Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/c62d13-7f03-4d19-8b46-fc91433d367d/1/TltNq-qT7HwpOny0ZIi70JD_qtU.roa
File:                     TltNq-qT7HwpOny0ZIi70JD_qtU.roa (raw, json)
Hash identifier:          5ibsz0cXIyY2x0QiLP4vPH9URIuAf+fVxy3pAmBS4Lw=
Subject key identifier:   4E:5B:4D:AB:EA:93:EC:7C:29:3A:7C:B4:64:88:BB:D0:90:FF:AA:D5
Certificate issuer:       /CN=4ca13bdea54f76b8a85712afdb615186b33838c1
Certificate serial:       018CC49354CCC3DC8B45061B1944CE55849A
Authority key identifier: 4C:A1:3B:DE:A5:4F:76:B8:A8:57:12:AF:DB:61:51:86:B3:38:38:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TKE73qVPdrioVxKv22FRhrM4OME.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/c62d13-7f03-4d19-8b46-fc91433d367d/1/TltNq-qT7HwpOny0ZIi70JD_qtU.roa
Signing time:             Mon 01 Jan 2024 10:30:38 +0000
ROA not before:           Mon 01 Jan 2024 10:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20676
IP address blocks:        212.84.192.0/20 maxlen: 32
                          212.99.128.0/18 maxlen: 32
                          2a02:e240::/29 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/c62d13-7f03-4d19-8b46-fc91433d367d/1/TKE73qVPdrioVxKv22FRhrM4OME.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/c62d13-7f03-4d19-8b46-fc91433d367d/1/TKE73qVPdrioVxKv22FRhrM4OME.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TKE73qVPdrioVxKv22FRhrM4OME.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:54:cc:c3:dc:8b:45:06:1b:19:44:ce:55:84:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ca13bdea54f76b8a85712afdb615186b33838c1
        Validity
            Not Before: Jan  1 10:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e5b4dabea93ec7c293a7cb46488bbd090ffaad5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:dd:26:cb:56:b9:12:c1:24:d9:3f:f4:f9:a3:
                    ce:f1:2b:91:fd:18:e2:7d:56:57:23:ad:3b:ad:56:
                    08:7b:bd:5c:db:7f:ab:94:c5:9c:c9:4e:b6:55:5e:
                    7b:0c:98:c4:01:8a:c7:9e:00:ce:02:a7:db:91:eb:
                    f5:32:2f:57:64:ac:31:85:4d:fe:14:5d:cb:1a:ac:
                    cd:43:6a:cb:04:75:ed:37:37:80:63:67:f8:05:b3:
                    f4:3f:94:cb:55:6a:32:34:12:ec:74:1c:bc:d2:28:
                    e7:40:4b:6e:2a:79:f2:44:f6:5f:7d:8c:cc:ec:0b:
                    18:3d:d6:50:18:e0:15:fd:4c:db:bb:0d:90:f3:f9:
                    d5:ac:a3:fd:1e:d6:da:bc:5f:25:84:39:af:56:2a:
                    04:02:51:34:a6:da:5b:e1:7f:cc:17:5c:0f:5d:2f:
                    18:54:85:e9:8d:fd:af:00:04:2e:02:54:83:57:1d:
                    88:55:a0:10:22:48:29:ad:1a:a4:7c:a8:21:2c:fc:
                    8d:8f:a5:5d:67:99:47:00:4a:3d:05:83:be:d6:4a:
                    93:0a:b5:39:6b:ab:4f:d0:11:a0:3f:6c:28:24:99:
                    fc:6b:9d:6b:45:77:d6:0c:92:2d:0a:b3:60:55:a4:
                    23:51:e9:42:cb:0f:ba:35:36:75:51:8a:e4:0b:93:
                    80:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:5B:4D:AB:EA:93:EC:7C:29:3A:7C:B4:64:88:BB:D0:90:FF:AA:D5
            X509v3 Authority Key Identifier:
                keyid:4C:A1:3B:DE:A5:4F:76:B8:A8:57:12:AF:DB:61:51:86:B3:38:38:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TKE73qVPdrioVxKv22FRhrM4OME.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c62d13-7f03-4d19-8b46-fc91433d367d/1/TltNq-qT7HwpOny0ZIi70JD_qtU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c62d13-7f03-4d19-8b46-fc91433d367d/1/TKE73qVPdrioVxKv22FRhrM4OME.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.84.192.0/20
                  212.99.128.0/18
                IPv6:
                  2a02:e240::/29

    Signature Algorithm: sha256WithRSAEncryption
         b8:18:9a:c4:ca:c4:46:99:12:af:9b:74:b5:f0:3b:df:b3:d8:
         f5:7b:19:48:7f:e2:3c:71:94:bb:e2:a3:0a:0a:31:a0:3c:80:
         27:ac:d8:b5:07:cd:26:b4:6e:27:19:5f:db:54:bb:97:ab:d7:
         7d:26:00:25:ad:d3:b6:71:d4:fb:06:8b:35:cd:0e:cd:da:9a:
         b0:64:f7:b4:a6:ce:89:33:05:f0:fd:c4:71:92:3a:b8:2a:df:
         d8:40:a5:74:7c:6b:47:d7:73:a2:fe:a3:05:b3:a9:b4:85:cf:
         9a:fa:ff:03:67:07:fc:ff:b4:d4:35:c0:70:73:00:d8:42:70:
         3f:50:9a:84:ac:06:a6:7d:3d:b0:e7:2d:fa:6b:47:47:c3:d3:
         77:80:44:d6:66:90:95:32:0d:5c:f7:73:55:a4:78:2b:71:b9:
         f5:2b:7b:2f:1a:ad:2a:ea:bf:c2:16:5c:87:49:c9:b5:5e:d0:
         51:5a:51:43:b7:b2:87:83:65:53:f1:f2:9f:49:31:51:fc:29:
         cd:c7:97:83:40:ee:65:a6:c3:11:65:df:84:53:60:04:5b:c6:
         d7:b9:c3:01:f9:c1:76:ce:a2:4e:5a:28:a9:d7:49:31:42:5e:
         ff:7b:a3:69:a6:08:7c:c5:1e:51:a6:6a:4f:f6:bf:87:03:b4:
         f9:09:23:b8
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEk1TMw9yLRQYbGUTOVYSaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjYTEzYmRlYTU0Zjc2YjhhODU3MTJhZmRiNjE1MTg2YjMz
ODM4YzEwHhcNMjQwMTAxMTAzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTViNGRhYmVhOTNlYzdjMjkzYTdjYjQ2NDg4YmJkMDkwZmZhYWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv90my1a5EsEk2T/0+aPO8SuR/Rji
fVZXI607rVYIe71c23+rlMWcyU62VV57DJjEAYrHngDOAqfbkev1Mi9XZKwxhU3+
FF3LGqzNQ2rLBHXtNzeAY2f4BbP0P5TLVWoyNBLsdBy80ijnQEtuKnnyRPZffYzM
7AsYPdZQGOAV/Uzbuw2Q8/nVrKP9HtbavF8lhDmvVioEAlE0ptpb4X/MF1wPXS8Y
VIXpjf2vAAQuAlSDVx2IVaAQIkgprRqkfKghLPyNj6VdZ5lHAEo9BYO+1kqTCrU5
a6tP0BGgP2woJJn8a51rRXfWDJItCrNgVaQjUelCyw+6NTZ1UYrkC5OAqwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFE5bTavqk+x8KTp8tGSIu9CQ/6rVMB8GA1UdIwQY
MBaAFEyhO96lT3a4qFcSr9thUYazODjBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEtFNzNxVlBkcmlvVnhLdjIyRlJock00T01FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9jNjJkMTMtN2YwMy00ZDE5LThiNDYt
ZmM5MTQzM2QzNjdkLzEvVGx0TnEtcVQ3SHdwT255MFpJaTcwSkRfcXRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9jNjJkMTMtN2YwMy00ZDE5LThiNDYtZmM5MTQzM2QzNjdk
LzEvVEtFNzNxVlBkcmlvVnhLdjIyRlJock00T01FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQE1FTAAwQG
1GOAMA0EAgACMAcDBQMqAuJAMA0GCSqGSIb3DQEBCwUAA4IBAQC4GJrEysRGmRKv
m3S18Dvfs9j1exlIf+I8cZS74qMKCjGgPIAnrNi1B80mtG4nGV/bVLuXq9d9JgAl
rdO2cdT7Bos1zQ7N2pqwZPe0ps6JMwXw/cRxkjq4Kt/YQKV0fGtH13Oi/qMFs6m0
hc+a+v8DZwf8/7TUNcBwcwDYQnA/UJqErAamfT2w5y36a0dHw9N3gETWZpCVMg1c
93NVpHgrcbn1K3svGq0q6r/CFlyHScm1XtBRWlFDt7KHg2VT8fKfSTFR/CnNx5eD
QO5lpsMRZd+EU2AEW8bXucMB+cF2zqJOWiip10kxQl7/e6Nppgh8xR5RpmpP9r+H
A7T5CSO4
-----END CERTIFICATE-----