Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/dbc06c-a612-4db0-a856-787238415b08/1/tPkg3gPnZylE6-1cdBxtuzgVMtc.roa
File:                     tPkg3gPnZylE6-1cdBxtuzgVMtc.roa (raw, json)
Hash identifier:          RejhzSXsRyOghbe1P8wSHhTXE8f45pYdiBT+CsjAY7w=
Subject key identifier:   B4:F9:20:DE:03:E7:67:29:44:EB:ED:5C:74:1C:6D:BB:38:15:32:D7
Certificate issuer:       /CN=03a4122b4a20f1cca6078a91d9a8bb1c03fb9fcd
Certificate serial:       018CC5001C0EA9E2771CB5B0CFEC83BC27BA
Authority key identifier: 03:A4:12:2B:4A:20:F1:CC:A6:07:8A:91:D9:A8:BB:1C:03:FB:9F:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A6QSK0og8cymB4qR2ai7HAP7n80.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/dbc06c-a612-4db0-a856-787238415b08/1/tPkg3gPnZylE6-1cdBxtuzgVMtc.roa
Signing time:             Mon 01 Jan 2024 12:29:27 +0000
ROA not before:           Mon 01 Jan 2024 12:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25509
IP address blocks:        213.190.96.0/19 maxlen: 24
                          2a00:5380::/29 maxlen: 32
                          2a00:5380::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/dbc06c-a612-4db0-a856-787238415b08/1/A6QSK0og8cymB4qR2ai7HAP7n80.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/dbc06c-a612-4db0-a856-787238415b08/1/A6QSK0og8cymB4qR2ai7HAP7n80.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A6QSK0og8cymB4qR2ai7HAP7n80.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:1c:0e:a9:e2:77:1c:b5:b0:cf:ec:83:bc:27:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03a4122b4a20f1cca6078a91d9a8bb1c03fb9fcd
        Validity
            Not Before: Jan  1 12:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4f920de03e7672944ebed5c741c6dbb381532d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:9a:36:cc:c8:dc:9d:bb:35:74:9e:1a:73:d5:
                    42:73:e1:e3:e4:dc:ec:9f:da:0a:9a:df:82:73:3a:
                    7d:ea:b5:b9:c1:a6:08:31:15:99:6d:07:6d:6c:7a:
                    43:26:9a:c2:37:b2:44:24:56:b6:79:d9:5b:2c:93:
                    cd:2b:ea:47:43:4d:8a:c7:18:05:22:22:a4:28:f9:
                    d6:cc:49:bb:b5:3e:70:c6:78:4f:09:a8:d0:40:fe:
                    e7:db:15:5e:35:5a:6c:df:d1:c6:3b:59:48:2a:e1:
                    27:7a:1c:53:36:68:79:03:04:2a:11:36:38:7c:25:
                    43:95:af:00:c3:cd:54:d6:e8:9a:f7:65:54:c4:ba:
                    91:68:ce:44:ca:e7:5c:65:93:f9:8a:8c:72:f7:34:
                    53:50:6c:c5:da:b8:8a:7a:b0:94:1a:01:8a:f5:92:
                    5d:cb:55:f2:5b:67:7b:7b:66:4a:a6:32:d0:67:81:
                    93:16:1e:b7:54:47:78:d7:0a:ba:53:16:ed:52:eb:
                    0f:7c:f5:55:4d:08:45:c6:aa:a4:cc:4b:25:36:f9:
                    fa:6b:30:a5:f3:9c:89:2a:2d:8a:2c:f4:f6:93:ba:
                    23:27:19:f2:dd:e5:42:42:b6:db:38:38:90:c9:a0:
                    0d:7e:3c:56:55:9f:4d:fe:a6:99:4d:32:88:e6:3f:
                    19:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:F9:20:DE:03:E7:67:29:44:EB:ED:5C:74:1C:6D:BB:38:15:32:D7
            X509v3 Authority Key Identifier:
