Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/d96da6-12b2-446e-8d99-7cb345e8541a/1/tnkq0ec-a7XriG1bwTR7_aX9S_c.roa
File:                     tnkq0ec-a7XriG1bwTR7_aX9S_c.roa (raw, json)
Hash identifier:          IGtJ9gPc9LwQdtEilGvs+mP8FXvbK1PmUUM/GjqNjn4=
Subject key identifier:   B6:79:2A:D1:E7:3E:6B:B5:EB:88:6D:5B:C1:34:7B:FD:A5:FD:4B:F7
Certificate issuer:       /CN=e4a714ffc598b15647bbafe2c6460a87eafbcf97
Certificate serial:       018CC8030A06853CC85D51581715039D76E5
Authority key identifier: E4:A7:14:FF:C5:98:B1:56:47:BB:AF:E2:C6:46:0A:87:EA:FB:CF:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5KcU_8WYsVZHu6_ixkYKh-r7z5c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/d96da6-12b2-446e-8d99-7cb345e8541a/1/tnkq0ec-a7XriG1bwTR7_aX9S_c.roa
Signing time:             Tue 02 Jan 2024 02:31:31 +0000
ROA not before:           Tue 02 Jan 2024 02:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        193.30.161.0/24 maxlen: 24
                          193.17.68.0/24 maxlen: 24
                          193.200.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/d96da6-12b2-446e-8d99-7cb345e8541a/1/5KcU_8WYsVZHu6_ixkYKh-r7z5c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/d96da6-12b2-446e-8d99-7cb345e8541a/1/5KcU_8WYsVZHu6_ixkYKh-r7z5c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5KcU_8WYsVZHu6_ixkYKh-r7z5c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:03:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:03:0a:06:85:3c:c8:5d:51:58:17:15:03:9d:76:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4a714ffc598b15647bbafe2c6460a87eafbcf97
        Validity
            Not Before: Jan  2 02:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6792ad1e73e6bb5eb886d5bc1347bfda5fd4bf7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:09:98:d6:f4:26:76:56:d9:16:ba:fe:03:fb:
                    7e:81:59:9c:ec:d8:13:bc:92:41:3e:8c:06:95:e8:
                    be:0e:c2:3c:ec:80:e7:30:92:3f:64:ac:7a:2e:ed:
                    0f:df:e9:78:cf:25:cd:3a:f8:c3:15:c7:c0:af:f4:
                    f3:32:b1:9e:b4:7d:01:c6:22:e7:92:07:5c:3a:c7:
                    51:0e:e6:da:d8:69:e4:a8:b6:72:e1:04:56:7f:10:
                    a8:5d:a7:00:a8:34:42:07:ef:61:dc:44:13:ca:00:
                    72:6c:ae:72:67:df:fa:c7:50:6d:34:7c:7b:c3:1a:
                    38:6d:a5:f5:b3:e0:a8:da:9a:7f:e5:eb:ef:32:10:
                    f5:52:fd:a9:66:4e:90:02:65:09:87:fd:f3:39:78:
                    f4:82:e6:6c:a1:72:37:08:a3:e5:53:73:b3:c2:2f:
                    8d:0d:29:70:20:d4:83:9f:fd:73:f9:b0:55:d9:d2:
                    86:c7:73:6c:82:c0:e4:9e:45:33:19:e6:bf:db:5c:
                    06:4b:dd:40:01:bf:d8:50:b5:29:ba:88:5e:a3:6d:
                    93:14:ea:51:84:3c:dc:8b:d8:e7:2a:1e:b1:97:b2:
                    0c:e0:66:31:85:56:1d:97:a8:1a:2e:42:e9:80:97:
                    61:7e:09:12:52:ba:5b:29:90:0c:5d:34:51:5a:d1:
                    90:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:79:2A:D1:E7:3E:6B:B5:EB:88:6D:5B:C1:34:7B:FD:A5:FD:4B:F7
            X509v3 Authority Key Identifier:
