Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/TBHw1PYl0pTDIHBoI2wXZOKHvRI.roa
File:                     TBHw1PYl0pTDIHBoI2wXZOKHvRI.roa (raw, json)
Hash identifier:          I8d1rD+pYnQdXiOluPmdOeOQCdaBDpynxO4pQQspOA4=
Subject key identifier:   4C:11:F0:D4:F6:25:D2:94:C3:20:70:68:23:6C:17:64:E2:87:BD:12
Certificate issuer:       /CN=ab8c6c58b607ff23ae7175a61682c75480f1e214
Certificate serial:       018CC8DCDAA41231F2D98F63034FB1D0B04C
Authority key identifier: AB:8C:6C:58:B6:07:FF:23:AE:71:75:A6:16:82:C7:54:80:F1:E2:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q4xsWLYH_yOucXWmFoLHVIDx4hQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/TBHw1PYl0pTDIHBoI2wXZOKHvRI.roa
Signing time:             Tue 02 Jan 2024 06:29:26 +0000
ROA not before:           Tue 02 Jan 2024 06:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61389
IP address blocks:        92.55.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/q4xsWLYH_yOucXWmFoLHVIDx4hQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/q4xsWLYH_yOucXWmFoLHVIDx4hQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q4xsWLYH_yOucXWmFoLHVIDx4hQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:da:a4:12:31:f2:d9:8f:63:03:4f:b1:d0:b0:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab8c6c58b607ff23ae7175a61682c75480f1e214
        Validity
            Not Before: Jan  2 06:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c11f0d4f625d294c3207068236c1764e287bd12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:9c:27:e4:c3:40:65:9d:6b:8e:91:76:82:ce:
                    0e:84:85:8f:72:90:d7:c3:ed:1f:5a:90:cc:3a:3d:
                    a8:52:24:97:f8:43:03:04:ca:d7:cf:0a:68:a1:63:
                    00:53:b9:ac:60:b6:d4:ae:63:cf:cb:6c:c2:2d:d6:
                    9b:b1:81:0a:23:23:e3:8e:ff:3f:79:81:b6:54:7e:
                    43:0e:a7:19:1f:a3:8c:70:8b:0c:31:fd:53:b8:c4:
                    3a:11:d9:08:23:c0:6a:8f:b8:6a:ba:1e:5d:dd:22:
                    b0:64:08:99:49:13:3e:58:07:ff:50:d0:df:2b:43:
                    fe:96:70:96:d4:aa:8b:08:1e:60:72:89:26:3c:38:
                    36:65:b4:0b:ba:6e:a7:8b:ea:bb:16:2e:7d:3f:55:
                    36:f4:ed:de:46:40:32:ab:d8:61:ba:1e:94:16:b3:
                    52:43:9c:7e:9c:19:9c:15:b5:44:2c:29:6f:0c:df:
                    32:5a:70:9e:39:49:9d:99:57:bd:21:3f:6b:08:c5:
                    8a:5d:45:0b:41:2f:83:bb:60:90:fb:a5:a5:1e:b2:
                    0d:f2:b8:a5:5b:48:89:bb:da:5b:43:bd:01:24:65:
                    a7:64:27:88:9e:5d:68:60:f7:1c:61:cc:64:90:09:
                    13:3d:e1:b7:4c:36:2a:d7:4f:3b:34:15:8e:06:24:
                    23:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:11:F0:D4:F6:25:D2:94:C3:20:70:68:23:6C:17:64:E2:87:BD:12
            X509v3 Authority Key Identifier:
                keyid:AB:8C:6C:58:B6:07:FF:23:AE:71:75:A6:16:82:C7:54:80:F1:E2:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q4xsWLYH_yOucXWmFoLHVIDx4hQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/TBHw1PYl0pTDIHBoI2wXZOKHvRI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/q4xsWLYH_yOucXWmFoLHVIDx4hQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.55.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:ec:99:a3:80:ea:fc:db:4d:2b:01:84:4e:41:fd:1c:55:87:
         4d:78:77:09:c5:fe:e7:e4:b9:4c:46:65:97:e2:c2:19:2d:50:
         f7:f8:60:de:7f:65:4a:65:a6:6d:6b:46:a3:a5:59:b2:14:18:
         1b:c5:44:53:78:a9:5e:14:77:a2:b4:48:17:32:ef:02:73:e3:
         21:c8:a6:c4:de:f9:9f:83:48:f8:a8:c2:6d:10:53:3f:92:4d:
         f7:33:48:b3:83:3f:16:ff:0f:23:b4:03:c7:08:84:a6:64:a8:
         21:ba:e8:0f:67:1d:6d:5f:e4:65:91:97:a7:e1:d5:31:0b:61:
         1c:33:59:34:88:00:d6:d7:7b:5f:c6:78:e8:0e:69:b6:73:73:
         73:ab:e7:9e:16:bc:c1:72:d7:fe:71:83:6d:79:5c:b2:aa:a5:
         e6:10:bb:21:f0:a3:ce:78:07:ff:6c:13:c5:71:98:dd:e5:c7:
         54:ba:da:fa:30:52:9f:b2:19:7b:2a:06:a1:f0:32:ff:36:cf:
         99:c9:f5:e6:54:68:01:71:34:9f:77:c3:9c:42:e1:6d:4c:66:
         cd:7d:d1:43:d3:4c:8f:49:f8:bb:4c:ef:10:73:d0:f9:18:7e:
         20:70:dc:11:88:6a:a4:22:9c:1f:9f:fe:3b:a6:d8:dd:b3:85:
         0a:79:82:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3NqkEjHy2Y9jA0+x0LBMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiOGM2YzU4YjYwN2ZmMjNhZTcxNzVhNjE2ODJjNzU0ODBm
MWUyMTQwHhcNMjQwMTAyMDYyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzExZjBkNGY2MjVkMjk0YzMyMDcwNjgyMzZjMTc2NGUyODdiZDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5wn5MNAZZ1rjpF2gs4OhIWPcpDX
w+0fWpDMOj2oUiSX+EMDBMrXzwpooWMAU7msYLbUrmPPy2zCLdabsYEKIyPjjv8/
eYG2VH5DDqcZH6OMcIsMMf1TuMQ6EdkII8Bqj7hquh5d3SKwZAiZSRM+WAf/UNDf
K0P+lnCW1KqLCB5gcokmPDg2ZbQLum6ni+q7Fi59P1U29O3eRkAyq9hhuh6UFrNS
Q5x+nBmcFbVELClvDN8yWnCeOUmdmVe9IT9rCMWKXUULQS+Du2CQ+6WlHrIN8ril
W0iJu9pbQ70BJGWnZCeInl1oYPccYcxkkAkTPeG3TDYq1087NBWOBiQjLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEwR8NT2JdKUwyBwaCNsF2Tih70SMB8GA1UdIwQY
MBaAFKuMbFi2B/8jrnF1phaCx1SA8eIUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTR4c1dMWUhfeU91Y1hXbUZvTEhWSUR4NGhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9lZmI4ZWUtYzVjNC00NDY3LWEwY2Mt
ODhhM2M0MWZhZWUyLzEvVEJIdzFQWWwwcFRESUhCb0kyd1haT0tIdlJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9lZmI4ZWUtYzVjNC00NDY3LWEwY2MtODhhM2M0MWZhZWUy
LzEvcTR4c1dMWUhfeU91Y1hXbUZvTEhWSUR4NGhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXDeWMA0G
CSqGSIb3DQEBCwUAA4IBAQCi7JmjgOr8200rAYROQf0cVYdNeHcJxf7n5LlMRmWX
4sIZLVD3+GDef2VKZaZta0ajpVmyFBgbxURTeKleFHeitEgXMu8Cc+MhyKbE3vmf
g0j4qMJtEFM/kk33M0izgz8W/w8jtAPHCISmZKghuugPZx1tX+RlkZen4dUxC2Ec
M1k0iADW13tfxnjoDmm2c3Nzq+eeFrzBctf+cYNteVyyqqXmELsh8KPOeAf/bBPF
cZjd5cdUutr6MFKfshl7Kgah8DL/Ns+ZyfXmVGgBcTSfd8OcQuFtTGbNfdFD00yP
Sfi7TO8Qc9D5GH4gcNwRiGqkIpwfn/47ptjds4UKeYLm
-----END CERTIFICATE-----