Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/7bc217-00b5-4880-a1b7-cfa40b4165b6/1/tPK776Y33bcG3laUP7crHoSaSpI.roa
File:                     tPK776Y33bcG3laUP7crHoSaSpI.roa (raw, json)
Hash identifier:          tZlNOuWz2ay6f6vd4O0onykAq/twD65inhXNbfgwbUA=
Subject key identifier:   B4:F2:BB:EF:A6:37:DD:B7:06:DE:56:94:3F:B7:2B:1E:84:9A:4A:92
Certificate issuer:       /CN=d5401fe547c9ce13b3b28f43973083d3a54333d4
Certificate serial:       018E9F12AD42A02CA69CEC06E9FF4B237819
Authority key identifier: D5:40:1F:E5:47:C9:CE:13:B3:B2:8F:43:97:30:83:D3:A5:43:33:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1UAf5UfJzhOzso9DlzCD06VDM9Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/7bc217-00b5-4880-a1b7-cfa40b4165b6/1/tPK776Y33bcG3laUP7crHoSaSpI.roa
Signing time:             Tue 02 Apr 2024 13:49:45 +0000
ROA not before:           Tue 02 Apr 2024 13:49:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33915
IP address blocks:        193.105.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/7bc217-00b5-4880-a1b7-cfa40b4165b6/1/1UAf5UfJzhOzso9DlzCD06VDM9Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/7bc217-00b5-4880-a1b7-cfa40b4165b6/1/1UAf5UfJzhOzso9DlzCD06VDM9Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1UAf5UfJzhOzso9DlzCD06VDM9Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9f:12:ad:42:a0:2c:a6:9c:ec:06:e9:ff:4b:23:78:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5401fe547c9ce13b3b28f43973083d3a54333d4
        Validity
            Not Before: Apr  2 13:49:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4f2bbefa637ddb706de56943fb72b1e849a4a92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:89:02:0e:8a:27:bd:da:ef:dc:b1:31:bb:df:
                    f1:bc:44:ff:b2:fc:f8:55:74:fc:46:3e:76:bd:f4:
                    bd:b1:5a:a5:bc:6e:ea:da:ae:f8:71:51:40:77:32:
                    ff:73:f5:aa:f2:11:19:20:66:ae:cd:58:60:09:2c:
                    83:b7:54:04:7b:12:18:59:7d:c8:78:c6:87:a0:3a:
                    76:6d:41:6f:5e:54:40:2b:4a:39:22:e0:1a:4e:a8:
                    58:91:b4:84:7d:ec:ea:27:e2:ad:3b:2f:28:5a:d3:
                    97:0d:fb:d4:b0:98:30:1f:15:4e:d6:8b:9d:2a:bb:
                    1c:48:3b:36:9e:5e:07:27:9d:08:1f:a8:95:da:fe:
                    d6:27:38:b3:fc:c6:a5:c9:db:ac:a1:97:4f:11:64:
                    e7:29:40:2d:ec:d5:e9:49:2e:4d:f4:21:a0:08:0a:
                    6d:09:fe:1f:fb:78:28:1d:e3:de:8c:57:49:ea:fa:
                    b3:3b:1d:60:b4:d2:1e:de:15:4c:0e:fb:a4:74:62:
                    67:64:5a:71:48:0d:80:b0:1c:6d:6a:e5:6b:6d:6d:
                    8e:e2:0c:82:4d:d4:ca:14:d3:97:8c:4a:14:eb:20:
                    81:19:ee:f4:f9:6c:fd:6d:ea:1a:04:bd:a5:48:1b:
                    da:81:e6:43:c5:fb:29:e5:c8:43:d3:e1:6f:11:19:
                    b0:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:F2:BB:EF:A6:37:DD:B7:06:DE:56:94:3F:B7:2B:1E:84:9A:4A:92
            X509v3 Authority Key Identifier:
