Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/d030ef-92cb-4cc5-86c8-decb92d1a523/1/TTckRwLzQZOTCqT0wZgtvS_B70c.roa
File:                     TTckRwLzQZOTCqT0wZgtvS_B70c.roa (raw, json)
Hash identifier:          jtT4CKRdNtdJLcI2px4dzsvm7OZgjjPtK1s7mvGEvBM=
Subject key identifier:   4D:37:24:47:02:F3:41:93:93:0A:A4:F4:C1:98:2D:BD:2F:C1:EF:47
Certificate issuer:       /CN=d634007414cff16cdcf3a3aa22a96677f8be2b68
Certificate serial:       018CC9BC941D10FF114F8BD4AC70F4A7657D
Authority key identifier: D6:34:00:74:14:CF:F1:6C:DC:F3:A3:AA:22:A9:66:77:F8:BE:2B:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1jQAdBTP8Wzc86OqIqlmd_i-K2g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/d030ef-92cb-4cc5-86c8-decb92d1a523/1/TTckRwLzQZOTCqT0wZgtvS_B70c.roa
Signing time:             Tue 02 Jan 2024 10:33:48 +0000
ROA not before:           Tue 02 Jan 2024 10:33:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28731
IP address blocks:        217.14.144.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/d030ef-92cb-4cc5-86c8-decb92d1a523/1/1jQAdBTP8Wzc86OqIqlmd_i-K2g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/d030ef-92cb-4cc5-86c8-decb92d1a523/1/1jQAdBTP8Wzc86OqIqlmd_i-K2g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1jQAdBTP8Wzc86OqIqlmd_i-K2g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:94:1d:10:ff:11:4f:8b:d4:ac:70:f4:a7:65:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d634007414cff16cdcf3a3aa22a96677f8be2b68
        Validity
            Not Before: Jan  2 10:33:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d37244702f34193930aa4f4c1982dbd2fc1ef47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:73:43:42:1f:f7:11:48:13:0c:90:a4:12:8a:
                    e7:e8:03:47:66:d1:9e:d5:98:26:40:9b:d3:61:7d:
                    1f:bb:b3:2f:0d:ac:19:71:12:98:95:5e:26:b5:eb:
                    02:96:ad:b3:3e:f1:9f:fa:c7:4b:bc:9a:8f:0f:cf:
                    6b:76:4f:aa:75:dc:2f:74:18:cb:a6:b3:e9:f8:fd:
                    52:98:4c:a3:0c:28:4e:38:d2:cf:20:fe:bb:37:55:
                    06:33:e8:f3:27:e8:5d:4c:3b:ce:5c:64:1b:ec:94:
                    0c:e2:7c:c6:ca:66:ba:bd:f5:69:ac:a7:2b:7a:e7:
                    5f:34:71:d7:ef:37:69:92:46:81:bb:67:66:1f:7f:
                    6e:aa:53:43:00:d7:20:f1:d5:8c:e7:4c:8d:f9:ec:
                    a5:ad:32:ba:0b:fb:17:fe:38:ae:99:c3:1f:52:96:
                    1f:29:11:4c:2f:53:2d:f8:7f:a8:78:1f:d7:6a:8d:
                    ff:65:3b:f8:9f:ca:17:ca:bb:f3:ad:73:16:f1:d5:
                    b2:81:95:c5:48:9c:2c:29:bc:1f:8a:b4:0e:a0:ea:
                    c8:0e:9e:6e:d0:8a:1f:52:bc:36:3e:d2:cf:f2:a9:
                    bf:b7:6c:22:85:8b:33:7f:23:d4:dd:85:e1:d7:d9:
                    73:0e:8f:9c:49:c4:f8:01:ba:ea:4d:02:14:02:c5:
                    6d:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:37:24:47:02:F3:41:93:93:0A:A4:F4:C1:98:2D:BD:2F:C1:EF:47
            X509v3 Authority Key Identifier:
                keyid:D6:34:00:74:14:CF:F1:6C:DC:F3:A3:AA:22:A9:66:77:F8:BE:2B:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1jQAdBTP8Wzc86OqIqlmd_i-K2g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/d030ef-92cb-4cc5-86c8-decb92d1a523/1/TTckRwLzQZOTCqT0wZgtvS_B70c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/d030ef-92cb-4cc5-86c8-decb92d1a523/1/1jQAdBTP8Wzc86OqIqlmd_i-K2g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.14.144.0/20

    Signature Algorithm: sha256WithRSAEncryption
         72:9a:4b:4b:16:99:2a:c8:a4:52:f5:dc:61:4b:93:2a:7a:a4:
         b8:7d:a2:fc:33:2e:16:9b:ad:6d:f7:c0:0d:6a:22:c4:c4:c5:
         76:ce:1d:3e:eb:73:da:f2:b7:0b:4b:63:76:65:5f:76:38:55:
         a7:1b:5c:4a:15:39:72:8a:f4:ab:94:54:77:72:13:a6:c8:73:
         d5:b3:45:f6:32:d1:a2:58:49:92:df:e4:6c:4e:90:af:bf:d8:
         5d:48:27:40:07:12:e6:d4:0c:63:97:ac:b8:ba:3b:7d:e0:ea:
         b1:f9:68:db:6c:8a:f9:8d:aa:42:91:99:f3:63:a7:f5:2f:2a:
         32:9a:07:8e:b1:b1:14:7d:ff:c4:4e:7d:7a:84:e3:c3:37:0d:
         ef:79:81:df:12:f5:5c:88:15:55:2b:a8:81:72:da:48:9e:f7:
         34:5a:01:c2:25:8f:dc:87:8b:41:e4:ee:dd:5d:3c:e6:28:d8:
         4b:e6:4d:75:8b:8f:a9:66:36:99:80:4e:b8:7e:8e:fc:40:26:
         74:8d:0f:0e:00:d8:25:8f:6b:6a:00:34:74:87:d2:40:bf:ad:
         1e:12:cc:e5:06:54:9a:df:ec:ad:87:c1:e6:4a:dd:99:3b:5d:
         0a:6d:cd:64:b6:5f:4a:16:50:46:69:91:35:3c:c4:07:ee:c3:
         5c:91:3e:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvJQdEP8RT4vUrHD0p2V9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MzQwMDc0MTRjZmYxNmNkY2YzYTNhYTIyYTk2Njc3Zjhi
ZTJiNjgwHhcNMjQwMTAyMTAzMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDM3MjQ0NzAyZjM0MTkzOTMwYWE0ZjRjMTk4MmRiZDJmYzFlZjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXNDQh/3EUgTDJCkEorn6ANHZtGe
1ZgmQJvTYX0fu7MvDawZcRKYlV4mtesClq2zPvGf+sdLvJqPD89rdk+qddwvdBjL
prPp+P1SmEyjDChOONLPIP67N1UGM+jzJ+hdTDvOXGQb7JQM4nzGyma6vfVprKcr
eudfNHHX7zdpkkaBu2dmH39uqlNDANcg8dWM50yN+eylrTK6C/sX/jiumcMfUpYf
KRFML1Mt+H+oeB/Xao3/ZTv4n8oXyrvzrXMW8dWygZXFSJwsKbwfirQOoOrIDp5u
0IofUrw2PtLP8qm/t2wihYszfyPU3YXh19lzDo+cScT4AbrqTQIUAsVtCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE03JEcC80GTkwqk9MGYLb0vwe9HMB8GA1UdIwQY
MBaAFNY0AHQUz/Fs3POjqiKpZnf4vitoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWpRQWRCVFA4V3pjODZPcUlxbG1kX2ktSzJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS9kMDMwZWYtOTJjYi00Y2M1LTg2Yzgt
ZGVjYjkyZDFhNTIzLzEvVFRja1J3THpRWk9UQ3FUMHdaZ3R2U19CNzBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS9kMDMwZWYtOTJjYi00Y2M1LTg2YzgtZGVjYjkyZDFhNTIz
LzEvMWpRQWRCVFA4V3pjODZPcUlxbG1kX2ktSzJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2Q6QMA0G
CSqGSIb3DQEBCwUAA4IBAQBymktLFpkqyKRS9dxhS5MqeqS4faL8My4Wm61t98AN
aiLExMV2zh0+63Pa8rcLS2N2ZV92OFWnG1xKFTlyivSrlFR3chOmyHPVs0X2MtGi
WEmS3+RsTpCvv9hdSCdABxLm1Axjl6y4ujt94Oqx+WjbbIr5japCkZnzY6f1Lyoy
mgeOsbEUff/ETn16hOPDNw3veYHfEvVciBVVK6iBctpInvc0WgHCJY/ch4tB5O7d
XTzmKNhL5k11i4+pZjaZgE64fo78QCZ0jQ8OANglj2tqADR0h9JAv60eEszlBlSa
3+yth8HmSt2ZO10Kbc1ktl9KFlBGaZE1PMQH7sNckT62
-----END CERTIFICATE-----