Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/TFT891H3lX8Q-NwHIWwerA2Oqes.roa
File:                     TFT891H3lX8Q-NwHIWwerA2Oqes.roa (raw, json)
Hash identifier:          Nlha6+THKB/zsEqBrMWZ92q4h7iTdeLKOEhcEQ5JfEU=
Subject key identifier:   4C:54:FC:F7:51:F7:95:7F:10:F8:DC:07:21:6C:1E:AC:0D:8E:A9:EB
Certificate issuer:       /CN=66e92c341e769443fde1d27566044b4b65159060
Certificate serial:       018CC26D7CC56563B307FCE98EE5D234FD4C
Authority key identifier: 66:E9:2C:34:1E:76:94:43:FD:E1:D2:75:66:04:4B:4B:65:15:90:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZuksNB52lEP94dJ1ZgRLS2UVkGA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/TFT891H3lX8Q-NwHIWwerA2Oqes.roa
Signing time:             Mon 01 Jan 2024 00:30:04 +0000
ROA not before:           Mon 01 Jan 2024 00:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202797
IP address blocks:        193.22.106.0/24 maxlen: 24
                          193.22.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/ZuksNB52lEP94dJ1ZgRLS2UVkGA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/ZuksNB52lEP94dJ1ZgRLS2UVkGA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZuksNB52lEP94dJ1ZgRLS2UVkGA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 30 Jun 2024 22:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:7c:c5:65:63:b3:07:fc:e9:8e:e5:d2:34:fd:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66e92c341e769443fde1d27566044b4b65159060
        Validity
            Not Before: Jan  1 00:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c54fcf751f7957f10f8dc07216c1eac0d8ea9eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:22:b0:27:b2:ae:0b:c2:08:4b:57:16:11:c2:
                    0f:f7:8b:20:50:8c:73:20:4f:ef:df:8c:b2:f7:e5:
                    26:9d:75:cd:e1:43:61:d6:ff:05:17:1e:59:25:a1:
                    6e:f0:4e:b3:f9:ae:56:1e:27:ff:69:75:33:21:58:
                    1c:a4:2f:15:7c:43:2a:c7:3c:dd:e7:8f:74:e1:d9:
                    17:ed:c7:4b:5b:af:aa:ef:39:40:d3:eb:31:ee:52:
                    0d:11:31:ea:f2:b2:81:7c:64:0f:e9:62:78:58:e1:
                    32:63:87:f3:af:f8:f8:80:89:e9:44:2f:15:36:45:
                    37:6d:6f:7d:59:5b:9a:8f:44:fe:34:12:e4:cd:fa:
                    65:f1:23:5d:6d:15:bb:99:62:de:b4:c3:20:21:be:
                    bc:90:39:f1:7a:1a:08:e8:a2:40:be:05:8b:a5:ca:
                    6d:89:cf:8b:2c:44:25:c2:ff:c6:b5:7d:10:5b:c8:
                    be:fe:ce:2d:62:7e:09:46:45:88:5a:84:73:d4:b2:
                    71:cf:07:79:25:62:25:9b:36:77:f0:44:61:03:15:
                    9d:dd:fe:40:fa:1b:31:25:b5:7a:10:b5:c1:bf:58:
                    d6:bb:0f:fd:f7:3b:56:36:07:09:5d:32:84:76:27:
                    6a:ab:39:6a:eb:5e:ec:29:38:08:09:20:3f:ed:87:
                    9f:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:54:FC:F7:51:F7:95:7F:10:F8:DC:07:21:6C:1E:AC:0D:8E:A9:EB
            X509v3 Authority Key Identifier:
