Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/2c9b83-8cec-47a5-b40c-4a70b00e8556/1/Te4BPoAvU78FEtp8usJXrF4dj9k.roa
File:                     Te4BPoAvU78FEtp8usJXrF4dj9k.roa (raw, json)
Hash identifier:          C3/lY/KWQm9th5kL0p8EZgvVZflOwWAtxMkMuzFRvwQ=
Subject key identifier:   4D:EE:01:3E:80:2F:53:BF:05:12:DA:7C:BA:C2:57:AC:5E:1D:8F:D9
Certificate issuer:       /CN=3085a82d9ffde0a4c7f8f72e31c30a8f09a0f1d8
Certificate serial:       018CCA2A5E7D9DC87C90F8560872D342E615
Authority key identifier: 30:85:A8:2D:9F:FD:E0:A4:C7:F8:F7:2E:31:C3:0A:8F:09:A0:F1:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MIWoLZ_94KTH-PcuMcMKjwmg8dg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/2c9b83-8cec-47a5-b40c-4a70b00e8556/1/Te4BPoAvU78FEtp8usJXrF4dj9k.roa
Signing time:             Tue 02 Jan 2024 12:33:43 +0000
ROA not before:           Tue 02 Jan 2024 12:33:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213098
IP address blocks:        195.62.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/2c9b83-8cec-47a5-b40c-4a70b00e8556/1/MIWoLZ_94KTH-PcuMcMKjwmg8dg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/2c9b83-8cec-47a5-b40c-4a70b00e8556/1/MIWoLZ_94KTH-PcuMcMKjwmg8dg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MIWoLZ_94KTH-PcuMcMKjwmg8dg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:5e:7d:9d:c8:7c:90:f8:56:08:72:d3:42:e6:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3085a82d9ffde0a4c7f8f72e31c30a8f09a0f1d8
        Validity
            Not Before: Jan  2 12:33:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4dee013e802f53bf0512da7cbac257ac5e1d8fd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:c8:91:6a:69:06:67:14:65:6e:a4:27:6f:ac:
                    14:50:ca:ac:b9:fc:f4:fc:a1:42:a3:59:d1:d5:0a:
                    5e:8c:c1:93:b7:47:ad:4b:55:da:95:2f:77:46:27:
                    d1:0a:25:21:9b:4e:fb:96:4c:d2:13:26:6e:7a:d9:
                    c9:03:9d:ca:33:81:f5:c4:b4:a5:03:e7:bc:5a:59:
                    ac:85:d7:c2:14:49:4c:5b:16:1a:1b:fb:94:0f:12:
                    62:20:82:cc:72:58:ef:7f:0e:18:d1:bb:bd:c9:98:
                    2b:3c:3b:58:46:9e:2d:88:3f:83:d2:b3:19:71:a8:
                    a5:88:cc:31:9c:87:4b:5e:8e:55:78:f9:a2:44:a2:
                    e8:2a:6a:f6:4b:e6:0c:6d:bc:f4:aa:56:59:cd:9e:
                    0f:04:fb:e9:cc:d5:65:4a:1c:22:f6:0c:da:97:92:
                    a1:a8:19:4e:b1:4d:ba:89:83:b4:58:5b:ba:53:72:
                    9c:1a:82:b3:0f:d0:11:c1:9d:c5:5c:ba:3d:c4:30:
                    3b:ee:4e:20:f8:f4:d3:13:e1:9e:f1:ec:27:7b:d6:
                    13:4f:36:a3:dc:e6:e2:84:01:fe:5b:e7:9e:d1:72:
                    9e:54:1c:9e:fc:88:7c:48:c7:f5:31:ab:03:a3:ca:
                    c1:9a:c8:5d:68:eb:ba:71:02:3c:2a:4c:c6:de:e5:
                    6a:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:EE:01:3E:80:2F:53:BF:05:12:DA:7C:BA:C2:57:AC:5E:1D:8F:D9
            X509v3 Authority Key Identifier:
                keyid:30:85:A8:2D:9F:FD:E0:A4:C7:F8:F7:2E:31:C3:0A:8F:09:A0:F1:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MIWoLZ_94KTH-PcuMcMKjwmg8dg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/2c9b83-8cec-47a5-b40c-4a70b00e8556/1/Te4BPoAvU78FEtp8usJXrF4dj9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/2c9b83-8cec-47a5-b40c-4a70b00e8556/1/MIWoLZ_94KTH-PcuMcMKjwmg8dg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.62.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:25:73:04:11:b9:49:18:bf:6e:2e:af:e2:8f:41:93:d4:43:
         76:8e:9a:6b:ff:cb:b5:d2:1b:87:06:a9:cf:4f:7d:54:19:1f:
         41:1a:e6:72:58:01:74:62:27:03:b9:e1:af:d0:a8:98:46:0e:
         ec:79:b4:5f:52:0f:6c:90:fa:c4:1e:cc:b9:1a:e7:ac:9f:21:
         b8:d2:ec:18:14:91:2c:27:d3:8e:fd:b1:f6:c3:5f:bf:8d:73:
         91:43:e3:23:07:7d:86:a0:76:71:66:b2:64:8e:b4:00:93:cc:
         5c:ff:0e:7e:24:ff:77:2b:16:d9:f1:5b:e9:5f:c3:3f:58:58:
         d3:ba:ce:71:b3:f0:41:42:f7:99:4a:01:5a:36:b0:b0:a6:f2:
         36:a2:b2:8b:db:27:88:99:dd:18:e2:53:99:9f:c1:01:42:3e:
         32:cf:f2:2c:63:8b:ce:e3:00:48:85:13:f5:7b:06:ad:34:bc:
         31:0e:34:cb:39:17:b1:90:18:a0:a4:52:87:0e:fe:81:af:db:
         52:1a:7a:0c:a3:4c:f3:bd:68:2e:c4:09:54:f5:e2:61:21:9d:
         43:b6:96:7a:7a:98:fc:77:9b:31:3a:0b:b3:bb:a9:bf:16:3a:
         35:85:24:09:5f:1c:77:7c:7d:ef:02:83:f5:f2:13:61:4e:56:
         bc:6a:3e:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKl59nch8kPhWCHLTQuYVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwODVhODJkOWZmZGUwYTRjN2Y4ZjcyZTMxYzMwYThmMDlh
MGYxZDgwHhcNMjQwMTAyMTIzMzQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGVlMDEzZTgwMmY1M2JmMDUxMmRhN2NiYWMyNTdhYzVlMWQ4ZmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhsiRamkGZxRlbqQnb6wUUMqsufz0
/KFCo1nR1QpejMGTt0etS1XalS93RifRCiUhm077lkzSEyZuetnJA53KM4H1xLSl
A+e8WlmshdfCFElMWxYaG/uUDxJiIILMcljvfw4Y0bu9yZgrPDtYRp4tiD+D0rMZ
cailiMwxnIdLXo5VePmiRKLoKmr2S+YMbbz0qlZZzZ4PBPvpzNVlShwi9gzal5Kh
qBlOsU26iYO0WFu6U3KcGoKzD9ARwZ3FXLo9xDA77k4g+PTTE+Ge8ewne9YTTzaj
3ObihAH+W+ee0XKeVBye/Ih8SMf1MasDo8rBmshdaOu6cQI8KkzG3uVqZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE3uAT6AL1O/BRLafLrCV6xeHY/ZMB8GA1UdIwQY
MBaAFDCFqC2f/eCkx/j3LjHDCo8JoPHYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUlXb0xaXzk0S1RILVBjdU1jTUtqd21nOGRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS8yYzliODMtOGNlYy00N2E1LWI0MGMt
NGE3MGIwMGU4NTU2LzEvVGU0QlBvQXZVNzhGRXRwOHVzSlhyRjRkajlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS8yYzliODMtOGNlYy00N2E1LWI0MGMtNGE3MGIwMGU4NTU2
LzEvTUlXb0xaXzk0S1RILVBjdU1jTUtqd21nOGRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwz5YMA0G
CSqGSIb3DQEBCwUAA4IBAQBHJXMEEblJGL9uLq/ij0GT1EN2jppr/8u10huHBqnP
T31UGR9BGuZyWAF0YicDueGv0KiYRg7sebRfUg9skPrEHsy5GuesnyG40uwYFJEs
J9OO/bH2w1+/jXORQ+MjB32GoHZxZrJkjrQAk8xc/w5+JP93KxbZ8VvpX8M/WFjT
us5xs/BBQveZSgFaNrCwpvI2orKL2yeImd0Y4lOZn8EBQj4yz/IsY4vO4wBIhRP1
ewatNLwxDjTLORexkBigpFKHDv6Br9tSGnoMo0zzvWguxAlU9eJhIZ1DtpZ6epj8
d5sxOguzu6m/Fjo1hSQJXxx3fH3vAoP18hNhTla8aj5U
-----END CERTIFICATE-----