Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/TyljrI7P1POzzAPinv5P6fiHjV8.roa
File:                     TyljrI7P1POzzAPinv5P6fiHjV8.roa (raw, json)
Hash identifier:          Andax49dUFtUCUdyYyaydkWk6xK/fM+zdDRygtpiikc=
Subject key identifier:   4F:29:63:AC:8E:CF:D4:F3:B3:CC:03:E2:9E:FE:4F:E9:F8:87:8D:5F
Certificate issuer:       /CN=b393df877bf2f0cf01a9718973eaeee87b0697d9
Certificate serial:       01920083C66F12DB1A46590221BA1651FD47
Authority key identifier: B3:93:DF:87:7B:F2:F0:CF:01:A9:71:89:73:EA:EE:E8:7B:06:97:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/TyljrI7P1POzzAPinv5P6fiHjV8.roa
Signing time:             Tue 17 Sep 2024 15:04:48 +0000
ROA not before:           Tue 17 Sep 2024 15:04:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48106
IP address blocks:        195.128.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:00:83:c6:6f:12:db:1a:46:59:02:21:ba:16:51:fd:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b393df877bf2f0cf01a9718973eaeee87b0697d9
        Validity
            Not Before: Sep 17 15:04:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f2963ac8ecfd4f3b3cc03e29efe4fe9f8878d5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c1:f6:a2:5e:f3:7b:72:e4:c2:dc:6b:51:55:
                    40:22:5e:ff:78:ba:d8:7e:e0:5f:89:b2:b4:d3:cd:
                    df:45:9b:c5:04:e9:fc:48:3b:03:3b:91:45:68:cf:
                    99:d7:c2:b5:94:8c:e1:7d:99:a3:cc:b1:43:2a:2d:
                    dd:fa:bd:7c:90:cb:24:e4:17:e7:c5:39:ca:f0:3f:
                    c1:83:e4:01:76:d9:6d:91:57:a0:ec:5f:87:8b:6d:
                    0f:96:ac:f1:ff:6b:cc:b3:9f:e4:ba:9f:d7:78:96:
                    4b:e5:8a:15:42:59:fa:11:ae:1e:7a:17:76:a1:4f:
                    25:13:cb:f9:43:13:1f:66:20:ef:71:af:1b:4b:b0:
                    60:53:cc:40:dd:de:4e:f5:42:8d:6d:42:3c:82:0a:
                    bf:98:cc:3c:b0:5c:5d:ef:68:3c:81:71:43:96:17:
                    97:9a:d8:f7:c1:7a:ed:fb:a9:9a:31:21:3d:74:a1:
                    ce:ab:fe:b9:54:b3:8d:44:a0:66:2d:70:55:41:68:
                    91:65:a6:64:ab:37:fa:f1:b8:20:68:0f:33:ba:04:
                    a6:76:7d:e1:70:b2:db:0b:1e:9c:70:b1:4e:4b:e9:
                    c5:02:cb:08:50:66:57:53:1c:5b:2a:e3:93:6f:e6:
                    6b:f4:86:81:d1:21:90:d6:b7:f2:0b:6c:8a:4b:f6:
                    21:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:29:63:AC:8E:CF:D4:F3:B3:CC:03:E2:9E:FE:4F:E9:F8:87:8D:5F
            X509v3 Authority Key Identifier:
                keyid:B3:93:DF:87:7B:F2:F0:CF:01:A9:71:89:73:EA:EE:E8:7B:06:97:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/TyljrI7P1POzzAPinv5P6fiHjV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.128.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:6f:fd:ad:1c:39:49:8b:19:34:a1:4a:ec:65:df:88:9a:5f:
         fe:fa:4f:4f:d6:f6:59:e2:9f:93:cd:9b:c8:ca:42:84:40:af:
         68:36:e6:16:c5:82:e5:c8:dd:10:a7:fd:f2:51:ee:6a:45:d4:
         39:31:82:04:36:21:69:d6:20:94:34:f0:7f:42:0b:aa:f0:5c:
         38:d5:4d:e7:e6:8c:09:9d:03:59:de:f9:8d:cb:bf:f3:18:c2:
         f1:3a:85:a9:f1:af:ff:da:c6:ac:14:e3:89:27:38:9d:fe:10:
         c0:c1:c8:c9:f9:3e:c9:fe:cd:4d:f7:d8:98:56:df:3a:d5:22:
         25:7a:f1:9c:e8:ac:e0:c4:c9:8f:bc:3a:a4:50:d5:23:84:7c:
         d5:bf:41:a4:2a:95:b9:f5:ca:8d:a8:b3:a3:09:9a:af:2a:8c:
         7c:3b:0b:cb:51:39:dc:25:d3:12:99:47:2b:ef:65:cf:3e:14:
         b1:f5:cb:b0:e1:9c:53:18:b9:56:0a:c0:1e:dc:a2:4e:0c:02:
         89:74:37:63:3c:28:f6:be:8b:e2:cb:1b:6f:0c:22:71:f6:f3:
         da:e5:7d:02:f0:5f:2f:4b:e3:88:16:77:72:fd:8b:01:db:41:
         2f:8f:48:f4:f0:1b:d7:d3:8b:70:51:4f:47:82:18:08:e8:14:
         a0:f1:35:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIAg8ZvEtsaRlkCIboWUf1HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzOTNkZjg3N2JmMmYwY2YwMWE5NzE4OTczZWFlZWU4N2Iw
Njk3ZDkwHhcNMjQwOTE3MTUwNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjI5NjNhYzhlY2ZkNGYzYjNjYzAzZTI5ZWZlNGZlOWY4ODc4ZDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcH2ol7ze3LkwtxrUVVAIl7/eLrY
fuBfibK0083fRZvFBOn8SDsDO5FFaM+Z18K1lIzhfZmjzLFDKi3d+r18kMsk5Bfn
xTnK8D/Bg+QBdtltkVeg7F+Hi20Plqzx/2vMs5/kup/XeJZL5YoVQln6Ea4eehd2
oU8lE8v5QxMfZiDvca8bS7BgU8xA3d5O9UKNbUI8ggq/mMw8sFxd72g8gXFDlheX
mtj3wXrt+6maMSE9dKHOq/65VLONRKBmLXBVQWiRZaZkqzf68bggaA8zugSmdn3h
cLLbCx6ccLFOS+nFAssIUGZXUxxbKuOTb+Zr9IaB0SGQ1rfyC2yKS/YhdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE8pY6yOz9Tzs8wD4p7+T+n4h41fMB8GA1UdIwQY
MBaAFLOT34d78vDPAalxiXPq7uh7BpfZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczVQZmgzdnk4TThCcVhHSmMtcnU2SHNHbDlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi85Mzc1ZTMtMzc3ZS00YjcwLWJhMzYt
Mzk2YmM3MjBlMmI0LzEvVHlsanJJN1AxUE96ekFQaW52NVA2ZmlIalY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi85Mzc1ZTMtMzc3ZS00YjcwLWJhMzYtMzk2YmM3MjBlMmI0
LzEvczVQZmgzdnk4TThCcVhHSmMtcnU2SHNHbDlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4AbMA0G
CSqGSIb3DQEBCwUAA4IBAQBLb/2tHDlJixk0oUrsZd+Iml/++k9P1vZZ4p+TzZvI
ykKEQK9oNuYWxYLlyN0Qp/3yUe5qRdQ5MYIENiFp1iCUNPB/Qguq8Fw41U3n5owJ
nQNZ3vmNy7/zGMLxOoWp8a//2sasFOOJJzid/hDAwcjJ+T7J/s1N99iYVt861SIl
evGc6KzgxMmPvDqkUNUjhHzVv0GkKpW59cqNqLOjCZqvKox8OwvLUTncJdMSmUcr
72XPPhSx9cuw4ZxTGLlWCsAe3KJODAKJdDdjPCj2voviyxtvDCJx9vPa5X0C8F8v
S+OIFndy/YsB20Evj0j08BvX04twUU9HghgI6BSg8TVF
-----END CERTIFICATE-----