Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/34bb77-c847-4111-96f3-bdd5cc440396/1/TmGVbsIKUZ7lC_jUbdjb3JTwnhA.roa
File:                     TmGVbsIKUZ7lC_jUbdjb3JTwnhA.roa (raw, json)
Hash identifier:          W+ovxNBcbgJnXBJKWQ/0770JFqCgX4jdBI0xiCm5nPI=
Subject key identifier:   4E:61:95:6E:C2:0A:51:9E:E5:0B:F8:D4:6D:D8:DB:DC:94:F0:9E:10
Certificate issuer:       /CN=9b986fc646fda0cf145e10d93fe1b10eb0dee625
Certificate serial:       018CC94D324437C0B7D8C9DF12BBA1044431
Authority key identifier: 9B:98:6F:C6:46:FD:A0:CF:14:5E:10:D9:3F:E1:B1:0E:B0:DE:E6:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m5hvxkb9oM8UXhDZP-GxDrDe5iU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/34bb77-c847-4111-96f3-bdd5cc440396/1/TmGVbsIKUZ7lC_jUbdjb3JTwnhA.roa
Signing time:             Tue 02 Jan 2024 08:32:08 +0000
ROA not before:           Tue 02 Jan 2024 08:32:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57472
IP address blocks:        2a00:126f::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/34bb77-c847-4111-96f3-bdd5cc440396/1/m5hvxkb9oM8UXhDZP-GxDrDe5iU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/34bb77-c847-4111-96f3-bdd5cc440396/1/m5hvxkb9oM8UXhDZP-GxDrDe5iU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m5hvxkb9oM8UXhDZP-GxDrDe5iU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:32:44:37:c0:b7:d8:c9:df:12:bb:a1:04:44:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b986fc646fda0cf145e10d93fe1b10eb0dee625
        Validity
            Not Before: Jan  2 08:32:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e61956ec20a519ee50bf8d46dd8dbdc94f09e10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:8e:3f:17:f1:f4:c8:59:96:26:2c:f9:9d:4b:
                    3d:1c:30:3d:64:f9:c1:a1:af:d6:59:39:ae:b5:8d:
                    96:d0:15:80:56:ff:82:ad:05:fa:ce:15:f2:96:58:
                    04:1b:48:e0:fd:23:10:5e:3e:11:56:32:e0:4a:37:
                    fa:65:d5:ab:24:8f:8f:ee:24:59:da:64:e7:bd:b0:
                    2d:e6:f3:f4:c3:27:4d:9f:4f:8e:79:6e:62:6a:1d:
                    33:7c:d7:bf:d9:52:2a:cd:fd:dd:1f:dd:8d:0f:df:
                    05:db:9b:62:69:94:2b:ee:14:e7:ea:b1:5e:0d:cd:
                    76:fb:a4:27:f4:29:11:10:ac:da:11:14:04:3b:64:
                    4d:79:d7:41:52:3d:b1:98:e1:e7:65:8c:8d:f2:50:
                    22:c4:e6:50:c5:2b:ce:8f:49:25:e1:ef:0e:e9:9d:
                    f8:8f:92:8d:54:d7:57:2f:72:36:4f:fc:99:01:3b:
                    da:77:8d:ee:4a:a0:75:72:31:d6:0d:bb:a3:c6:33:
                    78:9f:b6:a1:9d:e5:c8:db:13:1c:86:00:8f:fb:96:
                    98:65:38:e1:04:e6:1e:c0:7c:f9:f9:55:47:d8:36:
                    db:00:3c:27:b0:2a:88:81:6d:db:b7:0e:8e:db:70:
                    98:1e:46:9c:f9:df:5c:47:87:f5:fa:1f:79:0f:a4:
                    c9:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:61:95:6E:C2:0A:51:9E:E5:0B:F8:D4:6D:D8:DB:DC:94:F0:9E:10
            X509v3 Authority Key Identifier:
