Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/TViWfJZ7iER3BOws9j8Q-2-GymY.roa
File:                     TViWfJZ7iER3BOws9j8Q-2-GymY.roa (raw, json)
Hash identifier:          U39dzfJ1nZ7B1kOA0sB1EnmkieBA0hDoNlF/9B27hTM=
Subject key identifier:   4D:58:96:7C:96:7B:88:44:77:04:EC:2C:F6:3F:10:FB:6F:86:CA:66
Certificate issuer:       /CN=29be02dea0a086e9880f564c86872bbc597cc672
Certificate serial:       018CC7944909C41A8778B2CCF11BBCED321D
Authority key identifier: 29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/TViWfJZ7iER3BOws9j8Q-2-GymY.roa
Signing time:             Tue 02 Jan 2024 00:30:33 +0000
ROA not before:           Tue 02 Jan 2024 00:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60392
IP address blocks:        139.45.212.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:49:09:c4:1a:87:78:b2:cc:f1:1b:bc:ed:32:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29be02dea0a086e9880f564c86872bbc597cc672
        Validity
            Not Before: Jan  2 00:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d58967c967b88447704ec2cf63f10fb6f86ca66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:13:cf:ff:55:44:11:df:b8:b0:36:41:4f:48:
                    fd:69:32:7b:0e:29:0c:e4:7b:19:d2:9a:88:cb:c4:
                    a7:0c:b5:41:41:42:76:a7:c5:57:7b:a5:47:7e:96:
                    98:f5:3c:94:c7:f8:90:e8:16:eb:ff:b0:41:70:18:
                    9e:3d:45:ba:96:d0:df:4a:28:27:71:f0:3c:b4:14:
                    9a:93:93:e4:8e:86:39:38:a0:7c:fb:46:22:c5:eb:
                    3b:19:d9:02:15:dd:d5:e4:a5:b8:d2:aa:8b:93:ad:
                    86:8a:78:b4:a8:48:21:5f:e8:cd:43:c8:c4:aa:2e:
                    ac:45:a3:f6:f6:8b:17:c9:b1:d4:33:2d:2b:f9:c2:
                    ec:f6:9d:5a:8c:e4:94:17:b5:0d:3f:26:77:20:63:
                    ef:41:d6:2b:a8:21:cc:f1:5f:4f:aa:43:f8:1b:3d:
                    79:fb:01:ef:0d:8d:dd:24:dd:6c:a8:eb:1d:b1:2e:
                    12:0e:e2:7e:03:43:10:b7:6e:5b:9c:b4:31:5b:b6:
                    b6:00:f0:36:c2:69:a8:57:85:f4:5a:9a:56:b8:3b:
                    9e:0e:54:1e:e0:59:10:d8:e8:66:bc:ea:96:25:a1:
                    a2:2b:44:f3:3f:cf:e7:42:a0:fa:48:60:59:5f:ec:
                    a0:44:98:4e:8f:02:35:fe:97:db:18:14:af:ed:f1:
                    57:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:58:96:7C:96:7B:88:44:77:04:EC:2C:F6:3F:10:FB:6F:86:CA:66
            X509v3 Authority Key Identifier:
                keyid:29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/TViWfJZ7iER3BOws9j8Q-2-GymY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.45.212.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4d:be:06:13:17:2b:d8:44:82:d1:04:f7:ce:25:56:8e:a3:ed:
         87:82:a9:ca:c8:43:bc:a8:08:40:ed:2f:e3:da:6b:ec:1b:cb:
         5e:88:8b:19:57:47:99:db:a2:03:a2:13:69:70:75:70:60:70:
         0f:aa:36:82:c3:4a:28:fe:3e:4e:84:21:b6:89:19:85:ca:87:
         3a:9c:08:5d:52:db:1b:d2:e0:3f:1d:62:f4:dc:d9:ed:78:e2:
         ac:4d:dc:67:d4:4b:56:1d:25:54:6a:fb:89:02:5b:49:1f:54:
         7f:6b:35:bc:07:6d:e0:8f:d9:9d:66:91:33:67:a7:44:28:6c:
         14:de:5d:71:c9:06:77:0d:c3:8c:a6:5c:49:2b:8b:ac:9c:c3:
         0f:84:a7:9f:87:a2:24:6a:a1:f2:b7:f5:db:36:dd:0d:b6:f4:
         f6:69:14:52:5b:ca:ec:7d:43:cb:4f:57:92:a0:b7:d7:7b:96:
         1a:90:0e:19:9f:6b:62:44:f1:c7:da:3c:c5:28:71:84:40:ac:
         ab:ad:90:0b:b0:73:bf:9d:11:7f:6f:27:05:bf:04:16:3c:be:
         24:c6:40:fa:4e:88:97:32:88:bd:c1:5e:a9:3d:ab:fe:ab:b3:
         cb:06:90:06:8e:11:4c:53:fe:3f:5e:c3:7c:fb:53:1b:c2:0b:
         be:b8:62:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlEkJxBqHeLLM8Ru87TIdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YmUwMmRlYTBhMDg2ZTk4ODBmNTY0Yzg2ODcyYmJjNTk3
Y2M2NzIwHhcNMjQwMTAyMDAzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDU4OTY3Yzk2N2I4ODQ0NzcwNGVjMmNmNjNmMTBmYjZmODZjYTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1xPP/1VEEd+4sDZBT0j9aTJ7DikM
5HsZ0pqIy8SnDLVBQUJ2p8VXe6VHfpaY9TyUx/iQ6Bbr/7BBcBiePUW6ltDfSign
cfA8tBSak5PkjoY5OKB8+0Yixes7GdkCFd3V5KW40qqLk62Gini0qEghX+jNQ8jE
qi6sRaP29osXybHUMy0r+cLs9p1ajOSUF7UNPyZ3IGPvQdYrqCHM8V9PqkP4Gz15
+wHvDY3dJN1sqOsdsS4SDuJ+A0MQt25bnLQxW7a2APA2wmmoV4X0WppWuDueDlQe
4FkQ2OhmvOqWJaGiK0TzP8/nQqD6SGBZX+ygRJhOjwI1/pfbGBSv7fFXTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE1YlnyWe4hEdwTsLPY/EPtvhspmMB8GA1UdIwQY
MBaAFCm+At6goIbpiA9WTIaHK7xZfMZyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMt
MDAzYTE1NjhiZjNmLzEvVFZpV2ZKWjdpRVIzQk93czlqOFEtMi1HeW1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMtMDAzYTE1NjhiZjNm
LzEvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBiy3UMA0G
CSqGSIb3DQEBCwUAA4IBAQBNvgYTFyvYRILRBPfOJVaOo+2HgqnKyEO8qAhA7S/j
2mvsG8teiIsZV0eZ26IDohNpcHVwYHAPqjaCw0oo/j5OhCG2iRmFyoc6nAhdUtsb
0uA/HWL03NnteOKsTdxn1EtWHSVUavuJAltJH1R/azW8B23gj9mdZpEzZ6dEKGwU
3l1xyQZ3DcOMplxJK4usnMMPhKefh6IkaqHyt/XbNt0NtvT2aRRSW8rsfUPLT1eS
oLfXe5YakA4Zn2tiRPHH2jzFKHGEQKyrrZALsHO/nRF/bycFvwQWPL4kxkD6ToiX
Moi9wV6pPav+q7PLBpAGjhFMU/4/XsN8+1Mbwgu+uGLM
-----END CERTIFICATE-----