Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/1e98c2-2bae-4d14-9bcc-855e6072ef36/1/TaqicLu5vVv-vbVrNWOeKL3Wj9U.roa
File:                     TaqicLu5vVv-vbVrNWOeKL3Wj9U.roa (raw, json)
Hash identifier:          mljfwLp1fjqfzvI+bmFrmdx6AQzg63a6Dhz9eHYDeqw=
Subject key identifier:   4D:AA:A2:70:BB:B9:BD:5B:FE:BD:B5:6B:35:63:9E:28:BD:D6:8F:D5
Certificate issuer:       /CN=7ddd236d804d5aa9a2cab39cf51022ac05e0b183
Certificate serial:       018CC56EECB986E728DF6E98D19C2C03EF53
Authority key identifier: 7D:DD:23:6D:80:4D:5A:A9:A2:CA:B3:9C:F5:10:22:AC:05:E0:B1:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fd0jbYBNWqmiyrOc9RAirAXgsYM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/1e98c2-2bae-4d14-9bcc-855e6072ef36/1/TaqicLu5vVv-vbVrNWOeKL3Wj9U.roa
Signing time:             Mon 01 Jan 2024 14:30:30 +0000
ROA not before:           Mon 01 Jan 2024 14:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        193.142.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/1e98c2-2bae-4d14-9bcc-855e6072ef36/1/fd0jbYBNWqmiyrOc9RAirAXgsYM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/1e98c2-2bae-4d14-9bcc-855e6072ef36/1/fd0jbYBNWqmiyrOc9RAirAXgsYM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fd0jbYBNWqmiyrOc9RAirAXgsYM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:ec:b9:86:e7:28:df:6e:98:d1:9c:2c:03:ef:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ddd236d804d5aa9a2cab39cf51022ac05e0b183
        Validity
            Not Before: Jan  1 14:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4daaa270bbb9bd5bfebdb56b35639e28bdd68fd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:5e:87:3a:6d:ed:06:4a:13:af:8c:87:44:91:
                    17:8a:1e:34:89:eb:13:b8:92:0d:b8:19:3e:3f:c7:
                    a5:2c:50:85:94:1a:22:76:9a:4f:12:a2:8e:6a:34:
                    42:cd:d6:2f:d9:33:b5:95:e6:90:8e:22:db:89:93:
                    f2:5b:ec:a2:5f:4c:04:2f:8d:b5:02:49:a0:67:61:
                    80:3a:42:be:0b:fb:89:6d:1c:bb:53:1b:e7:e3:ec:
                    91:39:e2:07:48:93:26:87:5c:7b:9d:3d:87:15:48:
                    35:5c:86:d0:b2:40:5f:13:60:a2:77:93:62:9a:8c:
                    ff:f1:df:ee:70:4f:aa:fb:6d:d6:91:47:c8:18:4b:
                    81:0f:ce:5d:47:6f:6c:1a:f0:cf:dc:e4:c2:47:12:
                    f2:52:c2:98:5a:5a:bb:a0:5f:e0:4e:cc:46:51:2b:
                    48:6a:b1:3e:19:90:e9:2a:af:9f:4e:03:98:5b:25:
                    86:a1:6b:ba:36:ca:d3:d1:16:d7:0f:54:5d:9c:e4:
                    69:86:7f:5d:ee:d7:db:ec:86:55:55:8e:6e:4d:aa:
                    70:6a:5d:b0:b1:78:2b:17:5f:d4:20:50:c8:84:4e:
                    86:ed:43:7d:13:d0:4d:d8:8b:f8:02:3f:5c:28:85:
                    31:a6:ab:c5:33:3b:e4:dd:f6:3d:26:2f:04:a2:09:
                    ee:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:AA:A2:70:BB:B9:BD:5B:FE:BD:B5:6B:35:63:9E:28:BD:D6:8F:D5
            X509v3 Authority Key Identifier:
                keyid:7D:DD:23:6D:80:4D:5A:A9:A2:CA:B3:9C:F5:10:22:AC:05:E0:B1:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd0jbYBNWqmiyrOc9RAirAXgsYM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/1e98c2-2bae-4d14-9bcc-855e6072ef36/1/TaqicLu5vVv-vbVrNWOeKL3Wj9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/1e98c2-2bae-4d14-9bcc-855e6072ef36/1/fd0jbYBNWqmiyrOc9RAirAXgsYM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.142.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:ca:f4:c9:98:b7:17:e8:f9:a4:08:58:01:e0:a4:6f:e0:37:
         61:22:6d:52:36:5b:68:e0:38:51:db:d8:cf:41:e9:d0:50:ac:
         cb:e0:62:fc:41:9c:0b:a9:48:68:66:55:e1:e7:f1:b9:67:77:
         fd:d2:ff:2c:a3:ba:84:f5:73:f7:1c:c3:48:13:0a:6d:bd:a8:
         0e:82:ad:cc:3e:8e:d9:6d:9d:81:df:cc:7d:22:88:00:e2:d0:
         0e:39:87:6c:cd:c9:1c:83:57:da:69:10:40:51:7f:bd:e7:c8:
         bf:6e:44:f6:e3:98:d6:31:10:16:c8:42:49:5a:90:00:be:9a:
         d8:70:fd:27:c0:8b:a1:7f:21:3d:43:62:e7:57:ad:be:5d:0c:
         21:48:89:7f:2c:b4:91:70:42:4b:fe:62:dc:41:f8:08:2e:f6:
         0c:bc:bb:9c:02:94:5e:d0:61:c5:46:a2:8e:c3:f3:8a:bc:8a:
         bd:06:0a:22:57:54:d9:43:98:41:87:96:22:29:7b:c9:f1:7f:
         e2:49:40:25:2e:81:af:f0:a7:e0:f9:05:e0:cb:ec:95:0c:83:
         0c:15:4a:a1:d7:b1:75:5a:2a:aa:26:03:17:7d:10:e1:51:d4:
         59:8b:67:99:29:d9:9e:11:2b:65:a9:7b:c3:1f:fe:c2:15:8b:
         9e:29:7e:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbuy5huco326Y0ZwsA+9TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZGQyMzZkODA0ZDVhYTlhMmNhYjM5Y2Y1MTAyMmFjMDVl
MGIxODMwHhcNMjQwMTAxMTQzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGFhYTI3MGJiYjliZDViZmViZGI1NmIzNTYzOWUyOGJkZDY4ZmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvV6HOm3tBkoTr4yHRJEXih40iesT
uJINuBk+P8elLFCFlBoidppPEqKOajRCzdYv2TO1leaQjiLbiZPyW+yiX0wEL421
AkmgZ2GAOkK+C/uJbRy7Uxvn4+yROeIHSJMmh1x7nT2HFUg1XIbQskBfE2Cid5Ni
moz/8d/ucE+q+23WkUfIGEuBD85dR29sGvDP3OTCRxLyUsKYWlq7oF/gTsxGUStI
arE+GZDpKq+fTgOYWyWGoWu6NsrT0RbXD1RdnORphn9d7tfb7IZVVY5uTapwal2w
sXgrF1/UIFDIhE6G7UN9E9BN2Iv4Aj9cKIUxpqvFMzvk3fY9Ji8EognuCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE2qonC7ub1b/r21azVjnii91o/VMB8GA1UdIwQY
MBaAFH3dI22ATVqposqznPUQIqwF4LGDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmQwamJZQk5XcW1peXJPYzlSQWlyQVhnc1lNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8xZTk4YzItMmJhZS00ZDE0LTliY2Mt
ODU1ZTYwNzJlZjM2LzEvVGFxaWNMdTV2VnYtdmJWck5XT2VLTDNXajlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8xZTk4YzItMmJhZS00ZDE0LTliY2MtODU1ZTYwNzJlZjM2
LzEvZmQwamJZQk5XcW1peXJPYzlSQWlyQVhnc1lNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwY5vMA0G
CSqGSIb3DQEBCwUAA4IBAQA0yvTJmLcX6PmkCFgB4KRv4DdhIm1SNlto4DhR29jP
QenQUKzL4GL8QZwLqUhoZlXh5/G5Z3f90v8so7qE9XP3HMNIEwptvagOgq3MPo7Z
bZ2B38x9IogA4tAOOYdszckcg1faaRBAUX+958i/bkT245jWMRAWyEJJWpAAvprY
cP0nwIuhfyE9Q2LnV62+XQwhSIl/LLSRcEJL/mLcQfgILvYMvLucApRe0GHFRqKO
w/OKvIq9BgoiV1TZQ5hBh5YiKXvJ8X/iSUAlLoGv8Kfg+QXgy+yVDIMMFUqh17F1
WiqqJgMXfRDhUdRZi2eZKdmeEStlqXvDH/7CFYueKX5n
-----END CERTIFICATE-----