Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/TLDJ4bsC1L8bdvfLSl0wCY3GNyM.roa
File:                     TLDJ4bsC1L8bdvfLSl0wCY3GNyM.roa (raw, json)
Hash identifier:          ppaMD8e+30vb87JsLxRBF9bSIhdD9jiTiA8gc5vMShU=
Subject key identifier:   4C:B0:C9:E1:BB:02:D4:BF:1B:76:F7:CB:4A:5D:30:09:8D:C6:37:23
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       018CC801E188AC058C7F8849F47D5492F8DA
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/TLDJ4bsC1L8bdvfLSl0wCY3GNyM.roa
Signing time:             Tue 02 Jan 2024 02:30:15 +0000
ROA not before:           Tue 02 Jan 2024 02:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        193.177.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:e1:88:ac:05:8c:7f:88:49:f4:7d:54:92:f8:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  2 02:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4cb0c9e1bb02d4bf1b76f7cb4a5d30098dc63723
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:36:af:e3:01:1a:56:34:06:3a:9d:f0:87:cf:
                    fd:4b:17:94:87:d0:da:03:c6:d5:1a:4a:7e:cb:d0:
                    6a:2e:0f:aa:ee:e7:56:8f:0b:ad:cf:b7:de:ca:94:
                    bf:f8:02:3c:67:ea:b8:3f:88:0d:62:5e:1e:26:9d:
                    b4:39:fd:1d:e9:4f:07:a3:a5:18:65:54:25:c6:a2:
                    82:38:00:dd:7a:e9:ae:46:9e:4c:0b:b8:e3:2d:51:
                    c3:64:fa:42:eb:52:b5:af:1c:ec:1b:9e:ca:27:bc:
                    d3:0f:49:d7:c4:16:3a:52:24:9c:ae:13:b6:d2:a7:
                    c3:69:79:1b:bf:dc:60:ec:6e:eb:f0:61:9e:22:51:
                    8a:de:b1:98:3c:7b:b0:34:8f:4e:08:af:b8:4a:cf:
                    4d:82:19:45:3a:ef:00:65:f4:d2:ef:98:98:c6:99:
                    76:a4:78:3c:75:cd:b7:84:d0:90:6c:26:85:04:c8:
                    ad:aa:8f:13:04:87:92:f8:49:1d:44:33:14:0b:94:
                    c0:54:d9:31:bd:ef:0c:57:ea:31:76:91:e6:78:e8:
                    66:d9:21:42:2b:6a:1e:97:8a:54:cd:0a:63:30:52:
                    09:82:9c:41:29:ba:57:f5:59:87:8e:a7:46:fb:3a:
                    df:b4:3b:33:95:62:54:8d:0a:02:7a:a2:d0:6b:b7:
                    4f:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:B0:C9:E1:BB:02:D4:BF:1B:76:F7:CB:4A:5D:30:09:8D:C6:37:23
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/TLDJ4bsC1L8bdvfLSl0wCY3GNyM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.177.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:d3:37:a2:0a:92:7e:48:ba:be:54:c1:0f:0e:1e:ac:82:3b:
         7b:bd:f8:cd:d3:13:57:55:39:ff:34:95:e6:1b:92:bc:21:63:
         14:23:02:3e:76:be:8e:ab:12:3f:e1:aa:34:f0:f3:4f:19:6e:
         96:c4:d8:c8:32:02:7b:2b:cb:e8:f4:73:aa:9f:19:eb:d1:74:
         14:89:a4:06:4b:b3:e3:2a:1b:19:4d:98:3c:41:b9:d7:b5:f5:
         a6:2a:79:82:c0:73:94:4e:d5:6a:37:0b:14:e2:e1:6b:3b:2c:
         32:9f:88:39:99:a9:ee:3e:cf:11:ca:53:64:4a:be:a6:ac:de:
         a9:fc:da:7e:3a:fc:81:0e:f4:16:12:3d:d2:d0:e2:d4:58:31:
         a1:ea:1f:24:eb:99:5f:39:bf:e1:4b:88:64:5b:a4:1a:e4:7b:
         91:2a:ff:79:b4:86:cd:a7:70:b9:9f:77:04:0b:76:3c:78:5c:
         e9:31:10:22:14:42:2d:4f:6e:18:21:09:fe:d5:82:3e:fb:d3:
         ca:d2:1a:dc:bd:37:b3:3d:66:54:fb:60:81:c5:c4:ec:a2:87:
         af:42:bd:5d:84:18:77:af:11:f1:88:e8:7c:24:d2:50:8c:bb:
         8f:e5:a2:8e:7a:3e:67:d3:68:8f:a8:72:74:07:9b:9b:2f:fb:
         3f:78:6d:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAeGIrAWMf4hJ9H1UkvjaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjQwMTAyMDIzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2IwYzllMWJiMDJkNGJmMWI3NmY3Y2I0YTVkMzAwOThkYzYzNzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzav4wEaVjQGOp3wh8/9SxeUh9Da
A8bVGkp+y9BqLg+q7udWjwutz7feypS/+AI8Z+q4P4gNYl4eJp20Of0d6U8Ho6UY
ZVQlxqKCOADdeumuRp5MC7jjLVHDZPpC61K1rxzsG57KJ7zTD0nXxBY6UiScrhO2
0qfDaXkbv9xg7G7r8GGeIlGK3rGYPHuwNI9OCK+4Ss9NghlFOu8AZfTS75iYxpl2
pHg8dc23hNCQbCaFBMitqo8TBIeS+EkdRDMUC5TAVNkxve8MV+oxdpHmeOhm2SFC
K2oel4pUzQpjMFIJgpxBKbpX9VmHjqdG+zrftDszlWJUjQoCeqLQa7dPfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEywyeG7AtS/G3b3y0pdMAmNxjcjMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvVExESjRic0MxTDhiZHZmTFNsMHdDWTNHTnlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbHeMA0G
CSqGSIb3DQEBCwUAA4IBAQAM0zeiCpJ+SLq+VMEPDh6sgjt7vfjN0xNXVTn/NJXm
G5K8IWMUIwI+dr6OqxI/4ao08PNPGW6WxNjIMgJ7K8vo9HOqnxnr0XQUiaQGS7Pj
KhsZTZg8QbnXtfWmKnmCwHOUTtVqNwsU4uFrOywyn4g5manuPs8RylNkSr6mrN6p
/Np+OvyBDvQWEj3S0OLUWDGh6h8k65lfOb/hS4hkW6Qa5HuRKv95tIbNp3C5n3cE
C3Y8eFzpMRAiFEItT24YIQn+1YI++9PK0hrcvTezPWZU+2CBxcTsooevQr1dhBh3
rxHxiOh8JNJQjLuP5aKOej5n02iPqHJ0B5ubL/s/eG22
-----END CERTIFICATE-----