Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/c48a2d-097d-498b-bc62-b513a0c2f353/1/TDR1dJ6OmqjSiWW6k7S46v8ENIE.roa
File:                     TDR1dJ6OmqjSiWW6k7S46v8ENIE.roa (raw, json)
Hash identifier:          hjuM21TosbfZb2+BiMZekgy7N1qjyb0gDwXqsbnjDpY=
Subject key identifier:   4C:34:75:74:9E:8E:9A:A8:D2:89:65:BA:93:B4:B8:EA:FF:04:34:81
Certificate issuer:       /CN=9a2ae8d4b01687021b77b874f110c1b6dbfec651
Certificate serial:       018CC7266A6C08E3DB3BF5BED8D6A747FFC7
Authority key identifier: 9A:2A:E8:D4:B0:16:87:02:1B:77:B8:74:F1:10:C1:B6:DB:FE:C6:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/miro1LAWhwIbd7h08RDBttv-xlE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/c48a2d-097d-498b-bc62-b513a0c2f353/1/TDR1dJ6OmqjSiWW6k7S46v8ENIE.roa
Signing time:             Mon 01 Jan 2024 22:30:32 +0000
ROA not before:           Mon 01 Jan 2024 22:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20879
IP address blocks:        217.28.143.0/24 maxlen: 24
                          2a12:26c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/c48a2d-097d-498b-bc62-b513a0c2f353/1/miro1LAWhwIbd7h08RDBttv-xlE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/c48a2d-097d-498b-bc62-b513a0c2f353/1/miro1LAWhwIbd7h08RDBttv-xlE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/miro1LAWhwIbd7h08RDBttv-xlE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:6a:6c:08:e3:db:3b:f5:be:d8:d6:a7:47:ff:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a2ae8d4b01687021b77b874f110c1b6dbfec651
        Validity
            Not Before: Jan  1 22:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c3475749e8e9aa8d28965ba93b4b8eaff043481
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:69:38:ea:3b:a9:71:a6:59:1a:ec:50:bd:97:
                    fb:88:06:53:f2:0f:42:cc:d6:9e:ba:7c:47:d8:6d:
                    70:fd:40:57:f5:7d:26:c5:83:c5:b1:4c:6f:c5:75:
                    0c:44:5e:28:be:b5:c6:40:20:f3:5a:05:1a:9f:8e:
                    30:99:b4:12:aa:53:a0:fd:ad:35:f8:06:d6:09:12:
                    77:c3:d1:03:c9:7a:6e:e2:92:9f:76:3d:e2:85:43:
                    7b:2e:aa:2a:67:0e:ed:c5:e8:7f:12:73:f7:f0:90:
                    7e:2f:51:fc:36:fd:44:a3:85:cd:6e:ad:47:8b:a8:
                    40:6c:53:1c:c2:d8:43:8d:c4:dc:dc:e5:ce:31:d1:
                    c1:b6:15:a7:e5:6d:c9:1d:44:ef:75:bf:2b:7c:e7:
                    26:39:fa:c3:bb:11:66:5f:7d:1a:20:6b:6c:88:c0:
                    fc:7d:25:8f:2d:d4:ea:d9:19:c5:2c:b8:37:b1:96:
                    b3:94:0f:92:e0:fe:d0:ca:46:ed:c0:0b:c6:29:f7:
                    42:a8:ff:20:1b:f3:15:c6:b6:8d:c6:b2:7f:7c:aa:
                    52:d1:04:3c:bc:98:b7:b7:64:ef:d0:4b:ec:48:c5:
                    d4:1c:92:8e:f4:ee:1e:7c:b1:b6:2c:7a:19:3e:eb:
                    58:a6:43:5b:2d:a5:36:d8:ec:e5:86:f4:53:6e:3e:
                    ce:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:34:75:74:9E:8E:9A:A8:D2:89:65:BA:93:B4:B8:EA:FF:04:34:81
            X509v3 Authority Key Identifier:
                keyid:9A:2A:E8:D4:B0:16:87:02:1B:77:B8:74:F1:10:C1:B6:DB:FE:C6:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/miro1LAWhwIbd7h08RDBttv-xlE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/c48a2d-097d-498b-bc62-b513a0c2f353/1/TDR1dJ6OmqjSiWW6k7S46v8ENIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/c48a2d-097d-498b-bc62-b513a0c2f353/1/miro1LAWhwIbd7h08RDBttv-xlE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.28.143.0/24
                IPv6:
                  2a12:26c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         94:e6:d7:15:22:cf:09:31:b9:70:2c:fe:8e:8c:86:64:4d:b9:
         cd:b8:bc:cc:85:67:c8:7c:f7:44:87:2a:d0:a4:9c:48:05:c9:
         5d:45:83:52:f3:e3:ab:aa:98:a3:58:46:80:4e:29:5a:b1:01:
         0d:5a:78:cc:0b:ea:bd:ae:a1:30:8c:6b:e1:82:9e:d8:ca:15:
         92:cb:f1:48:f5:0a:dd:05:12:3d:47:55:45:38:0d:5e:e0:bd:
         35:97:e0:eb:9f:84:db:c1:b2:34:73:40:15:99:19:15:44:fa:
         b1:8c:63:80:13:cb:73:80:82:fc:89:95:7d:76:be:d3:8c:9e:
         2a:05:d3:e0:9d:68:50:f7:f0:b5:00:47:8c:b4:fc:16:37:1c:
         c5:11:91:ba:ee:07:32:8e:46:f7:73:22:84:a8:e3:e4:cd:ab:
         58:36:af:48:06:82:54:ec:6f:15:09:09:2e:dd:67:8d:89:c1:
         5e:b9:19:84:74:04:c9:a0:f4:db:af:6b:fb:63:6d:a6:3d:d6:
         73:8d:55:bd:dd:95:c1:dd:d1:5e:b6:c6:62:5d:22:25:5b:3c:
         4a:a8:95:c0:55:79:db:dd:c0:35:fa:86:99:75:68:67:07:aa:
         d4:ad:99:71:92:31:f4:8e:6d:20:df:24:be:cb:23:49:57:60:
         a9:b6:5b:b2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJmpsCOPbO/W+2NanR//HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMmFlOGQ0YjAxNjg3MDIxYjc3Yjg3NGYxMTBjMWI2ZGJm
ZWM2NTEwHhcNMjQwMTAxMjIzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzM0NzU3NDllOGU5YWE4ZDI4OTY1YmE5M2I0YjhlYWZmMDQzNDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmk46jupcaZZGuxQvZf7iAZT8g9C
zNaeunxH2G1w/UBX9X0mxYPFsUxvxXUMRF4ovrXGQCDzWgUan44wmbQSqlOg/a01
+AbWCRJ3w9EDyXpu4pKfdj3ihUN7LqoqZw7txeh/EnP38JB+L1H8Nv1Eo4XNbq1H
i6hAbFMcwthDjcTc3OXOMdHBthWn5W3JHUTvdb8rfOcmOfrDuxFmX30aIGtsiMD8
fSWPLdTq2RnFLLg3sZazlA+S4P7QykbtwAvGKfdCqP8gG/MVxraNxrJ/fKpS0QQ8
vJi3t2Tv0EvsSMXUHJKO9O4efLG2LHoZPutYpkNbLaU22OzlhvRTbj7OVQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEw0dXSejpqo0ollupO0uOr/BDSBMB8GA1UdIwQY
MBaAFJoq6NSwFocCG3e4dPEQwbbb/sZRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWlybzFMQVdod0liZDdoMDhSREJ0dHYteGxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9jNDhhMmQtMDk3ZC00OThiLWJjNjIt
YjUxM2EwYzJmMzUzLzEvVERSMWRKNk9tcWpTaVdXNms3UzQ2djhFTklFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9jNDhhMmQtMDk3ZC00OThiLWJjNjItYjUxM2EwYzJmMzUz
LzEvbWlybzFMQVdod0liZDdoMDhSREJ0dHYteGxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA2RyPMA0E
AgACMAcDBQMqEibAMA0GCSqGSIb3DQEBCwUAA4IBAQCU5tcVIs8JMblwLP6OjIZk
TbnNuLzMhWfIfPdEhyrQpJxIBcldRYNS8+OrqpijWEaATilasQENWnjMC+q9rqEw
jGvhgp7YyhWSy/FI9QrdBRI9R1VFOA1e4L01l+Drn4TbwbI0c0AVmRkVRPqxjGOA
E8tzgIL8iZV9dr7TjJ4qBdPgnWhQ9/C1AEeMtPwWNxzFEZG67gcyjkb3cyKEqOPk
zatYNq9IBoJU7G8VCQku3WeNicFeuRmEdATJoPTbr2v7Y22mPdZzjVW93ZXB3dFe
tsZiXSIlWzxKqJXAVXnb3cA1+oaZdWhnB6rUrZlxkjH0jm0g3yS+yyNJV2Cptluy
-----END CERTIFICATE-----