Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/3e2c38-f96f-40df-aeac-f0150c81acf5/1/THVMXz0o8mM_32frlRODB0s2Aik.roa
File:                     THVMXz0o8mM_32frlRODB0s2Aik.roa (raw, json)
Hash identifier:          OhvPtbreTqPm5jfkF2g7hQR1u76j4dr029qtPqyMrvk=
Subject key identifier:   4C:75:4C:5F:3D:28:F2:63:3F:DF:67:EB:95:13:83:07:4B:36:02:29
Certificate issuer:       /CN=4927124d9803a7de54883164a376ea72e3c63eaf
Certificate serial:       018CC3B6735770806AD81CF354D785DE8AD4
Authority key identifier: 49:27:12:4D:98:03:A7:DE:54:88:31:64:A3:76:EA:72:E3:C6:3E:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SScSTZgDp95UiDFko3bqcuPGPq8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/3e2c38-f96f-40df-aeac-f0150c81acf5/1/THVMXz0o8mM_32frlRODB0s2Aik.roa
Signing time:             Mon 01 Jan 2024 06:29:23 +0000
ROA not before:           Mon 01 Jan 2024 06:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48053
IP address blocks:        194.0.4.0/24 maxlen: 24
                          2001:678:7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/3e2c38-f96f-40df-aeac-f0150c81acf5/1/SScSTZgDp95UiDFko3bqcuPGPq8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/3e2c38-f96f-40df-aeac-f0150c81acf5/1/SScSTZgDp95UiDFko3bqcuPGPq8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SScSTZgDp95UiDFko3bqcuPGPq8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:73:57:70:80:6a:d8:1c:f3:54:d7:85:de:8a:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4927124d9803a7de54883164a376ea72e3c63eaf
        Validity
            Not Before: Jan  1 06:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c754c5f3d28f2633fdf67eb951383074b360229
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:6f:6c:8c:e7:21:50:4a:5f:6b:8d:35:19:e9:
                    00:27:74:06:ad:68:d2:23:33:d6:81:df:f7:4a:52:
                    ee:90:0f:b8:a1:c6:e3:b0:eb:b7:ab:88:91:5a:f8:
                    6c:7c:2b:d0:88:0b:02:1b:c8:b3:12:68:07:0f:09:
                    7c:9d:d5:03:83:85:1a:af:c0:3a:55:30:f2:aa:f3:
                    d4:42:14:08:80:7b:79:a8:03:55:08:10:3e:19:db:
                    cb:46:e6:4b:47:27:2b:0a:61:3c:95:7c:d1:2d:84:
                    73:ef:b6:f2:01:ae:47:5e:3b:76:ad:2f:f6:18:9a:
                    ba:b2:19:5a:7e:2f:7c:61:5f:d0:f5:14:e5:2e:09:
                    b4:5d:25:ff:a7:8d:33:96:88:71:e2:48:1b:20:48:
                    5b:37:e9:3c:bb:ae:0b:5e:f2:be:d1:7f:8d:9c:88:
                    a2:48:27:9e:e0:38:79:2a:f5:f3:59:72:45:cc:bc:
                    4e:d9:09:44:84:5a:8b:dc:bd:60:93:49:96:7a:d9:
                    22:3a:47:b0:4a:73:6b:c5:bf:cd:00:d1:07:3e:3a:
                    f4:ff:77:af:d4:1a:be:23:01:3f:f5:15:d6:5c:2c:
                    a5:d4:b5:fe:5e:34:24:d4:41:b4:0b:72:fb:24:07:
                    fb:84:b3:82:49:bd:28:44:35:fe:6f:1a:ab:b5:ee:
                    07:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:75:4C:5F:3D:28:F2:63:3F:DF:67:EB:95:13:83:07:4B:36:02:29
            X509v3 Authority Key Identifier:
                keyid:49:27:12:4D:98:03:A7:DE:54:88:31:64:A3:76:EA:72:E3:C6:3E:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SScSTZgDp95UiDFko3bqcuPGPq8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/3e2c38-f96f-40df-aeac-f0150c81acf5/1/THVMXz0o8mM_32frlRODB0s2Aik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/3e2c38-f96f-40df-aeac-f0150c81acf5/1/SScSTZgDp95UiDFko3bqcuPGPq8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.4.0/24
                IPv6:
                  2001:678:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         0b:b0:58:42:e8:df:29:11:f2:bf:bd:54:5f:16:0e:5d:ce:79:
         d2:1e:3b:8e:89:92:89:59:1d:12:af:5e:c3:3e:36:20:70:84:
         6e:7c:e5:65:22:00:fd:5e:d6:bf:ca:93:5a:71:16:97:b9:47:
         8c:b7:57:37:6a:23:a2:9e:92:5e:e0:4e:36:bb:a2:99:dc:ca:
         3e:96:32:eb:6e:32:93:6e:22:6b:98:f4:0c:7e:94:82:07:80:
         a8:6e:f2:c5:28:0d:6b:80:9f:44:79:6e:33:e2:92:cb:6d:a3:
         c8:6b:08:3d:ab:5a:70:c7:72:3a:8e:94:01:e4:f7:7b:3d:cd:
         92:40:2d:58:71:0c:28:c9:2e:16:c7:7c:9c:fb:a5:fa:fb:e9:
         39:e9:d8:9f:ec:3a:64:ef:22:bc:bc:ce:33:e7:aa:34:b8:bb:
         ea:ad:ab:3b:be:20:df:c3:01:fe:b5:8b:86:72:f8:43:8e:26:
         cb:75:7b:18:1e:3a:20:16:0d:ea:c4:69:93:30:c3:04:a7:5d:
         0b:b7:d0:03:ed:2e:ab:2c:2a:bf:04:de:a3:a3:57:6f:5b:ea:
         b8:91:aa:24:6a:67:a7:29:a8:8a:20:fb:a3:c6:2d:79:7c:11:
         00:42:f4:24:73:70:f0:24:f2:f2:2d:61:37:59:02:aa:11:94:
         ab:b5:bc:a4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzDtnNXcIBq2BzzVNeF3orUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5MjcxMjRkOTgwM2E3ZGU1NDg4MzE2NGEzNzZlYTcyZTNj
NjNlYWYwHhcNMjQwMTAxMDYyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Yzc1NGM1ZjNkMjhmMjYzM2ZkZjY3ZWI5NTEzODMwNzRiMzYwMjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg29sjOchUEpfa401GekAJ3QGrWjS
IzPWgd/3SlLukA+4ocbjsOu3q4iRWvhsfCvQiAsCG8izEmgHDwl8ndUDg4Uar8A6
VTDyqvPUQhQIgHt5qANVCBA+GdvLRuZLRycrCmE8lXzRLYRz77byAa5HXjt2rS/2
GJq6shlafi98YV/Q9RTlLgm0XSX/p40zlohx4kgbIEhbN+k8u64LXvK+0X+NnIii
SCee4Dh5KvXzWXJFzLxO2QlEhFqL3L1gk0mWetkiOkewSnNrxb/NANEHPjr0/3ev
1Bq+IwE/9RXWXCyl1LX+XjQk1EG0C3L7JAf7hLOCSb0oRDX+bxqrte4H/wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEx1TF89KPJjP99n65UTgwdLNgIpMB8GA1UdIwQY
MBaAFEknEk2YA6feVIgxZKN26nLjxj6vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1NjU1RaZ0RwOTVVaURGa28zYnFjdVBHUHE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC8zZTJjMzgtZjk2Zi00MGRmLWFlYWMt
ZjAxNTBjODFhY2Y1LzEvVEhWTVh6MG84bU1fMzJmcmxST0RCMHMyQWlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC8zZTJjMzgtZjk2Zi00MGRmLWFlYWMtZjAxNTBjODFhY2Y1
LzEvU1NjU1RaZ0RwOTVVaURGa28zYnFjdVBHUHE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwgAEMA8E
AgACMAkDBwAgAQZ4AAcwDQYJKoZIhvcNAQELBQADggEBAAuwWELo3ykR8r+9VF8W
Dl3OedIeO46JkolZHRKvXsM+NiBwhG585WUiAP1e1r/Kk1pxFpe5R4y3VzdqI6Ke
kl7gTja7opncyj6WMutuMpNuImuY9Ax+lIIHgKhu8sUoDWuAn0R5bjPikstto8hr
CD2rWnDHcjqOlAHk93s9zZJALVhxDCjJLhbHfJz7pfr76Tnp2J/sOmTvIry8zjPn
qjS4u+qtqzu+IN/DAf61i4Zy+EOOJst1exgeOiAWDerEaZMwwwSnXQu30APtLqss
Kr8E3qOjV29b6riRqiRqZ6cpqIog+6PGLXl8EQBC9CRzcPAk8vItYTdZAqoRlKu1
vKQ=
-----END CERTIFICATE-----