                keyid:03:A4:12:2B:4A:20:F1:CC:A6:07:8A:91:D9:A8:BB:1C:03:FB:9F:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A6QSK0og8cymB4qR2ai7HAP7n80.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/dbc06c-a612-4db0-a856-787238415b08/1/tPkg3gPnZylE6-1cdBxtuzgVMtc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/dbc06c-a612-4db0-a856-787238415b08/1/A6QSK0og8cymB4qR2ai7HAP7n80.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.190.96.0/19
                IPv6:
                  2a00:5380::/29

    Signature Algorithm: sha256WithRSAEncryption
         21:3c:c9:54:db:27:67:94:ba:7a:2c:af:f6:4c:c9:28:c3:35:
         55:cd:07:4e:96:19:d9:5a:69:1a:75:ec:f2:8d:7e:ac:1b:97:
         5b:d8:fa:b6:42:fe:33:e0:4d:fc:85:94:4d:44:6b:2b:04:f9:
         62:28:f8:ff:f3:de:be:31:18:ea:98:7d:db:9e:80:49:ce:b2:
         a6:24:c0:d8:3a:c5:d1:af:0e:a1:db:86:9e:e1:f7:5e:bd:9e:
         c2:87:43:43:25:63:a5:14:71:53:6c:6b:46:03:3e:37:51:7f:
         47:ac:b2:b9:f3:43:b7:00:12:2c:18:8e:85:f3:2e:6c:79:75:
         14:3c:03:d3:3e:49:54:e3:9f:3b:61:47:ba:32:40:ad:b6:87:
         ed:4b:6d:b2:d7:d9:a5:c9:3d:95:a2:fd:03:13:01:8b:11:dd:
         e5:f4:93:16:c0:e9:75:b7:e2:19:74:41:d4:c3:9d:8c:5e:90:
         1b:44:84:be:60:a5:1e:8c:35:20:d7:80:09:b1:c7:d3:b1:00:
         59:23:76:f8:e7:e0:7f:3f:25:dd:61:81:97:7f:e7:93:9a:09:
         23:86:34:08:bb:5c:91:f6:c9:d0:6a:3a:23:e6:cc:a7:85:bb:
         2f:f6:db:81:42:f9:a2:10:85:14:60:a3:89:80:24:23:89:93:
         df:3d:47:a3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFABwOqeJ3HLWwz+yDvCe6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzYTQxMjJiNGEyMGYxY2NhNjA3OGE5MWQ5YThiYjFjMDNm
YjlmY2QwHhcNMjQwMTAxMTIyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGY5MjBkZTAzZTc2NzI5NDRlYmVkNWM3NDFjNmRiYjM4MTUzMmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJo2zMjcnbs1dJ4ac9VCc+Hj5Nzs
n9oKmt+Cczp96rW5waYIMRWZbQdtbHpDJprCN7JEJFa2edlbLJPNK+pHQ02KxxgF
IiKkKPnWzEm7tT5wxnhPCajQQP7n2xVeNVps39HGO1lIKuEnehxTNmh5AwQqETY4
fCVDla8Aw81U1uia92VUxLqRaM5EyudcZZP5ioxy9zRTUGzF2riKerCUGgGK9ZJd
y1XyW2d7e2ZKpjLQZ4GTFh63VEd41wq6UxbtUusPfPVVTQhFxqqkzEslNvn6azCl
85yJKi2KLPT2k7ojJxny3eVCQrbbODiQyaANfjxWVZ9N/qaZTTKI5j8ZKQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLT5IN4D52cpROvtXHQcbbs4FTLXMB8GA1UdIwQY
MBaAFAOkEitKIPHMpgeKkdmouxwD+5/NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTZRU0swb2c4Y3ltQjRxUjJhaTdIQVA3bjgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kYmMwNmMtYTYxMi00ZGIwLWE4NTYt
Nzg3MjM4NDE1YjA4LzEvdFBrZzNnUG5aeWxFNi0xY2RCeHR1emdWTXRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kYmMwNmMtYTYxMi00ZGIwLWE4NTYtNzg3MjM4NDE1YjA4
LzEvQTZRU0swb2c4Y3ltQjRxUjJhaTdIQVA3bjgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQF1b5gMA0E
AgACMAcDBQMqAFOAMA0GCSqGSIb3DQEBCwUAA4IBAQAhPMlU2ydnlLp6LK/2TMko
wzVVzQdOlhnZWmkadezyjX6sG5db2Pq2Qv4z4E38hZRNRGsrBPliKPj/896+MRjq
mH3bnoBJzrKmJMDYOsXRrw6h24ae4fdevZ7Ch0NDJWOlFHFTbGtGAz43UX9HrLK5
80O3ABIsGI6F8y5seXUUPAPTPklU4587YUe6MkCttoftS22y19mlyT2Vov0DEwGL
Ed3l9JMWwOl1t+IZdEHUw52MXpAbRIS+YKUejDUg14AJscfTsQBZI3b45+B/PyXd
YYGXf+eTmgkjhjQIu1yR9snQajoj5synhbsv9tuBQvmiEIUUYKOJgCQjiZPfPUej
-----END CERTIFICATE-----