                keyid:D5:40:1F:E5:47:C9:CE:13:B3:B2:8F:43:97:30:83:D3:A5:43:33:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1UAf5UfJzhOzso9DlzCD06VDM9Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/7bc217-00b5-4880-a1b7-cfa40b4165b6/1/tPK776Y33bcG3laUP7crHoSaSpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/7bc217-00b5-4880-a1b7-cfa40b4165b6/1/1UAf5UfJzhOzso9DlzCD06VDM9Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:d2:31:5b:ef:45:ed:c8:00:40:24:ff:85:15:3f:af:b9:0e:
         22:de:9f:ad:0d:36:cd:92:e5:5d:01:88:42:3b:09:02:ab:60:
         63:14:25:64:db:85:94:98:aa:93:b8:f4:5d:38:a2:94:47:fe:
         95:f7:5b:3b:5a:e0:25:62:1a:41:cf:c8:f7:13:e1:3b:c1:58:
         cd:a1:29:6b:00:1e:3e:d5:f7:ef:19:cd:69:53:07:63:a2:29:
         9b:0c:11:1a:6a:b0:a6:8b:b8:24:78:3a:cf:0a:90:f6:47:78:
         9e:45:e9:17:6d:11:69:7b:4c:02:19:fa:22:cd:9d:47:22:23:
         7c:71:aa:9a:1a:2c:2f:d3:f4:c5:0b:c5:56:f3:24:9b:42:cf:
         ed:3e:f4:66:20:3b:41:0c:97:57:97:c3:32:15:44:7c:bb:3e:
         48:34:1d:27:89:31:11:51:30:c1:72:97:c6:9a:a9:4a:48:12:
         52:3f:c2:85:2b:36:06:8e:04:a4:72:e6:84:4a:2b:48:f6:c0:
         5e:8a:31:32:eb:d5:33:1f:98:65:99:62:7a:ad:9f:e1:60:62:
         b2:0f:a1:42:fb:e2:83:bc:25:20:56:8b:e3:aa:d3:81:36:9e:
         0b:51:70:d4:25:53:27:da:1a:8c:9b:bb:cf:6e:d5:7c:6f:05:
         7b:d3:52:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6fEq1CoCymnOwG6f9LI3gZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NDAxZmU1NDdjOWNlMTNiM2IyOGY0Mzk3MzA4M2QzYTU0
MzMzZDQwHhcNMjQwNDAyMTM0OTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGYyYmJlZmE2MzdkZGI3MDZkZTU2OTQzZmI3MmIxZTg0OWE0YTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhokCDoonvdrv3LExu9/xvET/svz4
VXT8Rj52vfS9sVqlvG7q2q74cVFAdzL/c/Wq8hEZIGauzVhgCSyDt1QEexIYWX3I
eMaHoDp2bUFvXlRAK0o5IuAaTqhYkbSEfezqJ+KtOy8oWtOXDfvUsJgwHxVO1oud
KrscSDs2nl4HJ50IH6iV2v7WJziz/MalydusoZdPEWTnKUAt7NXpSS5N9CGgCApt
Cf4f+3goHePejFdJ6vqzOx1gtNIe3hVMDvukdGJnZFpxSA2AsBxtauVrbW2O4gyC
TdTKFNOXjEoU6yCBGe70+Wz9beoaBL2lSBvageZDxfsp5chD0+FvERmwVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLTyu++mN923Bt5WlD+3Kx6EmkqSMB8GA1UdIwQY
MBaAFNVAH+VHyc4Ts7KPQ5cwg9OlQzPUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVVBZjVVZkp6aE96c285RGx6Q0QwNlZETTlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS83YmMyMTctMDBiNS00ODgwLWExYjct
Y2ZhNDBiNDE2NWI2LzEvdFBLNzc2WTMzYmNHM2xhVVA3Y3JIb1NhU3BJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS83YmMyMTctMDBiNS00ODgwLWExYjctY2ZhNDBiNDE2NWI2
LzEvMVVBZjVVZkp6aE96c285RGx6Q0QwNlZETTlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWlsMA0G
CSqGSIb3DQEBCwUAA4IBAQBY0jFb70XtyABAJP+FFT+vuQ4i3p+tDTbNkuVdAYhC
OwkCq2BjFCVk24WUmKqTuPRdOKKUR/6V91s7WuAlYhpBz8j3E+E7wVjNoSlrAB4+
1ffvGc1pUwdjoimbDBEaarCmi7gkeDrPCpD2R3ieRekXbRFpe0wCGfoizZ1HIiN8
caqaGiwv0/TFC8VW8ySbQs/tPvRmIDtBDJdXl8MyFUR8uz5INB0niTERUTDBcpfG
mqlKSBJSP8KFKzYGjgSkcuaESitI9sBeijEy69UzH5hlmWJ6rZ/hYGKyD6FC++KD
vCUgVovjqtOBNp4LUXDUJVMn2hqMm7vPbtV8bwV701L5
-----END CERTIFICATE-----