Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/a0bf3e-3645-4e16-bca9-8adac17e90ae/1/tg_L4lCNJ70dH65WdTdDLuQHGwo.roa
File:                     tg_L4lCNJ70dH65WdTdDLuQHGwo.roa (raw, json)
Hash identifier:          gWppbhrUxYuIwVYcNpcTZI74HuBEAbjVhRJ4mV8ecfE=
Subject key identifier:   B6:0F:CB:E2:50:8D:27:BD:1D:1F:AE:56:75:37:43:2E:E4:07:1B:0A
Certificate issuer:       /CN=974661cb1c38e63bd78bd6b2b1d68686a5415bf5
Certificate serial:       018CC94DDA2B271C94AFA3B3D28CB00E93EF
Authority key identifier: 97:46:61:CB:1C:38:E6:3B:D7:8B:D6:B2:B1:D6:86:86:A5:41:5B:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l0Zhyxw45jvXi9aysdaGhqVBW_U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/a0bf3e-3645-4e16-bca9-8adac17e90ae/1/tg_L4lCNJ70dH65WdTdDLuQHGwo.roa
Signing time:             Tue 02 Jan 2024 08:32:51 +0000
ROA not before:           Tue 02 Jan 2024 08:32:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213250
IP address blocks:        91.200.100.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/a0bf3e-3645-4e16-bca9-8adac17e90ae/1/l0Zhyxw45jvXi9aysdaGhqVBW_U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/a0bf3e-3645-4e16-bca9-8adac17e90ae/1/l0Zhyxw45jvXi9aysdaGhqVBW_U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l0Zhyxw45jvXi9aysdaGhqVBW_U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:da:2b:27:1c:94:af:a3:b3:d2:8c:b0:0e:93:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=974661cb1c38e63bd78bd6b2b1d68686a5415bf5
        Validity
            Not Before: Jan  2 08:32:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b60fcbe2508d27bd1d1fae567537432ee4071b0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:b0:62:1c:f9:bc:3b:57:22:3d:41:4e:c0:d4:
                    f8:51:8a:0e:85:d1:66:df:5c:f2:34:ce:75:0e:ef:
                    ca:61:ae:8b:a6:f2:b1:3a:2b:d6:13:b0:d8:d0:44:
                    53:9d:0f:c5:5d:e8:64:7b:4c:5b:b3:e4:87:32:2d:
                    24:14:60:25:4c:03:80:84:af:07:8a:23:58:db:4c:
                    8b:68:b0:13:fb:29:56:83:ff:4f:a7:e2:5f:00:5e:
                    5a:d7:9f:42:f0:19:04:84:46:4f:ad:33:ed:06:27:
                    7b:98:f8:a6:46:74:79:2f:4a:5d:e4:59:0d:8c:6d:
                    85:fc:5b:cb:62:e7:57:b7:51:55:94:2b:dd:e5:2d:
                    a6:98:ad:0a:c3:8d:8d:a3:20:73:0a:4d:59:9a:4e:
                    68:f9:e2:d2:27:fd:40:ef:0d:39:75:48:f9:3e:ea:
                    56:b8:52:12:02:3e:31:f0:a1:2c:b4:04:f2:b6:de:
                    f6:5c:da:9b:a9:74:ef:17:0d:1e:b0:85:ef:b6:92:
                    76:5e:93:25:bd:f9:c7:b5:72:75:64:94:26:76:96:
                    b3:71:f9:bc:2b:15:f3:30:e7:34:06:32:e5:76:f6:
                    e0:aa:a9:a5:03:ee:6f:cd:78:05:61:d2:6f:cb:36:
                    0c:1e:56:3f:13:b4:85:f6:86:6a:db:73:c8:d5:3c:
                    9b:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:0F:CB:E2:50:8D:27:BD:1D:1F:AE:56:75:37:43:2E:E4:07:1B:0A
            X509v3 Authority Key Identifier:
                keyid:97:46:61:CB:1C:38:E6:3B:D7:8B:D6:B2:B1:D6:86:86:A5:41:5B:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l0Zhyxw45jvXi9aysdaGhqVBW_U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/a0bf3e-3645-4e16-bca9-8adac17e90ae/1/tg_L4lCNJ70dH65WdTdDLuQHGwo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/a0bf3e-3645-4e16-bca9-8adac17e90ae/1/l0Zhyxw45jvXi9aysdaGhqVBW_U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         44:05:f3:c5:5f:2b:32:7f:0b:8d:d6:60:72:4d:b7:00:78:45:
         40:0b:24:47:b7:e4:e0:65:1c:e3:2b:eb:ee:92:5d:4f:71:f4:
         59:6f:01:0f:38:29:5f:67:64:3b:74:29:09:18:5d:3d:a4:b0:
         c6:a6:6b:2d:30:b1:38:44:0e:f6:49:97:83:c9:4b:60:16:64:
         e9:ab:0d:38:42:d6:16:3b:30:1e:d5:8d:e5:98:cf:60:3e:1a:
         d9:d2:21:48:0d:2a:71:02:32:99:e1:0d:ff:de:a5:72:61:7a:
         ca:14:47:96:92:a8:87:1a:b9:11:e6:68:37:99:32:69:ca:0a:
         6e:22:be:b3:78:98:36:37:65:e6:3f:90:2c:c5:60:e4:f2:d9:
         c8:0b:3e:bf:e7:21:39:d5:54:39:c5:82:9c:95:ad:58:25:28:
         74:45:de:ce:31:a0:f8:2f:b2:33:c7:70:4d:b8:76:80:21:5f:
         31:ac:a3:20:da:43:32:83:b6:05:2f:dd:86:43:42:9d:61:db:
         4a:79:a9:f7:de:80:37:1a:56:5d:66:a7:fb:54:12:66:7b:73:
         1f:61:b3:e3:87:4b:fa:51:22:ed:9a:0c:b2:91:7b:f5:5a:f6:
         7d:54:ac:0d:b4:3d:c1:a5:ee:f8:fb:af:01:a4:c6:66:0f:5f:
         4d:2e:41:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTdorJxyUr6Oz0oywDpPvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3NDY2MWNiMWMzOGU2M2JkNzhiZDZiMmIxZDY4Njg2YTU0
MTViZjUwHhcNMjQwMTAyMDgzMjUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjBmY2JlMjUwOGQyN2JkMWQxZmFlNTY3NTM3NDMyZWU0MDcxYjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkrBiHPm8O1ciPUFOwNT4UYoOhdFm
31zyNM51Du/KYa6LpvKxOivWE7DY0ERTnQ/FXehke0xbs+SHMi0kFGAlTAOAhK8H
iiNY20yLaLAT+ylWg/9Pp+JfAF5a159C8BkEhEZPrTPtBid7mPimRnR5L0pd5FkN
jG2F/FvLYudXt1FVlCvd5S2mmK0Kw42NoyBzCk1Zmk5o+eLSJ/1A7w05dUj5PupW
uFISAj4x8KEstATytt72XNqbqXTvFw0esIXvtpJ2XpMlvfnHtXJ1ZJQmdpazcfm8
KxXzMOc0BjLldvbgqqmlA+5vzXgFYdJvyzYMHlY/E7SF9oZq23PI1TybZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLYPy+JQjSe9HR+uVnU3Qy7kBxsKMB8GA1UdIwQY
MBaAFJdGYcscOOY714vWsrHWhoalQVv1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDBaaHl4dzQ1anZYaTlheXNkYUdocVZCV19VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9hMGJmM2UtMzY0NS00ZTE2LWJjYTkt
OGFkYWMxN2U5MGFlLzEvdGdfTDRsQ05KNzBkSDY1V2RUZERMdVFIR3dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9hMGJmM2UtMzY0NS00ZTE2LWJjYTktOGFkYWMxN2U5MGFl
LzEvbDBaaHl4dzQ1anZYaTlheXNkYUdocVZCV19VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW8hkMA0G
CSqGSIb3DQEBCwUAA4IBAQBEBfPFXysyfwuN1mByTbcAeEVACyRHt+TgZRzjK+vu
kl1PcfRZbwEPOClfZ2Q7dCkJGF09pLDGpmstMLE4RA72SZeDyUtgFmTpqw04QtYW
OzAe1Y3lmM9gPhrZ0iFIDSpxAjKZ4Q3/3qVyYXrKFEeWkqiHGrkR5mg3mTJpygpu
Ir6zeJg2N2XmP5AsxWDk8tnICz6/5yE51VQ5xYKcla1YJSh0Rd7OMaD4L7Izx3BN
uHaAIV8xrKMg2kMyg7YFL92GQ0KdYdtKean33oA3GlZdZqf7VBJme3MfYbPjh0v6
USLtmgyykXv1WvZ9VKwNtD3Bpe74+68BpMZmD19NLkG7
-----END CERTIFICATE-----