Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/TTKPJTYmt2cb4vrRMrCdEj2nomM.roa
File:                     TTKPJTYmt2cb4vrRMrCdEj2nomM.roa (raw, json)
Hash identifier:          2hm4SUs9bM4xKwfQaya5g33MsaKnVuAPLMr6R+vB7FY=
Subject key identifier:   4D:32:8F:25:36:26:B7:67:1B:E2:FA:D1:32:B0:9D:12:3D:A7:A2:63
Certificate issuer:       /CN=c42708df93954aac601aef1835bd5d69245fb02f
Certificate serial:       018FE3362649BA31BA41B0E823F35586D7DC
Authority key identifier: C4:27:08:DF:93:95:4A:AC:60:1A:EF:18:35:BD:5D:69:24:5F:B0:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xCcI35OVSqxgGu8YNb1daSRfsC8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/TTKPJTYmt2cb4vrRMrCdEj2nomM.roa
Signing time:             Tue 04 Jun 2024 12:25:27 +0000
ROA not before:           Tue 04 Jun 2024 12:25:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47692
IP address blocks:        91.151.16.0/22 maxlen: 22
                          185.51.8.0/22 maxlen: 24
                          185.211.60.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/xCcI35OVSqxgGu8YNb1daSRfsC8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/xCcI35OVSqxgGu8YNb1daSRfsC8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xCcI35OVSqxgGu8YNb1daSRfsC8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 01:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e3:36:26:49:ba:31:ba:41:b0:e8:23:f3:55:86:d7:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c42708df93954aac601aef1835bd5d69245fb02f
        Validity
            Not Before: Jun  4 12:25:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d328f253626b7671be2fad132b09d123da7a263
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:79:d5:47:6b:8b:32:39:69:9a:46:3c:0f:81:
                    c1:f5:0b:ce:61:b3:92:2b:ce:60:8f:38:9f:c3:69:
                    ac:0b:ce:35:84:ea:f5:c0:17:d7:b4:b9:ae:9c:02:
                    16:3d:62:e6:bb:f9:fa:82:44:9e:96:46:ae:29:3f:
                    a0:7f:cf:a9:af:6a:5c:bf:7e:1e:4c:fe:ce:58:db:
                    be:b4:38:1d:7f:5a:c6:2c:4a:18:46:55:d4:a3:60:
                    26:85:3a:fe:7e:71:1f:f8:a6:f9:1b:e3:77:66:a4:
                    34:ab:58:63:27:7e:5a:2f:f2:89:54:32:18:01:ad:
                    d7:c7:c5:80:b2:b2:f8:50:0b:0a:83:c7:d7:05:cb:
                    a0:c7:85:9d:8d:69:b9:2b:e0:2c:cc:1e:c0:e7:02:
                    56:2b:8b:53:ea:45:1f:26:ab:9a:e3:e3:92:be:7f:
                    f8:3d:7d:48:0a:06:ed:53:e6:06:f5:75:a9:bd:c9:
                    dc:82:f2:8c:db:31:af:16:1d:86:dd:5a:4f:91:51:
                    4c:bc:c0:fe:59:67:10:11:a7:ce:95:93:44:e1:27:
                    d1:f2:17:70:0e:38:78:68:0b:a8:a5:6e:39:e9:4b:
                    4e:33:12:9c:01:56:db:73:6a:13:79:e5:01:e0:12:
                    6d:a5:1b:99:01:77:51:12:3a:84:7a:39:48:54:23:
                    50:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:32:8F:25:36:26:B7:67:1B:E2:FA:D1:32:B0:9D:12:3D:A7:A2:63
            X509v3 Authority Key Identifier:
                keyid:C4:27:08:DF:93:95:4A:AC:60:1A:EF:18:35:BD:5D:69:24:5F:B0:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xCcI35OVSqxgGu8YNb1daSRfsC8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/TTKPJTYmt2cb4vrRMrCdEj2nomM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/xCcI35OVSqxgGu8YNb1daSRfsC8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.151.16.0/22
                  185.51.8.0/22
                  185.211.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         14:49:78:82:34:6a:87:d1:25:5b:79:19:48:7b:36:e9:fc:fa:
         d7:1b:70:55:b2:9f:22:12:44:6e:ef:a6:37:59:d4:02:6a:b4:
         52:af:a6:f4:bb:da:17:de:05:b4:cc:93:4b:39:bb:93:d2:43:
         1f:ee:cb:a3:d1:a3:0f:f5:67:f2:3b:e2:25:ff:16:6e:f3:dc:
         90:e4:70:4d:85:3e:3a:d2:d8:8e:0a:c1:35:d5:d7:f2:7f:a2:
         62:36:44:e9:15:4a:2b:2c:ab:e0:b0:ba:97:84:92:18:00:94:
         dd:b6:d8:11:ac:02:4b:48:6d:33:f2:ce:e3:21:d0:c1:8c:25:
         9e:11:c4:4c:23:d8:ec:ed:e5:d4:90:07:79:0a:7b:27:b5:07:
         55:b8:40:ec:49:11:e3:07:cd:79:b7:b0:76:69:7d:df:ea:5b:
         63:11:09:79:53:46:a6:12:96:a8:fb:f2:4a:bd:80:47:39:a9:
         92:d6:92:31:69:04:2b:18:86:c5:c8:9f:5e:5f:79:77:70:1a:
         4e:69:f5:0f:0e:8d:78:cb:e2:c9:6a:71:a5:8f:4b:4f:62:aa:
         ef:aa:18:74:32:cf:d1:b5:3d:f9:68:b6:61:c1:f7:eb:52:0f:
         ad:d1:38:71:b7:3f:44:95:84:01:e1:e7:ca:1c:4f:9b:f9:b3:
         ae:d0:d5:64
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY/jNiZJujG6QbDoI/NVhtfcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0MjcwOGRmOTM5NTRhYWM2MDFhZWYxODM1YmQ1ZDY5MjQ1
ZmIwMmYwHhcNMjQwNjA0MTIyNTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDMyOGYyNTM2MjZiNzY3MWJlMmZhZDEzMmIwOWQxMjNkYTdhMjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynnVR2uLMjlpmkY8D4HB9QvOYbOS
K85gjzifw2msC841hOr1wBfXtLmunAIWPWLmu/n6gkSelkauKT+gf8+pr2pcv34e
TP7OWNu+tDgdf1rGLEoYRlXUo2AmhTr+fnEf+Kb5G+N3ZqQ0q1hjJ35aL/KJVDIY
Aa3Xx8WAsrL4UAsKg8fXBcugx4WdjWm5K+AszB7A5wJWK4tT6kUfJqua4+OSvn/4
PX1ICgbtU+YG9XWpvcncgvKM2zGvFh2G3VpPkVFMvMD+WWcQEafOlZNE4SfR8hdw
Djh4aAuopW456UtOMxKcAVbbc2oTeeUB4BJtpRuZAXdREjqEejlIVCNQEwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFE0yjyU2JrdnG+L60TKwnRI9p6JjMB8GA1UdIwQY
MBaAFMQnCN+TlUqsYBrvGDW9XWkkX7AvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveENjSTM1T1ZTcXhnR3U4WU5iMWRhU1Jmc0M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9mNjE3YTUtMzI0MC00OGM0LWI3MTYt
NzQxYzFkOGRlYTJiLzEvVFRLUEpUWW10MmNiNHZyUk1yQ2RFajJub21NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9mNjE3YTUtMzI0MC00OGM0LWI3MTYtNzQxYzFkOGRlYTJi
LzEveENjSTM1T1ZTcXhnR3U4WU5iMWRhU1Jmc0M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCW5cQAwQC
uTMIAwQCudM8MA0GCSqGSIb3DQEBCwUAA4IBAQAUSXiCNGqH0SVbeRlIezbp/PrX
G3BVsp8iEkRu76Y3WdQCarRSr6b0u9oX3gW0zJNLObuT0kMf7suj0aMP9WfyO+Il
/xZu89yQ5HBNhT460tiOCsE11dfyf6JiNkTpFUorLKvgsLqXhJIYAJTdttgRrAJL
SG0z8s7jIdDBjCWeEcRMI9js7eXUkAd5CnsntQdVuEDsSRHjB815t7B2aX3f6ltj
EQl5U0amEpao+/JKvYBHOamS1pIxaQQrGIbFyJ9eX3l3cBpOafUPDo14y+LJanGl
j0tPYqrvqhh0Ms/RtT35aLZhwffrUg+t0Thxtz9ElYQB4efKHE+b+bOu0NVk
-----END CERTIFICATE-----