Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/ac51b2-ad16-4529-8f82-453d37b4921c/1/TNG5Q0y_74_F5flP2babcWPgCD8.roa
File:                     TNG5Q0y_74_F5flP2babcWPgCD8.roa (raw, json)
Hash identifier:          5/2i/8hPCzysfpQPAtelbtv0N4zp779gPAO6Eyh/UFI=
Subject key identifier:   4C:D1:B9:43:4C:BF:EF:8F:C5:E5:F9:4F:D9:B6:9B:71:63:E0:08:3F
Certificate issuer:       /CN=fef7fd5710ae5a473e158dc3fd6c8f17efa3e55b
Certificate serial:       018CCA99CB4B62BC53D71627BB3B1AC356DB
Authority key identifier: FE:F7:FD:57:10:AE:5A:47:3E:15:8D:C3:FD:6C:8F:17:EF:A3:E5:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_vf9VxCuWkc-FY3D_WyPF--j5Vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/ac51b2-ad16-4529-8f82-453d37b4921c/1/TNG5Q0y_74_F5flP2babcWPgCD8.roa
Signing time:             Tue 02 Jan 2024 14:35:25 +0000
ROA not before:           Tue 02 Jan 2024 14:35:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210671
IP address blocks:        85.92.119.0/24 maxlen: 24
                          194.48.211.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/ac51b2-ad16-4529-8f82-453d37b4921c/1/_vf9VxCuWkc-FY3D_WyPF--j5Vs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/ac51b2-ad16-4529-8f82-453d37b4921c/1/_vf9VxCuWkc-FY3D_WyPF--j5Vs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_vf9VxCuWkc-FY3D_WyPF--j5Vs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:cb:4b:62:bc:53:d7:16:27:bb:3b:1a:c3:56:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fef7fd5710ae5a473e158dc3fd6c8f17efa3e55b
        Validity
            Not Before: Jan  2 14:35:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4cd1b9434cbfef8fc5e5f94fd9b69b7163e0083f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:95:ee:70:07:7f:cb:b1:c6:fe:3a:ed:0c:41:
                    05:5a:db:3d:d1:9d:79:3c:f5:09:83:be:f5:4b:fa:
                    9b:aa:ee:07:f2:3e:da:a4:90:6e:9d:12:1d:a9:69:
                    98:f0:79:60:bd:21:f5:3f:9e:98:d8:6b:6f:27:5b:
                    00:c5:6d:b0:ad:0f:dc:e3:0c:37:20:dc:6f:4f:24:
                    4f:d4:35:53:aa:38:77:64:da:8e:01:ff:c4:4d:5c:
                    a4:c5:5c:e0:7c:32:ca:af:4a:80:5b:9f:ce:54:9a:
                    3a:57:9e:10:22:48:aa:89:af:63:2e:25:be:3f:6d:
                    a7:67:8b:24:46:9c:1a:b2:ef:9d:f6:4f:0d:fe:4d:
                    71:4d:95:18:56:bb:ee:74:9d:87:a8:49:0c:10:5f:
                    ca:c8:9b:95:c4:69:e7:9b:5a:cb:48:02:ac:2b:d8:
                    b1:7f:d3:d1:f7:50:bc:84:d8:33:b8:ef:d9:85:b7:
                    65:53:6d:2f:be:40:da:41:54:e2:87:49:ab:c4:02:
                    f0:47:2a:17:59:c0:05:b1:37:d5:bd:ae:46:37:8a:
                    d6:2f:6a:1d:b6:62:b1:93:1a:aa:a5:af:d4:36:0f:
                    97:02:5d:bf:7a:5e:45:eb:a9:3d:78:9e:2c:69:bd:
                    21:bf:69:b8:db:81:8d:59:01:e2:29:7c:53:f6:a9:
                    d1:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:D1:B9:43:4C:BF:EF:8F:C5:E5:F9:4F:D9:B6:9B:71:63:E0:08:3F
            X509v3 Authority Key Identifier:
                keyid:FE:F7:FD:57:10:AE:5A:47:3E:15:8D:C3:FD:6C:8F:17:EF:A3:E5:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_vf9VxCuWkc-FY3D_WyPF--j5Vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/ac51b2-ad16-4529-8f82-453d37b4921c/1/TNG5Q0y_74_F5flP2babcWPgCD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/ac51b2-ad16-4529-8f82-453d37b4921c/1/_vf9VxCuWkc-FY3D_WyPF--j5Vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.92.119.0/24
                  194.48.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:fc:85:a5:56:b0:81:c4:45:39:f5:11:f3:2b:b0:61:1c:78:
         c9:78:eb:28:9e:a1:dd:a2:ca:fc:72:20:9f:39:d5:d1:77:ae:
         d9:0b:47:c6:d5:7a:61:14:17:2b:69:da:10:53:84:dd:7c:28:
         bf:a7:95:39:e7:e4:40:f0:c7:b6:93:d1:69:e0:f6:4b:71:88:
         73:77:c5:e8:43:64:8d:a9:a9:6c:c6:7c:d4:df:bf:ec:a0:9e:
         90:27:03:35:09:7f:79:d4:14:45:fd:be:22:f9:c0:96:93:b8:
         26:1c:52:6f:17:eb:dd:b0:5d:98:dd:70:22:60:ce:89:a4:ce:
         1a:b9:33:8a:b0:e8:6c:64:e1:4e:dc:5b:2b:02:8b:a2:e4:60:
         0c:9b:c8:b9:55:d8:8d:3d:31:bc:97:6a:ba:b0:c7:1c:fe:cb:
         60:12:3d:83:93:e0:25:ac:c8:57:0e:69:d4:bf:ea:5b:03:5b:
         14:52:41:aa:d5:a1:4a:37:15:f1:00:26:e4:de:9d:84:ad:49:
         54:f5:e4:7c:cd:61:61:a4:91:28:ab:40:02:e3:57:25:76:4e:
         a1:94:06:50:0c:00:9a:66:eb:1f:5f:d0:fe:7f:06:35:4c:a0:
         5d:ea:8b:90:e5:18:9b:7b:27:ce:51:36:a9:91:bb:bd:82:b7:
         69:4b:8e:07
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKmctLYrxT1xYnuzsaw1bbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlZjdmZDU3MTBhZTVhNDczZTE1OGRjM2ZkNmM4ZjE3ZWZh
M2U1NWIwHhcNMjQwMTAyMTQzNTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2QxYjk0MzRjYmZlZjhmYzVlNWY5NGZkOWI2OWI3MTYzZTAwODNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJXucAd/y7HG/jrtDEEFWts90Z15
PPUJg771S/qbqu4H8j7apJBunRIdqWmY8HlgvSH1P56Y2GtvJ1sAxW2wrQ/c4ww3
INxvTyRP1DVTqjh3ZNqOAf/ETVykxVzgfDLKr0qAW5/OVJo6V54QIkiqia9jLiW+
P22nZ4skRpwasu+d9k8N/k1xTZUYVrvudJ2HqEkMEF/KyJuVxGnnm1rLSAKsK9ix
f9PR91C8hNgzuO/ZhbdlU20vvkDaQVTih0mrxALwRyoXWcAFsTfVva5GN4rWL2od
tmKxkxqqpa/UNg+XAl2/el5F66k9eJ4sab0hv2m424GNWQHiKXxT9qnRNQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEzRuUNMv++PxeX5T9m2m3Fj4Ag/MB8GA1UdIwQY
MBaAFP73/VcQrlpHPhWNw/1sjxfvo+VbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3ZmOVZ4Q3VXa2MtRlkzRF9XeVBGLS1qNVZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9hYzUxYjItYWQxNi00NTI5LThmODIt
NDUzZDM3YjQ5MjFjLzEvVE5HNVEweV83NF9GNWZsUDJiYWJjV1BnQ0Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9hYzUxYjItYWQxNi00NTI5LThmODItNDUzZDM3YjQ5MjFj
LzEvX3ZmOVZ4Q3VXa2MtRlkzRF9XeVBGLS1qNVZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVVx3AwQA
wjDTMA0GCSqGSIb3DQEBCwUAA4IBAQBZ/IWlVrCBxEU59RHzK7BhHHjJeOsonqHd
osr8ciCfOdXRd67ZC0fG1XphFBcradoQU4TdfCi/p5U55+RA8Me2k9Fp4PZLcYhz
d8XoQ2SNqalsxnzU37/soJ6QJwM1CX951BRF/b4i+cCWk7gmHFJvF+vdsF2Y3XAi
YM6JpM4auTOKsOhsZOFO3FsrAoui5GAMm8i5VdiNPTG8l2q6sMcc/stgEj2Dk+Al
rMhXDmnUv+pbA1sUUkGq1aFKNxXxACbk3p2ErUlU9eR8zWFhpJEoq0AC41cldk6h
lAZQDACaZusfX9D+fwY1TKBd6ouQ5RibeyfOUTapkbu9grdpS44H
-----END CERTIFICATE-----