Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/Tlpy7cGp5zrnGoS-HyqSMwmIsjM.roa
File:                     Tlpy7cGp5zrnGoS-HyqSMwmIsjM.roa (raw, json)
Hash identifier:          5UKd+QhQy0Pm+aGTVeyEOyGyJ0Z8Gb/HlFPNVNhZeXU=
Subject key identifier:   4E:5A:72:ED:C1:A9:E7:3A:E7:1A:84:BE:1F:2A:92:33:09:88:B2:33
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348E0D5A69936CDE44E8C26977CFE5A
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/Tlpy7cGp5zrnGoS-HyqSMwmIsjM.roa
Signing time:             Mon 01 Jan 2024 04:29:42 +0000
ROA not before:           Mon 01 Jan 2024 04:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203042
IP address blocks:        194.209.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e0:d5:a6:99:36:cd:e4:4e:8c:26:97:7c:fe:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e5a72edc1a9e73ae71a84be1f2a92330988b233
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ca:2e:bd:4b:b6:9a:6d:9d:e2:41:c1:77:cb:
                    c1:8b:1f:53:62:67:c7:c2:9e:67:03:33:76:8f:62:
                    74:ce:b8:2f:cb:2d:d9:a1:41:0b:38:ed:2d:28:2d:
                    f8:e1:66:a5:92:ed:c3:a9:bf:a8:e6:45:6e:4c:4c:
                    24:a8:5d:0d:ac:9f:8d:d2:68:99:ca:e5:07:09:01:
                    51:86:8b:53:19:73:c2:ae:46:15:6f:25:0c:de:42:
                    55:0d:0a:a1:64:0a:97:b6:8b:6d:03:d6:02:14:16:
                    e3:12:20:fd:86:62:06:97:9d:25:58:d4:0f:91:2b:
                    29:27:a6:c1:eb:f0:37:af:ea:49:05:3f:b5:29:31:
                    10:5f:84:7d:ab:26:50:b2:b7:5e:d2:13:d8:9b:b1:
                    3b:40:bd:22:8d:1d:fa:e5:89:2e:e2:e9:80:3d:a3:
                    5b:78:1a:b7:f4:2b:c4:2c:ad:6d:d2:50:8f:b0:f9:
                    8f:91:53:25:1b:e2:b2:ab:ce:b5:04:f6:f9:14:48:
                    0e:ef:f9:7b:80:5e:2d:95:92:23:6e:7e:15:5a:e5:
                    3f:0e:ac:af:01:44:9c:96:5d:6f:56:cb:c3:ce:9c:
                    76:e0:47:db:5e:9e:7b:c6:cb:7c:4c:d7:b4:d6:05:
                    60:26:dd:44:e0:05:dd:94:59:c4:0f:fe:64:6f:d6:
                    ba:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:5A:72:ED:C1:A9:E7:3A:E7:1A:84:BE:1F:2A:92:33:09:88:B2:33
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/Tlpy7cGp5zrnGoS-HyqSMwmIsjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.209.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:b5:ea:5d:40:2a:7e:4e:67:b6:cc:88:d7:f8:65:18:f6:99:
         cb:b8:7e:70:dd:5b:2b:c9:af:5f:ba:e8:f2:a8:17:16:32:cc:
         c2:e2:19:aa:45:40:40:d4:05:46:75:b9:1a:28:93:a2:2b:46:
         d0:35:23:f8:f6:d5:80:fe:2d:ce:1e:17:9b:61:13:f2:0e:53:
         22:0c:92:05:ad:87:2e:5f:00:37:80:b0:f7:97:30:6b:ea:ad:
         14:da:56:36:f7:77:49:c2:e4:7b:17:ea:2d:33:01:45:45:02:
         cd:0d:c3:6c:7a:96:61:28:5b:fa:1a:96:65:20:7f:42:c1:c8:
         16:08:57:6f:7c:17:f3:19:5e:71:45:48:1f:e4:5b:33:7c:5a:
         7c:ea:6d:f0:b7:e2:21:8c:18:1a:c4:e4:1b:45:cd:50:b6:44:
         6e:4a:2c:d8:48:fb:da:76:cb:3a:03:c5:2c:9d:c9:af:25:18:
         61:b3:65:87:af:c5:b3:44:5a:1c:1c:92:b7:ed:7a:a6:f4:91:
         41:00:f1:9e:78:1b:90:39:41:36:1a:7b:18:2c:1b:e3:4f:ad:
         c2:09:b0:69:3f:62:17:09:c9:fd:4a:46:4a:b4:ce:42:01:b1:
         2c:11:82:86:0c:26:45:04:ae:ae:d3:e3:30:29:ec:97:b8:e5:
         4b:e3:80:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSODVppk2zeROjCaXfP5aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTVhNzJlZGMxYTllNzNhZTcxYTg0YmUxZjJhOTIzMzA5ODhiMjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcouvUu2mm2d4kHBd8vBix9TYmfH
wp5nAzN2j2J0zrgvyy3ZoUELOO0tKC344Walku3Dqb+o5kVuTEwkqF0NrJ+N0miZ
yuUHCQFRhotTGXPCrkYVbyUM3kJVDQqhZAqXtottA9YCFBbjEiD9hmIGl50lWNQP
kSspJ6bB6/A3r+pJBT+1KTEQX4R9qyZQsrde0hPYm7E7QL0ijR365Yku4umAPaNb
eBq39CvELK1t0lCPsPmPkVMlG+Kyq861BPb5FEgO7/l7gF4tlZIjbn4VWuU/Dqyv
AUScll1vVsvDzpx24EfbXp57xst8TNe01gVgJt1E4AXdlFnED/5kb9a6LwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE5acu3Bqec65xqEvh8qkjMJiLIzMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvVGxweTdjR3A1enJuR29TLUh5cVNNd21Jc2pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtFAMA0G
CSqGSIb3DQEBCwUAA4IBAQAjtepdQCp+Tme2zIjX+GUY9pnLuH5w3Vsrya9fuujy
qBcWMszC4hmqRUBA1AVGdbkaKJOiK0bQNSP49tWA/i3OHhebYRPyDlMiDJIFrYcu
XwA3gLD3lzBr6q0U2lY293dJwuR7F+otMwFFRQLNDcNsepZhKFv6GpZlIH9CwcgW
CFdvfBfzGV5xRUgf5FszfFp86m3wt+IhjBgaxOQbRc1QtkRuSizYSPvadss6A8Us
ncmvJRhhs2WHr8WzRFocHJK37Xqm9JFBAPGeeBuQOUE2GnsYLBvjT63CCbBpP2IX
Ccn9SkZKtM5CAbEsEYKGDCZFBK6u0+MwKeyXuOVL44CD
-----END CERTIFICATE-----