Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/23f532-fe86-4198-8c3b-4d43f66ab731/1/tvEM_hTRvLnXDsqmVZxrYUrPSIo.roa
File:                     tvEM_hTRvLnXDsqmVZxrYUrPSIo.roa (raw, json)
Hash identifier:          RvmrjHmONaJ+itaRiqkWYOC9QOADj30lzValAr17WUw=
Subject key identifier:   B6:F1:0C:FE:14:D1:BC:B9:D7:0E:CA:A6:55:9C:6B:61:4A:CF:48:8A
Certificate issuer:       /CN=6149cbba3e6629beaebfb69668678ada51744898
Certificate serial:       018CC26D24310034FD9CA2C63B4EF3DE5BED
Authority key identifier: 61:49:CB:BA:3E:66:29:BE:AE:BF:B6:96:68:67:8A:DA:51:74:48:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YUnLuj5mKb6uv7aWaGeK2lF0SJg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/23f532-fe86-4198-8c3b-4d43f66ab731/1/tvEM_hTRvLnXDsqmVZxrYUrPSIo.roa
Signing time:             Mon 01 Jan 2024 00:29:41 +0000
ROA not before:           Mon 01 Jan 2024 00:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44682
IP address blocks:        193.111.120.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/23f532-fe86-4198-8c3b-4d43f66ab731/1/YUnLuj5mKb6uv7aWaGeK2lF0SJg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/23f532-fe86-4198-8c3b-4d43f66ab731/1/YUnLuj5mKb6uv7aWaGeK2lF0SJg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YUnLuj5mKb6uv7aWaGeK2lF0SJg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:24:31:00:34:fd:9c:a2:c6:3b:4e:f3:de:5b:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6149cbba3e6629beaebfb69668678ada51744898
        Validity
            Not Before: Jan  1 00:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6f10cfe14d1bcb9d70ecaa6559c6b614acf488a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ba:a0:9b:c8:64:05:66:b7:70:f4:e3:55:f8:
                    3e:7f:8c:d5:8c:9e:8f:ad:ed:74:d8:d4:d4:47:ca:
                    9a:c5:68:c1:99:39:8e:b0:f5:51:96:1c:f5:e8:fd:
                    5f:0b:2f:c7:ce:5f:df:fe:d8:b4:ad:18:8b:d0:9d:
                    22:af:43:0c:7b:d1:a9:1a:de:2c:6b:65:ed:a8:ae:
                    c0:1b:5c:9c:b9:5d:6e:59:5a:65:92:ef:df:f6:52:
                    94:4d:90:2a:4c:e2:2d:f4:bb:ae:23:78:d9:cf:1e:
                    42:6b:be:55:bd:8c:87:04:2d:89:a4:33:6b:f0:51:
                    1e:5c:ef:ec:be:7f:4d:07:49:9e:af:f1:a8:95:2e:
                    49:11:74:f1:38:af:36:ed:a0:6f:0a:bf:67:a9:9b:
                    ea:01:49:3b:a9:7c:ff:b0:d1:35:f9:0c:53:4e:b4:
                    87:31:9d:0f:35:90:da:e8:22:0a:6a:2e:37:68:d4:
                    38:f5:79:38:99:93:ec:da:2f:35:33:4b:c5:93:22:
                    88:07:18:7f:aa:56:a4:ac:30:a6:14:f2:e5:4c:6e:
                    3e:35:20:46:21:90:cf:6d:a1:09:ac:d2:e7:60:d5:
                    97:6f:ce:95:8d:b1:d5:c5:0a:a2:d6:73:fa:a8:15:
                    f7:d9:70:16:94:d7:30:1c:9d:c8:25:d1:5e:10:2a:
                    93:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:F1:0C:FE:14:D1:BC:B9:D7:0E:CA:A6:55:9C:6B:61:4A:CF:48:8A
            X509v3 Authority Key Identifier:
                keyid:61:49:CB:BA:3E:66:29:BE:AE:BF:B6:96:68:67:8A:DA:51:74:48:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YUnLuj5mKb6uv7aWaGeK2lF0SJg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/23f532-fe86-4198-8c3b-4d43f66ab731/1/tvEM_hTRvLnXDsqmVZxrYUrPSIo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/23f532-fe86-4198-8c3b-4d43f66ab731/1/YUnLuj5mKb6uv7aWaGeK2lF0SJg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.120.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:1b:f6:1a:ef:65:7a:e4:1f:76:17:c1:7c:6d:5b:9b:be:e0:
         48:e7:09:02:ad:2a:71:4b:7f:c5:80:ce:70:fe:e4:2e:91:3f:
         4e:c5:cb:4c:85:5f:57:90:61:a0:bd:fd:a2:75:7e:74:80:25:
         53:f9:47:19:27:b7:00:ef:8b:a3:e2:47:17:ab:b3:11:26:98:
         dd:60:15:5a:e0:95:ab:35:59:b8:32:05:c0:0f:76:d8:14:e3:
         41:50:73:19:94:7d:7c:d2:61:bc:b0:f9:36:dd:c5:96:b9:a8:
         a1:93:1c:1f:f8:2c:91:8a:ed:3d:40:55:db:3d:7c:37:cc:65:
         aa:77:eb:f8:a0:47:da:c8:f0:e4:2d:3b:f0:89:d0:4f:ff:5d:
         40:a7:60:44:59:51:8b:5b:24:5d:11:29:11:3e:d4:a3:94:06:
         e7:f5:ca:87:1e:de:13:59:f0:85:48:d4:9e:fe:27:12:24:e1:
         da:1e:c1:b8:41:2c:3c:70:a8:d0:f8:3a:48:59:dd:62:75:a7:
         70:06:a2:8a:d5:d0:e3:8d:81:d4:03:84:52:21:de:9a:fb:61:
         d5:7a:6f:ba:db:24:fa:f6:bb:49:22:b3:b9:72:70:62:c2:2d:
         de:1f:76:2d:be:54:de:54:7e:00:b1:b3:39:df:2d:7a:72:f1:
         c3:b5:cb:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbSQxADT9nKLGO07z3lvtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxNDljYmJhM2U2NjI5YmVhZWJmYjY5NjY4Njc4YWRhNTE3
NDQ4OTgwHhcNMjQwMTAxMDAyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmYxMGNmZTE0ZDFiY2I5ZDcwZWNhYTY1NTljNmI2MTRhY2Y0ODhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLqgm8hkBWa3cPTjVfg+f4zVjJ6P
re102NTUR8qaxWjBmTmOsPVRlhz16P1fCy/Hzl/f/ti0rRiL0J0ir0MMe9GpGt4s
a2XtqK7AG1ycuV1uWVplku/f9lKUTZAqTOIt9LuuI3jZzx5Ca75VvYyHBC2JpDNr
8FEeXO/svn9NB0mer/GolS5JEXTxOK827aBvCr9nqZvqAUk7qXz/sNE1+QxTTrSH
MZ0PNZDa6CIKai43aNQ49Xk4mZPs2i81M0vFkyKIBxh/qlakrDCmFPLlTG4+NSBG
IZDPbaEJrNLnYNWXb86VjbHVxQqi1nP6qBX32XAWlNcwHJ3IJdFeECqTLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLbxDP4U0by51w7KplWca2FKz0iKMB8GA1UdIwQY
MBaAFGFJy7o+Zim+rr+2lmhnitpRdEiYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVVuTHVqNW1LYjZ1djdhV2FHZUsybEYwU0pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yM2Y1MzItZmU4Ni00MTk4LThjM2It
NGQ0M2Y2NmFiNzMxLzEvdHZFTV9oVFJ2TG5YRHNxbVZaeHJZVXJQU0lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yM2Y1MzItZmU4Ni00MTk4LThjM2ItNGQ0M2Y2NmFiNzMx
LzEvWVVuTHVqNW1LYjZ1djdhV2FHZUsybEYwU0pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwW94MA0G
CSqGSIb3DQEBCwUAA4IBAQBrG/Ya72V65B92F8F8bVubvuBI5wkCrSpxS3/FgM5w
/uQukT9OxctMhV9XkGGgvf2idX50gCVT+UcZJ7cA74uj4kcXq7MRJpjdYBVa4JWr
NVm4MgXAD3bYFONBUHMZlH180mG8sPk23cWWuaihkxwf+CyRiu09QFXbPXw3zGWq
d+v4oEfayPDkLTvwidBP/11Ap2BEWVGLWyRdESkRPtSjlAbn9cqHHt4TWfCFSNSe
/icSJOHaHsG4QSw8cKjQ+DpIWd1idadwBqKK1dDjjYHUA4RSId6a+2HVem+62yT6
9rtJIrO5cnBiwi3eH3YtvlTeVH4AsbM53y16cvHDtcsU
-----END CERTIFICATE-----