Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/TgMKRCLxXKU6zMsC2eXrKv18xfA.roa
File:                     TgMKRCLxXKU6zMsC2eXrKv18xfA.roa (raw, json)
Hash identifier:          bd5azgE2QLLiS6ITKfwA3vPIsa/p0x5+vTtHiaNIhas=
Subject key identifier:   4E:03:0A:44:22:F1:5C:A5:3A:CC:CB:02:D9:E5:EB:2A:FD:7C:C5:F0
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       018CC64AF24396428C81409ED07D09D0A897
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/TgMKRCLxXKU6zMsC2eXrKv18xfA.roa
Signing time:             Mon 01 Jan 2024 18:30:49 +0000
ROA not before:           Mon 01 Jan 2024 18:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62342
IP address blocks:        80.96.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:f2:43:96:42:8c:81:40:9e:d0:7d:09:d0:a8:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 18:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e030a4422f15ca53acccb02d9e5eb2afd7cc5f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:42:f7:22:38:36:dd:39:f4:6b:a2:f9:93:94:
                    62:fc:fd:92:f5:ec:20:50:2b:8c:70:8d:c2:29:6d:
                    88:b2:7c:d1:58:1f:41:38:67:c5:7d:01:ec:6b:23:
                    14:e4:48:7b:e1:11:7e:3d:9c:a7:8f:ea:c0:7c:d0:
                    31:eb:fe:70:12:7f:25:a9:b4:b9:88:f6:fc:f4:8e:
                    fc:8d:b3:34:fe:c4:da:ba:c6:5e:a9:1d:6d:87:27:
                    eb:04:5c:0f:81:29:d6:b4:0a:0a:5d:3e:69:4e:0e:
                    4a:38:0e:f7:91:b7:38:9b:7b:cd:e2:2d:0c:d6:28:
                    13:80:d7:5d:05:30:bf:41:56:b4:fc:4b:9d:13:3a:
                    74:b2:4f:c9:2a:89:3f:d8:d4:29:00:c3:58:28:11:
                    da:96:a8:97:d0:bb:62:3c:30:7f:7a:de:53:ea:96:
                    ae:e3:e9:29:e5:d4:2e:76:b2:ea:14:50:48:e8:61:
                    78:09:b6:40:1b:b3:30:4a:59:fb:78:c7:0f:93:2d:
                    14:f0:d4:7e:67:98:55:a3:27:c1:05:49:e0:49:62:
                    f4:0d:b7:a2:97:ba:23:ae:81:9c:01:82:9a:64:c1:
                    86:cd:cc:df:6e:2f:99:38:70:69:18:62:79:ad:c0:
                    bd:05:ed:49:1f:20:ba:97:7f:98:4b:0c:26:2f:62:
                    ce:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:03:0A:44:22:F1:5C:A5:3A:CC:CB:02:D9:E5:EB:2A:FD:7C:C5:F0
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/TgMKRCLxXKU6zMsC2eXrKv18xfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.96.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:49:ce:66:35:54:95:39:cb:e6:21:67:cf:76:6c:4e:f9:6b:
         ea:41:ff:ee:83:30:f6:13:58:24:41:cc:46:24:34:4a:e7:15:
         40:31:26:e9:87:5f:7f:68:05:3d:67:92:97:cc:f2:03:e6:d8:
         1e:c0:b3:c4:69:6e:99:b5:4b:c8:04:d8:32:f8:3f:15:fe:d6:
         d0:61:ea:68:ac:e0:29:88:67:20:12:01:d6:cf:78:69:d8:0d:
         d6:cd:a8:35:fd:7b:61:8c:21:60:14:4c:69:2d:8b:cd:a2:35:
         eb:ad:b3:c0:2c:4b:ac:ab:d2:09:85:3d:97:97:48:50:83:57:
         4d:c7:8e:23:f0:54:8c:97:fa:91:8e:d4:c1:3a:15:25:c6:80:
         2d:81:cb:a7:85:37:13:1c:a8:d6:a1:e7:ee:c0:dd:a1:45:6f:
         d2:c7:ac:ef:cf:ab:ce:99:34:37:24:9c:ef:13:57:e5:0b:13:
         93:99:6c:89:f8:01:04:2e:28:2d:1e:ca:77:f3:ff:9c:74:0e:
         f3:f8:fa:d9:8e:e8:9a:66:30:c5:0e:de:6d:21:27:4d:33:10:
         76:a2:49:c7:e7:01:07:18:48:03:90:92:a4:24:01:50:a3:17:
         ee:26:fa:0b:af:ff:4c:f9:69:dd:53:5c:0f:2f:90:1c:de:d0:
         44:37:57:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSvJDlkKMgUCe0H0J0KiXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwMTAxMTgzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTAzMGE0NDIyZjE1Y2E1M2FjY2NiMDJkOWU1ZWIyYWZkN2NjNWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUL3Ijg23Tn0a6L5k5Ri/P2S9ewg
UCuMcI3CKW2IsnzRWB9BOGfFfQHsayMU5Eh74RF+PZynj+rAfNAx6/5wEn8lqbS5
iPb89I78jbM0/sTausZeqR1thyfrBFwPgSnWtAoKXT5pTg5KOA73kbc4m3vN4i0M
1igTgNddBTC/QVa0/EudEzp0sk/JKok/2NQpAMNYKBHalqiX0LtiPDB/et5T6pau
4+kp5dQudrLqFFBI6GF4CbZAG7MwSln7eMcPky0U8NR+Z5hVoyfBBUngSWL0Dbei
l7ojroGcAYKaZMGGzczfbi+ZOHBpGGJ5rcC9Be1JHyC6l3+YSwwmL2LOBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE4DCkQi8VylOszLAtnl6yr9fMXwMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvVGdNS1JDTHhYS1U2ek1zQzJlWHJLdjE4eGZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUGA0MA0G
CSqGSIb3DQEBCwUAA4IBAQAeSc5mNVSVOcvmIWfPdmxO+WvqQf/ugzD2E1gkQcxG
JDRK5xVAMSbph19/aAU9Z5KXzPID5tgewLPEaW6ZtUvIBNgy+D8V/tbQYeporOAp
iGcgEgHWz3hp2A3Wzag1/XthjCFgFExpLYvNojXrrbPALEusq9IJhT2Xl0hQg1dN
x44j8FSMl/qRjtTBOhUlxoAtgcunhTcTHKjWoefuwN2hRW/Sx6zvz6vOmTQ3JJzv
E1flCxOTmWyJ+AEELigtHsp38/+cdA7z+PrZjuiaZjDFDt5tISdNMxB2oknH5wEH
GEgDkJKkJAFQoxfuJvoLr/9M+WndU1wPL5Ac3tBEN1cn
-----END CERTIFICATE-----