCOa17B_esNBEBSjtk03D8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nksygbCOa17B_esNBEBSjtk03D8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 15:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:d4:a3:92:a8:78:07:23:b4:76:67:72:dd:ab:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e4b3281b08e6b5ec1fdeb0d0440528ed934dc3f
        Validity
            Not Before: Jan  1 18:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4281392726c506219935f1359ecc25f31d05392
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:20:41:4d:56:b3:8f:92:51:74:c5:5a:d9:56:
                    04:36:05:67:92:7d:c5:bc:4b:a5:4b:1d:c3:ff:d9:
                    8c:91:c4:2e:0a:8c:df:3a:f0:8f:31:ea:09:93:41:
                    db:8a:ce:63:d9:94:90:95:f1:b6:05:30:35:bc:72:
                    de:24:e5:70:6c:f0:73:91:be:4c:3c:cb:b0:48:c9:
                    e1:08:93:7b:12:af:c4:46:ea:62:e6:f1:be:ba:0e:
                    09:82:bb:11:42:93:22:9f:e9:40:b7:6b:a4:68:75:
                    7e:15:83:f7:c9:5e:3b:82:cd:2e:1a:6e:39:ce:71:
                    ac:85:88:7d:e5:b2:73:28:cc:90:55:b2:03:ff:be:
                    cd:4b:ed:d4:6d:e6:49:1f:cc:95:64:c1:b3:fd:53:
                    a7:c3:67:0f:0d:b2:d7:0b:24:69:c4:96:ac:00:e2:
                    52:02:c1:43:7a:61:b5:d1:ea:3a:40:c2:82:16:de:
                    d6:0b:3a:41:e2:07:33:56:81:fb:f2:6e:4f:0b:6e:
                    f1:dc:f7:af:1c:c5:ad:27:e5:b6:6a:19:74:fc:e0:
                    eb:d1:a5:b4:79:98:24:65:70:a9:f2:0e:88:2d:83:
                    25:6f:b7:aa:69:ce:87:11:90:90:af:0a:ea:c4:4d:
                    12:32:8f:88:6e:b6:1b:47:30:64:11:79:81:2e:fe:
                    b8:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:28:13:92:72:6C:50:62:19:93:5F:13:59:EC:C2:5F:31:D0:53:92
            X509v3 Authority Key Identifier:
                keyid:9E:4B:32:81:B0:8E:6B:5E:C1:FD:EB:0D:04:40:52:8E:D9:34:DC:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nksygbCOa17B_esNBEBSjtk03D8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/ff7d33-e4f7-43c0-924b-6b2d46924c6f/1/tCgTknJsUGIZk18TWezCXzHQU5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/ff7d33-e4f7-43c0-924b-6b2d46924c6f/1/nksygbCOa17B_esNBEBSjtk03D8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.240.0.0/13

    Signature Algorithm: sha256WithRSAEncryption
         1b:5f:15:12:8f:39:6a:4a:b1:c4:94:f0:86:9e:ee:ed:82:49:
         c4:39:58:8a:8f:80:e1:f5:4d:70:11:23:e8:b9:a0:7e:b4:0b:
         05:a0:7b:54:ca:9f:bf:e3:06:45:aa:36:0c:b8:29:b4:db:12:
         e4:f5:db:af:68:b6:ab:2e:54:60:0f:05:6c:8f:49:eb:28:23:
         ec:89:9e:4a:de:8d:a9:e4:9f:9f:06:67:d7:15:10:2c:1f:65:
         29:75:6b:3d:4c:53:25:12:26:49:c7:63:ef:e3:7f:75:04:e6:
         30:0e:1e:40:b0:2c:70:86:17:3d:7d:a4:c0:f2:67:38:0a:a5:
         79:66:5b:57:19:ca:73:7b:b5:4e:71:de:e1:06:45:b7:29:7b:
         23:00:99:26:31:3f:01:82:1c:18:5a:99:31:e0:3f:50:c2:7c:
         5f:8e:89:a3:01:5a:97:e6:09:4c:45:3e:e5:65:1f:23:4c:cd:
         fb:ca:ec:20:ea:c3:09:40:f9:56:90:c2:a3:84:56:3f:82:30:
         5f:c9:84:87:b0:7c:14:f6:4a:47:ee:49:19:ee:14:6c:71:43:
         ec:d3:2c:9d:d6:b9:c4:8c:91:9b:a1:81:81:90:35:1a:a0:60:
         b4:19:ce:ea:ba:cf:37:2a:9d:3c:e4:2d:7d:cf:1d:96:88:6a:
         fd:a6:2c:e8
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzGStSjkqh4ByO0dmdy3auXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNGIzMjgxYjA4ZTZiNWVjMWZkZWIwZDA0NDA1MjhlZDkz
NGRjM2YwHhcNMjQwMTAxMTgzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDI4MTM5MjcyNmM1MDYyMTk5MzVmMTM1OWVjYzI1ZjMxZDA1MzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApSBBTVazj5JRdMVa2VYENgVnkn3F
vEulSx3D/9mMkcQuCozfOvCPMeoJk0Hbis5j2ZSQlfG2BTA1vHLeJOVwbPBzkb5M
PMuwSMnhCJN7Eq/ERupi5vG+ug4JgrsRQpMin+lAt2ukaHV+FYP3yV47gs0uGm45
znGshYh95bJzKMyQVbID/77NS+3UbeZJH8yVZMGz/VOnw2cPDbLXCyRpxJasAOJS
AsFDemG10eo6QMKCFt7WCzpB4gczVoH78m5PC27x3PevHMWtJ+W2ahl0/ODr0aW0
eZgkZXCp8g6ILYMlb7eqac6HEZCQrwrqxE0SMo+IbrYbRzBkEXmBLv64wQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFLQoE5JybFBiGZNfE1nswl8x0FOSMB8GA1UdIwQY
MBaAFJ5LMoGwjmtewf3rDQRAUo7ZNNw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtzeWdiQ09hMTdCX2VzTkJFQlNqdGswM0Q4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9mZjdkMzMtZTRmNy00M2MwLTkyNGIt
NmIyZDQ2OTI0YzZmLzEvdENnVGtuSnNVR0laazE4VFdlekNYekhRVTVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9mZjdkMzMtZTRmNy00M2MwLTkyNGItNmIyZDQ2OTI0YzZm
LzEvbmtzeWdiQ09hMTdCX2VzTkJFQlNqdGswM0Q4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMDTvAwDQYJ
KoZIhvcNAQELBQADggEBABtfFRKPOWpKscSU8Iae7u2CScQ5WIqPgOH1TXARI+i5
oH60CwWge1TKn7/jBkWqNgy4KbTbEuT1269otqsuVGAPBWyPSesoI+yJnkrejank
n58GZ9cVECwfZSl1az1MUyUSJknHY+/jf3UE5jAOHkCwLHCGFz19pMDyZzgKpXlm
W1cZynN7tU5x3uEGRbcpeyMAmSYxPwGCHBhamTHgP1DCfF+OiaMBWpfmCUxFPuVl
HyNMzfvK7CDqwwlA+VaQwqOEVj+CMF/JhIewfBT2SkfuSRnuFGxxQ+zTLJ3WucSM
kZuhgYGQNRqgYLQZzuq6zzcqnTzkLX3PHZaIav2mLOg=
-----END CERTIFICATE-----