                keyid:66:E9:2C:34:1E:76:94:43:FD:E1:D2:75:66:04:4B:4B:65:15:90:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZuksNB52lEP94dJ1ZgRLS2UVkGA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/TFT891H3lX8Q-NwHIWwerA2Oqes.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/ZuksNB52lEP94dJ1ZgRLS2UVkGA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.1.0/24
                  193.22.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:bb:49:ea:14:ad:88:85:47:d3:5c:1e:eb:b7:98:4c:67:71:
         b4:f3:85:b3:69:25:27:c5:95:cd:63:63:6c:9b:f9:31:38:a1:
         76:14:0e:c3:b8:6d:d7:3e:92:65:2a:fd:0f:27:6c:09:9f:3c:
         25:1f:52:a2:c6:0b:dd:bb:cc:25:bc:bd:df:3f:7d:03:72:ef:
         db:bd:1c:da:5d:ab:d2:60:08:7e:d9:18:fe:ee:c1:f6:e8:7c:
         be:fe:40:1c:92:78:95:66:7b:b8:ea:c2:06:77:5e:22:25:ca:
         de:5c:f4:59:2c:1d:f8:a4:b0:f0:6c:13:d5:45:8a:a1:ba:f5:
         9c:35:1a:de:5a:3b:fe:7d:88:9a:e2:6f:bb:b3:0f:96:80:54:
         36:a4:d1:19:c7:be:fa:eb:31:dc:9d:00:5f:c8:57:e9:fa:e8:
         09:41:b0:7b:b7:8b:96:9f:a1:3c:19:16:fd:94:90:c1:3a:7c:
         2a:39:c9:03:db:83:46:00:4f:69:02:55:9c:cd:bb:69:28:40:
         31:1f:54:33:41:a4:5b:7e:d3:da:66:b1:d3:ec:fc:22:5e:81:
         5f:80:7e:ef:df:d6:71:62:e0:96:ae:7f:bb:b3:e9:5d:ea:69:
         35:ca:b7:22:ac:23:8a:55:f0:c9:95:a2:c0:9e:1a:3f:a4:1f:
         63:67:45:aa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbXzFZWOzB/zpjuXSNP1MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZTkyYzM0MWU3Njk0NDNmZGUxZDI3NTY2MDQ0YjRiNjUx
NTkwNjAwHhcNMjQwMTAxMDAzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzU0ZmNmNzUxZjc5NTdmMTBmOGRjMDcyMTZjMWVhYzBkOGVhOWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuSKwJ7KuC8IIS1cWEcIP94sgUIxz
IE/v34yy9+UmnXXN4UNh1v8FFx5ZJaFu8E6z+a5WHif/aXUzIVgcpC8VfEMqxzzd
54904dkX7cdLW6+q7zlA0+sx7lINETHq8rKBfGQP6WJ4WOEyY4fzr/j4gInpRC8V
NkU3bW99WVuaj0T+NBLkzfpl8SNdbRW7mWLetMMgIb68kDnxehoI6KJAvgWLpcpt
ic+LLEQlwv/GtX0QW8i+/s4tYn4JRkWIWoRz1LJxzwd5JWIlmzZ38ERhAxWd3f5A
+hsxJbV6ELXBv1jWuw/99ztWNgcJXTKEdidqqzlq617sKTgICSA/7YefDwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFExU/PdR95V/EPjcByFsHqwNjqnrMB8GA1UdIwQY
MBaAFGbpLDQedpRD/eHSdWYES0tlFZBgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnVrc05CNTJsRVA5NGRKMVpnUkxTMlVWa0dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS84ZjE5NjgtYTc5YS00YTA3LWFjZTYt
YzFkMjk2ZjhmZDA3LzEvVEZUODkxSDNsWDhRLU53SElXd2VyQTJPcWVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS84ZjE5NjgtYTc5YS00YTA3LWFjZTYtYzFkMjk2ZjhmZDA3
LzEvWnVrc05CNTJsRVA5NGRKMVpnUkxTMlVWa0dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwRYBAwQA
wRZqMA0GCSqGSIb3DQEBCwUAA4IBAQA5u0nqFK2IhUfTXB7rt5hMZ3G084WzaSUn
xZXNY2Nsm/kxOKF2FA7DuG3XPpJlKv0PJ2wJnzwlH1Kixgvdu8wlvL3fP30Dcu/b
vRzaXavSYAh+2Rj+7sH26Hy+/kAckniVZnu46sIGd14iJcreXPRZLB34pLDwbBPV
RYqhuvWcNRreWjv+fYia4m+7sw+WgFQ2pNEZx7766zHcnQBfyFfp+ugJQbB7t4uW
n6E8GRb9lJDBOnwqOckD24NGAE9pAlWczbtpKEAxH1QzQaRbftPaZrHT7PwiXoFf
gH7v39ZxYuCWrn+7s+ld6mk1yrcirCOKVfDJlaLAnho/pB9jZ0Wq
-----END CERTIFICATE-----