Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/dc1d09-9f69-471b-be7a-52008d1cb9b6/1/tcaZ6rqvn8cACiAwHW992gqNeyc.roa
File:                     tcaZ6rqvn8cACiAwHW992gqNeyc.roa (raw, json)
Hash identifier:          3qOwp6QYZ/5B3O5vAoRhLlwAwrff38eYcTO1rRG6iwo=
Subject key identifier:   B5:C6:99:EA:BA:AF:9F:C7:00:0A:20:30:1D:6F:7D:DA:0A:8D:7B:27
Certificate issuer:       /CN=c7389ce826bc8d26869b452f3cd936902c552fbf
Certificate serial:       018CC80248FB9A58896B68DF1A4A507A830F
Authority key identifier: C7:38:9C:E8:26:BC:8D:26:86:9B:45:2F:3C:D9:36:90:2C:55:2F:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xzic6Ca8jSaGm0UvPNk2kCxVL78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/dc1d09-9f69-471b-be7a-52008d1cb9b6/1/tcaZ6rqvn8cACiAwHW992gqNeyc.roa
Signing time:             Tue 02 Jan 2024 02:30:42 +0000
ROA not before:           Tue 02 Jan 2024 02:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34563
IP address blocks:        91.216.70.0/24 maxlen: 24
                          193.42.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/dc1d09-9f69-471b-be7a-52008d1cb9b6/1/xzic6Ca8jSaGm0UvPNk2kCxVL78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/dc1d09-9f69-471b-be7a-52008d1cb9b6/1/xzic6Ca8jSaGm0UvPNk2kCxVL78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xzic6Ca8jSaGm0UvPNk2kCxVL78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:48:fb:9a:58:89:6b:68:df:1a:4a:50:7a:83:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7389ce826bc8d26869b452f3cd936902c552fbf
        Validity
            Not Before: Jan  2 02:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5c699eabaaf9fc7000a20301d6f7dda0a8d7b27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:2b:04:98:2b:9f:c3:70:01:83:da:dd:a7:ad:
                    07:2b:59:16:7e:f1:7d:2b:bd:f4:27:64:bb:fa:b6:
                    66:81:6e:bc:ac:7c:c7:9f:44:f8:7c:0d:14:9f:6a:
                    cd:6e:9e:80:4a:f2:40:14:f2:53:4a:a8:7f:ed:3d:
                    73:ed:12:8a:7c:23:a9:16:24:d7:ab:2c:e5:92:73:
                    9d:ca:80:3a:53:aa:fe:16:9f:ff:d3:b6:f1:d0:83:
                    f7:cf:f3:8a:51:a2:d6:9b:1e:d3:95:17:c5:c9:59:
                    2c:d5:41:e3:97:d2:b4:f4:89:e1:9d:3a:4c:7f:9c:
                    86:c0:90:c2:d3:98:e6:f9:22:14:e6:f6:9f:14:1f:
                    3a:e9:a7:7a:2b:0c:72:3c:cb:a0:59:69:4a:63:bd:
                    f4:66:31:74:cd:dd:45:7b:ed:6b:05:e0:94:5f:4f:
                    7a:c4:15:e7:9e:39:df:73:63:b8:08:17:88:f5:61:
                    6c:8f:5a:aa:59:21:96:fa:8d:72:6d:dd:b6:c1:99:
                    a3:bf:77:b8:e4:9a:3c:79:2d:f1:ee:16:92:c9:4e:
                    c4:8a:c0:e4:f9:c1:ee:94:eb:32:57:d8:e9:35:c5:
                    09:70:5b:de:41:2b:c4:05:4f:89:70:07:20:c9:d5:
                    f0:86:73:1b:fd:07:61:d9:bc:b6:68:48:99:32:56:
                    0a:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:C6:99:EA:BA:AF:9F:C7:00:0A:20:30:1D:6F:7D:DA:0A:8D:7B:27
            X509v3 Authority Key Identifier:
                keyid:C7:38:9C:E8:26:BC:8D:26:86:9B:45:2F:3C:D9:36:90:2C:55:2F:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xzic6Ca8jSaGm0UvPNk2kCxVL78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/dc1d09-9f69-471b-be7a-52008d1cb9b6/1/tcaZ6rqvn8cACiAwHW992gqNeyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/dc1d09-9f69-471b-be7a-52008d1cb9b6/1/xzic6Ca8jSaGm0UvPNk2kCxVL78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.70.0/24
                  193.42.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:88:14:f4:c4:86:69:f0:bd:1d:49:15:99:fb:51:cc:41:6d:
         af:64:5b:f7:f6:39:56:06:8e:c4:21:19:ca:dd:cf:d5:02:b1:
         29:5f:33:f2:b5:7c:6b:14:46:1f:02:d3:9c:7b:8c:58:a5:0a:
         37:12:1b:a8:1b:9e:95:40:1b:4a:bf:9a:67:2e:63:7b:53:71:
         bd:61:6e:5d:c5:cd:03:ca:8d:db:0a:b6:d2:0e:6e:9a:95:7f:
         65:21:00:c2:17:bc:ea:fa:83:f1:a7:a7:c3:11:d8:1d:56:3c:
         96:d2:e5:27:f8:3a:d7:00:57:9a:fa:2a:bd:d4:cd:1f:eb:2e:
         b5:2d:de:37:77:3f:cf:74:0c:1e:29:6a:5e:a2:34:ee:f8:a4:
         5b:20:98:b8:29:94:f0:1c:3b:6c:f4:29:56:8a:cc:1f:6f:4e:
         09:47:34:99:43:ee:b8:c5:92:e8:db:1f:0f:eb:d0:dd:31:36:
         19:f7:60:8d:68:52:e9:70:f0:6a:b4:00:00:d8:ef:63:fd:41:
         a2:70:fa:8f:57:b1:11:e8:0e:e8:12:aa:61:d8:16:34:ad:4e:
         b4:02:86:6b:fa:cb:f9:b0:b4:d4:1d:e7:55:86:42:28:61:ab:
         48:dc:33:72:bd:b8:0a:ca:8c:85:e6:b5:63:cb:8e:35:21:d7:
         b6:3a:79:a6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAkj7mliJa2jfGkpQeoMPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3Mzg5Y2U4MjZiYzhkMjY4NjliNDUyZjNjZDkzNjkwMmM1
NTJmYmYwHhcNMjQwMTAyMDIzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWM2OTllYWJhYWY5ZmM3MDAwYTIwMzAxZDZmN2RkYTBhOGQ3YjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmysEmCufw3ABg9rdp60HK1kWfvF9
K730J2S7+rZmgW68rHzHn0T4fA0Un2rNbp6ASvJAFPJTSqh/7T1z7RKKfCOpFiTX
qyzlknOdyoA6U6r+Fp//07bx0IP3z/OKUaLWmx7TlRfFyVks1UHjl9K09InhnTpM
f5yGwJDC05jm+SIU5vafFB866ad6KwxyPMugWWlKY730ZjF0zd1Fe+1rBeCUX096
xBXnnjnfc2O4CBeI9WFsj1qqWSGW+o1ybd22wZmjv3e45Jo8eS3x7haSyU7EisDk
+cHulOsyV9jpNcUJcFveQSvEBU+JcAcgydXwhnMb/Qdh2by2aEiZMlYK4wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLXGmeq6r5/HAAogMB1vfdoKjXsnMB8GA1UdIwQY
MBaAFMc4nOgmvI0mhptFLzzZNpAsVS+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHppYzZDYThqU2FHbTBVdlBOazJrQ3hWTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9kYzFkMDktOWY2OS00NzFiLWJlN2Et
NTIwMDhkMWNiOWI2LzEvdGNhWjZycXZuOGNBQ2lBd0hXOTkyZ3FOZXljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9kYzFkMDktOWY2OS00NzFiLWJlN2EtNTIwMDhkMWNiOWI2
LzEveHppYzZDYThqU2FHbTBVdlBOazJrQ3hWTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9hGAwQA
wSreMA0GCSqGSIb3DQEBCwUAA4IBAQDEiBT0xIZp8L0dSRWZ+1HMQW2vZFv39jlW
Bo7EIRnK3c/VArEpXzPytXxrFEYfAtOce4xYpQo3EhuoG56VQBtKv5pnLmN7U3G9
YW5dxc0Dyo3bCrbSDm6alX9lIQDCF7zq+oPxp6fDEdgdVjyW0uUn+DrXAFea+iq9
1M0f6y61Ld43dz/PdAweKWpeojTu+KRbIJi4KZTwHDts9ClWiswfb04JRzSZQ+64
xZLo2x8P69DdMTYZ92CNaFLpcPBqtAAA2O9j/UGicPqPV7ER6A7oEqph2BY0rU60
AoZr+sv5sLTUHedVhkIoYatI3DNyvbgKyoyF5rVjy441Ide2Onmm
-----END CERTIFICATE-----