Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/TbosNl9cus3-h2rQ4RHcA_6eKoU.roa
File:                     TbosNl9cus3-h2rQ4RHcA_6eKoU.roa (raw, json)
Hash identifier:          Tbl76SB6KExfPI2sA3PhQtjmxcnVTvIfQLNDDB2gzyI=
Subject key identifier:   4D:BA:2C:36:5F:5C:BA:CD:FE:87:6A:D0:E1:11:DC:03:FE:9E:2A:85
Certificate issuer:       /CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
Certificate serial:       01934FBA4E6C5EBD7B8903C9AF9F20527BCD
Authority key identifier: 93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/TbosNl9cus3-h2rQ4RHcA_6eKoU.roa
Signing time:             Thu 21 Nov 2024 17:17:10 +0000
ROA not before:           Thu 21 Nov 2024 17:17:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214869
IP address blocks:        45.133.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4f:ba:4e:6c:5e:bd:7b:89:03:c9:af:9f:20:52:7b:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
        Validity
            Not Before: Nov 21 17:17:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4dba2c365f5cbacdfe876ad0e111dc03fe9e2a85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ca:d7:16:ae:11:f6:0e:e8:97:b3:41:5d:9d:
                    b5:d8:75:0f:b1:cd:51:68:c6:cf:62:03:21:89:d5:
                    e6:2f:8d:26:67:0d:23:a6:90:68:c9:06:6f:57:48:
                    64:5c:23:8c:d2:d9:e8:d8:a4:eb:96:fb:06:0f:a2:
                    7c:c4:19:eb:20:15:ce:93:a7:ac:be:ca:8f:62:8c:
                    52:73:c2:04:1f:ff:26:13:b6:7a:8e:e0:b5:77:09:
                    bc:18:11:50:55:73:f9:70:98:7a:33:f2:cc:52:db:
                    2c:f0:26:e5:95:57:7a:a6:ac:10:40:34:72:ab:f8:
                    c8:0f:b5:d7:69:c1:7d:b3:89:a2:a8:ab:52:ad:23:
                    4b:d4:0b:47:c5:54:d5:b3:17:37:d6:cd:da:41:da:
                    4a:34:b9:32:6b:3f:b1:a2:f0:37:46:8c:e9:28:f5:
                    b5:0c:20:9e:5c:d4:9c:83:f4:15:34:03:89:79:fb:
                    15:79:88:d1:af:10:21:6e:9a:8f:ab:a8:d3:59:a9:
                    e6:57:71:80:b6:49:a4:42:9b:5c:71:99:b5:c5:c8:
                    82:bc:8f:82:ff:b4:87:d3:9c:3d:7d:a5:9c:f3:56:
                    fd:79:53:19:63:44:1e:48:e9:fe:eb:14:e7:e0:dd:
                    1a:00:1a:9d:1c:2c:77:fe:be:5d:0b:17:3a:0b:a6:
                    5d:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:BA:2C:36:5F:5C:BA:CD:FE:87:6A:D0:E1:11:DC:03:FE:9E:2A:85
            X509v3 Authority Key Identifier:
                keyid:93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/TbosNl9cus3-h2rQ4RHcA_6eKoU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:d2:80:fc:b2:b3:ae:41:39:b3:d8:d5:42:26:76:d4:3e:22:
         12:45:70:e3:04:25:e5:cb:00:26:22:0d:ed:22:37:c4:0c:d6:
         2d:01:c4:6f:12:d6:62:ee:d9:0f:29:74:d2:83:66:58:dc:01:
         df:44:0a:14:4a:3e:d6:12:27:8f:67:3d:11:c4:90:f0:bf:65:
         91:d5:4b:30:70:3f:c9:5f:01:8d:f6:71:47:0f:14:3e:8b:70:
         9a:b0:e0:3c:f0:a0:75:fa:9e:3e:42:36:87:ae:8e:17:57:c2:
         da:47:5f:f6:b8:e4:44:5e:a8:5e:33:e5:0b:16:32:78:19:2f:
         f2:33:8d:6c:c2:3f:a0:8b:33:70:6a:07:78:8f:c2:17:5a:1d:
         e7:e4:fd:bf:00:9a:98:5b:a2:e4:53:c5:ee:75:20:e8:59:99:
         1c:8c:dd:f3:ef:17:db:79:71:d1:3b:14:4f:76:94:60:82:9d:
         27:6d:1a:96:8e:d3:59:98:97:f2:24:e0:0f:89:96:0b:ba:3d:
         b4:47:c1:6b:de:5b:6a:4e:69:65:6b:bb:db:26:b2:2a:ca:c0:
         8d:37:24:40:3b:47:82:d1:73:91:e0:df:05:04:a1:76:e6:5f:
         f2:e8:8d:8d:c5:e0:30:13:ba:9f:29:33:cd:05:5e:4b:c3:76:
         bf:a5:ab:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNPuk5sXr17iQPJr58gUnvNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZThmNGVkNWRkMDYzMDFjNDIzOTg4ZTc4NmRhYmY1MWM1
ZjU2NzQwHhcNMjQxMTIxMTcxNzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGJhMmMzNjVmNWNiYWNkZmU4NzZhZDBlMTExZGMwM2ZlOWUyYTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw8rXFq4R9g7ol7NBXZ212HUPsc1R
aMbPYgMhidXmL40mZw0jppBoyQZvV0hkXCOM0tno2KTrlvsGD6J8xBnrIBXOk6es
vsqPYoxSc8IEH/8mE7Z6juC1dwm8GBFQVXP5cJh6M/LMUtss8CbllVd6pqwQQDRy
q/jID7XXacF9s4miqKtSrSNL1AtHxVTVsxc31s3aQdpKNLkyaz+xovA3RozpKPW1
DCCeXNScg/QVNAOJefsVeYjRrxAhbpqPq6jTWanmV3GAtkmkQptccZm1xciCvI+C
/7SH05w9faWc81b9eVMZY0QeSOn+6xTn4N0aABqdHCx3/r5dCxc6C6ZdHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE26LDZfXLrN/odq0OER3AP+niqFMB8GA1UdIwQY
MBaAFJPo9O1d0GMBxCOYjnhtq/UcX1Z0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQt
MWZjMTllYTczYTJhLzEvVGJvc05sOWN1czMtaDJyUTRSSGNBXzZlS29VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQtMWZjMTllYTczYTJh
LzEvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYVoMA0G
CSqGSIb3DQEBCwUAA4IBAQA70oD8srOuQTmz2NVCJnbUPiISRXDjBCXlywAmIg3t
IjfEDNYtAcRvEtZi7tkPKXTSg2ZY3AHfRAoUSj7WEiePZz0RxJDwv2WR1UswcD/J
XwGN9nFHDxQ+i3CasOA88KB1+p4+QjaHro4XV8LaR1/2uOREXqheM+ULFjJ4GS/y
M41swj+gizNwagd4j8IXWh3n5P2/AJqYW6LkU8XudSDoWZkcjN3z7xfbeXHROxRP
dpRggp0nbRqWjtNZmJfyJOAPiZYLuj20R8Fr3ltqTmlla7vbJrIqysCNNyRAO0eC
0XOR4N8FBKF25l/y6I2NxeAwE7qfKTPNBV5Lw3a/pavF
-----END CERTIFICATE-----