Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/TIqTAJrwAO6MFnJtDW8OSaM43LQ.roa
File:                     TIqTAJrwAO6MFnJtDW8OSaM43LQ.roa (raw, json)
Hash identifier:          zFWAavwWd5bFoGK3yWk926XIvEhPkpgWNZDN9ebNGto=
Subject key identifier:   4C:8A:93:00:9A:F0:00:EE:8C:16:72:6D:0D:6F:0E:49:A3:38:DC:B4
Certificate issuer:       /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial:       018CC94CA7735E9159939D752C2298FA178E
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/TIqTAJrwAO6MFnJtDW8OSaM43LQ.roa
Signing time:             Tue 02 Jan 2024 08:31:33 +0000
ROA not before:           Tue 02 Jan 2024 08:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212609
IP address blocks:        188.191.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:a7:73:5e:91:59:93:9d:75:2c:22:98:fa:17:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
        Validity
            Not Before: Jan  2 08:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c8a93009af000ee8c16726d0d6f0e49a338dcb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:dc:cd:11:c0:39:36:05:ff:f7:38:38:5b:7b:
                    c0:d1:9b:c7:35:9e:e1:0a:79:b6:9f:8d:d2:cf:01:
                    e8:09:41:24:80:e6:29:dd:01:37:bc:e4:da:70:c0:
                    a2:eb:8c:e8:f6:6a:63:29:67:be:ca:20:5b:5f:f4:
                    f9:97:6c:26:92:80:6f:9a:49:99:e7:33:85:b3:8b:
                    20:76:a1:75:b9:43:80:78:ab:42:95:b7:0d:b7:11:
                    07:92:7c:4f:dd:df:f1:bd:38:71:c1:27:2f:bc:11:
                    fd:fd:da:53:26:27:a8:13:43:3d:4a:e5:86:7f:08:
                    c8:dd:34:fb:89:ed:cd:ce:c1:e5:d9:a1:c2:b1:54:
                    84:12:5d:1f:92:a9:23:f3:a1:e0:ed:23:1b:e0:e5:
                    1f:a6:d8:1a:7d:a4:bb:54:66:5b:4d:ce:54:bf:1f:
                    81:28:9c:09:0c:d7:b6:a6:c8:34:3b:e5:a6:9c:cd:
                    3a:6f:c2:2f:3f:0b:07:68:37:9a:55:4e:1e:88:cb:
                    f0:ff:7e:c4:19:1d:fe:fa:db:62:0e:f9:7d:18:ed:
                    42:c6:4b:f2:f3:2d:82:b1:86:95:18:f8:6a:2f:2a:
                    b6:61:bc:93:04:48:73:fc:c1:b4:b2:3c:dc:04:49:
                    47:1f:54:3e:40:b5:a1:e4:86:a9:7f:4b:97:92:89:
                    e1:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:8A:93:00:9A:F0:00:EE:8C:16:72:6D:0D:6F:0E:49:A3:38:DC:B4
            X509v3 Authority Key Identifier:
                keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/TIqTAJrwAO6MFnJtDW8OSaM43LQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.191.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:6c:92:ea:55:39:d5:a1:23:4b:f0:61:7a:cc:01:1f:e4:d5:
         b7:6f:f1:7a:cc:5e:ae:5e:d4:2a:25:72:f7:12:75:0a:a2:e3:
         ad:1a:14:8c:7f:4f:96:f7:9f:27:a5:71:3e:ed:68:9e:48:4f:
         95:df:78:c1:77:4e:ff:5a:34:21:72:4e:3a:e8:9a:0c:fd:8a:
         93:c8:97:f0:56:4b:dc:03:79:3d:a0:cc:f8:1e:41:71:7b:d7:
         c7:05:97:47:63:20:45:81:8c:30:11:e7:af:d3:7d:c2:e9:af:
         cc:0d:95:02:02:00:19:91:da:8f:42:22:f7:05:cf:53:f4:d0:
         bc:6e:6d:c3:74:6b:a8:39:8a:32:31:83:f4:02:52:e6:40:96:
         8e:aa:ea:46:02:42:d9:0f:db:2b:c5:b9:19:f5:4b:6b:df:cd:
         15:8c:12:f6:61:e2:c9:12:21:6d:a6:41:3e:86:e3:11:93:d0:
         b2:a2:1f:2b:16:f5:54:51:e8:72:d5:5d:cc:af:9d:76:90:46:
         2a:42:47:5e:8d:22:26:02:66:2b:b2:2c:45:b9:e7:13:96:44:
         87:f3:e7:13:fc:24:7f:f6:ff:be:a9:56:1d:5b:87:8b:e9:c1:
         25:a3:3c:3e:d8:d4:d0:61:17:30:2a:54:92:40:40:b4:51:4c:
         70:3e:ac:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTKdzXpFZk511LCKY+heOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjQwMTAyMDgzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzhhOTMwMDlhZjAwMGVlOGMxNjcyNmQwZDZmMGU0OWEzMzhkY2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldzNEcA5NgX/9zg4W3vA0ZvHNZ7h
Cnm2n43SzwHoCUEkgOYp3QE3vOTacMCi64zo9mpjKWe+yiBbX/T5l2wmkoBvmkmZ
5zOFs4sgdqF1uUOAeKtClbcNtxEHknxP3d/xvThxwScvvBH9/dpTJieoE0M9SuWG
fwjI3TT7ie3NzsHl2aHCsVSEEl0fkqkj86Hg7SMb4OUfptgafaS7VGZbTc5Uvx+B
KJwJDNe2psg0O+WmnM06b8IvPwsHaDeaVU4eiMvw/37EGR3++ttiDvl9GO1Cxkvy
8y2CsYaVGPhqLyq2YbyTBEhz/MG0sjzcBElHH1Q+QLWh5Iapf0uXkonhbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEyKkwCa8ADujBZybQ1vDkmjONy0MB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEvVElxVEFKcndBTzZNRm5KdERXOE9TYU00M0xRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvL9mMA0G
CSqGSIb3DQEBCwUAA4IBAQAnbJLqVTnVoSNL8GF6zAEf5NW3b/F6zF6uXtQqJXL3
EnUKouOtGhSMf0+W958npXE+7WieSE+V33jBd07/WjQhck466JoM/YqTyJfwVkvc
A3k9oMz4HkFxe9fHBZdHYyBFgYwwEeev033C6a/MDZUCAgAZkdqPQiL3Bc9T9NC8
bm3DdGuoOYoyMYP0AlLmQJaOqupGAkLZD9srxbkZ9Utr380VjBL2YeLJEiFtpkE+
huMRk9Cyoh8rFvVUUehy1V3Mr512kEYqQkdejSImAmYrsixFuecTlkSH8+cT/CR/
9v++qVYdW4eL6cElozw+2NTQYRcwKlSSQEC0UUxwPqxl
-----END CERTIFICATE-----