Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/b71d9f-f1da-400a-b485-04dbc9ac1444/1/TKvHd_prP-V2GrJJnozVkMaquaw.roa
File:                     TKvHd_prP-V2GrJJnozVkMaquaw.roa (raw, json)
Hash identifier:          mMqVZQ+6v34/Lysa+umQ1AFdSz7iNCCcgMu8UC+KqIg=
Subject key identifier:   4C:AB:C7:77:FA:6B:3F:E5:76:1A:B2:49:9E:8C:D5:90:C6:AA:B9:AC
Certificate issuer:       /CN=ae8ed33b70be6cc20c89fbbac77a59ca3b4c0934
Certificate serial:       018CCA2B37F7C8311701E838679408A5DFDC
Authority key identifier: AE:8E:D3:3B:70:BE:6C:C2:0C:89:FB:BA:C7:7A:59:CA:3B:4C:09:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ro7TO3C-bMIMifu6x3pZyjtMCTQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/b71d9f-f1da-400a-b485-04dbc9ac1444/1/TKvHd_prP-V2GrJJnozVkMaquaw.roa
Signing time:             Tue 02 Jan 2024 12:34:39 +0000
ROA not before:           Tue 02 Jan 2024 12:34:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212451
IP address blocks:        178.213.48.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/b71d9f-f1da-400a-b485-04dbc9ac1444/1/ro7TO3C-bMIMifu6x3pZyjtMCTQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/b71d9f-f1da-400a-b485-04dbc9ac1444/1/ro7TO3C-bMIMifu6x3pZyjtMCTQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ro7TO3C-bMIMifu6x3pZyjtMCTQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:37:f7:c8:31:17:01:e8:38:67:94:08:a5:df:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae8ed33b70be6cc20c89fbbac77a59ca3b4c0934
        Validity
            Not Before: Jan  2 12:34:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4cabc777fa6b3fe5761ab2499e8cd590c6aab9ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:50:b2:ac:66:92:b1:5b:92:8e:eb:4b:44:cd:
                    d6:78:10:fc:06:9c:83:0b:83:2a:90:38:ce:82:c5:
                    d6:75:0d:1a:0b:ac:98:b3:05:d4:ad:83:cb:d9:57:
                    e7:eb:69:0c:c9:0b:e7:6f:d6:15:68:3f:68:5b:b2:
                    6c:48:bc:3d:91:ce:03:be:2d:a3:6c:5d:37:d9:8b:
                    07:d6:75:b0:b7:bd:21:28:91:57:f8:bb:ff:a8:f6:
                    18:41:1a:c5:a2:8d:4f:96:f7:bd:f4:93:7f:fb:eb:
                    e1:47:40:ea:4a:0b:d5:33:79:b1:e5:92:23:e6:ec:
                    ed:77:ec:4b:ab:58:b1:96:aa:1b:e6:fc:05:28:64:
                    13:61:ae:28:6b:05:66:98:65:ed:3e:39:88:69:46:
                    8c:24:66:44:29:76:3a:02:00:38:98:23:09:12:3c:
                    3e:e7:12:d1:9f:5d:2b:4c:f1:44:d8:33:51:6d:f6:
                    04:58:8b:03:69:cb:01:0e:77:f2:eb:ca:56:ca:52:
                    48:f4:ea:ac:d7:ad:8e:a4:27:47:48:9c:78:37:1c:
                    d8:53:e4:ed:7f:df:4e:f1:ab:93:10:9f:b9:84:14:
                    45:9c:20:71:45:ab:51:a6:d6:8c:a3:fb:73:28:57:
                    33:b2:8a:17:7c:a1:ae:9e:b3:e4:a7:b9:a4:0d:70:
                    d3:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:AB:C7:77:FA:6B:3F:E5:76:1A:B2:49:9E:8C:D5:90:C6:AA:B9:AC
            X509v3 Authority Key Identifier:
                keyid:AE:8E:D3:3B:70:BE:6C:C2:0C:89:FB:BA:C7:7A:59:CA:3B:4C:09:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ro7TO3C-bMIMifu6x3pZyjtMCTQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/b71d9f-f1da-400a-b485-04dbc9ac1444/1/TKvHd_prP-V2GrJJnozVkMaquaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/b71d9f-f1da-400a-b485-04dbc9ac1444/1/ro7TO3C-bMIMifu6x3pZyjtMCTQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.213.48.0/21

    Signature Algorithm: sha256WithRSAEncryption
         84:58:35:28:ed:8f:65:ad:18:f3:d0:13:d6:87:bc:85:4f:02:
         88:54:9f:de:0c:6b:af:96:3d:cb:7b:85:a5:39:68:f8:9e:d7:
         a2:dd:95:2c:9a:d4:89:1e:f0:bb:9b:3a:75:3e:57:2c:83:71:
         6f:f6:e5:51:f6:1f:9b:8b:d7:7f:df:97:56:5f:ad:d0:46:b2:
         95:8b:7a:3a:b7:e4:62:d6:51:93:70:5b:8c:d7:95:90:17:a4:
         c6:f9:b5:c0:03:f5:1a:77:59:d6:19:f9:93:c7:dc:49:48:8d:
         4e:4e:ba:95:27:76:6a:1e:cb:80:28:2a:28:c0:78:42:78:27:
         92:19:9b:e1:c0:3a:f5:33:06:27:e8:30:08:35:50:18:03:57:
         ab:ff:2b:cc:52:7c:48:d5:f4:38:96:96:b4:6f:cb:09:b8:ed:
         3d:ce:39:66:de:b1:ac:d7:fe:51:b0:92:39:04:56:14:3a:d9:
         af:3d:3d:21:32:60:6c:63:1d:22:15:86:37:06:e3:da:bd:c6:
         ea:5f:6f:fb:f7:fa:64:94:8d:4a:ff:2b:5e:92:5c:12:4a:29:
         44:ca:2e:d7:e3:79:8d:05:4d:5e:58:8d:f0:e8:43:36:69:03:
         63:e7:57:82:43:d0:41:d8:3f:1d:07:98:81:4a:21:48:a6:5e:
         71:73:aa:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKzf3yDEXAeg4Z5QIpd/cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlOGVkMzNiNzBiZTZjYzIwYzg5ZmJiYWM3N2E1OWNhM2I0
YzA5MzQwHhcNMjQwMTAyMTIzNDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2FiYzc3N2ZhNmIzZmU1NzYxYWIyNDk5ZThjZDU5MGM2YWFiOWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVCyrGaSsVuSjutLRM3WeBD8BpyD
C4MqkDjOgsXWdQ0aC6yYswXUrYPL2Vfn62kMyQvnb9YVaD9oW7JsSLw9kc4Dvi2j
bF032YsH1nWwt70hKJFX+Lv/qPYYQRrFoo1Plve99JN/++vhR0DqSgvVM3mx5ZIj
5uztd+xLq1ixlqob5vwFKGQTYa4oawVmmGXtPjmIaUaMJGZEKXY6AgA4mCMJEjw+
5xLRn10rTPFE2DNRbfYEWIsDacsBDnfy68pWylJI9Oqs162OpCdHSJx4NxzYU+Tt
f99O8auTEJ+5hBRFnCBxRatRptaMo/tzKFczsooXfKGunrPkp7mkDXDTOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEyrx3f6az/ldhqySZ6M1ZDGqrmsMB8GA1UdIwQY
MBaAFK6O0ztwvmzCDIn7usd6Wco7TAk0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm83VE8zQy1iTUlNaWZ1NngzcFp5anRNQ1RRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy9iNzFkOWYtZjFkYS00MDBhLWI0ODUt
MDRkYmM5YWMxNDQ0LzEvVEt2SGRfcHJQLVYyR3JKSm5velZrTWFxdWF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy9iNzFkOWYtZjFkYS00MDBhLWI0ODUtMDRkYmM5YWMxNDQ0
LzEvcm83VE8zQy1iTUlNaWZ1NngzcFp5anRNQ1RRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDstUwMA0G
CSqGSIb3DQEBCwUAA4IBAQCEWDUo7Y9lrRjz0BPWh7yFTwKIVJ/eDGuvlj3Le4Wl
OWj4ntei3ZUsmtSJHvC7mzp1Plcsg3Fv9uVR9h+bi9d/35dWX63QRrKVi3o6t+Ri
1lGTcFuM15WQF6TG+bXAA/Uad1nWGfmTx9xJSI1OTrqVJ3ZqHsuAKCoowHhCeCeS
GZvhwDr1MwYn6DAINVAYA1er/yvMUnxI1fQ4lpa0b8sJuO09zjlm3rGs1/5RsJI5
BFYUOtmvPT0hMmBsYx0iFYY3BuPavcbqX2/79/pklI1K/yteklwSSilEyi7X43mN
BU1eWI3w6EM2aQNj51eCQ9BB2D8dB5iBSiFIpl5xc6p9
-----END CERTIFICATE-----