Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/e16cb6-b454-48d6-bdc8-3516191a9d68/1/tTG4etXbXyESfHmcCx574ULlTZA.roa
File:                     tTG4etXbXyESfHmcCx574ULlTZA.roa (raw, json)
Hash identifier:          7N4P/FcgRxNLa9QdM0hg/vRnqqYrB72R7VzxHO9hN9I=
Subject key identifier:   B5:31:B8:7A:D5:DB:5F:21:12:7C:79:9C:0B:1E:7B:E1:42:E5:4D:90
Certificate issuer:       /CN=bdf7a0a048b68eccfa4d49eab4f16dc792c0d318
Certificate serial:       018CC49390F3611D540A4AB4D77AE40A27E6
Authority key identifier: BD:F7:A0:A0:48:B6:8E:CC:FA:4D:49:EA:B4:F1:6D:C7:92:C0:D3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vfegoEi2jsz6TUnqtPFtx5LA0xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/e16cb6-b454-48d6-bdc8-3516191a9d68/1/tTG4etXbXyESfHmcCx574ULlTZA.roa
Signing time:             Mon 01 Jan 2024 10:30:54 +0000
ROA not before:           Mon 01 Jan 2024 10:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41887
IP address blocks:        194.140.230.0/24 maxlen: 24
                          2001:67c:144::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/e16cb6-b454-48d6-bdc8-3516191a9d68/1/vfegoEi2jsz6TUnqtPFtx5LA0xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/e16cb6-b454-48d6-bdc8-3516191a9d68/1/vfegoEi2jsz6TUnqtPFtx5LA0xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vfegoEi2jsz6TUnqtPFtx5LA0xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:90:f3:61:1d:54:0a:4a:b4:d7:7a:e4:0a:27:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdf7a0a048b68eccfa4d49eab4f16dc792c0d318
        Validity
            Not Before: Jan  1 10:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b531b87ad5db5f21127c799c0b1e7be142e54d90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:72:0a:26:8a:68:7d:27:eb:e9:b8:5e:b7:4d:
                    a6:87:a7:4e:5b:fa:d9:16:47:64:3d:52:d7:1f:d8:
                    bb:a4:c1:3b:a7:e7:fd:61:4e:53:09:65:e6:09:ea:
                    6b:a6:01:b8:fd:c4:7a:85:68:74:2f:35:9d:97:c8:
                    9d:6a:73:30:e9:00:5d:a3:15:39:7b:15:80:bc:cb:
                    cb:77:f4:db:c6:90:ad:23:79:7d:5e:04:36:0a:d5:
                    25:37:96:9d:fb:20:dc:e2:30:a9:6b:c4:a6:74:64:
                    82:de:6e:37:0a:53:40:37:5e:e7:60:01:49:73:27:
                    43:c5:cb:7d:eb:bf:02:b5:92:0d:93:c8:41:91:a3:
                    e6:b3:4f:75:ce:5c:ab:b5:49:e1:5c:2f:ca:da:8a:
                    42:f6:cd:49:9c:97:48:a0:93:bc:f8:1b:d8:fa:62:
                    ad:e7:26:7e:00:0b:38:20:66:57:cb:8d:a2:51:3a:
                    cb:f8:ff:45:21:60:0f:c7:60:69:8b:17:b6:49:b0:
                    4d:8b:b3:08:65:c4:ca:29:e0:8e:7d:6d:b7:66:f6:
                    c4:a5:ab:b1:74:c4:ee:33:93:d5:15:d9:d2:1f:84:
                    fb:00:6c:c6:f4:15:59:aa:92:27:c0:46:75:af:12:
                    ff:88:1c:3e:1a:bd:22:2b:b4:29:5b:e1:09:1f:26:
                    e9:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:31:B8:7A:D5:DB:5F:21:12:7C:79:9C:0B:1E:7B:E1:42:E5:4D:90
            X509v3 Authority Key Identifier:
