Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/1caa79-b8c4-4d08-9bbe-386c1f8b0640/1/TTIx1EFo6szOBLESCShWETp5fAs.roa
File:                     TTIx1EFo6szOBLESCShWETp5fAs.roa (raw, json)
Hash identifier:          GNbm7535o++l5SXuoNXkKLMNVAExwrWjVOFeomQru40=
Subject key identifier:   4D:32:31:D4:41:68:EA:CC:CE:04:B1:12:09:28:56:11:3A:79:7C:0B
Certificate issuer:       /CN=8da824bc631ccee1ae99d7103afd2dc74f1e29c4
Certificate serial:       018CC3495B977320089332D6631ED436615C
Authority key identifier: 8D:A8:24:BC:63:1C:CE:E1:AE:99:D7:10:3A:FD:2D:C7:4F:1E:29:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jagkvGMczuGumdcQOv0tx08eKcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/1caa79-b8c4-4d08-9bbe-386c1f8b0640/1/TTIx1EFo6szOBLESCShWETp5fAs.roa
Signing time:             Mon 01 Jan 2024 04:30:13 +0000
ROA not before:           Mon 01 Jan 2024 04:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204437
IP address blocks:        192.33.88.0/24 maxlen: 24
                          2001:67c:2e40::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/1caa79-b8c4-4d08-9bbe-386c1f8b0640/1/jagkvGMczuGumdcQOv0tx08eKcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/1caa79-b8c4-4d08-9bbe-386c1f8b0640/1/jagkvGMczuGumdcQOv0tx08eKcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jagkvGMczuGumdcQOv0tx08eKcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:5b:97:73:20:08:93:32:d6:63:1e:d4:36:61:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8da824bc631ccee1ae99d7103afd2dc74f1e29c4
        Validity
            Not Before: Jan  1 04:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d3231d44168eaccce04b112092856113a797c0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:4b:fa:fc:6b:16:bb:96:c0:b0:a6:a8:9a:28:
                    88:2b:da:04:c1:54:7d:8d:9a:ff:76:11:08:72:60:
                    2e:c5:b7:33:e9:1b:47:b9:61:72:4f:89:c9:5c:ba:
                    b1:77:b4:00:52:65:65:fa:36:ae:c9:86:94:39:28:
                    70:ee:d5:1c:9d:74:6a:6d:ef:08:9c:9c:e6:78:a1:
                    62:4c:8c:58:0a:0b:f7:9a:99:2c:cb:92:b5:ac:91:
                    8d:16:2c:a5:b7:d3:dc:cb:91:73:f6:b3:7f:9e:36:
                    18:37:09:b5:3b:77:97:86:5f:d2:e3:38:9a:72:90:
                    e3:9a:7f:17:a2:b6:0e:92:cd:92:3f:7f:2c:f9:74:
                    2d:33:4c:60:31:5c:5e:39:f1:e8:8e:76:63:a8:da:
                    fd:aa:a7:17:64:e4:d4:cd:55:f5:96:2d:52:72:cc:
                    a1:ba:05:7a:7d:10:45:1e:0e:1a:85:4f:fd:84:e6:
                    26:30:63:35:b8:e8:c9:5d:ea:b5:af:0f:f4:b2:e7:
                    b2:a8:9e:9a:c3:70:46:bd:ca:6b:17:2f:6d:c7:59:
                    8a:d3:76:9d:1a:f7:26:8d:d0:54:7d:8c:f8:c8:32:
                    d7:66:40:2d:e7:64:7b:8a:b4:4c:64:61:89:7f:8f:
                    82:b7:ab:e5:cc:5e:b7:c2:5d:6c:ec:66:4f:ae:3e:
                    19:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:32:31:D4:41:68:EA:CC:CE:04:B1:12:09:28:56:11:3A:79:7C:0B
            X509v3 Authority Key Identifier:
