Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/67dd9a-37e1-4285-95da-f288d2097a30/1/TgiC2ylJxMdU3j10-zOONTUm03Y.roa
File:                     TgiC2ylJxMdU3j10-zOONTUm03Y.roa (raw, json)
Hash identifier:          6Sro1HgNUj4i0ofCHX+KNGR444cPZTykYPiE4cp4wV4=
Subject key identifier:   4E:08:82:DB:29:49:C4:C7:54:DE:3D:74:FB:33:8E:35:35:26:D3:76
Certificate issuer:       /CN=78ff9a330d53d621234a6d1498ce5a43303e9ef9
Certificate serial:       018CC42557617D12E8ECE6B020ED7DE1EEF6
Authority key identifier: 78:FF:9A:33:0D:53:D6:21:23:4A:6D:14:98:CE:5A:43:30:3E:9E:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eP-aMw1T1iEjSm0UmM5aQzA-nvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/67dd9a-37e1-4285-95da-f288d2097a30/1/TgiC2ylJxMdU3j10-zOONTUm03Y.roa
Signing time:             Mon 01 Jan 2024 08:30:30 +0000
ROA not before:           Mon 01 Jan 2024 08:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15987
IP address blocks:        193.29.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/67dd9a-37e1-4285-95da-f288d2097a30/1/eP-aMw1T1iEjSm0UmM5aQzA-nvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/67dd9a-37e1-4285-95da-f288d2097a30/1/eP-aMw1T1iEjSm0UmM5aQzA-nvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eP-aMw1T1iEjSm0UmM5aQzA-nvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 10:02:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:57:61:7d:12:e8:ec:e6:b0:20:ed:7d:e1:ee:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78ff9a330d53d621234a6d1498ce5a43303e9ef9
        Validity
            Not Before: Jan  1 08:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e0882db2949c4c754de3d74fb338e353526d376
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:ad:13:41:81:f6:55:5e:d6:aa:14:5f:44:6b:
                    6e:8e:b5:38:9e:c4:77:2c:42:50:27:20:93:5e:00:
                    47:52:aa:b5:0f:e3:c7:63:ec:23:32:d4:76:06:33:
                    72:e2:01:73:8d:77:1f:33:0b:d6:15:1c:f8:59:f1:
                    fd:0f:34:bb:e1:ec:ad:0a:64:31:5f:e8:66:bf:bc:
                    07:19:fd:e6:8a:3d:7a:97:b3:65:83:69:03:d9:cf:
                    fa:4c:7f:d8:2f:14:31:2a:f0:a1:34:56:9f:28:6a:
                    77:73:de:a0:64:c6:97:8f:3c:34:10:c7:6b:53:9b:
                    7f:78:a1:61:09:a0:5b:26:d5:ff:0f:c0:61:02:f7:
                    cd:0d:1e:81:c5:2e:19:65:8a:9f:59:5a:f3:f1:e2:
                    70:9f:42:54:0c:32:97:70:05:2a:0f:f2:e1:7f:45:
                    52:ec:8b:5b:ab:b4:59:2f:c0:d9:d6:b3:1e:ac:bf:
                    41:5d:60:a7:d3:b1:19:6f:1b:3a:7a:46:eb:f7:0c:
                    67:c7:9b:d2:a7:ea:8d:4a:80:b6:4d:2a:3b:f4:6e:
                    cf:73:0c:6b:58:e5:c2:a0:99:2e:90:79:3e:39:9e:
                    a2:6c:be:07:f5:52:b1:53:37:65:cf:6f:11:9d:47:
                    ca:10:fb:db:04:97:c0:90:bf:1f:ae:34:9b:be:7a:
                    8e:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:08:82:DB:29:49:C4:C7:54:DE:3D:74:FB:33:8E:35:35:26:D3:76
            X509v3 Authority Key Identifier:
                keyid:78:FF:9A:33:0D:53:D6:21:23:4A:6D:14:98:CE:5A:43:30:3E:9E:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eP-aMw1T1iEjSm0UmM5aQzA-nvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/67dd9a-37e1-4285-95da-f288d2097a30/1/TgiC2ylJxMdU3j10-zOONTUm03Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/67dd9a-37e1-4285-95da-f288d2097a30/1/eP-aMw1T1iEjSm0UmM5aQzA-nvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.29.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:01:ff:9a:58:7e:4a:d5:15:a8:52:ca:3a:4c:1c:a7:d5:fa:
         37:bd:d5:d2:fb:7a:5a:4e:35:5b:4e:09:c9:7c:8e:d0:62:e1:
         0b:19:0c:9f:8b:50:14:ee:20:59:a7:60:c4:cf:06:26:ff:ac:
         cf:65:5f:77:38:07:96:56:0a:94:32:97:2f:25:3b:dc:78:43:
         90:f0:da:75:cc:86:fd:0c:46:cd:f0:02:07:ba:95:ae:88:29:
         d9:7b:bb:a8:40:ba:14:bc:3c:6e:76:59:0b:7a:ca:43:8a:f4:
         35:1e:ab:94:54:02:13:9c:22:27:13:1c:2d:dd:25:8f:c9:e6:
         d9:8f:12:ca:08:65:be:4d:89:0b:0f:5b:85:f0:24:4a:18:17:
         5e:d1:13:1d:09:06:70:34:3e:a8:b5:56:fc:eb:24:41:a5:7c:
         c8:b0:0f:c3:32:93:63:b3:85:06:6f:19:6c:7d:41:3e:40:f4:
         28:78:47:0c:33:9b:33:47:d0:e8:60:bd:a1:bd:23:11:24:9b:
         f4:1c:e8:e0:5f:d1:e7:50:60:4f:7a:90:c8:4d:cf:a9:32:c6:
         7b:9c:16:07:52:80:4f:67:f8:e2:66:45:36:b1:82:1e:1b:c1:
         f3:fe:b5:f0:2f:af:99:df:01:31:20:77:f0:12:e9:08:65:ee:
         13:fc:e0:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJVdhfRLo7OawIO194e72MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4ZmY5YTMzMGQ1M2Q2MjEyMzRhNmQxNDk4Y2U1YTQzMzAz
ZTllZjkwHhcNMjQwMTAxMDgzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTA4ODJkYjI5NDljNGM3NTRkZTNkNzRmYjMzOGUzNTM1MjZkMzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp60TQYH2VV7WqhRfRGtujrU4nsR3
LEJQJyCTXgBHUqq1D+PHY+wjMtR2BjNy4gFzjXcfMwvWFRz4WfH9DzS74eytCmQx
X+hmv7wHGf3mij16l7Nlg2kD2c/6TH/YLxQxKvChNFafKGp3c96gZMaXjzw0EMdr
U5t/eKFhCaBbJtX/D8BhAvfNDR6BxS4ZZYqfWVrz8eJwn0JUDDKXcAUqD/Lhf0VS
7Itbq7RZL8DZ1rMerL9BXWCn07EZbxs6ekbr9wxnx5vSp+qNSoC2TSo79G7Pcwxr
WOXCoJkukHk+OZ6ibL4H9VKxUzdlz28RnUfKEPvbBJfAkL8frjSbvnqOkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE4IgtspScTHVN49dPszjjU1JtN2MB8GA1UdIwQY
MBaAFHj/mjMNU9YhI0ptFJjOWkMwPp75MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVAtYU13MVQxaUVqU20wVW1NNWFRekEtbnZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS82N2RkOWEtMzdlMS00Mjg1LTk1ZGEt
ZjI4OGQyMDk3YTMwLzEvVGdpQzJ5bEp4TWRVM2oxMC16T09OVFVtMDNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS82N2RkOWEtMzdlMS00Mjg1LTk1ZGEtZjI4OGQyMDk3YTMw
LzEvZVAtYU13MVQxaUVqU20wVW1NNWFRekEtbnZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR0ZMA0G
CSqGSIb3DQEBCwUAA4IBAQBWAf+aWH5K1RWoUso6TByn1fo3vdXS+3paTjVbTgnJ
fI7QYuELGQyfi1AU7iBZp2DEzwYm/6zPZV93OAeWVgqUMpcvJTvceEOQ8Np1zIb9
DEbN8AIHupWuiCnZe7uoQLoUvDxudlkLespDivQ1HquUVAITnCInExwt3SWPyebZ
jxLKCGW+TYkLD1uF8CRKGBde0RMdCQZwND6otVb86yRBpXzIsA/DMpNjs4UGbxls
fUE+QPQoeEcMM5szR9DoYL2hvSMRJJv0HOjgX9HnUGBPepDITc+pMsZ7nBYHUoBP
Z/jiZkU2sYIeG8Hz/rXwL6+Z3wExIHfwEukIZe4T/OCr
-----END CERTIFICATE-----