Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/aeb224-8c89-4466-9b38-024c1edd62ec/1/tfkxMbV9Q9eUqrugFDnnnCdKsz0.roa
File:                     tfkxMbV9Q9eUqrugFDnnnCdKsz0.roa (raw, json)
Hash identifier:          hYg9P0fEGN4EoUYwdCz2BjRfPTSQPIxLYWsiojrZ9Cc=
Subject key identifier:   B5:F9:31:31:B5:7D:43:D7:94:AA:BB:A0:14:39:E7:9C:27:4A:B3:3D
Certificate issuer:       /CN=e73fe3351a5e6264a1f8129c10251d9e896e8062
Certificate serial:       0192757988655FC451216E5FA53DCB7F92B8
Authority key identifier: E7:3F:E3:35:1A:5E:62:64:A1:F8:12:9C:10:25:1D:9E:89:6E:80:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5z_jNRpeYmSh-BKcECUdnolugGI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/aeb224-8c89-4466-9b38-024c1edd62ec/1/tfkxMbV9Q9eUqrugFDnnnCdKsz0.roa
Signing time:             Thu 10 Oct 2024 08:09:11 +0000
ROA not before:           Thu 10 Oct 2024 08:09:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42914
IP address blocks:        91.193.208.0/22 maxlen: 22
                          178.16.96.0/20 maxlen: 20
                          194.61.228.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/aeb224-8c89-4466-9b38-024c1edd62ec/1/5z_jNRpeYmSh-BKcECUdnolugGI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/aeb224-8c89-4466-9b38-024c1edd62ec/1/5z_jNRpeYmSh-BKcECUdnolugGI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5z_jNRpeYmSh-BKcECUdnolugGI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:75:79:88:65:5f:c4:51:21:6e:5f:a5:3d:cb:7f:92:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e73fe3351a5e6264a1f8129c10251d9e896e8062
        Validity
            Not Before: Oct 10 08:09:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5f93131b57d43d794aabba01439e79c274ab33d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:0d:11:64:a1:15:ed:58:a1:e1:34:2b:fa:a8:
                    43:7f:0d:81:b0:a6:21:10:75:7e:0d:dc:af:a6:f8:
                    1f:4e:2a:39:68:11:44:02:09:0e:17:24:11:32:33:
                    04:1d:7b:06:a1:e9:08:19:dd:cd:cc:d1:05:b8:c3:
                    20:0f:76:9a:ef:57:ab:f3:a7:c3:6f:8d:a6:0f:d8:
                    67:7b:8e:82:fb:87:28:39:c8:01:36:c0:c1:c2:7e:
                    dd:cb:5e:06:ef:a1:71:cd:fd:1c:fe:e1:c8:89:10:
                    82:74:c0:34:87:28:8c:94:31:b8:58:31:5c:76:4b:
                    c1:98:22:c8:e7:5b:38:21:7a:95:32:a5:ab:66:ae:
                    b8:19:a1:ac:4b:d3:54:e2:92:b8:eb:61:65:cf:08:
                    29:31:e9:52:9b:ae:ca:95:c5:1e:84:f0:78:7d:b6:
                    1a:cc:3b:f4:45:1a:c9:cb:35:19:35:0c:c5:3e:49:
                    e9:70:92:13:94:e2:00:5d:aa:0e:2a:aa:7e:c3:e8:
                    6e:a4:a7:12:1d:1b:d6:54:ba:21:3f:64:63:f6:0c:
                    21:16:f2:87:99:23:04:33:35:f0:d5:8b:fa:af:14:
                    dc:61:01:bf:33:2c:58:33:94:8b:1f:b9:9f:71:fe:
                    7a:f2:d5:a2:a7:f4:2f:89:e6:f5:a0:95:ed:66:d4:
                    8e:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:F9:31:31:B5:7D:43:D7:94:AA:BB:A0:14:39:E7:9C:27:4A:B3:3D
            X509v3 Authority Key Identifier:
                keyid:E7:3F:E3:35:1A:5E:62:64:A1:F8:12:9C:10:25:1D:9E:89:6E:80:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5z_jNRpeYmSh-BKcECUdnolugGI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/aeb224-8c89-4466-9b38-024c1edd62ec/1/tfkxMbV9Q9eUqrugFDnnnCdKsz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/aeb224-8c89-4466-9b38-024c1edd62ec/1/5z_jNRpeYmSh-BKcECUdnolugGI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.193.208.0/22
                  178.16.96.0/20
                  194.61.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c2:80:54:20:22:b6:cd:3a:e4:ed:43:21:41:c1:dc:31:68:9d:
         05:e5:a4:7a:9f:2a:7c:85:ec:c2:ac:22:06:09:c6:97:92:2f:
         fb:dc:72:20:b8:de:9a:d1:1a:43:93:90:c2:3e:10:ee:45:c3:
         ee:9c:77:77:69:eb:70:e4:dd:4c:ab:d2:61:3b:73:3e:76:cf:
         33:6d:db:af:75:c8:9e:aa:a9:85:c6:5f:bc:29:5c:92:5e:b2:
         09:a4:45:b1:ca:6b:a7:d3:4b:f3:01:d9:12:4f:7a:6e:06:b0:
         b9:e1:56:4c:99:e7:70:ca:34:35:4a:a7:d0:d8:c1:4a:fc:ac:
         25:21:a6:81:a3:1a:86:e7:e2:84:14:85:8c:7b:c2:48:33:1f:
         e8:1d:af:46:98:e8:b6:36:bf:29:1d:92:c8:70:57:21:3c:2b:
         c7:28:43:d4:b8:b9:0e:2d:b8:c3:2a:c8:75:b3:f4:90:ec:16:
         3e:9d:3c:b0:6c:1f:62:99:cf:f4:1e:39:d0:b0:6f:4a:9a:e9:
         4f:cd:6f:03:04:a4:78:ad:f4:8a:18:3d:be:21:7f:f0:1a:70:
         d6:7c:08:e3:3f:07:7f:a7:02:3f:42:2c:6f:a4:03:9b:d0:70:
         b4:bb:cb:72:1a:45:bc:89:0d:0f:0a:82:bb:36:77:ac:43:b5:
         68:7d:b9:e7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZJ1eYhlX8RRIW5fpT3Lf5K4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3M2ZlMzM1MWE1ZTYyNjRhMWY4MTI5YzEwMjUxZDllODk2
ZTgwNjIwHhcNMjQxMDEwMDgwOTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWY5MzEzMWI1N2Q0M2Q3OTRhYWJiYTAxNDM5ZTc5YzI3NGFiMzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAug0RZKEV7Vih4TQr+qhDfw2BsKYh
EHV+DdyvpvgfTio5aBFEAgkOFyQRMjMEHXsGoekIGd3NzNEFuMMgD3aa71er86fD
b42mD9hne46C+4coOcgBNsDBwn7dy14G76Fxzf0c/uHIiRCCdMA0hyiMlDG4WDFc
dkvBmCLI51s4IXqVMqWrZq64GaGsS9NU4pK462FlzwgpMelSm67KlcUehPB4fbYa
zDv0RRrJyzUZNQzFPknpcJITlOIAXaoOKqp+w+hupKcSHRvWVLohP2Rj9gwhFvKH
mSMEMzXw1Yv6rxTcYQG/MyxYM5SLH7mfcf568tWip/Qvieb1oJXtZtSOUQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLX5MTG1fUPXlKq7oBQ555wnSrM9MB8GA1UdIwQY
MBaAFOc/4zUaXmJkofgSnBAlHZ6JboBiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXpfak5ScGVZbVNoLUJLY0VDVWRub2x1Z0dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi9hZWIyMjQtOGM4OS00NDY2LTliMzgt
MDI0YzFlZGQ2MmVjLzEvdGZreE1iVjlROWVVcXJ1Z0ZEbm5uQ2RLc3owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi9hZWIyMjQtOGM4OS00NDY2LTliMzgtMDI0YzFlZGQ2MmVj
LzEvNXpfak5ScGVZbVNoLUJLY0VDVWRub2x1Z0dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCW8HQAwQE
shBgAwQCwj3kMA0GCSqGSIb3DQEBCwUAA4IBAQDCgFQgIrbNOuTtQyFBwdwxaJ0F
5aR6nyp8hezCrCIGCcaXki/73HIguN6a0RpDk5DCPhDuRcPunHd3aetw5N1Mq9Jh
O3M+ds8zbduvdcieqqmFxl+8KVySXrIJpEWxymun00vzAdkST3puBrC54VZMmedw
yjQ1SqfQ2MFK/KwlIaaBoxqG5+KEFIWMe8JIMx/oHa9GmOi2Nr8pHZLIcFchPCvH
KEPUuLkOLbjDKsh1s/SQ7BY+nTywbB9imc/0HjnQsG9KmulPzW8DBKR4rfSKGD2+
IX/wGnDWfAjjPwd/pwI/QixvpAOb0HC0u8tyGkW8iQ0PCoK7NnesQ7Vofbnn
-----END CERTIFICATE-----