Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/TMTcLQdB7mCzTNWXExbWvazU3BM.roa
File:                     TMTcLQdB7mCzTNWXExbWvazU3BM.roa (raw, json)
Hash identifier:          sYG3N4VUlPCa4xWByxTCyLchuz6zCZgtIvw79UjNCuo=
Subject key identifier:   4C:C4:DC:2D:07:41:EE:60:B3:4C:D5:97:13:16:D6:BD:AC:D4:DC:13
Certificate issuer:       /CN=1c7b06bf41300dc4d30f3d0e180c9b95d2bcddff
Certificate serial:       018CC493400ACEEDF1892CD25CE4E8431E72
Authority key identifier: 1C:7B:06:BF:41:30:0D:C4:D3:0F:3D:0E:18:0C:9B:95:D2:BC:DD:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/TMTcLQdB7mCzTNWXExbWvazU3BM.roa
Signing time:             Mon 01 Jan 2024 10:30:33 +0000
ROA not before:           Mon 01 Jan 2024 10:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204984
IP address blocks:        91.132.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:40:0a:ce:ed:f1:89:2c:d2:5c:e4:e8:43:1e:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7b06bf41300dc4d30f3d0e180c9b95d2bcddff
        Validity
            Not Before: Jan  1 10:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4cc4dc2d0741ee60b34cd5971316d6bdacd4dc13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:84:fc:a1:c8:22:b7:88:54:cd:ac:06:f1:1c:
                    b0:df:8f:0e:a4:35:02:07:09:dd:99:99:d0:55:c7:
                    ab:7a:b7:c7:9f:cb:9c:ca:c6:4b:82:43:41:e6:92:
                    74:f3:86:22:32:bc:ca:77:36:17:09:8f:a9:e1:68:
                    b2:9c:bf:06:52:f6:7f:be:a9:9d:63:ce:86:b7:e0:
                    14:e3:86:56:0e:06:1e:3b:0f:3e:a6:25:6d:32:c1:
                    d3:1e:be:57:af:41:73:ec:e0:df:bf:1e:4f:3e:f0:
                    28:07:b7:48:2b:66:e6:4f:bf:33:79:46:ec:df:f7:
                    44:2a:eb:d0:29:fe:dc:ee:ed:e7:2f:4f:33:fd:19:
                    ee:06:96:ac:6f:e1:1b:bd:4d:40:41:1f:0b:8e:a9:
                    41:65:fc:06:07:df:dd:ed:66:30:b6:e1:61:7b:ac:
                    e9:05:85:a1:9d:c2:59:fa:6a:44:bc:e0:ae:bf:60:
                    d6:0e:10:8a:54:e6:bd:09:af:ff:45:5a:25:42:59:
                    f3:45:dc:89:08:a5:f2:5e:61:4d:f0:c6:bb:08:d4:
                    f0:c3:0c:91:d1:78:11:ad:b6:e6:8a:8a:5a:3e:b1:
                    2d:b2:42:2b:de:05:bd:3c:0a:0e:07:f8:e0:b3:6b:
                    61:62:82:be:2b:92:ea:2a:e0:0f:c1:52:c6:8d:f8:
                    8f:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:C4:DC:2D:07:41:EE:60:B3:4C:D5:97:13:16:D6:BD:AC:D4:DC:13
            X509v3 Authority Key Identifier:
                keyid:1C:7B:06:BF:41:30:0D:C4:D3:0F:3D:0E:18:0C:9B:95:D2:BC:DD:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/TMTcLQdB7mCzTNWXExbWvazU3BM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:a1:f2:56:67:c5:6a:bd:34:d1:31:44:fe:a3:72:67:62:8a:
