Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/tM_jpIH6QtPuN4R9C28HcgOFiao.roa
File:                     tM_jpIH6QtPuN4R9C28HcgOFiao.roa (raw, json)
Hash identifier:          ZpD4lNvj/Kru2w189ZN+T4L4lvuyEzS8BYSD1LbPxSw=
Subject key identifier:   B4:CF:E3:A4:81:FA:42:D3:EE:37:84:7D:0B:6F:07:72:03:85:89:AA
Certificate issuer:       /CN=5d39d15bd2fcc84771ba6aa29aa54428b21cef60
Certificate serial:       019098CB3C01B846305CA4E5402E35C12550
Authority key identifier: 5D:39:D1:5B:D2:FC:C8:47:71:BA:6A:A2:9A:A5:44:28:B2:1C:EF:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XTnRW9L8yEdxumqimqVEKLIc72A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/tM_jpIH6QtPuN4R9C28HcgOFiao.roa
Signing time:             Tue 09 Jul 2024 18:39:34 +0000
ROA not before:           Tue 09 Jul 2024 18:39:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28851
IP address blocks:        213.19.0.0/17 maxlen: 17
                          213.250.192.0/18 maxlen: 18

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/XTnRW9L8yEdxumqimqVEKLIc72A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/XTnRW9L8yEdxumqimqVEKLIc72A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XTnRW9L8yEdxumqimqVEKLIc72A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:98:cb:3c:01:b8:46:30:5c:a4:e5:40:2e:35:c1:25:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d39d15bd2fcc84771ba6aa29aa54428b21cef60
        Validity
            Not Before: Jul  9 18:39:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4cfe3a481fa42d3ee37847d0b6f0772038589aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:6d:0a:2d:9e:49:b5:c9:e8:59:ac:e4:f9:95:
                    50:2d:84:89:f1:c1:a1:d7:b3:be:3e:e2:03:33:a9:
                    0b:36:f4:b2:c0:0e:24:2b:04:ad:17:27:66:4f:fb:
                    9d:17:d7:f4:b8:c0:03:c3:68:21:26:ad:69:4a:38:
                    6d:a4:a0:e1:ec:71:fb:cb:ee:a6:9c:eb:9e:26:40:
                    b2:c7:52:c8:88:11:f0:d5:6a:2a:02:23:f0:00:3b:
                    79:5b:90:43:9b:33:d0:d4:39:b6:d7:88:7e:8e:9f:
                    96:90:4f:90:53:91:70:5e:40:d3:3f:8d:4d:be:1e:
                    56:0d:63:77:70:20:bb:d4:be:bc:d0:71:c2:7f:82:
                    82:3b:7c:be:5e:81:f8:29:af:af:9a:1e:08:f3:90:
                    a4:fa:15:54:f1:dc:e4:d8:75:35:85:ee:37:15:2c:
                    e3:57:18:87:95:e2:31:d4:56:3a:14:90:ca:e3:e9:
                    39:aa:a4:2e:75:f3:14:8e:5c:d9:77:9a:1e:58:9f:
                    a6:cf:6c:ff:8c:88:ac:fd:ce:7c:5e:fb:00:a2:74:
                    04:a6:c5:e9:76:bf:e9:63:78:52:7e:3f:bb:ac:7d:
                    bd:6a:8a:7e:ec:28:40:1d:c2:1d:b4:90:b7:c1:0d:
                    18:7f:3d:db:72:aa:ec:89:f2:35:94:0e:af:12:85:
                    58:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:CF:E3:A4:81:FA:42:D3:EE:37:84:7D:0B:6F:07:72:03:85:89:AA
            X509v3 Authority Key Identifier:
                keyid:5D:39:D1:5B:D2:FC:C8:47:71:BA:6A:A2:9A:A5:44:28:B2:1C:EF:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XTnRW9L8yEdxumqimqVEKLIc72A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/tM_jpIH6QtPuN4R9C28HcgOFiao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/XTnRW9L8yEdxumqimqVEKLIc72A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.19.0.0/17
                  213.250.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         88:be:a9:8f:86:04:4c:4c:6d:9a:35:5b:a4:8f:f8:18:a1:e1:
         01:57:da:30:f0:1e:d4:be:08:7a:35:4e:57:3e:25:f8:a8:f4:
         3a:51:1c:c6:23:00:49:57:ae:7a:32:68:c5:bb:35:9d:70:b1:
         df:94:72:ad:01:2d:2e:1d:dd:5f:91:10:3f:55:65:72:a5:05:
         91:5d:43:fc:65:49:76:e4:6f:0f:4f:df:20:ca:ca:4e:8f:f3:
         e4:28:6e:d6:3b:32:9d:78:2d:1e:da:89:54:3c:7d:c4:7f:8e:
         eb:fd:3c:1d:61:10:c8:6c:71:1c:04:88:10:4b:0f:77:b3:c3:
         0e:d3:d9:72:da:ec:d2:75:2d:86:64:93:fe:05:7e:76:a5:9e:
         ba:fb:33:4d:5a:0a:7c:a6:65:91:32:71:37:bb:d9:ad:92:87:
         f6:53:e4:4d:16:2e:44:3e:25:54:c1:49:8d:7d:6b:06:22:42:
         a1:df:b4:7b:04:e3:d1:bf:b5:0b:b3:cd:df:58:82:82:97:24:
         48:d6:40:28:f6:46:7a:28:d8:e3:c9:94:41:fa:0a:ba:8a:2f:
         00:10:7c:fe:86:88:a1:5f:7b:26:1e:ed:cf:b0:11:9f:fe:aa:
         da:df:77:71:54:b4:df:ee:a7:d9:56:51:39:52:2a:cd:43:56:
         0c:ec:1b:59
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZCYyzwBuEYwXKTlQC41wSVQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkMzlkMTViZDJmY2M4NDc3MWJhNmFhMjlhYTU0NDI4YjIx
Y2VmNjAwHhcNMjQwNzA5MTgzOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGNmZTNhNDgxZmE0MmQzZWUzNzg0N2QwYjZmMDc3MjAzODU4OWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA220KLZ5JtcnoWazk+ZVQLYSJ8cGh
17O+PuIDM6kLNvSywA4kKwStFydmT/udF9f0uMADw2ghJq1pSjhtpKDh7HH7y+6m
nOueJkCyx1LIiBHw1WoqAiPwADt5W5BDmzPQ1Dm214h+jp+WkE+QU5FwXkDTP41N
vh5WDWN3cCC71L680HHCf4KCO3y+XoH4Ka+vmh4I85Ck+hVU8dzk2HU1he43FSzj
VxiHleIx1FY6FJDK4+k5qqQudfMUjlzZd5oeWJ+mz2z/jIis/c58XvsAonQEpsXp
dr/pY3hSfj+7rH29aop+7ChAHcIdtJC3wQ0Yfz3bcqrsifI1lA6vEoVYFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLTP46SB+kLT7jeEfQtvB3IDhYmqMB8GA1UdIwQY
MBaAFF050VvS/MhHcbpqopqlRCiyHO9gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFRuUlc5TDh5RWR4dW1xaW1xVkVLTEljNzJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9jODA5MmUtOWY4Yy00NzE4LWI3NzAt
YzI5YjQ0ZGU1M2E4LzEvdE1fanBJSDZRdFB1TjRSOUMyOEhjZ09GaWFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9jODA5MmUtOWY4Yy00NzE4LWI3NzAtYzI5YjQ0ZGU1M2E4
LzEvWFRuUlc5TDh5RWR4dW1xaW1xVkVLTEljNzJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQH1RMAAwQG
1frAMA0GCSqGSIb3DQEBCwUAA4IBAQCIvqmPhgRMTG2aNVukj/gYoeEBV9ow8B7U
vgh6NU5XPiX4qPQ6URzGIwBJV656MmjFuzWdcLHflHKtAS0uHd1fkRA/VWVypQWR
XUP8ZUl25G8PT98gyspOj/PkKG7WOzKdeC0e2olUPH3Ef47r/TwdYRDIbHEcBIgQ
Sw93s8MO09ly2uzSdS2GZJP+BX52pZ66+zNNWgp8pmWRMnE3u9mtkof2U+RNFi5E
PiVUwUmNfWsGIkKh37R7BOPRv7ULs83fWIKClyRI1kAo9kZ6KNjjyZRB+gq6ii8A
EHz+hoihX3smHu3PsBGf/qra33dxVLTf7qfZVlE5UirNQ1YM7BtZ
-----END CERTIFICATE-----