Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/a0ca76-e264-40f1-9d8a-065ca1f36310/1/TNVs-F9Gvccm1AOnRS34BWByzqk.roa
File:                     TNVs-F9Gvccm1AOnRS34BWByzqk.roa (raw, json)
Hash identifier:          FGcmZPP3CtlKUeuXkLg5vruq8Rbo2nWCDBQ7QzKmfEc=
Subject key identifier:   4C:D5:6C:F8:5F:46:BD:C7:26:D4:03:A7:45:2D:F8:05:60:72:CE:A9
Certificate issuer:       /CN=d05b2623a39d556c50b7046d36447fb621af974a
Certificate serial:       018CC3B6CA04BF4B10181043F8C56857B2AD
Authority key identifier: D0:5B:26:23:A3:9D:55:6C:50:B7:04:6D:36:44:7F:B6:21:AF:97:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0FsmI6OdVWxQtwRtNkR_tiGvl0o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/a0ca76-e264-40f1-9d8a-065ca1f36310/1/TNVs-F9Gvccm1AOnRS34BWByzqk.roa
Signing time:             Mon 01 Jan 2024 06:29:45 +0000
ROA not before:           Mon 01 Jan 2024 06:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35802
IP address blocks:        195.10.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/a0ca76-e264-40f1-9d8a-065ca1f36310/1/0FsmI6OdVWxQtwRtNkR_tiGvl0o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/a0ca76-e264-40f1-9d8a-065ca1f36310/1/0FsmI6OdVWxQtwRtNkR_tiGvl0o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0FsmI6OdVWxQtwRtNkR_tiGvl0o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:ca:04:bf:4b:10:18:10:43:f8:c5:68:57:b2:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d05b2623a39d556c50b7046d36447fb621af974a
        Validity
            Not Before: Jan  1 06:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4cd56cf85f46bdc726d403a7452df8056072cea9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:17:01:6f:3b:10:95:fb:84:ba:a1:50:82:d9:
                    85:df:9a:80:d0:23:04:b9:97:f6:ab:38:2c:db:35:
                    3e:3f:71:93:45:73:ff:a9:c5:e9:54:ed:7f:55:85:
                    45:b2:87:46:18:95:58:a3:c9:3e:29:32:ad:8d:36:
                    1d:c6:56:2f:11:c7:e1:17:7b:ec:4c:ad:0b:23:0d:
                    cd:64:e6:2d:6a:b5:db:9d:41:a5:b3:35:2b:7c:a7:
                    e7:9a:d0:83:ef:0f:ca:7b:40:21:d9:d7:55:b0:1b:
                    72:22:38:47:e8:68:2f:dd:e2:a9:b9:ae:4f:c4:22:
                    94:68:39:7e:63:ac:d8:e1:4c:97:60:3d:76:4a:2b:
                    7e:4b:c0:72:13:7b:cf:8b:4f:0e:48:1b:13:d6:a6:
                    b1:3e:41:6f:1c:91:79:55:a0:81:79:81:f1:d5:1c:
                    cd:4e:e7:2d:65:4b:e5:9b:3b:79:a8:d7:d7:f2:26:
                    1d:ff:f5:a8:b7:4f:01:07:a9:11:f1:e6:e5:e4:5a:
                    68:25:43:b0:4f:45:4c:2b:5f:17:f1:9d:5e:a3:e7:
                    8a:7e:fb:39:ad:8a:0b:bf:4f:a7:63:12:d1:5d:69:
                    47:27:fa:cd:42:f2:30:d1:df:29:e0:f2:31:42:06:
                    dd:af:8b:23:58:4d:4b:91:8e:1a:82:09:77:39:8a:
                    86:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:D5:6C:F8:5F:46:BD:C7:26:D4:03:A7:45:2D:F8:05:60:72:CE:A9
            X509v3 Authority Key Identifier:
                keyid:D0:5B:26:23:A3:9D:55:6C:50:B7:04:6D:36:44:7F:B6:21:AF:97:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0FsmI6OdVWxQtwRtNkR_tiGvl0o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/a0ca76-e264-40f1-9d8a-065ca1f36310/1/TNVs-F9Gvccm1AOnRS34BWByzqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/a0ca76-e264-40f1-9d8a-065ca1f36310/1/0FsmI6OdVWxQtwRtNkR_tiGvl0o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.10.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:01:25:6a:30:79:c2:68:4e:e0:26:c8:da:65:db:e0:09:9a:
         6a:5e:08:5e:46:ad:e7:c1:60:4a:1c:3f:16:29:d2:f2:ad:1d:
         89:d8:a1:08:6d:92:1f:df:d5:21:21:3b:90:51:c0:bf:ed:56:
         16:f0:de:98:2d:2e:de:5b:d3:3d:1d:e8:75:9c:51:82:d5:34:
         72:ab:68:02:82:e6:a6:0f:6f:94:de:fd:dc:b9:a9:3e:46:ee:
         01:49:f1:36:b5:8f:ee:6b:dc:1a:6f:a3:d0:8c:8e:3d:41:c2:
         fc:9a:20:08:3f:bb:43:28:ab:9e:48:be:64:fa:e5:1f:f8:c9:
         1d:1a:19:f3:97:ed:c4:f1:0e:6c:3b:7d:33:69:2c:8f:fb:58:
         d9:6b:f3:e8:f6:d4:3c:bf:2d:67:25:45:37:06:7a:ab:8e:cd:
         b2:2e:68:a3:7e:2c:c2:a6:3e:b9:9a:60:ab:98:d7:d6:66:6e:
         42:f6:6b:3c:eb:9d:3c:f6:91:db:c4:f7:e7:a3:97:d8:67:87:
         ee:a2:f6:a3:b5:e3:18:80:c4:74:a2:3b:e9:23:84:24:3d:3f:
         3f:07:a5:54:04:bb:c0:b9:97:89:60:15:a3:6b:dd:38:5f:e7:
         76:68:8a:68:23:21:19:5f:1d:38:b3:89:68:19:f9:51:ef:a7:
         11:c5:9b:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtsoEv0sQGBBD+MVoV7KtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwNWIyNjIzYTM5ZDU1NmM1MGI3MDQ2ZDM2NDQ3ZmI2MjFh
Zjk3NGEwHhcNMjQwMTAxMDYyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2Q1NmNmODVmNDZiZGM3MjZkNDAzYTc0NTJkZjgwNTYwNzJjZWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqBcBbzsQlfuEuqFQgtmF35qA0CME
uZf2qzgs2zU+P3GTRXP/qcXpVO1/VYVFsodGGJVYo8k+KTKtjTYdxlYvEcfhF3vs
TK0LIw3NZOYtarXbnUGlszUrfKfnmtCD7w/Ke0Ah2ddVsBtyIjhH6Ggv3eKpua5P
xCKUaDl+Y6zY4UyXYD12Sit+S8ByE3vPi08OSBsT1qaxPkFvHJF5VaCBeYHx1RzN
TuctZUvlmzt5qNfX8iYd//Wot08BB6kR8ebl5FpoJUOwT0VMK18X8Z1eo+eKfvs5
rYoLv0+nYxLRXWlHJ/rNQvIw0d8p4PIxQgbdr4sjWE1LkY4aggl3OYqG7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEzVbPhfRr3HJtQDp0Ut+AVgcs6pMB8GA1UdIwQY
MBaAFNBbJiOjnVVsULcEbTZEf7Yhr5dKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEZzbUk2T2RWV3hRdHdSdE5rUl90aUd2bDBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9hMGNhNzYtZTI2NC00MGYxLTlkOGEt
MDY1Y2ExZjM2MzEwLzEvVE5Wcy1GOUd2Y2NtMUFPblJTMzRCV0J5enFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9hMGNhNzYtZTI2NC00MGYxLTlkOGEtMDY1Y2ExZjM2MzEw
LzEvMEZzbUk2T2RWV3hRdHdSdE5rUl90aUd2bDBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwrGMA0G
CSqGSIb3DQEBCwUAA4IBAQADASVqMHnCaE7gJsjaZdvgCZpqXgheRq3nwWBKHD8W
KdLyrR2J2KEIbZIf39UhITuQUcC/7VYW8N6YLS7eW9M9Heh1nFGC1TRyq2gCguam
D2+U3v3cuak+Ru4BSfE2tY/ua9wab6PQjI49QcL8miAIP7tDKKueSL5k+uUf+Mkd
Ghnzl+3E8Q5sO30zaSyP+1jZa/Po9tQ8vy1nJUU3Bnqrjs2yLmijfizCpj65mmCr
mNfWZm5C9ms865089pHbxPfno5fYZ4fuovajteMYgMR0ojvpI4QkPT8/B6VUBLvA
uZeJYBWja904X+d2aIpoIyEZXx04s4loGflR76cRxZtv
-----END CERTIFICATE-----