Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/49b48e-c84b-4f99-923f-4586238305f1/1/Tonf_fDBilVE8CvCB3qX9-Fy9uA.roa
File:                     Tonf_fDBilVE8CvCB3qX9-Fy9uA.roa (raw, json)
Hash identifier:          /80jc99Ln+EdbXVfLU9xAVQy6JSX7woEZQ9TAfqpJDE=
Subject key identifier:   4E:89:DF:FD:F0:C1:8A:55:44:F0:2B:C2:07:7A:97:F7:E1:72:F6:E0
Certificate issuer:       /CN=b19e1b7e810d6492abdb807fc8dde8675bd6bf2c
Certificate serial:       018CCA2A732F3E8675603CB6098DB0A55784
Authority key identifier: B1:9E:1B:7E:81:0D:64:92:AB:DB:80:7F:C8:DD:E8:67:5B:D6:BF:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sZ4bfoENZJKr24B_yN3oZ1vWvyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/49b48e-c84b-4f99-923f-4586238305f1/1/Tonf_fDBilVE8CvCB3qX9-Fy9uA.roa
Signing time:             Tue 02 Jan 2024 12:33:48 +0000
ROA not before:           Tue 02 Jan 2024 12:33:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8339
IP address blocks:        176.120.160.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/49b48e-c84b-4f99-923f-4586238305f1/1/sZ4bfoENZJKr24B_yN3oZ1vWvyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/49b48e-c84b-4f99-923f-4586238305f1/1/sZ4bfoENZJKr24B_yN3oZ1vWvyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sZ4bfoENZJKr24B_yN3oZ1vWvyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:02:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:73:2f:3e:86:75:60:3c:b6:09:8d:b0:a5:57:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b19e1b7e810d6492abdb807fc8dde8675bd6bf2c
        Validity
            Not Before: Jan  2 12:33:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e89dffdf0c18a5544f02bc2077a97f7e172f6e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e7:ed:35:fc:4a:ff:f9:10:45:af:60:72:d5:
                    d7:38:f9:d8:61:ae:fc:be:8e:d5:0b:58:e0:70:fd:
                    1d:71:7e:20:5a:91:86:05:64:90:20:d1:a1:29:b5:
                    13:25:92:bf:db:ab:91:06:d6:58:bb:f6:9e:41:49:
                    45:44:60:34:39:60:eb:1d:74:e2:f4:a5:70:26:c4:
                    f7:50:a2:32:0f:97:4f:db:0b:a8:15:01:e0:4f:e6:
                    c1:1c:06:dd:5f:2c:f2:ea:d8:e5:f9:82:1c:1e:49:
                    8e:1e:eb:ca:39:bb:8e:c3:bf:58:ed:e8:0d:c0:e3:
                    3b:05:39:39:c1:e4:7b:f5:61:40:23:39:6e:72:9b:
                    cc:e1:d8:27:5c:f2:0d:fe:b5:87:1f:a5:d3:a5:d5:
                    9e:d9:ff:09:ef:b8:43:b9:d2:40:6d:ea:5c:40:2e:
                    13:c9:b0:42:be:06:4e:cc:5f:3a:d9:48:61:15:98:
                    3b:ff:4d:69:9d:d3:7e:1b:f7:85:f6:40:b5:0c:ba:
                    fa:dc:85:3d:f6:ee:cd:99:92:e8:6f:81:3f:e5:17:
                    20:fd:3e:cd:82:60:cd:c3:2e:ef:9a:80:5b:5a:fb:
                    d4:7a:bf:27:fc:20:dd:8e:6c:7e:0d:c9:53:58:c4:
                    fc:83:6c:e4:3d:1d:84:38:2d:5c:2a:19:8b:96:cf:
                    45:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:89:DF:FD:F0:C1:8A:55:44:F0:2B:C2:07:7A:97:F7:E1:72:F6:E0
            X509v3 Authority Key Identifier:
