Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/617778-9f31-475b-84fa-74c979a6536e/1/TFGWzMJJAor4DFQBRC3JRc7jeUo.roa
File:                     TFGWzMJJAor4DFQBRC3JRc7jeUo.roa (raw, json)
Hash identifier:          aZBVERg/AQwbBvY7gUfbbTaczK2Mt9n45YPLC/aGRnM=
Subject key identifier:   4C:51:96:CC:C2:49:02:8A:F8:0C:54:01:44:2D:C9:45:CE:E3:79:4A
Certificate issuer:       /CN=68cc325c8ad9769a1b54da296305fe0c36573775
Certificate serial:       018E582D446FA383BDD068503A672AC42B15
Authority key identifier: 68:CC:32:5C:8A:D9:76:9A:1B:54:DA:29:63:05:FE:0C:36:57:37:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMwyXIrZdpobVNopYwX-DDZXN3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/617778-9f31-475b-84fa-74c979a6536e/1/TFGWzMJJAor4DFQBRC3JRc7jeUo.roa
Signing time:             Tue 19 Mar 2024 19:25:45 +0000
ROA not before:           Tue 19 Mar 2024 19:25:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199883
IP address blocks:        217.61.112.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/617778-9f31-475b-84fa-74c979a6536e/1/aMwyXIrZdpobVNopYwX-DDZXN3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/617778-9f31-475b-84fa-74c979a6536e/1/aMwyXIrZdpobVNopYwX-DDZXN3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMwyXIrZdpobVNopYwX-DDZXN3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:58:2d:44:6f:a3:83:bd:d0:68:50:3a:67:2a:c4:2b:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68cc325c8ad9769a1b54da296305fe0c36573775
        Validity
            Not Before: Mar 19 19:25:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c5196ccc249028af80c5401442dc945cee3794a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:b7:e8:25:4a:fa:7d:7e:27:7e:94:9a:fe:38:
                    fe:ba:30:91:db:ad:45:a4:21:be:38:5c:f6:b7:05:
                    6b:14:2f:7c:3b:cc:fb:a6:1e:a2:6e:64:f7:80:a4:
                    c7:a7:b2:5b:80:37:f9:1f:e6:9f:9b:eb:d9:40:54:
                    cb:cb:32:b9:bb:1b:1a:88:ee:1c:f2:55:3e:ce:8a:
                    db:36:47:2c:f0:50:87:7e:65:a3:68:ed:6d:5f:3f:
                    38:51:a1:e0:a9:c8:1b:f2:34:a6:ec:7d:4c:e1:db:
                    eb:d1:ca:97:8f:b7:23:2a:00:e5:11:d1:32:d7:d5:
                    f4:31:52:9b:e9:ed:31:60:7e:dc:d8:83:e8:bc:22:
                    6f:ba:b5:c2:9e:88:bd:ec:ad:53:71:3d:fe:a3:47:
                    4c:8f:67:39:02:2d:0f:ee:36:4e:2a:dc:ed:ce:6d:
                    3b:42:af:a3:76:9f:ac:dc:81:d6:67:64:81:60:7e:
                    21:8c:18:be:1d:de:80:0c:82:1b:0a:aa:90:61:7e:
                    1a:9c:69:e7:76:9f:ca:97:bd:ed:c5:ef:60:6a:11:
                    5a:25:df:fe:b4:2e:80:49:e5:0c:6a:c3:65:c6:81:
                    20:ca:c4:34:00:fb:e9:f4:99:24:13:e4:44:f3:78:
                    df:bb:ee:24:0f:8b:6a:a2:f2:08:bd:cf:92:63:82:
                    bb:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:51:96:CC:C2:49:02:8A:F8:0C:54:01:44:2D:C9:45:CE:E3:79:4A
            X509v3 Authority Key Identifier:
                keyid:68:CC:32:5C:8A:D9:76:9A:1B:54:DA:29:63:05:FE:0C:36:57:37:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMwyXIrZdpobVNopYwX-DDZXN3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/617778-9f31-475b-84fa-74c979a6536e/1/TFGWzMJJAor4DFQBRC3JRc7jeUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/617778-9f31-475b-84fa-74c979a6536e/1/aMwyXIrZdpobVNopYwX-DDZXN3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.61.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4a:08:cf:0a:f9:9c:5c:f3:b4:9b:3a:91:0b:a1:c7:62:14:b7:
         7c:63:2a:e6:72:37:cb:9d:0b:3e:c6:6d:17:e6:3a:e0:06:e6:
         d8:16:0c:cf:68:98:2a:34:d9:62:d5:d9:56:17:fd:b8:3b:13:
         cf:f4:48:fe:74:2e:ef:0c:84:a2:6c:0d:d0:a2:72:de:13:0f:
         c0:3c:c6:bc:9d:7c:07:e6:c7:45:10:c3:6f:98:3e:74:85:6b:
         7f:60:d4:cf:ff:01:3a:86:be:32:d8:b3:c1:0a:9e:29:01:29:
         17:70:37:de:a9:c4:77:74:54:a4:b2:e7:74:37:1e:03:b3:08:
         c1:6b:a3:2f:0a:c1:4c:53:1d:53:41:f8:71:dc:69:a0:c5:12:
         d5:db:85:76:d2:e5:da:e6:42:72:1a:30:3a:b8:d0:22:8e:61:
         11:78:4d:b4:a5:51:08:56:e4:6e:db:72:eb:f2:73:3a:dd:84:
         4d:85:7e:a6:df:3d:f4:46:2d:aa:0b:7f:32:b6:5c:1c:83:5c:
         5a:47:c7:f5:43:2e:35:2f:ae:d6:26:68:3a:75:a6:6e:44:ca:
         5f:1e:74:10:ee:f4:d7:f6:d6:c5:e2:29:66:f6:cd:53:d9:5b:
         fa:3a:3d:b2:55:03:a1:b9:8f:0c:17:16:d9:8c:e5:84:28:54:
         87:e5:17:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5YLURvo4O90GhQOmcqxCsVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4Y2MzMjVjOGFkOTc2OWExYjU0ZGEyOTYzMDVmZTBjMzY1
NzM3NzUwHhcNMjQwMzE5MTkyNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzUxOTZjY2MyNDkwMjhhZjgwYzU0MDE0NDJkYzk0NWNlZTM3OTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrfoJUr6fX4nfpSa/jj+ujCR261F
pCG+OFz2twVrFC98O8z7ph6ibmT3gKTHp7JbgDf5H+afm+vZQFTLyzK5uxsaiO4c
8lU+zorbNkcs8FCHfmWjaO1tXz84UaHgqcgb8jSm7H1M4dvr0cqXj7cjKgDlEdEy
19X0MVKb6e0xYH7c2IPovCJvurXCnoi97K1TcT3+o0dMj2c5Ai0P7jZOKtztzm07
Qq+jdp+s3IHWZ2SBYH4hjBi+Hd6ADIIbCqqQYX4anGnndp/Kl73txe9gahFaJd/+
tC6ASeUMasNlxoEgysQ0APvp9JkkE+RE83jfu+4kD4tqovIIvc+SY4K7rQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFExRlszCSQKK+AxUAUQtyUXO43lKMB8GA1UdIwQY
MBaAFGjMMlyK2XaaG1TaKWMF/gw2Vzd1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU13eVhJclpkcG9iVk5vcFl3WC1ERFpYTjNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi82MTc3NzgtOWYzMS00NzViLTg0ZmEt
NzRjOTc5YTY1MzZlLzEvVEZHV3pNSkpBb3I0REZRQlJDM0pSYzdqZVVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi82MTc3NzgtOWYzMS00NzViLTg0ZmEtNzRjOTc5YTY1MzZl
LzEvYU13eVhJclpkcG9iVk5vcFl3WC1ERFpYTjNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD2T1wMA0G
CSqGSIb3DQEBCwUAA4IBAQBKCM8K+Zxc87SbOpELocdiFLd8YyrmcjfLnQs+xm0X
5jrgBubYFgzPaJgqNNli1dlWF/24OxPP9Ej+dC7vDISibA3QonLeEw/APMa8nXwH
5sdFEMNvmD50hWt/YNTP/wE6hr4y2LPBCp4pASkXcDfeqcR3dFSksud0Nx4DswjB
a6MvCsFMUx1TQfhx3GmgxRLV24V20uXa5kJyGjA6uNAijmEReE20pVEIVuRu23Lr
8nM63YRNhX6m3z30Ri2qC38ytlwcg1xaR8f1Qy41L67WJmg6daZuRMpfHnQQ7vTX
9tbF4ilm9s1T2Vv6Oj2yVQOhuY8MFxbZjOWEKFSH5Rfd
-----END CERTIFICATE-----