Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/TticUwP9t75bIbKizzIujDQdBoc.roa
File:                     TticUwP9t75bIbKizzIujDQdBoc.roa (raw, json)
Hash identifier:          75xAxOANAwGqLyzQVu1S5YFo9WmmW6YSdv7pxYQjR6M=
Subject key identifier:   4E:D8:9C:53:03:FD:B7:BE:5B:21:B2:A2:CF:32:2E:8C:34:1D:06:87
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       018CE9C30470533E77A5EEAFC85144406152
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/TticUwP9t75bIbKizzIujDQdBoc.roa
Signing time:             Mon 08 Jan 2024 15:48:41 +0000
ROA not before:           Mon 08 Jan 2024 15:48:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60291
IP address blocks:        87.229.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e9:c3:04:70:53:3e:77:a5:ee:af:c8:51:44:40:61:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Jan  8 15:48:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ed89c5303fdb7be5b21b2a2cf322e8c341d0687
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:0e:8e:99:18:0f:66:af:79:35:ee:a8:48:65:
                    94:2f:1b:ec:3e:ef:ad:ce:9e:69:1f:a0:34:51:f2:
                    7d:af:7f:62:c8:85:a4:5a:fa:3d:07:bd:1f:9d:15:
                    67:6c:a2:46:d1:9b:05:f7:5a:2f:82:b1:47:ba:c8:
                    77:61:ea:d5:08:63:89:6e:29:9a:bc:73:57:97:83:
                    19:3d:0a:c1:8e:35:be:18:8e:16:6a:c0:91:41:8a:
                    e2:7f:d1:2e:0e:e4:d1:d0:50:8c:f0:e6:70:5b:e2:
                    60:9c:1c:1d:29:ea:a3:ab:e4:73:ad:67:60:8c:91:
                    46:eb:09:bd:38:79:27:49:46:69:6c:c2:07:eb:71:
                    0d:8a:9a:d7:95:2a:d5:ed:de:d5:c3:ad:a8:7d:7c:
                    1d:3c:7d:92:cd:30:f5:d1:7f:6c:72:68:29:3f:c4:
                    02:4b:ee:d2:9e:4e:08:13:d5:32:04:79:b2:fc:60:
                    6c:59:c4:02:aa:b7:46:db:59:be:b8:60:87:bc:6e:
                    f5:27:ff:af:77:cb:af:ba:56:a0:9a:00:23:4a:42:
                    95:64:45:cc:12:b9:18:62:58:1d:77:4d:f8:8c:55:
                    07:0c:da:1e:4f:61:ff:d6:5d:45:73:21:5a:7b:2d:
                    1f:5e:46:a4:1f:bf:27:2e:52:3f:fc:02:99:15:78:
                    03:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:D8:9C:53:03:FD:B7:BE:5B:21:B2:A2:CF:32:2E:8C:34:1D:06:87
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/TticUwP9t75bIbKizzIujDQdBoc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.229.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:61:b8:aa:9a:db:85:7f:73:fb:3d:58:f6:fe:66:41:77:ae:
         12:bd:2f:b2:b5:2e:02:a3:eb:e6:0b:98:54:c0:62:92:03:ed:
         28:70:55:fb:c2:4a:91:35:b0:6d:76:b7:52:b5:0d:f4:f9:47:
         71:53:88:ad:85:a9:31:2e:3d:11:c0:be:d6:79:53:18:a0:57:
         e2:3e:bf:7a:63:1c:70:54:f3:c1:39:e9:af:f9:b9:69:d8:0d:
         8e:b6:3c:b2:04:51:d7:45:3c:dd:bb:9f:56:b4:04:1f:36:5d:
         bd:c6:54:6a:94:11:d6:79:8e:ef:a1:81:30:a6:28:2f:dc:05:
         ed:60:8e:2d:34:04:8a:8c:cf:03:5f:01:1c:95:44:53:ca:7c:
         f4:1f:31:18:2d:1d:e3:a4:17:e3:b6:2e:30:4b:35:c6:11:72:
         10:9b:ad:7e:4b:ad:5b:fa:23:68:6e:20:9f:bc:f9:7d:d5:58:
         79:f9:d0:41:b9:cf:a9:84:60:b2:15:c4:a2:43:fe:4f:71:e0:
         70:22:f9:97:ba:07:e2:9a:67:a6:3a:83:32:19:04:95:ea:fa:
         44:4b:55:2d:05:d4:a9:a4:00:37:8e:39:f0:23:c7:d3:a2:5a:
         92:fe:1b:de:37:88:55:4b:21:13:50:a3:ad:7f:fd:55:26:07:
         87:7a:ac:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzpwwRwUz53pe6vyFFEQGFSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjQwMTA4MTU0ODQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWQ4OWM1MzAzZmRiN2JlNWIyMWIyYTJjZjMyMmU4YzM0MWQwNjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgg6OmRgPZq95Ne6oSGWULxvsPu+t
zp5pH6A0UfJ9r39iyIWkWvo9B70fnRVnbKJG0ZsF91ovgrFHush3YerVCGOJbima
vHNXl4MZPQrBjjW+GI4WasCRQYrif9EuDuTR0FCM8OZwW+JgnBwdKeqjq+RzrWdg
jJFG6wm9OHknSUZpbMIH63ENiprXlSrV7d7Vw62ofXwdPH2SzTD10X9scmgpP8QC
S+7Snk4IE9UyBHmy/GBsWcQCqrdG21m+uGCHvG71J/+vd8uvulagmgAjSkKVZEXM
ErkYYlgdd034jFUHDNoeT2H/1l1FcyFaey0fXkakH78nLlI//AKZFXgDXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE7YnFMD/be+WyGyos8yLow0HQaHMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvVHRpY1V3UDl0NzViSWJLaXp6SXVqRFFkQm9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+U5MA0G
CSqGSIb3DQEBCwUAA4IBAQCfYbiqmtuFf3P7PVj2/mZBd64SvS+ytS4Co+vmC5hU
wGKSA+0ocFX7wkqRNbBtdrdStQ30+UdxU4ithakxLj0RwL7WeVMYoFfiPr96Yxxw
VPPBOemv+blp2A2OtjyyBFHXRTzdu59WtAQfNl29xlRqlBHWeY7voYEwpigv3AXt
YI4tNASKjM8DXwEclURTynz0HzEYLR3jpBfjti4wSzXGEXIQm61+S61b+iNobiCf
vPl91Vh5+dBBuc+phGCyFcSiQ/5PceBwIvmXugfimmemOoMyGQSV6vpES1UtBdSp
pAA3jjnwI8fTolqS/hveN4hVSyETUKOtf/1VJgeHeqxc
-----END CERTIFICATE-----