Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/TXZD0j5z_GUE4hKSgePQkrup3RA.roa
File:                     TXZD0j5z_GUE4hKSgePQkrup3RA.roa (raw, json)
Hash identifier:          AcWZPzsdQhe2VseKE2Ck8Zq4266Ik5LXD2uB5Xyfoqs=
Subject key identifier:   4D:76:43:D2:3E:73:FC:65:04:E2:12:92:81:E3:D0:92:BB:A9:DD:10
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       018CC5DC43684847F163B9E421057BF922D9
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/TXZD0j5z_GUE4hKSgePQkrup3RA.roa
Signing time:             Mon 01 Jan 2024 16:29:55 +0000
ROA not before:           Mon 01 Jan 2024 16:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41719
IP address blocks:        62.76.141.0/24 maxlen: 24
                          194.190.69.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:43:68:48:47:f1:63:b9:e4:21:05:7b:f9:22:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  1 16:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d7643d23e73fc6504e2129281e3d092bba9dd10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:1c:62:42:e8:d2:a9:a6:31:4c:2e:3f:47:2c:
                    62:12:66:03:46:80:99:c2:90:28:53:f4:6c:b2:20:
                    a7:91:1e:21:1e:1d:12:70:dd:3d:c2:a1:f3:af:6b:
                    45:ed:46:29:62:eb:a1:a4:26:d9:31:13:bf:0f:ef:
                    52:9d:bc:c4:11:b2:1d:c9:66:44:89:1d:c8:83:17:
                    68:76:61:5b:f1:9e:88:49:48:5b:d4:6f:8c:06:88:
                    52:58:f9:d9:45:93:7e:17:ea:66:f3:31:3d:53:f4:
                    b8:6b:29:9f:66:65:dd:14:63:86:b3:a4:8c:22:b5:
                    24:a4:64:07:f9:b0:ea:cf:66:37:b7:fe:f0:1b:af:
                    b6:e1:f1:83:f9:e9:0f:3d:24:a1:30:76:77:95:82:
                    bb:8b:c0:d0:61:1b:a6:d7:6e:3c:9a:0f:56:3b:84:
                    c2:03:cd:ac:5a:e0:2b:2f:22:87:95:27:a7:5c:9d:
                    b1:f2:35:7f:d1:5a:eb:01:9b:c8:ca:fb:9c:16:e0:
                    b6:98:56:2e:2d:0d:ec:4d:6f:33:78:af:e4:1d:10:
                    10:fd:e3:e3:51:7c:65:8b:b1:44:75:68:fe:7f:3c:
                    a7:d0:e4:10:d8:13:4a:64:d3:d0:d2:b3:b3:12:f2:
                    da:4c:11:a6:99:98:9f:8d:19:06:04:56:bc:0b:e1:
                    a2:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:76:43:D2:3E:73:FC:65:04:E2:12:92:81:E3:D0:92:BB:A9:DD:10
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/TXZD0j5z_GUE4hKSgePQkrup3RA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.141.0/24
                  194.190.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:0b:e4:42:4f:9f:13:f6:5b:8c:73:4e:04:2d:88:67:3f:c4:
         99:1e:a6:b0:92:37:e6:64:a8:29:3d:ce:81:6e:58:92:63:af:
         d0:e0:12:40:7b:d4:c2:bb:5c:46:a2:e5:20:c7:c9:2d:df:70:
         58:31:f7:82:a5:b2:b9:d9:29:0d:dd:d1:c0:5d:42:bb:f4:49:
         2a:83:f5:0b:02:17:73:3b:22:76:7d:e1:b8:ee:92:10:2b:82:
         20:61:7d:77:86:9a:4e:98:fc:19:9b:58:f0:dc:4d:5f:55:e0:
         54:70:ed:b2:36:7a:5f:97:d3:4c:9c:07:ac:da:fb:dc:91:4f:
         bc:ad:0a:b9:60:94:19:c1:b5:0e:27:58:d9:aa:ef:c7:d7:6d:
         42:d9:fc:14:be:28:74:67:66:0c:71:35:92:b3:4f:ac:63:8b:
         22:ce:80:19:3d:ae:67:86:f9:f1:8b:7b:a6:6e:91:0d:67:d0:
         09:ec:30:ea:c4:bb:5c:63:16:6c:99:9c:a5:bf:5d:f8:f2:79:
         4f:77:d7:1e:5e:7d:a9:eb:94:8d:07:ee:73:25:06:27:1a:a4:
         cf:74:b6:c5:7f:36:bb:58:28:00:5a:e7:c7:4c:2d:01:eb:eb:
         3b:33:27:33:b8:6d:4c:d8:68:56:63:74:cb:94:9a:18:62:ca:
         fc:14:b6:b6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF3ENoSEfxY7nkIQV7+SLZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjQwMTAxMTYyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDc2NDNkMjNlNzNmYzY1MDRlMjEyOTI4MWUzZDA5MmJiYTlkZDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBxiQujSqaYxTC4/RyxiEmYDRoCZ
wpAoU/RssiCnkR4hHh0ScN09wqHzr2tF7UYpYuuhpCbZMRO/D+9SnbzEEbIdyWZE
iR3IgxdodmFb8Z6ISUhb1G+MBohSWPnZRZN+F+pm8zE9U/S4aymfZmXdFGOGs6SM
IrUkpGQH+bDqz2Y3t/7wG6+24fGD+ekPPSShMHZ3lYK7i8DQYRum1248mg9WO4TC
A82sWuArLyKHlSenXJ2x8jV/0VrrAZvIyvucFuC2mFYuLQ3sTW8zeK/kHRAQ/ePj
UXxli7FEdWj+fzyn0OQQ2BNKZNPQ0rOzEvLaTBGmmZifjRkGBFa8C+GiqQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE12Q9I+c/xlBOISkoHj0JK7qd0QMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvVFhaRDBqNXpfR1VFNGhLU2dlUFFrcnVwM1JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPkyNAwQA
wr5FMA0GCSqGSIb3DQEBCwUAA4IBAQC9C+RCT58T9luMc04ELYhnP8SZHqawkjfm
ZKgpPc6BbliSY6/Q4BJAe9TCu1xGouUgx8kt33BYMfeCpbK52SkN3dHAXUK79Ekq
g/ULAhdzOyJ2feG47pIQK4IgYX13hppOmPwZm1jw3E1fVeBUcO2yNnpfl9NMnAes
2vvckU+8rQq5YJQZwbUOJ1jZqu/H121C2fwUvih0Z2YMcTWSs0+sY4sizoAZPa5n
hvnxi3umbpENZ9AJ7DDqxLtcYxZsmZylv1348nlPd9ceXn2p65SNB+5zJQYnGqTP
dLbFfza7WCgAWufHTC0B6+s7MyczuG1M2GhWY3TLlJoYYsr8FLa2
-----END CERTIFICATE-----