                keyid:9B:98:6F:C6:46:FD:A0:CF:14:5E:10:D9:3F:E1:B1:0E:B0:DE:E6:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m5hvxkb9oM8UXhDZP-GxDrDe5iU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/34bb77-c847-4111-96f3-bdd5cc440396/1/TmGVbsIKUZ7lC_jUbdjb3JTwnhA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/34bb77-c847-4111-96f3-bdd5cc440396/1/m5hvxkb9oM8UXhDZP-GxDrDe5iU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:126f::/32

    Signature Algorithm: sha256WithRSAEncryption
         7e:be:32:dc:d5:76:86:50:a3:ee:ee:65:be:2c:a1:ef:55:5c:
         f6:c6:89:ca:20:f5:57:6b:b5:4d:50:fd:9a:04:e6:c5:3e:b5:
         e1:6c:03:d9:ba:7c:f4:83:f6:25:6b:95:85:0f:78:3c:ac:45:
         bc:12:88:df:0f:0a:e4:4a:f6:2c:71:89:18:19:7d:71:bc:9e:
         b7:6d:22:80:34:15:31:aa:f0:83:b5:69:d4:88:7f:85:4f:33:
         96:4c:37:4a:c8:cb:fd:fd:23:25:a1:ea:b9:22:51:e5:79:66:
         7e:b6:bb:35:d0:9c:e5:1d:d7:5b:a5:5e:c6:51:e2:84:30:7e:
         79:34:74:14:0c:b1:17:e3:12:87:1b:dd:0b:11:c6:75:eb:eb:
         a9:16:85:01:02:aa:57:fc:50:e4:d3:7f:bd:09:c2:9a:ae:dc:
         43:c3:d6:82:e5:a9:12:33:2d:83:61:f1:34:02:9c:9f:4d:6b:
         12:e7:ca:ac:d9:a9:c6:12:73:bb:3d:5d:99:60:09:7e:cd:8f:
         ff:43:83:cd:f5:ec:ca:a8:de:95:85:3a:a3:86:bd:fb:ae:4c:
         57:98:9c:3f:d8:b8:fd:72:03:61:f3:60:1d:45:ff:31:49:7a:
         ac:c8:16:17:12:43:f9:6b:de:db:14:6c:fc:ad:82:a2:e9:28:
         33:91:db:43
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJTTJEN8C32MnfEruhBEQxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliOTg2ZmM2NDZmZGEwY2YxNDVlMTBkOTNmZTFiMTBlYjBk
ZWU2MjUwHhcNMjQwMTAyMDgzMjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTYxOTU2ZWMyMGE1MTllZTUwYmY4ZDQ2ZGQ4ZGJkYzk0ZjA5ZTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlY4/F/H0yFmWJiz5nUs9HDA9ZPnB
oa/WWTmutY2W0BWAVv+CrQX6zhXyllgEG0jg/SMQXj4RVjLgSjf6ZdWrJI+P7iRZ
2mTnvbAt5vP0wydNn0+OeW5iah0zfNe/2VIqzf3dH92ND98F25tiaZQr7hTn6rFe
Dc12+6Qn9CkREKzaERQEO2RNeddBUj2xmOHnZYyN8lAixOZQxSvOj0kl4e8O6Z34
j5KNVNdXL3I2T/yZATvad43uSqB1cjHWDbujxjN4n7ahneXI2xMchgCP+5aYZTjh
BOYewHz5+VVH2DbbADwnsCqIgW3btw6O23CYHkac+d9cR4f1+h95D6TJ1QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFE5hlW7CClGe5Qv41G3Y29yU8J4QMB8GA1UdIwQY
MBaAFJuYb8ZG/aDPFF4Q2T/hsQ6w3uYlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTVodnhrYjlvTThVWGhEWlAtR3hEckRlNWlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS8zNGJiNzctYzg0Ny00MTExLTk2ZjMt
YmRkNWNjNDQwMzk2LzEvVG1HVmJzSUtVWjdsQ19qVWJkamIzSlR3bmhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS8zNGJiNzctYzg0Ny00MTExLTk2ZjMtYmRkNWNjNDQwMzk2
LzEvbTVodnhrYjlvTThVWGhEWlAtR3hEckRlNWlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgASbzAN
BgkqhkiG9w0BAQsFAAOCAQEAfr4y3NV2hlCj7u5lviyh71Vc9saJyiD1V2u1TVD9
mgTmxT614WwD2bp89IP2JWuVhQ94PKxFvBKI3w8K5Er2LHGJGBl9cbyet20igDQV
Marwg7Vp1Ih/hU8zlkw3SsjL/f0jJaHquSJR5Xlmfra7NdCc5R3XW6VexlHihDB+
eTR0FAyxF+MShxvdCxHGdevrqRaFAQKqV/xQ5NN/vQnCmq7cQ8PWguWpEjMtg2Hx
NAKcn01rEufKrNmpxhJzuz1dmWAJfs2P/0ODzfXsyqjelYU6o4a9+65MV5icP9i4
/XIDYfNgHUX/MUl6rMgWFxJD+Wve2xRs/K2CoukoM5HbQw==
-----END CERTIFICATE-----