                keyid:E4:A7:14:FF:C5:98:B1:56:47:BB:AF:E2:C6:46:0A:87:EA:FB:CF:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5KcU_8WYsVZHu6_ixkYKh-r7z5c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/d96da6-12b2-446e-8d99-7cb345e8541a/1/tnkq0ec-a7XriG1bwTR7_aX9S_c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/d96da6-12b2-446e-8d99-7cb345e8541a/1/5KcU_8WYsVZHu6_ixkYKh-r7z5c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.68.0/24
                  193.30.161.0/24
                  193.200.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:8e:df:76:66:24:30:6c:c9:bf:75:d3:bc:8a:39:9f:e9:1e:
         a8:fa:03:1c:1b:ab:f6:57:16:21:ac:3a:fe:31:f9:d6:fd:ec:
         c3:34:e7:da:39:c6:58:7c:1c:1c:a1:ad:a3:73:b4:bd:48:8d:
         e0:f9:1b:57:33:ce:b7:f0:c4:74:a4:3e:3e:b8:e1:1c:84:2d:
         0a:3a:26:0c:b2:0b:9d:82:d7:51:59:3a:63:ac:27:b0:2f:66:
         22:4b:d0:04:3f:43:bb:f5:54:28:27:0c:c2:cb:e8:0a:32:76:
         82:7f:3b:49:36:fc:99:5d:e2:7a:a0:62:68:9f:1e:13:70:25:
         fd:e6:aa:2b:a9:e1:42:80:05:a9:69:f0:99:43:61:54:2b:9a:
         63:41:a5:13:ce:30:a0:ec:a8:0f:98:c9:d5:a2:99:ce:d1:9d:
         e9:b1:3c:28:cd:fa:2a:c6:a0:e1:37:38:ee:40:92:90:87:bd:
         c2:32:53:0a:2b:a6:68:3d:9e:5d:79:35:46:e1:b2:b7:f9:a2:
         78:55:ff:7e:ec:2b:bf:25:b9:d5:58:d7:28:2f:0d:29:a5:ee:
         20:b3:e4:56:30:8a:9a:59:82:f8:ce:86:79:7d:de:cd:a3:64:
         fe:41:5b:b1:17:da:f3:58:ba:df:7e:36:a7:0b:b5:be:cc:ef:
         f7:78:c6:bb
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIAwoGhTzIXVFYFxUDnXblMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YTcxNGZmYzU5OGIxNTY0N2JiYWZlMmM2NDYwYTg3ZWFm
YmNmOTcwHhcNMjQwMTAyMDIzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjc5MmFkMWU3M2U2YmI1ZWI4ODZkNWJjMTM0N2JmZGE1ZmQ0YmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhwmY1vQmdlbZFrr+A/t+gVmc7NgT
vJJBPowGlei+DsI87IDnMJI/ZKx6Lu0P3+l4zyXNOvjDFcfAr/TzMrGetH0BxiLn
kgdcOsdRDuba2GnkqLZy4QRWfxCoXacAqDRCB+9h3EQTygBybK5yZ9/6x1BtNHx7
wxo4baX1s+Co2pp/5evvMhD1Uv2pZk6QAmUJh/3zOXj0guZsoXI3CKPlU3Ozwi+N
DSlwINSDn/1z+bBV2dKGx3NsgsDknkUzGea/21wGS91AAb/YULUpuoheo22TFOpR
hDzci9jnKh6xl7IM4GYxhVYdl6gaLkLpgJdhfgkSUrpbKZAMXTRRWtGQBwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLZ5KtHnPmu164htW8E0e/2l/Uv3MB8GA1UdIwQY
MBaAFOSnFP/FmLFWR7uv4sZGCofq+8+XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUtjVV84V1lzVlpIdTZfaXhrWUtoLXI3ejVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9kOTZkYTYtMTJiMi00NDZlLThkOTkt
N2NiMzQ1ZTg1NDFhLzEvdG5rcTBlYy1hN1hyaUcxYndUUjdfYVg5U19jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9kOTZkYTYtMTJiMi00NDZlLThkOTktN2NiMzQ1ZTg1NDFh
LzEvNUtjVV84V1lzVlpIdTZfaXhrWUtoLXI3ejVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwRFEAwQA
wR6hAwQAwcgeMA0GCSqGSIb3DQEBCwUAA4IBAQBBjt92ZiQwbMm/ddO8ijmf6R6o
+gMcG6v2VxYhrDr+MfnW/ezDNOfaOcZYfBwcoa2jc7S9SI3g+RtXM8638MR0pD4+
uOEchC0KOiYMsgudgtdRWTpjrCewL2YiS9AEP0O79VQoJwzCy+gKMnaCfztJNvyZ
XeJ6oGJonx4TcCX95qorqeFCgAWpafCZQ2FUK5pjQaUTzjCg7KgPmMnVopnO0Z3p
sTwozfoqxqDhNzjuQJKQh73CMlMKK6ZoPZ5deTVG4bK3+aJ4Vf9+7Cu/JbnVWNco
Lw0ppe4gs+RWMIqaWYL4zoZ5fd7No2T+QVuxF9rzWLrffjanC7W+zO/3eMa7
-----END CERTIFICATE-----