Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/TVX80CSqOzCG3WJ4ZYlTtvMFtpw.roa
File:                     TVX80CSqOzCG3WJ4ZYlTtvMFtpw.roa (raw, json)
Hash identifier:          8XXo8xsBSC+a6MmeL5QgzTKEvq0aRo6662vceueowfE=
Subject key identifier:   4D:55:FC:D0:24:AA:3B:30:86:DD:62:78:65:89:53:B6:F3:05:B6:9C
Certificate issuer:       /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial:       018CC7944F68E7FCF199DD80EADCADE93173
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/TVX80CSqOzCG3WJ4ZYlTtvMFtpw.roa
Signing time:             Tue 02 Jan 2024 00:30:34 +0000
ROA not before:           Tue 02 Jan 2024 00:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12660
IP address blocks:        2.189.80.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:4f:68:e7:fc:f1:99:dd:80:ea:dc:ad:e9:31:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
        Validity
            Not Before: Jan  2 00:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d55fcd024aa3b3086dd6278658953b6f305b69c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:53:b6:79:8f:40:e1:4d:f7:69:01:2b:6a:73:
                    c8:6a:c0:bc:28:13:b0:c9:fc:e4:0b:20:c4:c4:3a:
                    0e:70:2c:1c:aa:65:b7:44:46:34:ec:27:33:59:4a:
                    cf:b0:4f:3b:be:eb:d3:26:2f:0e:c9:46:36:dd:d8:
                    2b:ff:f1:ad:6f:2b:9a:79:bf:e8:b1:a8:e0:9b:ad:
                    72:5e:ef:11:99:4c:f6:a2:db:9a:50:ec:91:0a:a0:
                    39:e6:bf:dd:6e:97:52:ac:8f:a5:6e:bb:4a:79:17:
                    05:9c:a8:52:cd:5c:d6:40:58:e7:43:1f:d6:60:8c:
                    ab:b6:7c:ab:6f:07:1a:54:87:d0:b7:c4:6a:f6:4a:
                    fc:79:9a:4e:25:f9:d5:92:d6:1f:51:49:54:37:b1:
                    c6:96:1f:27:55:8e:92:fa:7f:84:35:47:8d:69:78:
                    9f:7b:7b:3d:a5:68:b5:61:41:8e:4c:cf:7c:ec:90:
                    5d:cc:43:d9:ff:d8:7d:ba:0c:39:3a:5c:01:ed:52:
                    95:9d:8b:76:87:be:d9:cb:d4:0d:09:c0:1e:34:67:
                    d1:6c:d3:18:99:f5:fc:63:93:e9:56:be:51:7a:d2:
                    89:9c:05:2d:0b:a3:f3:7e:f5:09:1f:28:09:a6:39:
                    3a:91:ee:b4:3a:59:f4:4f:d9:17:f8:8e:c9:6d:4d:
                    1d:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:55:FC:D0:24:AA:3B:30:86:DD:62:78:65:89:53:B6:F3:05:B6:9C
            X509v3 Authority Key Identifier:
                keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/TVX80CSqOzCG3WJ4ZYlTtvMFtpw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.189.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         81:6f:4b:d4:81:ba:bc:21:25:86:dd:ff:fc:bc:83:74:ec:5c:
         4f:80:81:14:f0:7c:80:e3:47:57:1f:96:aa:77:1d:17:78:d5:
         04:1b:7e:e7:13:8a:5e:8d:3a:90:d0:ae:a9:02:86:fc:ed:78:
         45:ef:c1:92:95:d0:84:7d:90:37:a4:28:b2:00:52:2b:39:73:
         f7:98:22:7d:b2:cf:49:7d:21:4e:d8:ef:3d:ef:c9:0f:4e:ff:
         2d:cb:5b:08:a3:f2:11:68:f6:de:60:2e:76:2a:52:b1:22:c9:
         a8:91:41:c2:20:d4:b3:77:e2:be:ee:b3:7c:03:72:ed:9b:19:
         3b:a1:c7:c5:2c:55:49:c2:a0:7f:f3:0c:95:d1:56:46:50:c5:
         5d:3e:9c:3e:49:02:00:85:d1:4a:5f:93:2a:3b:f7:39:7f:bc:
         fb:61:7e:50:42:92:32:16:87:f0:fe:1c:98:d9:84:60:43:9d:
         91:e1:74:06:7c:6c:1c:d5:86:ce:4e:f8:97:77:5e:61:68:7b:
         e1:e3:51:ae:3d:85:41:83:0a:5b:d3:75:55:37:de:ff:99:97:
         9c:0d:da:99:9c:d0:ab:0b:1a:b0:48:48:2b:25:7e:50:ee:68:
         62:48:34:1f:68:94:c4:9d:bb:6c:b8:9b:6a:85:d4:b5:b6:17:
         cd:c3:5e:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlE9o5/zxmd2A6tyt6TFzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjQwMTAyMDAzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDU1ZmNkMDI0YWEzYjMwODZkZDYyNzg2NTg5NTNiNmYzMDViNjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1lO2eY9A4U33aQEranPIasC8KBOw
yfzkCyDExDoOcCwcqmW3REY07CczWUrPsE87vuvTJi8OyUY23dgr//Gtbyuaeb/o
sajgm61yXu8RmUz2otuaUOyRCqA55r/dbpdSrI+lbrtKeRcFnKhSzVzWQFjnQx/W
YIyrtnyrbwcaVIfQt8Rq9kr8eZpOJfnVktYfUUlUN7HGlh8nVY6S+n+ENUeNaXif
e3s9pWi1YUGOTM987JBdzEPZ/9h9ugw5OlwB7VKVnYt2h77Zy9QNCcAeNGfRbNMY
mfX8Y5PpVr5RetKJnAUtC6PzfvUJHygJpjk6ke60Oln0T9kX+I7JbU0dGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE1V/NAkqjswht1ieGWJU7bzBbacMB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvVFZYODBDU3FPekNHM1dKNFpZbFR0dk1GdHB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDAr1QMA0G
CSqGSIb3DQEBCwUAA4IBAQCBb0vUgbq8ISWG3f/8vIN07FxPgIEU8HyA40dXH5aq
dx0XeNUEG37nE4pejTqQ0K6pAob87XhF78GSldCEfZA3pCiyAFIrOXP3mCJ9ss9J
fSFO2O8978kPTv8ty1sIo/IRaPbeYC52KlKxIsmokUHCINSzd+K+7rN8A3Ltmxk7
ocfFLFVJwqB/8wyV0VZGUMVdPpw+SQIAhdFKX5MqO/c5f7z7YX5QQpIyFofw/hyY
2YRgQ52R4XQGfGwc1YbOTviXd15haHvh41GuPYVBgwpb03VVN97/mZecDdqZnNCr
CxqwSEgrJX5Q7mhiSDQfaJTEnbtsuJtqhdS1thfNw17n
-----END CERTIFICATE-----