                keyid:8D:A8:24:BC:63:1C:CE:E1:AE:99:D7:10:3A:FD:2D:C7:4F:1E:29:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jagkvGMczuGumdcQOv0tx08eKcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/1caa79-b8c4-4d08-9bbe-386c1f8b0640/1/TTIx1EFo6szOBLESCShWETp5fAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/1caa79-b8c4-4d08-9bbe-386c1f8b0640/1/jagkvGMczuGumdcQOv0tx08eKcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.33.88.0/24
                IPv6:
                  2001:67c:2e40::/48

    Signature Algorithm: sha256WithRSAEncryption
         a6:4a:67:ed:83:cd:e2:ff:4c:08:18:b9:df:e5:cc:4a:39:1b:
         76:3b:fc:73:e3:47:ba:87:0e:56:c1:f9:d3:bb:d4:28:4c:c5:
         da:15:45:01:0b:db:46:87:e6:5d:99:3a:41:31:49:65:34:9f:
         e6:cc:1e:90:4e:c1:7d:9d:8b:76:6d:a0:b6:4d:d4:90:b2:a1:
         a9:81:df:06:2a:d7:91:61:91:d8:07:53:1f:9a:de:78:0c:7d:
         cb:97:c2:33:d3:50:31:0b:7a:0a:5a:09:fa:30:d8:dd:a1:bf:
         3a:91:f8:00:31:b4:b1:22:6d:e4:0f:ec:18:3b:d0:ab:11:18:
         96:d1:d9:05:b3:b1:92:c6:25:63:b6:96:da:12:d3:a3:f9:b5:
         d3:bc:5b:97:34:a9:78:27:a7:31:e5:67:d2:7f:e0:8c:d0:de:
         2b:29:29:ec:56:fa:d2:c8:a2:81:54:52:ce:53:8d:cd:97:45:
         0a:0b:38:84:04:2c:66:94:52:5f:f3:59:ac:65:86:76:a6:a3:
         fa:73:3e:5e:e3:6f:5c:fa:1b:7a:6a:9f:9b:f4:8b:17:53:cb:
         5d:51:da:c0:f5:c6:a6:22:83:f7:d4:09:22:59:20:b5:b6:6d:
         1e:0f:37:03:d5:b8:79:cb:c1:41:7e:ed:d4:eb:b4:d7:74:45:
         ce:d1:3a:5e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzDSVuXcyAIkzLWYx7UNmFcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYTgyNGJjNjMxY2NlZTFhZTk5ZDcxMDNhZmQyZGM3NGYx
ZTI5YzQwHhcNMjQwMTAxMDQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDMyMzFkNDQxNjhlYWNjY2UwNGIxMTIwOTI4NTYxMTNhNzk3YzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgkv6/GsWu5bAsKaomiiIK9oEwVR9
jZr/dhEIcmAuxbcz6RtHuWFyT4nJXLqxd7QAUmVl+jauyYaUOShw7tUcnXRqbe8I
nJzmeKFiTIxYCgv3mpksy5K1rJGNFiylt9Pcy5Fz9rN/njYYNwm1O3eXhl/S4zia
cpDjmn8XorYOks2SP38s+XQtM0xgMVxeOfHojnZjqNr9qqcXZOTUzVX1li1Scsyh
ugV6fRBFHg4ahU/9hOYmMGM1uOjJXeq1rw/0sueyqJ6aw3BGvcprFy9tx1mK03ad
GvcmjdBUfYz4yDLXZkAt52R7irRMZGGJf4+Ct6vlzF63wl1s7GZPrj4Z1wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFE0yMdRBaOrMzgSxEgkoVhE6eXwLMB8GA1UdIwQY
MBaAFI2oJLxjHM7hrpnXEDr9LcdPHinEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamFna3ZHTWN6dUd1bWRjUU92MHR4MDhlS2NRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8xY2FhNzktYjhjNC00ZDA4LTliYmUt
Mzg2YzFmOGIwNjQwLzEvVFRJeDFFRm82c3pPQkxFU0NTaFdFVHA1ZkFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8xY2FhNzktYjhjNC00ZDA4LTliYmUtMzg2YzFmOGIwNjQw
LzEvamFna3ZHTWN6dUd1bWRjUU92MHR4MDhlS2NRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwCFYMA8E
AgACMAkDBwAgAQZ8LkAwDQYJKoZIhvcNAQELBQADggEBAKZKZ+2DzeL/TAgYud/l
zEo5G3Y7/HPjR7qHDlbB+dO71ChMxdoVRQEL20aH5l2ZOkExSWU0n+bMHpBOwX2d
i3ZtoLZN1JCyoamB3wYq15FhkdgHUx+a3ngMfcuXwjPTUDELegpaCfow2N2hvzqR
+AAxtLEibeQP7Bg70KsRGJbR2QWzsZLGJWO2ltoS06P5tdO8W5c0qXgnpzHlZ9J/
4IzQ3ispKexW+tLIooFUUs5Tjc2XRQoLOIQELGaUUl/zWaxlhnamo/pzPl7jb1z6
G3pqn5v0ixdTy11R2sD1xqYig/fUCSJZILW2bR4PNwPVuHnLwUF+7dTrtNd0Rc7R
Ol4=
-----END CERTIFICATE-----