Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/TGlURBdHgX4zIhBj-qO9s5lmaMU.roa
File:                     TGlURBdHgX4zIhBj-qO9s5lmaMU.roa (raw, json)
Hash identifier:          WJ5kfCVYrOkiS4H7Y29mf3rzEzmncb7CJgFMT4oT0Bs=
Subject key identifier:   4C:69:54:44:17:47:81:7E:33:22:10:63:FA:A3:BD:B3:99:66:68:C5
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       018CC8DF3C72CC6AAC1979964CFC842D1E36
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/TGlURBdHgX4zIhBj-qO9s5lmaMU.roa
Signing time:             Tue 02 Jan 2024 06:32:02 +0000
ROA not before:           Tue 02 Jan 2024 06:32:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136744
IP address blocks:        213.209.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:3c:72:cc:6a:ac:19:79:96:4c:fc:84:2d:1e:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jan  2 06:32:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c6954441747817e33221063faa3bdb3996668c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:34:c9:80:00:17:c5:79:23:2b:ea:9f:cf:43:
                    9a:08:7f:55:31:3d:e5:9e:29:8a:b2:32:6b:53:d4:
                    88:62:34:66:b6:83:24:57:76:b5:48:bf:27:2f:cb:
                    aa:8c:47:76:4f:b3:18:7e:6a:e2:39:b8:51:cd:00:
                    6d:da:1b:2a:6c:2a:96:43:ee:bc:15:88:07:a3:37:
                    87:0d:d1:6a:ae:c3:1d:b8:45:8c:98:6d:aa:0e:ee:
                    37:db:61:17:7d:ca:d2:2e:5d:e4:1a:4c:d4:bd:bd:
                    27:11:38:2b:f7:c2:03:ad:4f:b2:e4:1c:dc:fb:1d:
                    41:4b:85:bb:52:87:16:00:c2:d5:af:e7:f0:18:1b:
                    06:5e:dc:39:64:37:8c:80:a9:1f:22:de:49:ef:42:
                    36:75:72:6e:ec:3b:18:e7:db:9a:97:45:ec:ae:14:
                    78:bc:73:74:0f:fb:c6:b5:59:0a:4e:9a:92:42:45:
                    50:a2:f1:92:fd:dd:a7:54:ba:87:65:fc:b9:88:91:
                    33:45:b5:78:e6:3e:20:ef:12:d2:e1:e3:b0:57:02:
                    74:ce:a0:1b:ae:58:a8:ae:b3:bb:49:ca:c7:66:56:
                    4e:f7:ee:46:95:16:68:bb:75:a6:11:f9:b2:7b:c4:
                    05:51:4c:65:3d:ab:c9:d7:cb:87:0f:dd:24:d1:cf:
                    4b:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:69:54:44:17:47:81:7E:33:22:10:63:FA:A3:BD:B3:99:66:68:C5
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/TGlURBdHgX4zIhBj-qO9s5lmaMU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.209.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:23:33:7b:8b:99:56:a3:86:98:3a:36:08:42:44:7d:50:53:
         7d:ce:00:5a:ad:09:4b:9e:8b:b9:f2:bd:62:56:65:1a:c8:4e:
         b9:8e:f1:cd:ce:b1:36:f1:79:31:df:2f:82:cc:b2:39:3f:6b:
         0b:ef:09:7a:fb:42:b2:f7:eb:42:fe:08:f9:fc:c8:05:e6:41:
         bc:4d:ab:cf:7a:56:9e:1b:4c:99:bd:d5:d3:39:27:ce:96:8b:
         11:cd:60:df:e3:21:2b:8c:98:55:92:c9:f9:ad:3a:8c:4c:b7:
         87:46:82:20:de:5e:03:60:43:01:8d:f6:ba:71:a3:f5:52:35:
         8d:09:2b:18:72:62:f7:52:2d:a8:8e:e0:f0:48:eb:b1:d5:a3:
         b0:ae:a4:3f:7d:42:62:61:4a:6c:05:97:58:32:42:3f:0c:3d:
         ba:40:bb:67:40:fb:22:ca:d2:ae:1b:d1:58:dc:dd:e8:99:9f:
         bc:06:ef:f5:da:9b:6f:65:aa:bb:32:f8:ae:c2:83:ee:fd:1d:
         8d:83:ac:bf:cf:64:d1:ea:60:3c:58:db:2c:42:1a:fa:c2:85:
         6f:cb:fd:9d:7f:b9:1d:5f:b8:e8:ec:c9:19:3d:01:b1:3b:8b:
         aa:6f:3a:ee:f7:48:07:54:9c:17:b7:9b:d0:c0:a9:4e:96:e2:
         ed:0e:08:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3zxyzGqsGXmWTPyELR42MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjQwMTAyMDYzMjAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzY5NTQ0NDE3NDc4MTdlMzMyMjEwNjNmYWEzYmRiMzk5NjY2OGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoTTJgAAXxXkjK+qfz0OaCH9VMT3l
nimKsjJrU9SIYjRmtoMkV3a1SL8nL8uqjEd2T7MYfmriObhRzQBt2hsqbCqWQ+68
FYgHozeHDdFqrsMduEWMmG2qDu4322EXfcrSLl3kGkzUvb0nETgr98IDrU+y5Bzc
+x1BS4W7UocWAMLVr+fwGBsGXtw5ZDeMgKkfIt5J70I2dXJu7DsY59ual0XsrhR4
vHN0D/vGtVkKTpqSQkVQovGS/d2nVLqHZfy5iJEzRbV45j4g7xLS4eOwVwJ0zqAb
rliorrO7ScrHZlZO9+5GlRZou3WmEfmye8QFUUxlPavJ18uHD90k0c9LYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFExpVEQXR4F+MyIQY/qjvbOZZmjFMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvVEdsVVJCZEhnWDR6SWhCai1xTzlzNWxtYU1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dGXMA0G
CSqGSIb3DQEBCwUAA4IBAQCyIzN7i5lWo4aYOjYIQkR9UFN9zgBarQlLnou58r1i
VmUayE65jvHNzrE28Xkx3y+CzLI5P2sL7wl6+0Ky9+tC/gj5/MgF5kG8TavPelae
G0yZvdXTOSfOlosRzWDf4yErjJhVksn5rTqMTLeHRoIg3l4DYEMBjfa6caP1UjWN
CSsYcmL3Ui2ojuDwSOux1aOwrqQ/fUJiYUpsBZdYMkI/DD26QLtnQPsiytKuG9FY
3N3omZ+8Bu/12ptvZaq7MviuwoPu/R2Ng6y/z2TR6mA8WNssQhr6woVvy/2df7kd
X7jo7MkZPQGxO4uqbzru90gHVJwXt5vQwKlOluLtDgi8
-----END CERTIFICATE-----