Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/7847fb-f55a-4995-8531-ec0262ab33f1/1/tt_Sk2ns5oBzfFQrJjNi3iV_LH0.roa
File:                     tt_Sk2ns5oBzfFQrJjNi3iV_LH0.roa (raw, json)
Hash identifier:          rtS2uHahZXTYpoKaPhliB4yVbpkzl6yqmwUu0UL7Q8w=
Subject key identifier:   B6:DF:D2:93:69:EC:E6:80:73:7C:54:2B:26:33:62:DE:25:7F:2C:7D
Certificate issuer:       /CN=d484e0cee575c619053f8ee2b1004cc442fd2ced
Certificate serial:       018CC94E622FD35986713C0611E9B6985068
Authority key identifier: D4:84:E0:CE:E5:75:C6:19:05:3F:8E:E2:B1:00:4C:C4:42:FD:2C:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1ITgzuV1xhkFP47isQBMxEL9LO0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/7847fb-f55a-4995-8531-ec0262ab33f1/1/tt_Sk2ns5oBzfFQrJjNi3iV_LH0.roa
Signing time:             Tue 02 Jan 2024 08:33:26 +0000
ROA not before:           Tue 02 Jan 2024 08:33:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31027
IP address blocks:        193.163.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/7847fb-f55a-4995-8531-ec0262ab33f1/1/1ITgzuV1xhkFP47isQBMxEL9LO0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/7847fb-f55a-4995-8531-ec0262ab33f1/1/1ITgzuV1xhkFP47isQBMxEL9LO0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1ITgzuV1xhkFP47isQBMxEL9LO0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:62:2f:d3:59:86:71:3c:06:11:e9:b6:98:50:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d484e0cee575c619053f8ee2b1004cc442fd2ced
        Validity
            Not Before: Jan  2 08:33:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6dfd29369ece680737c542b263362de257f2c7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:19:98:92:f5:b4:37:92:ac:f7:2c:d7:a0:eb:
                    f9:6c:9a:f9:31:8d:eb:0c:ff:c4:56:35:c5:4a:a2:
                    ec:51:f8:fc:6a:7b:43:b0:e2:82:27:7b:e5:fb:23:
                    6b:f4:6a:ab:62:bd:09:7a:24:81:04:e3:5d:04:c4:
                    eb:39:89:5f:79:5e:aa:2b:17:8a:76:6d:9a:e8:e1:
                    b2:aa:c6:22:d4:9a:b5:7d:d6:49:d9:34:ae:bb:b4:
                    78:59:c8:92:4d:9a:7f:8c:30:aa:04:02:93:a1:9f:
                    19:2f:b8:82:a1:42:9e:45:06:f4:df:bd:5f:2d:df:
                    71:47:e5:40:ba:f8:ff:98:76:bd:80:9a:ff:01:38:
                    98:8c:f6:54:53:02:50:16:81:47:11:a0:c9:ce:3d:
                    f4:5f:64:53:0d:9b:ff:e6:fc:67:16:f6:f7:8f:fa:
                    13:bb:1f:93:6b:8b:2f:00:de:0d:6c:dc:1d:13:57:
                    6e:5e:ef:37:e7:0e:53:6c:bd:0a:1c:b3:79:c4:e9:
                    3a:c2:a6:f2:67:0c:9a:94:f2:a9:f9:85:05:78:55:
                    65:fb:1c:3f:31:76:2d:5a:55:84:35:e5:48:d3:d2:
                    3e:45:22:3a:39:a1:cb:82:13:47:70:09:76:7e:af:
                    53:b5:50:99:62:34:28:e2:df:be:29:31:12:99:7f:
                    74:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:DF:D2:93:69:EC:E6:80:73:7C:54:2B:26:33:62:DE:25:7F:2C:7D
            X509v3 Authority Key Identifier:
                keyid:D4:84:E0:CE:E5:75:C6:19:05:3F:8E:E2:B1:00:4C:C4:42:FD:2C:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1ITgzuV1xhkFP47isQBMxEL9LO0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/7847fb-f55a-4995-8531-ec0262ab33f1/1/tt_Sk2ns5oBzfFQrJjNi3iV_LH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/7847fb-f55a-4995-8531-ec0262ab33f1/1/1ITgzuV1xhkFP47isQBMxEL9LO0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:a9:a7:f4:87:e2:2f:d8:1f:47:2b:cb:1f:26:a7:4b:35:3b:
         93:38:aa:ed:24:f8:30:bc:0f:55:2b:06:2f:64:fc:81:ec:ae:
         59:a5:fa:68:13:3b:58:14:d5:aa:33:65:c2:ac:d5:1d:90:a7:
         cb:18:8d:de:48:f3:9a:47:aa:93:d0:b9:e9:ef:92:a2:1d:17:
         8e:16:d1:ea:8c:61:d4:ec:9a:57:4d:db:73:7b:6e:56:7c:7d:
         ee:54:eb:ac:4e:74:1a:73:7c:3b:b1:68:59:aa:71:79:93:69:
         f7:e1:8f:f7:29:bd:56:ae:0e:f2:e8:d8:60:6b:a0:e7:ef:34:
         de:73:4f:26:15:82:60:e1:cb:10:26:cd:fd:ed:9a:9e:4d:b4:
         a0:63:0e:da:d3:2c:99:e2:1a:5c:32:80:6f:e0:74:ab:51:36:
         5d:9c:2d:cb:76:46:5a:ba:ab:22:f1:7a:69:51:0d:61:cb:c3:
         c5:83:38:e1:53:e5:cc:c6:86:30:31:d0:cb:6e:bf:9f:a8:41:
         8a:33:a9:ae:9f:9b:49:de:e1:d0:75:18:be:31:d6:3c:14:e8:
         bb:e5:40:88:35:c0:54:e6:4b:e6:4f:54:e6:03:da:b6:c2:f4:
         77:fd:92:39:cb:7f:10:8c:f5:35:e0:c4:58:99:c0:b8:23:0c:
         70:32:23:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTmIv01mGcTwGEem2mFBoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0ODRlMGNlZTU3NWM2MTkwNTNmOGVlMmIxMDA0Y2M0NDJm
ZDJjZWQwHhcNMjQwMTAyMDgzMzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmRmZDI5MzY5ZWNlNjgwNzM3YzU0MmIyNjMzNjJkZTI1N2YyYzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBmYkvW0N5Ks9yzXoOv5bJr5MY3r
DP/EVjXFSqLsUfj8antDsOKCJ3vl+yNr9GqrYr0JeiSBBONdBMTrOYlfeV6qKxeK
dm2a6OGyqsYi1Jq1fdZJ2TSuu7R4WciSTZp/jDCqBAKToZ8ZL7iCoUKeRQb0371f
Ld9xR+VAuvj/mHa9gJr/ATiYjPZUUwJQFoFHEaDJzj30X2RTDZv/5vxnFvb3j/oT
ux+Ta4svAN4NbNwdE1duXu835w5TbL0KHLN5xOk6wqbyZwyalPKp+YUFeFVl+xw/
MXYtWlWENeVI09I+RSI6OaHLghNHcAl2fq9TtVCZYjQo4t++KTESmX90UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLbf0pNp7OaAc3xUKyYzYt4lfyx9MB8GA1UdIwQY
MBaAFNSE4M7ldcYZBT+O4rEATMRC/SztMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlUZ3p1VjF4aGtGUDQ3aXNRQk14RUw5TE8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC83ODQ3ZmItZjU1YS00OTk1LTg1MzEt
ZWMwMjYyYWIzM2YxLzEvdHRfU2sybnM1b0J6ZkZRckpqTmkzaVZfTEgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC83ODQ3ZmItZjU1YS00OTk1LTg1MzEtZWMwMjYyYWIzM2Yx
LzEvMUlUZ3p1VjF4aGtGUDQ3aXNRQk14RUw5TE8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaPeMA0G
CSqGSIb3DQEBCwUAA4IBAQBZqaf0h+Iv2B9HK8sfJqdLNTuTOKrtJPgwvA9VKwYv
ZPyB7K5ZpfpoEztYFNWqM2XCrNUdkKfLGI3eSPOaR6qT0Lnp75KiHReOFtHqjGHU
7JpXTdtze25WfH3uVOusTnQac3w7sWhZqnF5k2n34Y/3Kb1Wrg7y6Nhga6Dn7zTe
c08mFYJg4csQJs397ZqeTbSgYw7a0yyZ4hpcMoBv4HSrUTZdnC3LdkZauqsi8Xpp
UQ1hy8PFgzjhU+XMxoYwMdDLbr+fqEGKM6mun5tJ3uHQdRi+MdY8FOi75UCINcBU
5kvmT1TmA9q2wvR3/ZI5y38QjPU14MRYmcC4IwxwMiPI
-----END CERTIFICATE-----