Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/TbZG9FVvZgSOA4u8X5kSqr6YGf8.roa
File:                     TbZG9FVvZgSOA4u8X5kSqr6YGf8.roa (raw, json)
Hash identifier:          kKwQFTtkntZcMdyk1spSdjgWVtu/GrwxFfNi9dvgXkg=
Subject key identifier:   4D:B6:46:F4:55:6F:66:04:8E:03:8B:BC:5F:99:12:AA:BE:98:19:FF
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0191D0FCF018F2D6FD79466515BCA27451BB
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/TbZG9FVvZgSOA4u8X5kSqr6YGf8.roa
Signing time:             Sun 08 Sep 2024 09:35:23 +0000
ROA not before:           Sun 08 Sep 2024 09:35:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49581
IP address blocks:        141.98.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:d0:fc:f0:18:f2:d6:fd:79:46:65:15:bc:a2:74:51:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Sep  8 09:35:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4db646f4556f66048e038bbc5f9912aabe9819ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:20:27:8e:ef:32:35:7a:e3:67:7c:3d:92:96:
                    2c:9e:a7:5b:b5:0f:95:ad:00:82:e9:f1:db:37:b6:
                    ab:09:60:0e:9c:3a:75:0a:4b:ba:c9:d0:42:3b:49:
                    15:b6:26:aa:6b:4e:37:1b:c2:2a:90:a6:ca:50:3d:
                    5a:4c:d6:9f:4c:17:d8:86:47:7e:7c:1d:ba:d2:05:
                    5e:f1:fa:33:94:7d:a9:96:10:02:df:ad:46:f1:2a:
                    d2:72:ea:96:69:81:40:e5:ac:1c:ab:cc:a6:71:84:
                    26:2a:68:79:29:0e:8a:d3:85:7a:09:69:1c:c7:61:
                    7f:2d:af:15:13:ff:7b:d4:4e:80:fd:e9:30:d8:51:
                    39:17:6a:4c:dd:d3:53:be:56:6a:e5:f8:79:cc:7f:
                    42:b5:81:9f:5b:b6:78:be:94:6c:e6:83:52:33:c2:
                    25:2e:9d:76:a2:ed:ac:e5:e5:e9:ab:2e:12:5d:16:
                    7d:11:24:2e:45:d3:84:5a:a6:3b:dc:1a:8a:8f:a8:
                    3a:07:5d:17:47:12:34:3a:84:27:78:f2:10:52:68:
                    b6:6f:32:f5:ac:03:3b:c9:29:8f:e0:9a:0b:dd:6e:
                    33:34:f3:03:66:28:13:d2:01:c1:5c:f1:ab:f8:80:
                    3e:88:9b:11:d9:06:2e:aa:22:4b:b9:5a:b0:3f:66:
                    88:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:B6:46:F4:55:6F:66:04:8E:03:8B:BC:5F:99:12:AA:BE:98:19:FF
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/TbZG9FVvZgSOA4u8X5kSqr6YGf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:3c:49:f2:02:21:58:cc:c2:16:e0:a8:ab:b2:39:56:cb:79:
         1f:b3:25:f0:85:8a:01:59:60:21:26:3d:02:04:08:ff:68:7f:
         c7:5d:ee:89:1a:e2:93:54:62:9c:a3:0f:5a:4c:f7:77:fa:e9:
         4c:8a:8b:17:54:a8:78:01:3a:f2:3f:84:89:86:46:9f:7c:fd:
         a1:fd:bb:9b:2d:fe:14:d6:0e:98:09:bf:7f:e8:7b:10:79:a5:
         de:bb:14:16:97:f3:a5:46:ec:fa:c9:76:39:a8:2a:54:17:f6:
         21:4d:66:4d:0d:ab:13:8a:1e:4e:1b:01:c7:2b:88:90:cc:f4:
         ef:85:43:f4:4b:bf:f6:45:d0:c3:10:b9:51:67:d0:49:86:cb:
         9d:a4:e5:4f:67:59:9e:67:fe:ee:92:16:e2:f2:5f:c9:25:40:
         ca:98:77:a3:44:01:aa:a3:5d:fe:78:06:b4:e1:59:30:5c:3f:
         2f:37:15:9c:a1:36:42:40:2d:8f:0f:5d:f0:b6:f9:65:a9:68:
         ad:16:cb:57:82:0d:46:0d:37:5b:9b:ab:a5:e8:ed:e3:36:47:
         9b:19:3a:60:aa:80:f6:65:d0:6e:c9:03:a6:05:74:da:fe:34:
         b1:eb:f3:33:c6:c0:ce:d9:16:9e:2c:e6:79:82:d3:fb:53:7a:
         84:7e:2b:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHQ/PAY8tb9eUZlFbyidFG7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwOTA4MDkzNTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGI2NDZmNDU1NmY2NjA0OGUwMzhiYmM1Zjk5MTJhYWJlOTgxOWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5yAnju8yNXrjZ3w9kpYsnqdbtQ+V
rQCC6fHbN7arCWAOnDp1Cku6ydBCO0kVtiaqa043G8IqkKbKUD1aTNafTBfYhkd+
fB260gVe8fozlH2plhAC361G8SrScuqWaYFA5awcq8ymcYQmKmh5KQ6K04V6CWkc
x2F/La8VE/971E6A/ekw2FE5F2pM3dNTvlZq5fh5zH9CtYGfW7Z4vpRs5oNSM8Il
Lp12ou2s5eXpqy4SXRZ9ESQuRdOEWqY73BqKj6g6B10XRxI0OoQnePIQUmi2bzL1
rAM7ySmP4JoL3W4zNPMDZigT0gHBXPGr+IA+iJsR2QYuqiJLuVqwP2aILQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE22RvRVb2YEjgOLvF+ZEqq+mBn/MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVGJaRzlGVnZaZ1NPQTR1OFg1a1NxcjZZR2Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWIHMA0G
CSqGSIb3DQEBCwUAA4IBAQAVPEnyAiFYzMIW4KirsjlWy3kfsyXwhYoBWWAhJj0C
BAj/aH/HXe6JGuKTVGKcow9aTPd3+ulMiosXVKh4ATryP4SJhkaffP2h/bubLf4U
1g6YCb9/6HsQeaXeuxQWl/OlRuz6yXY5qCpUF/YhTWZNDasTih5OGwHHK4iQzPTv
hUP0S7/2RdDDELlRZ9BJhsudpOVPZ1meZ/7ukhbi8l/JJUDKmHejRAGqo13+eAa0
4VkwXD8vNxWcoTZCQC2PD13wtvllqWitFstXgg1GDTdbm6ul6O3jNkebGTpgqoD2
ZdBuyQOmBXTa/jSx6/MzxsDO2RaeLOZ5gtP7U3qEfivr
-----END CERTIFICATE-----