                keyid:B1:9E:1B:7E:81:0D:64:92:AB:DB:80:7F:C8:DD:E8:67:5B:D6:BF:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sZ4bfoENZJKr24B_yN3oZ1vWvyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/49b48e-c84b-4f99-923f-4586238305f1/1/Tonf_fDBilVE8CvCB3qX9-Fy9uA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/49b48e-c84b-4f99-923f-4586238305f1/1/sZ4bfoENZJKr24B_yN3oZ1vWvyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.120.160.0/21

    Signature Algorithm: sha256WithRSAEncryption
         58:ec:58:0f:c9:4f:30:91:ad:d8:9d:04:41:c6:c8:43:07:6a:
         d2:61:80:31:2a:ef:43:00:4c:ee:05:d6:d4:bd:80:6e:34:e3:
         4f:a8:b1:9f:79:27:13:5b:7b:72:f9:8a:83:7b:98:93:d4:81:
         49:c8:43:0b:d3:15:cf:57:cf:66:ef:43:db:24:6d:c5:7a:75:
         52:89:ca:ae:ca:d2:12:76:59:27:de:87:08:3a:37:08:10:e7:
         bc:ec:40:d2:9b:1a:47:d4:83:be:99:f1:21:4d:81:5f:6b:79:
         90:e8:65:08:1e:ec:09:c0:92:70:17:d8:61:37:41:62:af:cf:
         6c:d1:6e:7a:ac:23:5e:5b:2c:18:0b:e1:90:0e:80:87:2f:a3:
         48:a1:ab:f9:83:c1:9a:96:8d:8a:65:35:8f:4c:8a:0d:1d:1c:
         3d:96:ef:a3:fc:2b:b8:c6:98:4b:e6:a3:80:ce:2d:89:17:a8:
         b9:6f:f0:43:8d:74:8c:77:3a:23:12:11:41:44:2a:c2:93:79:
         d6:6a:15:f2:14:22:24:81:88:5e:3c:fe:45:3e:79:ef:87:aa:
         15:e2:10:6e:0f:29:78:9f:c6:5e:45:83:0f:22:11:d9:b4:20:
         24:a8:d1:d9:e7:e9:8c:2a:34:d4:92:67:83:50:97:18:8e:1b:
         bc:56:43:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKnMvPoZ1YDy2CY2wpVeEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxOWUxYjdlODEwZDY0OTJhYmRiODA3ZmM4ZGRlODY3NWJk
NmJmMmMwHhcNMjQwMTAyMTIzMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTg5ZGZmZGYwYzE4YTU1NDRmMDJiYzIwNzdhOTdmN2UxNzJmNmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAouftNfxK//kQRa9gctXXOPnYYa78
vo7VC1jgcP0dcX4gWpGGBWSQINGhKbUTJZK/26uRBtZYu/aeQUlFRGA0OWDrHXTi
9KVwJsT3UKIyD5dP2wuoFQHgT+bBHAbdXyzy6tjl+YIcHkmOHuvKObuOw79Y7egN
wOM7BTk5weR79WFAIzlucpvM4dgnXPIN/rWHH6XTpdWe2f8J77hDudJAbepcQC4T
ybBCvgZOzF862UhhFZg7/01pndN+G/eF9kC1DLr63IU99u7NmZLob4E/5Rcg/T7N
gmDNwy7vmoBbWvvUer8n/CDdjmx+DclTWMT8g2zkPR2EOC1cKhmLls9FswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE6J3/3wwYpVRPArwgd6l/fhcvbgMB8GA1UdIwQY
MBaAFLGeG36BDWSSq9uAf8jd6Gdb1r8sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1o0YmZvRU5aSktyMjRCX3lOM29aMXZXdnl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My80OWI0OGUtYzg0Yi00Zjk5LTkyM2Yt
NDU4NjIzODMwNWYxLzEvVG9uZl9mREJpbFZFOEN2Q0IzcVg5LUZ5OXVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My80OWI0OGUtYzg0Yi00Zjk5LTkyM2YtNDU4NjIzODMwNWYx
LzEvc1o0YmZvRU5aSktyMjRCX3lOM29aMXZXdnl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDsHigMA0G
CSqGSIb3DQEBCwUAA4IBAQBY7FgPyU8wka3YnQRBxshDB2rSYYAxKu9DAEzuBdbU
vYBuNONPqLGfeScTW3ty+YqDe5iT1IFJyEML0xXPV89m70PbJG3FenVSicquytIS
dlkn3ocIOjcIEOe87EDSmxpH1IO+mfEhTYFfa3mQ6GUIHuwJwJJwF9hhN0Fir89s
0W56rCNeWywYC+GQDoCHL6NIoav5g8Galo2KZTWPTIoNHRw9lu+j/Cu4xphL5qOA
zi2JF6i5b/BDjXSMdzojEhFBRCrCk3nWahXyFCIkgYhePP5FPnnvh6oV4hBuDyl4
n8ZeRYMPIhHZtCAkqNHZ5+mMKjTUkmeDUJcYjhu8VkO7
-----END CERTIFICATE-----