Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/0e6f4a-fd57-411b-a94b-6b6fdb54ba31/1/ttp1MCWff3zPnWFfjZQchea0FGQ.roa
File:                     ttp1MCWff3zPnWFfjZQchea0FGQ.roa (raw, json)
Hash identifier:          b/Mtq+7M0ce/ygc13FY7yW1j116aiFhPfQfw9PWKN8w=
Subject key identifier:   B6:DA:75:30:25:9F:7F:7C:CF:9D:61:5F:8D:94:1C:85:E6:B4:14:64
Certificate issuer:       /CN=e1a9fe3c8a69d50935a1f749666e08dc754594dd
Certificate serial:       018CC9BBF01AC4A4DEA29C307BD7EB030763
Authority key identifier: E1:A9:FE:3C:8A:69:D5:09:35:A1:F7:49:66:6E:08:DC:75:45:94:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4an-PIpp1Qk1ofdJZm4I3HVFlN0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/0e6f4a-fd57-411b-a94b-6b6fdb54ba31/1/ttp1MCWff3zPnWFfjZQchea0FGQ.roa
Signing time:             Tue 02 Jan 2024 10:33:06 +0000
ROA not before:           Tue 02 Jan 2024 10:33:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200345
IP address blocks:        194.147.24.0/22 maxlen: 24
                          2a0d:840::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/0e6f4a-fd57-411b-a94b-6b6fdb54ba31/1/4an-PIpp1Qk1ofdJZm4I3HVFlN0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/0e6f4a-fd57-411b-a94b-6b6fdb54ba31/1/4an-PIpp1Qk1ofdJZm4I3HVFlN0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4an-PIpp1Qk1ofdJZm4I3HVFlN0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:f0:1a:c4:a4:de:a2:9c:30:7b:d7:eb:03:07:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1a9fe3c8a69d50935a1f749666e08dc754594dd
        Validity
            Not Before: Jan  2 10:33:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6da7530259f7f7ccf9d615f8d941c85e6b41464
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:86:79:f8:89:7d:3a:22:ce:71:75:30:4d:fa:
                    3a:11:f5:e1:7f:ca:c9:fe:bb:81:dc:87:7c:a6:f4:
                    76:fa:17:92:45:a3:af:45:3e:c2:58:ba:cb:a0:77:
                    0b:87:64:1b:35:53:97:cf:87:40:89:44:1e:c9:d5:
                    b8:20:33:f4:b6:3c:9d:14:3d:57:d4:16:77:4a:c0:
                    2a:3d:04:83:6b:82:ad:90:58:fb:43:b1:f4:ec:50:
                    cb:c0:12:23:dc:6b:b8:59:26:9b:47:6d:63:8b:7d:
                    55:ae:09:2b:a7:c5:c9:bd:5c:29:66:a8:6d:11:25:
                    ff:7f:fa:ef:f1:db:a0:07:56:db:7b:95:cc:cb:c8:
                    2a:71:f6:cc:49:22:48:c8:70:68:22:dd:b4:8f:05:
                    f3:a1:9c:82:88:12:d6:45:cf:5c:8c:25:6c:a6:91:
                    e3:cf:ec:a0:a4:f9:58:09:5d:58:14:ba:44:80:42:
                    40:0f:3c:58:8c:85:ba:36:70:75:1d:d1:45:be:b7:
                    00:90:a5:39:02:5b:80:9e:68:79:44:19:40:31:9b:
                    c5:00:14:7e:3e:3d:9e:5d:22:83:9b:d7:ee:12:c8:
                    36:ed:46:ab:c1:a7:4f:85:fe:67:ef:a5:58:83:0d:
                    98:23:5e:00:74:14:19:e9:c7:ed:72:30:2c:c7:88:
                    f5:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:DA:75:30:25:9F:7F:7C:CF:9D:61:5F:8D:94:1C:85:E6:B4:14:64
            X509v3 Authority Key Identifier:
