Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/TBXfYzxCZJxTgcen5SUSyQN3x8I.roa
File:                     TBXfYzxCZJxTgcen5SUSyQN3x8I.roa (raw, json)
Hash identifier:          wVxa0a91H3UuEIQPcPGOUTVMvAPaJKyWwkJDvE9VDfo=
Subject key identifier:   4C:15:DF:63:3C:42:64:9C:53:81:C7:A7:E5:25:12:C9:03:77:C7:C2
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018CC50144B1B400ECF409B44B22E91782E3
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/TBXfYzxCZJxTgcen5SUSyQN3x8I.roa
Signing time:             Mon 01 Jan 2024 12:30:43 +0000
ROA not before:           Mon 01 Jan 2024 12:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58061
IP address blocks:        84.32.106.0/24 maxlen: 24
                          88.216.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:44:b1:b4:00:ec:f4:09:b4:4b:22:e9:17:82:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  1 12:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c15df633c42649c5381c7a7e52512c90377c7c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:0c:76:8f:2e:48:19:a1:e0:4b:0f:43:70:68:
                    51:d7:9c:f4:51:6c:0c:7f:4e:5c:6c:ba:44:b6:9c:
                    ce:5f:c2:8d:cd:31:ce:28:07:de:f3:75:db:d0:b0:
                    47:8b:77:3f:20:10:c6:7f:8d:84:b7:b7:4d:71:eb:
                    03:66:68:0d:96:36:78:82:e3:06:9b:af:42:46:aa:
                    fa:22:bf:77:ec:51:72:97:68:3e:74:03:3c:60:31:
                    a3:fc:8e:df:4b:01:7d:a8:85:38:b7:b3:7e:98:0c:
                    be:3a:f8:f6:de:cc:63:b4:87:8e:1d:0a:f4:7a:a5:
                    aa:6d:bb:e5:03:27:82:60:4a:fb:83:21:fb:ce:56:
                    b6:36:f0:25:bb:eb:c1:7e:a1:e7:67:01:61:1e:6c:
                    d6:3a:91:95:3e:50:5b:8d:06:71:bd:f0:a2:f4:5e:
                    02:5d:1a:ce:13:90:a0:54:5b:4d:af:c0:41:0d:7b:
                    28:3e:a1:33:97:0f:71:f1:9d:f9:21:9f:a4:8a:89:
                    a0:be:3c:6d:16:8b:8f:a0:6c:75:cd:c6:bd:ad:74:
                    6c:9f:f3:60:bf:eb:ba:73:7f:58:06:3c:5d:b4:21:
                    bb:1f:9b:d3:d6:92:81:fd:42:7b:df:7e:01:70:d9:
                    a6:36:08:72:0c:2d:d7:17:5e:d5:b8:44:02:68:c0:
                    bb:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:15:DF:63:3C:42:64:9C:53:81:C7:A7:E5:25:12:C9:03:77:C7:C2
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/TBXfYzxCZJxTgcen5SUSyQN3x8I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.106.0/24
                  88.216.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:a0:06:1b:00:f7:fc:f0:09:77:1a:bd:b9:36:38:9d:bc:2f:
         68:46:bf:d5:32:b8:78:3f:40:f2:43:ca:ed:5e:11:e0:57:e3:
         d0:b6:70:ce:e7:e2:86:b9:82:09:76:9d:15:7a:da:8e:9d:71:
         11:fa:26:38:35:e8:77:90:98:6d:84:ad:dc:b5:ef:ba:6c:5f:
         7f:df:93:f0:da:f7:f8:07:74:a1:07:46:88:46:0e:17:b8:c8:
         fd:bd:6b:85:cf:a5:5e:7a:22:8d:b8:da:f0:24:61:53:c1:c3:
         31:ca:06:5a:cf:30:d4:29:f2:a5:9a:4c:52:1d:18:ef:27:83:
         dd:6c:f2:9b:33:5e:c9:cb:02:e3:af:64:e0:25:14:ad:6d:cc:
         bf:8b:68:cb:03:cb:1d:e2:c2:59:a3:82:13:5f:54:d3:63:26:
         7a:0f:9b:22:01:3e:f6:89:ec:11:9d:35:a0:4a:1d:a0:77:13:
         ee:2b:02:be:31:ba:5f:56:5b:a8:26:be:b6:60:78:4a:3b:78:
         8f:90:06:82:0f:e3:db:ba:28:60:c6:33:fd:0e:b4:78:d2:fd:
         3d:1a:f0:b5:b4:2e:15:a6:6b:2d:94:a7:21:9e:9d:57:04:32:
         83:74:bb:d2:0e:57:cc:ee:dd:1f:b7:9a:9c:96:8c:49:b8:a3:
         11:6a:4c:04
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAUSxtADs9Am0SyLpF4LjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMTAxMTIzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzE1ZGY2MzNjNDI2NDljNTM4MWM3YTdlNTI1MTJjOTAzNzdjN2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgwx2jy5IGaHgSw9DcGhR15z0UWwM
f05cbLpEtpzOX8KNzTHOKAfe83Xb0LBHi3c/IBDGf42Et7dNcesDZmgNljZ4guMG
m69CRqr6Ir937FFyl2g+dAM8YDGj/I7fSwF9qIU4t7N+mAy+Ovj23sxjtIeOHQr0
eqWqbbvlAyeCYEr7gyH7zla2NvAlu+vBfqHnZwFhHmzWOpGVPlBbjQZxvfCi9F4C
XRrOE5CgVFtNr8BBDXsoPqEzlw9x8Z35IZ+kiomgvjxtFouPoGx1zca9rXRsn/Ng
v+u6c39YBjxdtCG7H5vT1pKB/UJ7334BcNmmNghyDC3XF17VuEQCaMC7sQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEwV32M8QmScU4HHp+UlEskDd8fCMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvVEJYZll6eENaSnhUZ2NlbjVTVVN5UU4zeDhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVCBqAwQA
WNgrMA0GCSqGSIb3DQEBCwUAA4IBAQAnoAYbAPf88Al3Gr25NjidvC9oRr/VMrh4
P0DyQ8rtXhHgV+PQtnDO5+KGuYIJdp0VetqOnXER+iY4Neh3kJhthK3cte+6bF9/
35Pw2vf4B3ShB0aIRg4XuMj9vWuFz6VeeiKNuNrwJGFTwcMxygZazzDUKfKlmkxS
HRjvJ4PdbPKbM17JywLjr2TgJRStbcy/i2jLA8sd4sJZo4ITX1TTYyZ6D5siAT72
iewRnTWgSh2gdxPuKwK+MbpfVluoJr62YHhKO3iPkAaCD+PbuihgxjP9DrR40v09
GvC1tC4VpmstlKchnp1XBDKDdLvSDlfM7t0ft5qcloxJuKMRakwE
-----END CERTIFICATE-----