                keyid:BD:F7:A0:A0:48:B6:8E:CC:FA:4D:49:EA:B4:F1:6D:C7:92:C0:D3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vfegoEi2jsz6TUnqtPFtx5LA0xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/e16cb6-b454-48d6-bdc8-3516191a9d68/1/tTG4etXbXyESfHmcCx574ULlTZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/e16cb6-b454-48d6-bdc8-3516191a9d68/1/vfegoEi2jsz6TUnqtPFtx5LA0xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.140.230.0/24
                IPv6:
                  2001:67c:144::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:c7:2b:49:f4:c8:d1:66:c1:92:74:f8:49:67:a2:50:eb:e7:
         1d:33:c0:da:d2:18:85:3f:01:aa:66:91:3a:15:f5:ab:d3:94:
         a7:1f:11:69:8c:84:14:45:22:2b:fc:e1:3f:79:5d:f9:58:03:
         67:fe:67:19:bc:99:61:c9:8e:b9:c2:b7:58:98:d5:05:86:fa:
         0d:b7:56:5b:45:75:07:cf:fe:9a:bf:ea:46:f8:81:8e:e8:c2:
         e3:62:67:bd:b7:67:b8:49:2f:d8:3d:b9:ee:b2:bb:3e:af:ba:
         51:3c:1b:9b:43:b1:9d:fb:c5:ad:7c:42:0c:88:5d:7b:17:bd:
         78:77:6d:55:a3:d9:50:23:54:ed:0c:30:f0:51:db:e2:7f:a1:
         f1:e1:e0:a5:37:48:13:2a:b9:49:0e:ff:47:fc:f5:60:6d:51:
         9e:02:d9:cc:93:ba:d2:44:b5:44:2f:02:20:0f:5c:d7:b7:fa:
         92:3b:0d:2d:3d:17:3c:01:13:64:9e:c4:a5:cf:b7:46:01:ad:
         19:8c:de:17:04:9f:ac:68:87:0c:76:3b:e2:99:9f:e9:51:38:
         3a:64:13:db:a7:35:ce:b0:4e:85:77:02:3c:a0:77:b9:22:10:
         6a:5d:69:7d:ea:5a:9d:fe:86:05:c3:af:02:b8:96:84:2c:20:
         8b:dd:a7:bf
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEk5DzYR1UCkq013rkCifmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZjdhMGEwNDhiNjhlY2NmYTRkNDllYWI0ZjE2ZGM3OTJj
MGQzMTgwHhcNMjQwMTAxMTAzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTMxYjg3YWQ1ZGI1ZjIxMTI3Yzc5OWMwYjFlN2JlMTQyZTU0ZDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi3IKJopofSfr6bhet02mh6dOW/rZ
FkdkPVLXH9i7pME7p+f9YU5TCWXmCeprpgG4/cR6hWh0LzWdl8idanMw6QBdoxU5
exWAvMvLd/TbxpCtI3l9XgQ2CtUlN5ad+yDc4jCpa8SmdGSC3m43ClNAN17nYAFJ
cydDxct9678CtZINk8hBkaPms091zlyrtUnhXC/K2opC9s1JnJdIoJO8+BvY+mKt
5yZ+AAs4IGZXy42iUTrL+P9FIWAPx2Bpixe2SbBNi7MIZcTKKeCOfW23ZvbEpaux
dMTuM5PVFdnSH4T7AGzG9BVZqpInwEZ1rxL/iBw+Gr0iK7QpW+EJHybp0QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLUxuHrV218hEnx5nAsee+FC5U2QMB8GA1UdIwQY
MBaAFL33oKBIto7M+k1J6rTxbceSwNMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmZlZ29FaTJqc3o2VFVucXRQRnR4NUxBMHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9lMTZjYjYtYjQ1NC00OGQ2LWJkYzgt
MzUxNjE5MWE5ZDY4LzEvdFRHNGV0WGJYeUVTZkhtY0N4NTc0VUxsVFpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9lMTZjYjYtYjQ1NC00OGQ2LWJkYzgtMzUxNjE5MWE5ZDY4
LzEvdmZlZ29FaTJqc3o2VFVucXRQRnR4NUxBMHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwozmMA8E
AgACMAkDBwAgAQZ8AUQwDQYJKoZIhvcNAQELBQADggEBAJHHK0n0yNFmwZJ0+Eln
olDr5x0zwNrSGIU/AapmkToV9avTlKcfEWmMhBRFIiv84T95XflYA2f+Zxm8mWHJ
jrnCt1iY1QWG+g23VltFdQfP/pq/6kb4gY7owuNiZ723Z7hJL9g9ue6yuz6vulE8
G5tDsZ37xa18QgyIXXsXvXh3bVWj2VAjVO0MMPBR2+J/ofHh4KU3SBMquUkO/0f8
9WBtUZ4C2cyTutJEtUQvAiAPXNe3+pI7DS09FzwBE2SexKXPt0YBrRmM3hcEn6xo
hwx2O+KZn+lRODpkE9unNc6wToV3Ajygd7kiEGpdaX3qWp3+hgXDrwK4loQsIIvd
p78=
-----END CERTIFICATE-----