                keyid:E1:A9:FE:3C:8A:69:D5:09:35:A1:F7:49:66:6E:08:DC:75:45:94:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4an-PIpp1Qk1ofdJZm4I3HVFlN0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/0e6f4a-fd57-411b-a94b-6b6fdb54ba31/1/ttp1MCWff3zPnWFfjZQchea0FGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/0e6f4a-fd57-411b-a94b-6b6fdb54ba31/1/4an-PIpp1Qk1ofdJZm4I3HVFlN0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.24.0/22
                IPv6:
                  2a0d:840::/29

    Signature Algorithm: sha256WithRSAEncryption
         63:d7:ae:7c:45:84:21:50:56:ac:b2:3d:32:fe:7f:c5:6a:73:
         87:48:65:cd:f7:18:f2:f4:dc:87:d4:0f:be:90:9e:5d:e4:fd:
         93:49:bf:66:67:78:67:46:6f:c7:2d:3e:46:d3:4f:9f:25:6a:
         21:d1:b4:ba:87:a0:30:53:37:c6:51:2c:5c:07:df:a8:be:d3:
         85:f9:1f:f2:31:66:c5:20:a5:81:ef:df:62:5e:7b:64:73:3b:
         6c:46:da:b5:7e:d6:e7:c6:c9:c6:6e:3c:83:22:25:5c:c8:1b:
         7c:a0:b0:09:f6:04:79:0e:1e:a0:3c:77:cf:30:9d:34:a5:56:
         98:aa:81:f8:59:f5:c0:9e:14:03:d2:f0:32:51:1b:03:23:12:
         b1:4f:d6:f7:bc:67:74:6d:87:e4:6c:a2:03:83:de:fa:2f:9f:
         c7:26:4e:76:22:f4:ae:01:68:d0:84:a6:d4:5a:ef:14:f9:5e:
         80:39:2d:a0:7c:92:d8:c6:e4:25:77:c5:a1:dc:4e:ef:30:73:
         d1:39:78:74:bc:f3:7e:23:4a:22:fc:1a:4d:90:a0:c9:03:e1:
         6f:02:da:50:60:70:18:62:76:4f:90:aa:b7:be:77:b7:a2:9c:
         cf:60:9a:17:5f:4e:19:1c:9f:d4:ea:20:38:81:94:d0:49:21:
         bb:4b:61:cb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJu/AaxKTeopwwe9frAwdjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxYTlmZTNjOGE2OWQ1MDkzNWExZjc0OTY2NmUwOGRjNzU0
NTk0ZGQwHhcNMjQwMTAyMTAzMzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmRhNzUzMDI1OWY3ZjdjY2Y5ZDYxNWY4ZDk0MWM4NWU2YjQxNDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA54Z5+Il9OiLOcXUwTfo6EfXhf8rJ
/ruB3Id8pvR2+heSRaOvRT7CWLrLoHcLh2QbNVOXz4dAiUQeydW4IDP0tjydFD1X
1BZ3SsAqPQSDa4KtkFj7Q7H07FDLwBIj3Gu4WSabR21ji31Vrgkrp8XJvVwpZqht
ESX/f/rv8dugB1bbe5XMy8gqcfbMSSJIyHBoIt20jwXzoZyCiBLWRc9cjCVsppHj
z+ygpPlYCV1YFLpEgEJADzxYjIW6NnB1HdFFvrcAkKU5AluAnmh5RBlAMZvFABR+
Pj2eXSKDm9fuEsg27UarwadPhf5n76VYgw2YI14AdBQZ6cftcjAsx4j1mQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLbadTAln398z51hX42UHIXmtBRkMB8GA1UdIwQY
MBaAFOGp/jyKadUJNaH3SWZuCNx1RZTdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGFuLVBJcHAxUWsxb2ZkSlptNEkzSFZGbE4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8wZTZmNGEtZmQ1Ny00MTFiLWE5NGIt
NmI2ZmRiNTRiYTMxLzEvdHRwMU1DV2ZmM3pQbldGZmpaUWNoZWEwRkdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8wZTZmNGEtZmQ1Ny00MTFiLWE5NGItNmI2ZmRiNTRiYTMx
LzEvNGFuLVBJcHAxUWsxb2ZkSlptNEkzSFZGbE4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwpMYMA0E
AgACMAcDBQMqDQhAMA0GCSqGSIb3DQEBCwUAA4IBAQBj1658RYQhUFassj0y/n/F
anOHSGXN9xjy9NyH1A++kJ5d5P2TSb9mZ3hnRm/HLT5G00+fJWoh0bS6h6AwUzfG
USxcB9+ovtOF+R/yMWbFIKWB799iXntkcztsRtq1ftbnxsnGbjyDIiVcyBt8oLAJ
9gR5Dh6gPHfPMJ00pVaYqoH4WfXAnhQD0vAyURsDIxKxT9b3vGd0bYfkbKIDg976
L5/HJk52IvSuAWjQhKbUWu8U+V6AOS2gfJLYxuQld8Wh3E7vMHPROXh0vPN+I0oi
/BpNkKDJA+FvAtpQYHAYYnZPkKq3vne3opzPYJoXX04ZHJ/U6iA4gZTQSSG7S2HL
-----END CERTIFICATE-----