Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/bKfqaS74Qft5UG7ln3b2If_ta2A.roa
File:                     bKfqaS74Qft5UG7ln3b2If_ta2A.roa (raw, json)
Hash identifier:          Eu4mJqVl2HmzRkzOc1Eb40NDxQsgdade42l4vJXCiWo=
Subject key identifier:   6C:A7:EA:69:2E:F8:41:FB:79:50:6E:E5:9F:76:F6:21:FF:ED:6B:60
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       018CC794D59CBA441BC74FFE0C4EA086E12E
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/bKfqaS74Qft5UG7ln3b2If_ta2A.roa
Signing time:             Tue 02 Jan 2024 00:31:09 +0000
ROA not before:           Tue 02 Jan 2024 00:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25369
IP address blocks:        109.122.43.0/24 maxlen: 24
                          89.251.24.0/24 maxlen: 24
                          91.226.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:d5:9c:ba:44:1b:c7:4f:fe:0c:4e:a0:86:e1:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jan  2 00:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ca7ea692ef841fb79506ee59f76f621ffed6b60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:fd:a3:b6:4f:cc:13:71:ce:54:24:76:13:25:
                    75:9d:d0:14:c9:60:02:08:4b:e1:0d:c9:53:c3:20:
                    b2:33:10:bb:8e:a3:b7:fa:93:a7:52:8a:34:00:06:
                    e5:66:24:8d:20:67:47:24:d8:22:92:ff:8f:6e:ba:
                    f8:4a:6d:1a:b5:5d:6b:2d:85:a8:48:17:c7:e2:cb:
                    b1:af:89:45:9c:74:d6:56:e7:37:ae:bc:ed:9b:17:
                    00:ab:71:fa:13:7f:70:cb:8f:ec:81:b7:f0:17:ad:
                    e4:23:df:eb:1f:56:09:00:03:4b:e5:40:a5:fe:41:
                    37:3d:ff:26:ba:4d:5f:2b:f3:10:d0:86:d5:0c:e6:
                    26:71:aa:4a:09:78:fd:04:78:66:5b:f2:24:ac:cd:
                    0b:36:06:85:87:94:4b:62:c4:f6:a7:c8:e0:d7:74:
                    47:71:db:cd:ee:25:5e:53:b5:ce:b4:6f:f8:1a:42:
                    54:63:6b:70:b8:65:bf:21:5c:c7:74:96:59:56:1c:
                    2a:f0:1a:8b:b9:44:fd:a5:d7:f0:44:43:5d:cc:d9:
                    a9:a1:60:f9:de:f2:eb:b2:f9:a5:ec:4b:06:2d:7e:
                    b3:81:53:43:02:b9:fd:a9:c0:27:e9:6d:53:0e:eb:
                    3f:cc:49:d3:3b:12:4d:a2:11:d4:c5:be:84:57:6d:
                    de:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:A7:EA:69:2E:F8:41:FB:79:50:6E:E5:9F:76:F6:21:FF:ED:6B:60
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/bKfqaS74Qft5UG7ln3b2If_ta2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.24.0/24
                  91.226.59.0/24
                  109.122.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:16:50:8f:f7:30:16:e2:da:2b:f4:37:35:63:a2:e6:a9:79:
         6c:c4:0e:35:07:c1:72:f1:d8:d4:49:ed:57:81:b5:49:51:4e:
         3c:f9:a3:96:0e:cd:91:39:81:30:56:2a:36:b8:35:45:ca:b2:
         77:10:3f:94:dd:4f:27:f6:2d:e8:06:91:36:6d:fb:4c:03:02:
         91:97:de:3f:2b:be:95:b7:4c:40:20:2d:5d:2f:4f:2b:e6:cc:
         2d:bd:04:ec:a9:f4:0e:88:73:12:09:00:7a:a8:50:92:af:93:
         e8:73:e6:55:80:c4:e0:22:ca:af:d2:05:6d:7d:fa:78:aa:11:
         c2:4d:d6:20:13:84:e9:64:c8:80:6d:c4:3b:a5:c2:3b:13:25:
         7c:ec:a4:82:91:e6:16:8f:1e:5b:89:20:78:79:af:dd:15:66:
         a6:e1:f3:c0:5e:d9:1c:83:73:3c:30:fb:4d:48:73:fe:74:b7:
         80:fc:d5:d8:76:01:85:25:88:34:cc:85:dd:02:8d:09:b4:f7:
         94:07:74:20:9e:72:ae:68:2f:41:4a:1c:35:e6:0e:77:f0:66:
         c5:71:4b:af:9d:bd:f2:25:ee:75:0a:48:be:d1:61:aa:26:63:
         31:8a:46:69:32:b2:70:6a:0e:57:c5:37:e7:19:30:5b:2c:54:
         83:c7:23:3b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzHlNWcukQbx0/+DE6ghuEuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQwMTAyMDAzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2E3ZWE2OTJlZjg0MWZiNzk1MDZlZTU5Zjc2ZjYyMWZmZWQ2YjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2P2jtk/ME3HOVCR2EyV1ndAUyWAC
CEvhDclTwyCyMxC7jqO3+pOnUoo0AAblZiSNIGdHJNgikv+Pbrr4Sm0atV1rLYWo
SBfH4suxr4lFnHTWVuc3rrztmxcAq3H6E39wy4/sgbfwF63kI9/rH1YJAANL5UCl
/kE3Pf8muk1fK/MQ0IbVDOYmcapKCXj9BHhmW/IkrM0LNgaFh5RLYsT2p8jg13RH
cdvN7iVeU7XOtG/4GkJUY2twuGW/IVzHdJZZVhwq8BqLuUT9pdfwRENdzNmpoWD5
3vLrsvml7EsGLX6zgVNDArn9qcAn6W1TDus/zEnTOxJNohHUxb6EV23eCwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGyn6mku+EH7eVBu5Z929iH/7WtgMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvYktmcWFTNzRRZnQ1VUc3bG4zYjJJZl90YTJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWfsYAwQA
W+I7AwQAbXorMA0GCSqGSIb3DQEBCwUAA4IBAQA1FlCP9zAW4tor9Dc1Y6LmqXls
xA41B8Fy8djUSe1XgbVJUU48+aOWDs2ROYEwVio2uDVFyrJ3ED+U3U8n9i3oBpE2
bftMAwKRl94/K76Vt0xAIC1dL08r5swtvQTsqfQOiHMSCQB6qFCSr5Poc+ZVgMTg
Isqv0gVtffp4qhHCTdYgE4TpZMiAbcQ7pcI7EyV87KSCkeYWjx5biSB4ea/dFWam
4fPAXtkcg3M8MPtNSHP+dLeA/NXYdgGFJYg0zIXdAo0JtPeUB3QgnnKuaC9BShw1
5g538GbFcUuvnb3yJe51Cki+0WGqJmMxikZpMrJwag5XxTfnGTBbLFSDxyM7
-----END CERTIFICATE-----