Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/80d9df-eaf3-48b6-8fd5-0acc892b11d2/1/tz1b-fQdr0mI2Du1V20p0m5uaH8.roa
File:                     tz1b-fQdr0mI2Du1V20p0m5uaH8.roa (raw, json)
Hash identifier:          a4wXr9mGdMKNnl+uK3M+Azy4uqfaRQPlFkWEVrmcxZA=
Subject key identifier:   B7:3D:5B:F9:F4:1D:AF:49:88:D8:3B:B5:57:6D:29:D2:6E:6E:68:7F
Certificate issuer:       /CN=4f36103344fcd3b5759f2db3f3c7071376f9e233
Certificate serial:       018CC94E485D1F59DA0BFA1B90360D9739C9
Authority key identifier: 4F:36:10:33:44:FC:D3:B5:75:9F:2D:B3:F3:C7:07:13:76:F9:E2:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TzYQM0T807V1ny2z88cHE3b54jM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/80d9df-eaf3-48b6-8fd5-0acc892b11d2/1/tz1b-fQdr0mI2Du1V20p0m5uaH8.roa
Signing time:             Tue 02 Jan 2024 08:33:19 +0000
ROA not before:           Tue 02 Jan 2024 08:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16015
IP address blocks:        95.171.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/80d9df-eaf3-48b6-8fd5-0acc892b11d2/1/TzYQM0T807V1ny2z88cHE3b54jM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/80d9df-eaf3-48b6-8fd5-0acc892b11d2/1/TzYQM0T807V1ny2z88cHE3b54jM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TzYQM0T807V1ny2z88cHE3b54jM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 20:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:48:5d:1f:59:da:0b:fa:1b:90:36:0d:97:39:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f36103344fcd3b5759f2db3f3c7071376f9e233
        Validity
            Not Before: Jan  2 08:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b73d5bf9f41daf4988d83bb5576d29d26e6e687f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:2d:4b:05:9a:fe:f7:a6:f8:ca:b4:a4:38:5d:
                    62:9b:d1:25:7b:91:a7:1f:cf:1d:09:da:35:f9:14:
                    98:66:7a:1d:b2:d4:ea:f1:54:88:9c:e5:d6:c9:ba:
                    92:c4:ad:df:21:31:93:37:cf:86:28:a1:b1:f7:91:
                    a5:39:28:ae:21:0e:18:78:a3:97:82:d6:25:3c:7b:
                    50:bc:23:8d:3e:af:eb:c5:f5:fa:3b:0f:c3:7c:55:
                    be:de:16:00:c8:4a:ff:3d:ff:b1:3c:f8:79:97:d1:
                    60:92:2e:60:29:eb:8c:3c:f3:2f:a1:bb:52:ff:d4:
                    52:90:99:88:f8:75:c8:b9:a6:31:dd:3d:62:e8:7f:
                    8a:da:b9:2a:af:79:61:ee:47:62:50:b1:79:a5:40:
                    09:ab:ce:fb:50:06:0b:f1:e9:6c:92:0b:e6:81:d8:
                    5a:38:a7:1d:73:35:d9:62:b2:8d:de:b5:cb:da:ad:
                    72:c1:73:72:70:55:5d:bd:11:22:dc:bc:d4:68:82:
                    84:b0:3e:49:ee:33:78:1f:59:c7:2f:bb:a0:e4:97:
                    58:26:2b:94:36:48:5c:c4:33:0f:3d:14:cb:0e:88:
                    76:57:15:04:e7:f7:5b:16:81:81:e5:1e:0d:69:d0:
                    a7:fc:81:80:b6:c0:87:49:33:76:a1:04:53:a1:d1:
                    f5:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:3D:5B:F9:F4:1D:AF:49:88:D8:3B:B5:57:6D:29:D2:6E:6E:68:7F
            X509v3 Authority Key Identifier:
