Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/2a4bf5-40cf-447a-97e0-679cf0210d49/1/TQGNbA8QwyvkFdP7Pu8OPtTiNcU.roa
File:                     TQGNbA8QwyvkFdP7Pu8OPtTiNcU.roa (raw, json)
Hash identifier:          6P2oiGztdz/5kxsirOyn/ltTaOamw/XMQGoYdLl0rOs=
Subject key identifier:   4D:01:8D:6C:0F:10:C3:2B:E4:15:D3:FB:3E:EF:0E:3E:D4:E2:35:C5
Certificate issuer:       /CN=0735daa8cfe25dd12a2c26e0ffcce97636748ebd
Certificate serial:       018CC9BC458C999E3BA54A0313A77DCF3E4B
Authority key identifier: 07:35:DA:A8:CF:E2:5D:D1:2A:2C:26:E0:FF:CC:E9:76:36:74:8E:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BzXaqM_iXdEqLCbg_8zpdjZ0jr0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/2a4bf5-40cf-447a-97e0-679cf0210d49/1/TQGNbA8QwyvkFdP7Pu8OPtTiNcU.roa
Signing time:             Tue 02 Jan 2024 10:33:28 +0000
ROA not before:           Tue 02 Jan 2024 10:33:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209255
IP address blocks:        92.119.54.0/24 maxlen: 24
                          92.119.52.0/22 maxlen: 22
                          2a09:b640::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/2a4bf5-40cf-447a-97e0-679cf0210d49/1/BzXaqM_iXdEqLCbg_8zpdjZ0jr0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/2a4bf5-40cf-447a-97e0-679cf0210d49/1/BzXaqM_iXdEqLCbg_8zpdjZ0jr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BzXaqM_iXdEqLCbg_8zpdjZ0jr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:45:8c:99:9e:3b:a5:4a:03:13:a7:7d:cf:3e:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0735daa8cfe25dd12a2c26e0ffcce97636748ebd
        Validity
            Not Before: Jan  2 10:33:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d018d6c0f10c32be415d3fb3eef0e3ed4e235c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:9d:25:b6:12:89:00:de:10:03:4f:fb:d5:c0:
                    9f:ea:ce:1d:a6:2e:90:9d:1b:d7:76:86:c6:6d:10:
                    d9:4d:42:7b:52:c1:28:14:94:31:4f:4f:58:7e:db:
                    ca:67:33:cc:18:d7:ce:9a:f0:51:88:4d:ba:9a:8e:
                    86:cb:3c:cf:af:a0:ba:cc:ca:9b:84:2e:c6:fe:26:
                    e8:6b:50:ea:6e:7b:ec:f7:54:ce:ac:e4:02:31:e3:
                    fa:99:2f:77:17:74:eb:5b:d7:11:3f:ae:43:83:9a:
                    ae:a2:9b:29:d5:ff:27:3f:26:22:b2:1b:fc:de:c0:
                    3e:a2:b3:9a:bb:c9:ba:7e:36:22:6b:93:85:b0:fe:
                    cf:f1:4a:75:6c:37:2b:71:c0:f3:96:aa:ea:b1:56:
                    4d:b1:a7:e9:0a:c7:c2:7b:91:f9:cb:d6:cd:a2:cd:
                    46:e0:a7:29:e0:cb:e1:6b:63:a9:06:28:84:06:2d:
                    81:e3:c6:4b:dd:dd:ad:82:f2:20:28:d2:d1:94:74:
                    3a:0b:d2:0a:4c:8e:75:9d:c3:f9:45:56:b2:be:6d:
                    17:75:20:1b:e9:d5:c4:65:e4:96:bf:53:eb:5d:8e:
                    80:df:1e:c8:9a:1a:5b:88:90:d0:18:ec:93:5e:0d:
                    19:a2:ab:c4:b7:ee:92:45:10:86:ea:a0:c2:cc:80:
                    17:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:01:8D:6C:0F:10:C3:2B:E4:15:D3:FB:3E:EF:0E:3E:D4:E2:35:C5
            X509v3 Authority Key Identifier:
                keyid:07:35:DA:A8:CF:E2:5D:D1:2A:2C:26:E0:FF:CC:E9:76:36:74:8E:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BzXaqM_iXdEqLCbg_8zpdjZ0jr0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/2a4bf5-40cf-447a-97e0-679cf0210d49/1/TQGNbA8QwyvkFdP7Pu8OPtTiNcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/2a4bf5-40cf-447a-97e0-679cf0210d49/1/BzXaqM_iXdEqLCbg_8zpdjZ0jr0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.52.0/22
                IPv6:
                  2a09:b640::/29

    Signature Algorithm: sha256WithRSAEncryption
         a9:6c:f4:65:d9:4a:bb:a1:d9:8f:47:06:69:be:fe:82:12:05:
         e9:67:03:90:37:bc:1c:f2:61:b6:bc:1b:b4:86:1d:6b:dc:4d:
         da:6d:ec:54:c0:0a:ed:78:4c:86:1a:2a:8d:81:16:2e:e6:1a:
         94:29:87:a0:b7:67:ea:d2:ad:b0:ba:80:75:5e:b4:2a:30:e4:
         27:46:85:a2:c4:b8:52:f9:b1:6c:5a:a0:5d:b2:77:65:af:6a:
         e1:14:73:9b:ea:70:fb:ff:d0:05:f3:c5:2c:fb:8b:b5:6a:76:
         ee:53:89:ed:c2:e5:75:49:d2:90:37:7b:2c:1b:d3:e4:ce:50:
         7f:cf:c8:87:f9:0d:2f:5e:3c:6f:44:dd:c4:03:db:f8:f9:17:
         45:b8:2e:75:0b:d2:6d:0f:96:0c:aa:ea:90:7c:86:bc:20:d1:
         5e:4e:cf:b4:73:33:ae:19:7c:35:a7:a4:d4:5e:b7:bd:d0:e5:
         2b:88:1a:83:92:11:39:ba:07:ed:33:0e:cb:94:40:66:28:4c:
         23:8c:01:05:9c:cf:e6:12:ee:8d:c4:77:45:d6:65:73:9b:24:
         ec:90:ff:a8:72:60:eb:87:b3:07:f8:90:94:d7:4b:d0:16:85:
         68:20:99:b9:a6:0d:3a:f1:d5:53:96:dd:07:6b:b9:80:8a:03:
         09:14:6a:9b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJvEWMmZ47pUoDE6d9zz5LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3MzVkYWE4Y2ZlMjVkZDEyYTJjMjZlMGZmY2NlOTc2MzY3
NDhlYmQwHhcNMjQwMTAyMTAzMzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDAxOGQ2YzBmMTBjMzJiZTQxNWQzZmIzZWVmMGUzZWQ0ZTIzNWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAop0lthKJAN4QA0/71cCf6s4dpi6Q
nRvXdobGbRDZTUJ7UsEoFJQxT09YftvKZzPMGNfOmvBRiE26mo6GyzzPr6C6zMqb
hC7G/iboa1Dqbnvs91TOrOQCMeP6mS93F3TrW9cRP65Dg5quopsp1f8nPyYishv8
3sA+orOau8m6fjYia5OFsP7P8Up1bDcrccDzlqrqsVZNsafpCsfCe5H5y9bNos1G
4Kcp4Mvha2OpBiiEBi2B48ZL3d2tgvIgKNLRlHQ6C9IKTI51ncP5RVayvm0XdSAb
6dXEZeSWv1PrXY6A3x7ImhpbiJDQGOyTXg0ZoqvEt+6SRRCG6qDCzIAXDQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFE0BjWwPEMMr5BXT+z7vDj7U4jXFMB8GA1UdIwQY
MBaAFAc12qjP4l3RKiwm4P/M6XY2dI69MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnpYYXFNX2lYZEVxTENiZ184enBkalowanIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS8yYTRiZjUtNDBjZi00NDdhLTk3ZTAt
Njc5Y2YwMjEwZDQ5LzEvVFFHTmJBOFF3eXZrRmRQN1B1OE9QdFRpTmNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS8yYTRiZjUtNDBjZi00NDdhLTk3ZTAtNjc5Y2YwMjEwZDQ5
LzEvQnpYYXFNX2lYZEVxTENiZ184enBkalowanIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCXHc0MA0E
AgACMAcDBQMqCbZAMA0GCSqGSIb3DQEBCwUAA4IBAQCpbPRl2Uq7odmPRwZpvv6C
EgXpZwOQN7wc8mG2vBu0hh1r3E3abexUwArteEyGGiqNgRYu5hqUKYegt2fq0q2w
uoB1XrQqMOQnRoWixLhS+bFsWqBdsndlr2rhFHOb6nD7/9AF88Us+4u1anbuU4nt
wuV1SdKQN3ssG9PkzlB/z8iH+Q0vXjxvRN3EA9v4+RdFuC51C9JtD5YMquqQfIa8
INFeTs+0czOuGXw1p6TUXre90OUriBqDkhE5ugftMw7LlEBmKEwjjAEFnM/mEu6N
xHdF1mVzmyTskP+ocmDrh7MH+JCU10vQFoVoIJm5pg068dVTlt0Ha7mAigMJFGqb
-----END CERTIFICATE-----