Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/TFV3T2U-gfflRDtGJkT_GsXfLgI.roa
File:                     TFV3T2U-gfflRDtGJkT_GsXfLgI.roa (raw, json)
Hash identifier:          45laJ+0vN3l141X51K/UGKBjQiVe9N2+rVjDVVcXbqc=
Subject key identifier:   4C:55:77:4F:65:3E:81:F7:E5:44:3B:46:26:44:FF:1A:C5:DF:2E:02
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348DDBB41A246F6D9F2442049F5C476
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/TFV3T2U-gfflRDtGJkT_GsXfLgI.roa
Signing time:             Mon 01 Jan 2024 04:29:41 +0000
ROA not before:           Mon 01 Jan 2024 04:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61042
IP address blocks:        194.209.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 19:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:dd:bb:41:a2:46:f6:d9:f2:44:20:49:f5:c4:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c55774f653e81f7e5443b462644ff1ac5df2e02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:32:a2:4d:2f:e4:b5:b1:e9:02:2d:f4:0f:e8:
                    cd:16:3d:ab:6c:b4:3e:c2:7b:d3:91:a3:64:60:02:
                    2e:fe:af:16:0d:7e:9c:69:90:c5:77:f4:4d:fd:b4:
                    b5:38:25:00:df:49:88:e5:ad:98:ac:5c:97:15:b1:
                    f2:b8:2e:eb:61:3d:e5:c5:a0:bf:4c:40:57:2f:3b:
                    52:d0:06:57:37:ba:6e:6f:cb:99:84:f4:a1:cc:4e:
                    70:6e:8c:a6:ae:d2:24:9e:3a:c4:c1:3f:12:4b:1e:
                    c7:e3:9f:7c:ea:ce:e6:cb:5e:c8:41:a6:75:a8:4c:
                    85:72:37:56:93:b6:e6:cc:80:a7:32:11:b3:72:d4:
                    a7:67:e0:9b:a7:b9:de:00:a1:b3:8f:e5:8a:73:fb:
                    f2:df:23:2f:4f:80:c9:21:42:4b:66:3d:a6:d0:ff:
                    90:52:75:11:35:f9:a9:a7:7e:d6:86:63:77:6d:4e:
                    a1:de:01:d4:1c:75:f7:23:5e:0a:74:b5:73:3e:9d:
                    3d:9e:d3:8e:7c:2b:a3:a6:c8:dc:69:de:4d:a1:bc:
                    c7:0d:fb:5b:73:84:02:b8:03:b2:7c:70:7f:65:40:
                    14:70:f1:64:b8:c6:0c:1f:6f:ba:b6:30:69:f1:0e:
                    e3:aa:75:aa:d5:7f:a0:8d:51:45:eb:46:c0:52:b3:
                    ea:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:55:77:4F:65:3E:81:F7:E5:44:3B:46:26:44:FF:1A:C5:DF:2E:02
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/TFV3T2U-gfflRDtGJkT_GsXfLgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.209.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:88:4b:71:b7:c7:13:da:b7:b9:52:77:f3:6b:07:9c:0e:5e:
         1c:32:58:07:40:ea:52:64:16:97:40:b1:72:d3:e6:2d:9c:90:
         e5:06:b1:06:61:90:76:a6:d7:8b:4b:55:09:e3:db:a8:48:67:
         03:f2:2c:70:7d:dc:34:5e:27:84:59:37:ad:2c:b9:49:7d:b8:
         02:e5:11:03:e2:29:d2:4e:e3:af:74:86:bc:50:9f:a2:f5:19:
         bf:e8:c0:18:45:a0:26:32:0f:53:d0:2e:0b:e7:6a:05:81:8e:
         cb:0b:2f:45:94:79:d0:26:af:89:3a:29:51:b7:9e:70:c5:31:
         61:eb:bb:42:df:5a:46:dc:13:ce:b7:35:bc:e1:42:19:90:61:
         1e:cc:77:62:e7:92:70:69:59:fa:bf:05:d1:79:ae:e3:d9:89:
         8c:ee:9b:ad:b1:b4:09:53:36:a4:58:6c:cd:ff:3a:a1:e3:24:
         f2:cf:d2:b7:d4:d9:2d:5b:d4:2d:27:23:5f:21:c8:29:24:1b:
         9c:c5:dd:dd:0a:05:ce:3f:11:da:2a:39:85:f1:ba:ef:35:44:
         0b:e7:ab:2a:0b:d4:12:99:e0:a8:cd:7f:2f:4e:98:83:cb:27:
         14:6f:87:34:a4:e9:25:b7:8d:f7:4f:a5:d7:db:92:e8:19:94:
         8c:b0:03:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSN27QaJG9tnyRCBJ9cR2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzU1Nzc0ZjY1M2U4MWY3ZTU0NDNiNDYyNjQ0ZmYxYWM1ZGYyZTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjKiTS/ktbHpAi30D+jNFj2rbLQ+
wnvTkaNkYAIu/q8WDX6caZDFd/RN/bS1OCUA30mI5a2YrFyXFbHyuC7rYT3lxaC/
TEBXLztS0AZXN7pub8uZhPShzE5wboymrtIknjrEwT8SSx7H45986s7my17IQaZ1
qEyFcjdWk7bmzICnMhGzctSnZ+Cbp7neAKGzj+WKc/vy3yMvT4DJIUJLZj2m0P+Q
UnURNfmpp37WhmN3bU6h3gHUHHX3I14KdLVzPp09ntOOfCujpsjcad5NobzHDftb
c4QCuAOyfHB/ZUAUcPFkuMYMH2+6tjBp8Q7jqnWq1X+gjVFF60bAUrPqgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFExVd09lPoH35UQ7RiZE/xrF3y4CMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvVEZWM1QyVS1nZmZsUkR0R0prVF9Hc1hmTGdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtEpMA0G
CSqGSIb3DQEBCwUAA4IBAQCoiEtxt8cT2re5UnfzawecDl4cMlgHQOpSZBaXQLFy
0+YtnJDlBrEGYZB2pteLS1UJ49uoSGcD8ixwfdw0XieEWTetLLlJfbgC5RED4inS
TuOvdIa8UJ+i9Rm/6MAYRaAmMg9T0C4L52oFgY7LCy9FlHnQJq+JOilRt55wxTFh
67tC31pG3BPOtzW84UIZkGEezHdi55JwaVn6vwXRea7j2YmM7putsbQJUzakWGzN
/zqh4yTyz9K31NktW9QtJyNfIcgpJBucxd3dCgXOPxHaKjmF8brvNUQL56sqC9QS
meCozX8vTpiDyycUb4c0pOklt433T6XX25LoGZSMsAPm
-----END CERTIFICATE-----