Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/8d1167-0c4d-488f-9a83-c0177dfda847/1/1-tzBf-Wr3oKV0iv3bsRKuDgYGdA.roa
File:                     1-tzBf-Wr3oKV0iv3bsRKuDgYGdA.roa (raw, json)
Hash identifier:          5JSPTdWpNRdccxfShq3u2dljPvCcARVXkF0fKieXVC8=
Subject key identifier:   FA:DC:C1:7F:E5:AB:DE:82:95:D2:2B:F7:6E:C4:4A:B8:38:18:19:D0
Certificate issuer:       /CN=374f6f3e3cb973bac8a43f6c0b806b3d11c9adc3
Certificate serial:       01909C5EC31E22FBD3E8BB70312FF8935F21
Authority key identifier: 37:4F:6F:3E:3C:B9:73:BA:C8:A4:3F:6C:0B:80:6B:3D:11:C9:AD:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N09vPjy5c7rIpD9sC4BrPRHJrcM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/8d1167-0c4d-488f-9a83-c0177dfda847/1/1-tzBf-Wr3oKV0iv3bsRKuDgYGdA.roa
Signing time:             Wed 10 Jul 2024 11:19:34 +0000
ROA not before:           Wed 10 Jul 2024 11:19:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210392
IP address blocks:        5.22.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/8d1167-0c4d-488f-9a83-c0177dfda847/1/N09vPjy5c7rIpD9sC4BrPRHJrcM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/8d1167-0c4d-488f-9a83-c0177dfda847/1/N09vPjy5c7rIpD9sC4BrPRHJrcM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N09vPjy5c7rIpD9sC4BrPRHJrcM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:9c:5e:c3:1e:22:fb:d3:e8:bb:70:31:2f:f8:93:5f:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=374f6f3e3cb973bac8a43f6c0b806b3d11c9adc3
        Validity
            Not Before: Jul 10 11:19:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fadcc17fe5abde8295d22bf76ec44ab8381819d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:9b:67:fe:fa:32:b2:85:6c:35:7a:78:31:6a:
                    59:41:1e:3d:ec:f8:ee:9d:e5:4d:7d:93:eb:ad:06:
                    a8:ff:44:5a:bf:b2:a0:a3:78:ef:3f:b4:a0:5d:9e:
                    db:6e:21:a1:fa:04:1c:bd:b9:79:49:72:4a:07:2e:
                    45:7a:3a:56:60:1f:18:9f:fa:87:4e:a6:56:3b:51:
                    45:e8:65:12:6d:2c:ee:d6:19:82:cf:d1:04:d7:ee:
                    20:1d:dc:28:c9:e8:a0:00:bb:8d:d5:7c:d5:a8:8e:
                    98:85:67:75:d2:af:6b:eb:48:cc:79:ef:cb:10:34:
                    89:7e:1b:7d:ad:c9:96:46:7b:22:04:05:66:a6:0f:
                    9f:d9:91:0b:33:79:d1:d5:a6:d2:4b:3a:eb:81:93:
                    62:87:d3:98:59:e8:12:2a:a9:a0:3a:70:f8:bf:ac:
                    63:64:3e:e6:58:e3:44:02:1a:66:eb:10:d8:f2:09:
                    63:4d:84:14:17:00:74:17:0a:53:82:23:cf:1a:78:
                    5b:d4:61:d2:fd:31:d4:a7:ed:09:d5:c3:50:da:11:
                    a2:39:92:d6:3f:5a:3d:f1:b7:c2:30:ed:9d:b9:4b:
                    34:5f:e6:1a:01:57:98:55:10:36:e0:ca:3a:69:74:
                    20:b8:ce:51:29:01:04:63:3d:38:fd:89:46:fb:4b:
                    d7:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:DC:C1:7F:E5:AB:DE:82:95:D2:2B:F7:6E:C4:4A:B8:38:18:19:D0
            X509v3 Authority Key Identifier:
                keyid:37:4F:6F:3E:3C:B9:73:BA:C8:A4:3F:6C:0B:80:6B:3D:11:C9:AD:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N09vPjy5c7rIpD9sC4BrPRHJrcM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/8d1167-0c4d-488f-9a83-c0177dfda847/1/1-tzBf-Wr3oKV0iv3bsRKuDgYGdA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/8d1167-0c4d-488f-9a83-c0177dfda847/1/N09vPjy5c7rIpD9sC4BrPRHJrcM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.22.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:98:eb:39:53:42:6e:65:1d:90:ee:be:28:89:be:86:cd:e3:
         40:ab:8b:6b:67:3f:ab:07:37:02:40:52:f5:de:66:19:7e:84:
         e1:73:69:5c:50:1e:54:63:83:3d:f1:65:c4:d3:49:51:06:7b:
         ea:09:66:50:9b:77:a1:59:13:51:aa:a7:78:38:d1:b1:22:e1:
         ef:c5:14:cb:ea:70:68:33:18:10:c0:18:75:f1:f5:58:fa:72:
         18:89:df:5e:14:52:c3:4d:53:d0:f3:8f:fb:a5:aa:72:98:a0:
         5f:84:50:83:c3:e5:5e:db:f3:b6:24:8a:f0:f2:9c:2c:c8:0b:
         3e:e3:3d:6f:83:15:77:8c:b4:64:d7:99:5f:a4:ae:ae:cd:ef:
         94:11:3d:b1:69:d8:19:e5:ca:a9:92:5f:3f:75:1a:31:a6:b3:
         42:7c:f9:f5:4d:6c:c6:1c:3a:6f:0e:83:4f:f2:0a:59:00:13:
         c5:75:0c:d9:f2:a8:94:ac:2f:de:25:00:ab:8d:68:ff:29:34:
         f8:dc:7b:cc:a1:e9:77:0a:1a:a2:b3:4c:6c:0a:e1:20:77:60:
         b8:35:1d:b5:03:d9:4d:b2:ff:d9:db:f5:91:f0:5a:4f:ad:25:
         c1:22:70:b1:a9:9d:c8:6c:cd:71:50:2b:31:2d:12:fd:a3:95:
         43:22:c4:51
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZCcXsMeIvvT6LtwMS/4k18hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NGY2ZjNlM2NiOTczYmFjOGE0M2Y2YzBiODA2YjNkMTFj
OWFkYzMwHhcNMjQwNzEwMTExOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWRjYzE3ZmU1YWJkZTgyOTVkMjJiZjc2ZWM0NGFiODM4MTgxOWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzJtn/voysoVsNXp4MWpZQR497Pju
neVNfZPrrQao/0Rav7Kgo3jvP7SgXZ7bbiGh+gQcvbl5SXJKBy5FejpWYB8Yn/qH
TqZWO1FF6GUSbSzu1hmCz9EE1+4gHdwoyeigALuN1XzVqI6YhWd10q9r60jMee/L
EDSJfht9rcmWRnsiBAVmpg+f2ZELM3nR1abSSzrrgZNih9OYWegSKqmgOnD4v6xj
ZD7mWONEAhpm6xDY8gljTYQUFwB0FwpTgiPPGnhb1GHS/THUp+0J1cNQ2hGiOZLW
P1o98bfCMO2duUs0X+YaAVeYVRA24Mo6aXQguM5RKQEEYz04/YlG+0vXmwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPrcwX/lq96CldIr927ESrg4GBnQMB8GA1UdIwQY
MBaAFDdPbz48uXO6yKQ/bAuAaz0Rya3DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjA5dlBqeTVjN3JJcEQ5c0M0QnJQUkhKcmNNLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi84ZDExNjctMGM0ZC00ODhmLTlhODMt
YzAxNzdkZmRhODQ3LzEvMS10ekJmLVdyM29LVjBpdjNic1JLdURnWUdkQS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGYvOGQxMTY3LTBjNGQtNDg4Zi05YTgzLWMwMTc3ZGZkYTg0
Ny8xL04wOXZQank1YzdySXBEOXNDNEJyUFJISnJjTS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAUWyjAN
BgkqhkiG9w0BAQsFAAOCAQEAmpjrOVNCbmUdkO6+KIm+hs3jQKuLa2c/qwc3AkBS
9d5mGX6E4XNpXFAeVGODPfFlxNNJUQZ76glmUJt3oVkTUaqneDjRsSLh78UUy+pw
aDMYEMAYdfH1WPpyGInfXhRSw01T0POP+6WqcpigX4RQg8PlXtvztiSK8PKcLMgL
PuM9b4MVd4y0ZNeZX6Surs3vlBE9sWnYGeXKqZJfP3UaMaazQnz59U1sxhw6bw6D
T/IKWQATxXUM2fKolKwv3iUAq41o/yk0+Nx7zKHpdwoaorNMbArhIHdguDUdtQPZ
TbL/2dv1kfBaT60lwSJwsamdyGzNcVArMS0S/aOVQyLEUQ==
-----END CERTIFICATE-----