         07:11:de:cc:36:c0:ba:61:6d:8f:c2:03:7a:7d:67:46:77:9a:
         2e:06:26:49:6d:04:c4:fd:99:de:72:c3:24:ba:0e:cb:ed:a1:
         a2:97:a0:fc:4c:7c:ad:34:14:a1:7c:f0:19:b3:e2:b3:e9:49:
         36:d9:ba:4a:a0:8a:fe:32:c2:17:08:f8:b5:eb:23:5c:be:c7:
         5c:ba:01:c9:71:d6:2e:fe:22:e5:5f:ba:e3:8e:0e:83:f5:7a:
         d0:98:13:84:39:74:22:36:52:70:0d:c6:51:bc:3b:be:26:d6:
         89:8d:63:c5:a9:24:d1:ff:97:c4:e6:be:ca:8e:0b:ec:8c:f7:
         53:b7:95:e0:7b:df:5a:fb:36:a0:df:62:7a:12:25:cd:93:39:
         16:69:b5:5e:07:ae:03:88:a5:40:84:75:73:bc:b2:97:2d:a6:
         53:a5:7d:3a:15:b8:bc:5f:21:2e:68:37:0c:3e:89:f9:47:9a:
         3d:c5:d1:a8:be:e6:7e:69:16:c6:4a:00:e7:04:0b:eb:5e:69:
         8d:c7:23:1c:96:71:2f:b4:39:88:60:29:dd:a1:16:40:31:3f:
         11:37:e4:a6:a0:2b:a3:f7:b4:a6:bc:a6:e3:90:52:da:c2:c7:
         75:49:12:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk0AKzu3xiSzSXOToQx5yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2IwNmJmNDEzMDBkYzRkMzBmM2QwZTE4MGM5Yjk1ZDJi
Y2RkZmYwHhcNMjQwMTAxMTAzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2M0ZGMyZDA3NDFlZTYwYjM0Y2Q1OTcxMzE2ZDZiZGFjZDRkYzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmoT8ocgit4hUzawG8Ryw348OpDUC
BwndmZnQVcererfHn8ucysZLgkNB5pJ084YiMrzKdzYXCY+p4WiynL8GUvZ/vqmd
Y86Gt+AU44ZWDgYeOw8+piVtMsHTHr5Xr0Fz7ODfvx5PPvAoB7dIK2bmT78zeUbs
3/dEKuvQKf7c7u3nL08z/RnuBpasb+EbvU1AQR8LjqlBZfwGB9/d7WYwtuFhe6zp
BYWhncJZ+mpEvOCuv2DWDhCKVOa9Ca//RVolQlnzRdyJCKXyXmFN8Ma7CNTwwwyR
0XgRrbbmiopaPrEtskIr3gW9PAoOB/jgs2thYoK+K5LqKuAPwVLGjfiPNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEzE3C0HQe5gs0zVlxMW1r2s1NwTMB8GA1UdIwQY
MBaAFBx7Br9BMA3E0w89DhgMm5XSvN3/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhzR3YwRXdEY1RURHowT0dBeWJsZEs4M2Y4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83MDJiMjgtZTE1OC00MGMwLTgzMzAt
MjRmZGRjNmQxNDdiLzEvVE1UY0xRZEI3bUN6VE5XWEV4Yld2YXpVM0JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83MDJiMjgtZTE1OC00MGMwLTgzMzAtMjRmZGRjNmQxNDdi
LzEvSEhzR3YwRXdEY1RURHowT0dBeWJsZEs4M2Y4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW4RIMA0G
CSqGSIb3DQEBCwUAA4IBAQBFofJWZ8VqvTTRMUT+o3JnYooHEd7MNsC6YW2PwgN6
fWdGd5ouBiZJbQTE/ZnecsMkug7L7aGil6D8THytNBShfPAZs+Kz6Uk22bpKoIr+
MsIXCPi16yNcvsdcugHJcdYu/iLlX7rjjg6D9XrQmBOEOXQiNlJwDcZRvDu+JtaJ
jWPFqSTR/5fE5r7KjgvsjPdTt5Xge99a+zag32J6EiXNkzkWabVeB64DiKVAhHVz
vLKXLaZTpX06Fbi8XyEuaDcMPon5R5o9xdGovuZ+aRbGSgDnBAvrXmmNxyMclnEv
tDmIYCndoRZAMT8RN+SmoCuj97SmvKbjkFLawsd1SRIo
-----END CERTIFICATE-----