                keyid:4F:36:10:33:44:FC:D3:B5:75:9F:2D:B3:F3:C7:07:13:76:F9:E2:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TzYQM0T807V1ny2z88cHE3b54jM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/80d9df-eaf3-48b6-8fd5-0acc892b11d2/1/tz1b-fQdr0mI2Du1V20p0m5uaH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/80d9df-eaf3-48b6-8fd5-0acc892b11d2/1/TzYQM0T807V1ny2z88cHE3b54jM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.171.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:a9:1c:03:5d:19:6d:79:25:df:63:df:36:c2:ce:73:d4:13:
         8e:94:cc:7d:97:8a:98:9f:90:c5:e0:48:12:cd:f2:b7:02:0e:
         ec:2c:b5:ef:41:87:52:c0:0a:6f:c7:15:62:8d:ec:3b:7f:4c:
         06:01:f3:59:80:12:54:0d:35:fd:4b:37:01:3a:e0:f4:b9:f9:
         fe:0d:e8:77:30:23:e8:e0:07:e9:16:89:7b:53:da:d5:2f:9e:
         7b:1b:48:61:f7:f5:0d:a8:45:d5:cc:e8:25:26:3b:ed:44:a1:
         75:16:34:90:35:a3:e7:52:d6:92:5e:61:96:fb:19:4a:61:0b:
         11:ed:d6:4a:b0:6e:e2:b6:a7:79:3c:6c:e9:0b:93:03:90:d5:
         3c:5c:91:f4:2d:16:a2:cc:e9:c5:84:94:d4:d1:2f:0f:83:3a:
         76:28:ac:30:69:9d:50:5f:cc:69:cc:4c:94:dd:15:f1:c2:fa:
         d1:2b:ca:93:8f:c4:ad:45:16:13:f7:42:86:51:33:cd:7f:96:
         a3:25:4e:c0:54:d0:fd:c1:d0:6c:35:13:de:a7:be:40:2c:ba:
         61:c7:ee:40:0c:53:ca:29:68:94:74:ca:bf:c3:85:2f:33:26:
         b0:96:17:e0:2f:9c:bf:c5:46:22:29:2a:6d:24:cf:f6:37:df:
         82:1c:03:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTkhdH1naC/obkDYNlznJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMzYxMDMzNDRmY2QzYjU3NTlmMmRiM2YzYzcwNzEzNzZm
OWUyMzMwHhcNMjQwMTAyMDgzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzNkNWJmOWY0MWRhZjQ5ODhkODNiYjU1NzZkMjlkMjZlNmU2ODdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgC1LBZr+96b4yrSkOF1im9Ele5Gn
H88dCdo1+RSYZnodstTq8VSInOXWybqSxK3fITGTN8+GKKGx95GlOSiuIQ4YeKOX
gtYlPHtQvCONPq/rxfX6Ow/DfFW+3hYAyEr/Pf+xPPh5l9Fgki5gKeuMPPMvobtS
/9RSkJmI+HXIuaYx3T1i6H+K2rkqr3lh7kdiULF5pUAJq877UAYL8elskgvmgdha
OKcdczXZYrKN3rXL2q1ywXNycFVdvREi3LzUaIKEsD5J7jN4H1nHL7ug5JdYJiuU
NkhcxDMPPRTLDoh2VxUE5/dbFoGB5R4NadCn/IGAtsCHSTN2oQRTodH1BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLc9W/n0Ha9JiNg7tVdtKdJubmh/MB8GA1UdIwQY
MBaAFE82EDNE/NO1dZ8ts/PHBxN2+eIzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHpZUU0wVDgwN1Yxbnkyejg4Y0hFM2I1NGpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy84MGQ5ZGYtZWFmMy00OGI2LThmZDUt
MGFjYzg5MmIxMWQyLzEvdHoxYi1mUWRyMG1JMkR1MVYyMHAwbTV1YUg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy84MGQ5ZGYtZWFmMy00OGI2LThmZDUtMGFjYzg5MmIxMWQy
LzEvVHpZUU0wVDgwN1Yxbnkyejg4Y0hFM2I1NGpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6tMMA0G
CSqGSIb3DQEBCwUAA4IBAQCOqRwDXRlteSXfY982ws5z1BOOlMx9l4qYn5DF4EgS
zfK3Ag7sLLXvQYdSwApvxxVijew7f0wGAfNZgBJUDTX9SzcBOuD0ufn+Deh3MCPo
4AfpFol7U9rVL557G0hh9/UNqEXVzOglJjvtRKF1FjSQNaPnUtaSXmGW+xlKYQsR
7dZKsG7itqd5PGzpC5MDkNU8XJH0LRaizOnFhJTU0S8Pgzp2KKwwaZ1QX8xpzEyU
3RXxwvrRK8qTj8StRRYT90KGUTPNf5ajJU7AVND9wdBsNRPep75ALLphx+5ADFPK
KWiUdMq/w4UvMyawlhfgL5y/xUYiKSptJM/2N9+CHANv
-----END CERTIFICATE-----