Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/366560-096e-4835-89fd-563600319a1f/1/TMCe_d-FMDkIg_5-F2UoLGvSykY.roa
File:                     TMCe_d-FMDkIg_5-F2UoLGvSykY.roa (raw, json)
Hash identifier:          N+Kw7QeOr+gGqW9r+M/Wjs5lUqkxXkpPXGDC/uq6BVY=
Subject key identifier:   4C:C0:9E:FD:DF:85:30:39:08:83:FE:7E:17:65:28:2C:6B:D2:CA:46
Certificate issuer:       /CN=8e987039b3f3b2db9b298ae0d8d0eb348969ad62
Certificate serial:       0192721FAFC080B92653DB47C160C81B04FB
Authority key identifier: 8E:98:70:39:B3:F3:B2:DB:9B:29:8A:E0:D8:D0:EB:34:89:69:AD:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jphwObPzstubKYrg2NDrNIlprWI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/366560-096e-4835-89fd-563600319a1f/1/TMCe_d-FMDkIg_5-F2UoLGvSykY.roa
Signing time:             Wed 09 Oct 2024 16:32:12 +0000
ROA not before:           Wed 09 Oct 2024 16:32:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        193.134.148.0/24 maxlen: 24
                          193.134.149.0/24 maxlen: 24
                          193.134.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/366560-096e-4835-89fd-563600319a1f/1/jphwObPzstubKYrg2NDrNIlprWI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/366560-096e-4835-89fd-563600319a1f/1/jphwObPzstubKYrg2NDrNIlprWI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jphwObPzstubKYrg2NDrNIlprWI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 16:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:72:1f:af:c0:80:b9:26:53:db:47:c1:60:c8:1b:04:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e987039b3f3b2db9b298ae0d8d0eb348969ad62
        Validity
            Not Before: Oct  9 16:32:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4cc09efddf8530390883fe7e1765282c6bd2ca46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:4a:34:f7:4c:e7:c5:b9:42:0d:f5:22:38:bc:
                    68:be:44:b9:30:58:45:47:81:c9:45:c5:db:43:b6:
                    5c:62:cb:63:2d:8a:3f:1b:6f:93:23:c9:3c:18:15:
                    75:94:91:93:d3:e3:f4:3a:d7:bb:bb:e9:83:0b:8e:
                    fc:74:de:1b:d7:bc:db:32:61:e8:6c:05:92:9c:46:
                    88:5a:3e:4b:7d:be:5b:5c:ed:c2:e1:7d:c1:8f:9f:
                    cf:07:ab:17:14:2b:95:b5:f5:e6:ac:30:3f:58:6d:
                    df:8c:a0:f8:99:43:f9:a5:b1:54:3d:47:9b:97:60:
                    06:28:d1:42:a3:a8:6c:ff:1f:09:81:81:68:e7:26:
                    41:28:ea:48:ab:1e:f9:a9:1b:c5:b5:2f:ce:f7:4d:
                    2f:60:21:1c:e2:68:83:5f:f1:ce:75:81:bc:fe:07:
                    e0:31:1e:70:d4:b8:ff:36:37:94:55:18:ef:a5:c1:
                    60:78:9a:91:01:df:08:d1:93:b6:92:82:da:2d:b2:
                    cd:a9:b8:1b:1a:4c:03:cc:f3:6f:dc:28:ca:f1:89:
                    97:c8:fc:c4:5e:c5:dd:5a:23:01:f2:db:17:bd:9c:
                    8d:fa:66:a8:bd:9c:59:51:ea:86:f2:5c:71:38:4d:
                    df:39:80:42:e8:3d:a0:5f:a7:e4:55:46:fc:91:62:
                    47:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:C0:9E:FD:DF:85:30:39:08:83:FE:7E:17:65:28:2C:6B:D2:CA:46
            X509v3 Authority Key Identifier:
                keyid:8E:98:70:39:B3:F3:B2:DB:9B:29:8A:E0:D8:D0:EB:34:89:69:AD:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jphwObPzstubKYrg2NDrNIlprWI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/366560-096e-4835-89fd-563600319a1f/1/TMCe_d-FMDkIg_5-F2UoLGvSykY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/366560-096e-4835-89fd-563600319a1f/1/jphwObPzstubKYrg2NDrNIlprWI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.134.148.0-193.134.150.255

    Signature Algorithm: sha256WithRSAEncryption
         48:e7:ed:21:a8:5f:ae:42:c3:d2:ba:8a:bf:e1:96:ab:12:d6:
         60:f0:78:ce:72:a1:e8:ad:de:c4:25:0d:78:42:5d:9c:81:2d:
         6a:b0:0e:d3:0d:66:9f:a7:b3:61:c5:9f:65:e7:8f:e7:2f:3c:
         4f:13:8e:e4:ef:7c:98:a8:32:f2:46:c3:9f:2b:b1:5e:e1:eb:
         ce:27:f2:17:d4:f9:fa:40:94:97:7d:60:04:47:68:f1:50:ac:
         e5:bd:ef:ac:5e:d9:12:c1:8f:df:f1:7b:b9:30:19:5c:23:25:
         34:f6:94:12:a3:c0:7a:73:6d:5a:cf:5d:ca:bb:04:0c:da:18:
         32:ee:e9:8a:05:22:27:f8:1a:06:ac:0d:9f:28:f0:d5:42:ac:
         92:c3:e7:26:eb:aa:f7:20:4c:fb:3d:80:3a:82:0a:ec:ad:60:
         ec:15:e7:85:53:75:85:4b:66:e4:2e:dd:6f:92:11:4e:5b:6c:
         13:d5:5e:55:e7:04:93:07:df:76:ba:07:df:6d:e5:fb:c1:f5:
         fd:fa:a2:d7:50:01:6c:98:e3:7c:a0:79:4e:e4:1b:e9:64:54:
         c1:b9:51:82:d5:32:02:6f:ba:e2:6b:2e:91:3e:72:27:4c:39:
         cf:a0:08:e2:62:27:81:a3:5d:1f:57:05:c1:9c:39:60:7f:67:
         1a:c9:13:db
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZJyH6/AgLkmU9tHwWDIGwT7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlOTg3MDM5YjNmM2IyZGI5YjI5OGFlMGQ4ZDBlYjM0ODk2
OWFkNjIwHhcNMjQxMDA5MTYzMjEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2MwOWVmZGRmODUzMDM5MDg4M2ZlN2UxNzY1MjgyYzZiZDJjYTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Eo090znxblCDfUiOLxovkS5MFhF
R4HJRcXbQ7ZcYstjLYo/G2+TI8k8GBV1lJGT0+P0Ote7u+mDC478dN4b17zbMmHo
bAWSnEaIWj5Lfb5bXO3C4X3Bj5/PB6sXFCuVtfXmrDA/WG3fjKD4mUP5pbFUPUeb
l2AGKNFCo6hs/x8JgYFo5yZBKOpIqx75qRvFtS/O900vYCEc4miDX/HOdYG8/gfg
MR5w1Lj/NjeUVRjvpcFgeJqRAd8I0ZO2koLaLbLNqbgbGkwDzPNv3CjK8YmXyPzE
XsXdWiMB8tsXvZyN+maovZxZUeqG8lxxOE3fOYBC6D2gX6fkVUb8kWJHXQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEzAnv3fhTA5CIP+fhdlKCxr0spGMB8GA1UdIwQY
MBaAFI6YcDmz87LbmymK4NjQ6zSJaa1iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanBod09iUHpzdHViS1lyZzJORHJOSWxwcldJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC8zNjY1NjAtMDk2ZS00ODM1LTg5ZmQt
NTYzNjAwMzE5YTFmLzEvVE1DZV9kLUZNRGtJZ181LUYyVW9MR3ZTeWtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC8zNjY1NjAtMDk2ZS00ODM1LTg5ZmQtNTYzNjAwMzE5YTFm
LzEvanBod09iUHpzdHViS1lyZzJORHJOSWxwcldJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBALBhpQD
BADBhpYwDQYJKoZIhvcNAQELBQADggEBAEjn7SGoX65Cw9K6ir/hlqsS1mDweM5y
oeit3sQlDXhCXZyBLWqwDtMNZp+ns2HFn2Xnj+cvPE8TjuTvfJioMvJGw58rsV7h
684n8hfU+fpAlJd9YARHaPFQrOW976xe2RLBj9/xe7kwGVwjJTT2lBKjwHpzbVrP
Xcq7BAzaGDLu6YoFIif4GgasDZ8o8NVCrJLD5ybrqvcgTPs9gDqCCuytYOwV54VT
dYVLZuQu3W+SEU5bbBPVXlXnBJMH33a6B99t5fvB9f36otdQAWyY43ygeU7kG+lk
VMG5UYLVMgJvuuJrLpE+cidMOc+gCOJiJ4GjXR9XBcGcOWB/ZxrJE9s=
-----END CERTIFICATE-----