Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/TRGz40oHBaTgvM7WrZVLdmBFJZo.roa
File:                     TRGz40oHBaTgvM7WrZVLdmBFJZo.roa (raw, json)
Hash identifier:          WDeEf0r6eNslZVO2iIFwkn9cBMrxoI8/zjlNvSwYn/c=
Subject key identifier:   4D:11:B3:E3:4A:07:05:A4:E0:BC:CE:D6:AD:95:4B:76:60:45:25:9A
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       018CC94D0F1917C0AA2FB00F0D634E4E35D9
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/TRGz40oHBaTgvM7WrZVLdmBFJZo.roa
Signing time:             Tue 02 Jan 2024 08:31:59 +0000
ROA not before:           Tue 02 Jan 2024 08:31:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216393
IP address blocks:        2a0a:280:3000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:0f:19:17:c0:aa:2f:b0:0f:0d:63:4e:4e:35:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan  2 08:31:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d11b3e34a0705a4e0bcced6ad954b766045259a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:21:4d:89:ae:ca:0d:71:b0:8c:b4:15:85:ed:
                    d6:85:c5:f6:7d:26:b2:97:65:f3:66:a5:25:5b:f5:
                    78:d2:89:9f:d8:f5:ac:75:6f:9a:1a:14:a8:b7:61:
                    a7:b9:2a:9d:ee:43:bf:47:e4:94:26:58:7c:9f:ec:
                    ca:e6:b9:e6:2b:4f:7b:42:03:40:0d:16:4a:49:44:
                    a1:77:a4:9b:60:5a:3e:d0:0f:41:e6:ec:52:30:9b:
                    2d:ee:da:bc:29:fd:09:43:f2:81:b2:36:ab:12:da:
                    7d:b1:62:07:59:a2:29:07:39:07:3c:e6:ef:f0:61:
                    24:f4:27:ce:51:a7:69:58:ac:ef:d9:88:ee:b6:61:
                    31:6f:bf:0a:e9:b5:7a:92:a3:fb:ae:33:aa:ae:14:
                    6c:79:6f:28:6a:51:ca:35:b4:9d:73:e2:99:59:7f:
                    7d:c8:14:58:13:80:b5:fc:96:f7:58:ba:0e:9a:a7:
                    d2:e2:16:46:0c:18:d3:8b:fa:16:ce:7c:bb:61:91:
                    e0:2d:65:14:2c:35:a7:ef:74:28:d0:53:09:2e:47:
                    7b:91:4c:5b:e0:79:7d:b5:bc:a6:bb:64:e7:64:3a:
                    d6:0f:f8:c4:0f:56:b9:bb:f4:47:79:a7:04:66:94:
                    ea:55:1b:f3:f9:8d:02:ec:c4:a0:09:c0:e4:a4:39:
                    81:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:11:B3:E3:4A:07:05:A4:E0:BC:CE:D6:AD:95:4B:76:60:45:25:9A
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/TRGz40oHBaTgvM7WrZVLdmBFJZo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:3000::/40

    Signature Algorithm: sha256WithRSAEncryption
         97:ba:b9:e2:9e:1d:3e:81:de:b0:1c:49:d3:99:ac:58:db:ae:
         db:d8:4c:64:6a:03:d5:c6:9e:d7:5a:a1:4a:c4:7e:3b:c1:ed:
         8f:18:74:95:01:aa:d1:7e:65:47:0a:18:85:da:2d:a6:63:6d:
         d5:56:a8:9e:53:13:ad:57:a6:05:da:11:40:2b:ee:60:c9:62:
         87:44:ed:5c:a8:ec:56:94:fe:f7:ec:fe:2d:17:ab:cc:8f:9a:
         20:48:85:09:e9:49:0f:b9:6d:b7:3d:aa:4e:36:fc:7c:f3:e8:
         fb:fc:33:80:7b:46:91:c9:70:c4:f2:87:a4:68:e1:c4:82:aa:
         b7:32:1a:bb:e5:d3:c6:12:34:d6:65:03:34:51:64:a8:a0:ff:
         51:83:f8:8e:fa:80:5a:e6:6f:53:15:a4:61:5e:ef:f8:03:57:
         29:b8:1e:7a:29:d9:73:25:ec:ee:95:21:94:ab:c9:61:57:00:
         d1:7e:3c:ab:a9:fd:5d:27:9a:33:84:a5:72:56:69:ca:33:6a:
         d3:69:85:3b:9b:1c:62:1d:9a:7c:17:cb:ce:96:e1:b2:3e:dc:
         f1:44:c8:dc:64:2b:0d:c7:06:25:dd:49:6d:fe:e5:3a:3c:37:
         7c:ec:b2:a7:9b:99:8b:a2:53:65:ac:21:b7:82:62:d5:3b:70:
         de:b2:1f:42
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTQ8ZF8CqL7APDWNOTjXZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjQwMTAyMDgzMTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDExYjNlMzRhMDcwNWE0ZTBiY2NlZDZhZDk1NGI3NjYwNDUyNTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwSFNia7KDXGwjLQVhe3WhcX2fSay
l2XzZqUlW/V40omf2PWsdW+aGhSot2GnuSqd7kO/R+SUJlh8n+zK5rnmK097QgNA
DRZKSUShd6SbYFo+0A9B5uxSMJst7tq8Kf0JQ/KBsjarEtp9sWIHWaIpBzkHPObv
8GEk9CfOUadpWKzv2YjutmExb78K6bV6kqP7rjOqrhRseW8oalHKNbSdc+KZWX99
yBRYE4C1/Jb3WLoOmqfS4hZGDBjTi/oWzny7YZHgLWUULDWn73Qo0FMJLkd7kUxb
4Hl9tbymu2TnZDrWD/jED1a5u/RHeacEZpTqVRvz+Y0C7MSgCcDkpDmBNwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFE0Rs+NKBwWk4LzO1q2VS3ZgRSWaMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvVFJHejQwb0hCYVRndk03V3JaVkxkbUJGSlpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgDAw
DQYJKoZIhvcNAQELBQADggEBAJe6ueKeHT6B3rAcSdOZrFjbrtvYTGRqA9XGntda
oUrEfjvB7Y8YdJUBqtF+ZUcKGIXaLaZjbdVWqJ5TE61XpgXaEUAr7mDJYodE7Vyo
7FaU/vfs/i0Xq8yPmiBIhQnpSQ+5bbc9qk42/Hzz6Pv8M4B7RpHJcMTyh6Ro4cSC
qrcyGrvl08YSNNZlAzRRZKig/1GD+I76gFrmb1MVpGFe7/gDVym4Hnop2XMl7O6V
IZSryWFXANF+PKup/V0nmjOEpXJWacozatNphTubHGIdmnwXy86W4bI+3PFEyNxk
Kw3HBiXdSW3+5To8N3zssqebmYuiU2WsIbeCYtU7cN6yH0I=
-----END CERTIFICATE-----