Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/226018-0e06-435e-abfd-f5ffee1720c1/1/TBCuh84jdZT7Fak3i7bMl6zr3g4.roa
File:                     TBCuh84jdZT7Fak3i7bMl6zr3g4.roa (raw, json)
Hash identifier:          6ycsXAV8UFBjYahB6C44vIDXpXCunNboB/4fgCfLFi4=
Subject key identifier:   4C:10:AE:87:CE:23:75:94:FB:15:A9:37:8B:B6:CC:97:AC:EB:DE:0E
Certificate issuer:       /CN=e50c44ae981e7492d3ba21e28472080180398d64
Certificate serial:       018CC42457EAD36009DA88759D40BB7773A0
Authority key identifier: E5:0C:44:AE:98:1E:74:92:D3:BA:21:E2:84:72:08:01:80:39:8D:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5QxErpgedJLTuiHihHIIAYA5jWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/226018-0e06-435e-abfd-f5ffee1720c1/1/TBCuh84jdZT7Fak3i7bMl6zr3g4.roa
Signing time:             Mon 01 Jan 2024 08:29:25 +0000
ROA not before:           Mon 01 Jan 2024 08:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39381
IP address blocks:        194.147.245.0/24 maxlen: 24
                          2001:67c:2fe0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/226018-0e06-435e-abfd-f5ffee1720c1/1/5QxErpgedJLTuiHihHIIAYA5jWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/226018-0e06-435e-abfd-f5ffee1720c1/1/5QxErpgedJLTuiHihHIIAYA5jWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5QxErpgedJLTuiHihHIIAYA5jWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:02:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:57:ea:d3:60:09:da:88:75:9d:40:bb:77:73:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e50c44ae981e7492d3ba21e28472080180398d64
        Validity
            Not Before: Jan  1 08:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c10ae87ce237594fb15a9378bb6cc97acebde0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:bd:1c:50:6e:65:47:47:4b:3b:8e:30:eb:0e:
                    e0:e6:45:72:ee:9d:59:1f:34:be:6f:e4:43:13:85:
                    2a:9e:75:7b:42:3d:3c:99:8f:a3:fa:50:2a:22:a8:
                    4c:9b:f6:a6:d6:e6:ad:e1:61:30:7f:bc:b0:16:f4:
                    86:f8:87:fd:ca:5d:84:19:43:b4:52:37:30:11:f9:
                    d1:ba:aa:41:37:1d:ef:40:81:bb:0c:f1:83:48:ba:
                    dd:ae:1a:f5:69:9b:7b:88:7b:fd:33:15:62:d6:6c:
                    11:6a:4e:f2:4c:21:f5:c5:2c:ac:03:bc:48:a4:39:
                    3a:05:6e:d3:7c:77:97:d4:02:29:bc:75:cc:cb:1d:
                    af:d5:6a:04:03:dd:ee:7b:83:6d:ae:af:1d:e6:73:
                    ab:3f:4e:2a:f2:5e:39:f8:86:3f:e4:ff:48:56:9d:
                    46:cc:2a:1b:87:96:8a:8f:f1:2c:48:bd:5b:8a:c5:
                    b9:a2:eb:3c:23:84:41:d6:e5:08:f2:bb:1f:74:ba:
                    7b:b1:4d:93:1b:d0:b9:d8:18:bd:60:b8:74:42:2b:
                    21:d5:ed:11:ae:e0:38:2c:56:e0:1d:ee:ed:89:cc:
                    b8:de:75:88:ca:e3:44:d8:27:99:49:28:97:82:91:
                    d2:4d:a4:aa:59:46:f9:dc:e3:dc:57:ec:87:83:39:
                    0f:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:10:AE:87:CE:23:75:94:FB:15:A9:37:8B:B6:CC:97:AC:EB:DE:0E
            X509v3 Authority Key Identifier:
                keyid:E5:0C:44:AE:98:1E:74:92:D3:BA:21:E2:84:72:08:01:80:39:8D:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5QxErpgedJLTuiHihHIIAYA5jWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/226018-0e06-435e-abfd-f5ffee1720c1/1/TBCuh84jdZT7Fak3i7bMl6zr3g4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/226018-0e06-435e-abfd-f5ffee1720c1/1/5QxErpgedJLTuiHihHIIAYA5jWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.245.0/24
                IPv6:
                  2001:67c:2fe0::/48

    Signature Algorithm: sha256WithRSAEncryption
         b6:45:e7:d0:a0:80:53:38:b6:26:ec:16:da:74:0f:d7:11:5f:
         9a:91:14:e6:58:aa:31:51:93:9d:93:39:de:ee:99:53:3d:74:
         12:1f:68:5a:14:05:5e:25:aa:08:ea:a2:96:31:b2:54:e6:6e:
         b4:8c:40:e3:c1:0f:e1:0a:35:4f:03:a1:25:59:8b:db:62:44:
         e1:bb:05:ee:4d:af:c5:9d:56:74:e5:0b:b4:fd:33:2e:b4:22:
         b2:a4:4c:93:37:1d:d7:aa:12:0b:0d:21:29:da:52:72:73:c8:
         24:8d:10:62:45:eb:ae:62:b5:24:5d:bb:33:09:aa:08:70:3c:
         25:f3:00:74:79:a7:65:bb:14:c6:64:18:1d:ab:2e:1f:26:30:
         9f:af:08:56:fc:de:fb:02:25:3c:45:a4:70:fd:81:eb:b8:9b:
         20:ef:96:c2:e6:0b:4d:c8:6d:46:f1:0f:0b:6d:48:bf:e2:37:
         87:b9:0c:7b:6a:2a:5d:1a:a3:7f:98:6c:1f:7b:1f:7c:91:3d:
         56:b3:cb:05:d3:c5:d5:6a:df:51:11:39:33:b0:93:9b:5e:1d:
         d0:ea:df:e7:24:8e:5b:9d:f6:7c:5f:70:aa:3e:15:d4:a8:cc:
         b3:c8:1f:2c:b3:11:1a:7a:a0:ef:62:22:c5:f5:45:51:02:89:
         9b:c4:fd:66
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEJFfq02AJ2oh1nUC7d3OgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1MGM0NGFlOTgxZTc0OTJkM2JhMjFlMjg0NzIwODAxODAz
OThkNjQwHhcNMjQwMTAxMDgyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzEwYWU4N2NlMjM3NTk0ZmIxNWE5Mzc4YmI2Y2M5N2FjZWJkZTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzb0cUG5lR0dLO44w6w7g5kVy7p1Z
HzS+b+RDE4UqnnV7Qj08mY+j+lAqIqhMm/am1uat4WEwf7ywFvSG+If9yl2EGUO0
UjcwEfnRuqpBNx3vQIG7DPGDSLrdrhr1aZt7iHv9MxVi1mwRak7yTCH1xSysA7xI
pDk6BW7TfHeX1AIpvHXMyx2v1WoEA93ue4Ntrq8d5nOrP04q8l45+IY/5P9IVp1G
zCobh5aKj/EsSL1bisW5ous8I4RB1uUI8rsfdLp7sU2TG9C52Bi9YLh0Qish1e0R
ruA4LFbgHe7ticy43nWIyuNE2CeZSSiXgpHSTaSqWUb53OPcV+yHgzkP3QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEwQrofOI3WU+xWpN4u2zJes694OMB8GA1UdIwQY
MBaAFOUMRK6YHnSS07oh4oRyCAGAOY1kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVF4RXJwZ2VkSkxUdWlIaWhISUlBWUE1aldRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy8yMjYwMTgtMGUwNi00MzVlLWFiZmQt
ZjVmZmVlMTcyMGMxLzEvVEJDdWg4NGpkWlQ3RmFrM2k3Yk1sNnpyM2c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy8yMjYwMTgtMGUwNi00MzVlLWFiZmQtZjVmZmVlMTcyMGMx
LzEvNVF4RXJwZ2VkSkxUdWlIaWhISUlBWUE1aldRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwpP1MA8E
AgACMAkDBwAgAQZ8L+AwDQYJKoZIhvcNAQELBQADggEBALZF59CggFM4tibsFtp0
D9cRX5qRFOZYqjFRk52TOd7umVM9dBIfaFoUBV4lqgjqopYxslTmbrSMQOPBD+EK
NU8DoSVZi9tiROG7Be5Nr8WdVnTlC7T9My60IrKkTJM3HdeqEgsNISnaUnJzyCSN
EGJF665itSRduzMJqghwPCXzAHR5p2W7FMZkGB2rLh8mMJ+vCFb83vsCJTxFpHD9
geu4myDvlsLmC03IbUbxDwttSL/iN4e5DHtqKl0ao3+YbB97H3yRPVazywXTxdVq
31EROTOwk5teHdDq3+ckjlud9nxfcKo+FdSozLPIHyyzERp6oO9iIsX1RVECiZvE
/WY=
-----END CERTIFICATE-----