Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/Tan3GxFSLmxwh6leawTKy1TgnqE.roa
File:                     Tan3GxFSLmxwh6leawTKy1TgnqE.roa (raw, json)
Hash identifier:          IRLdDBU0jeoYySgaLK8GKQK5uu9rOZqyewwWpFOkrr4=
Subject key identifier:   4D:A9:F7:1B:11:52:2E:6C:70:87:A9:5E:6B:04:CA:CB:54:E0:9E:A1
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       0191526CFCA2AA90A3E4763CBBC4D5E3CAA4
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/Tan3GxFSLmxwh6leawTKy1TgnqE.roa
Signing time:             Wed 14 Aug 2024 19:45:59 +0000
ROA not before:           Wed 14 Aug 2024 19:45:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     27176
IP address blocks:        37.16.76.0/24 maxlen: 24
                          37.16.79.0/24 maxlen: 24
                          91.188.236.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:52:6c:fc:a2:aa:90:a3:e4:76:3c:bb:c4:d5:e3:ca:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Aug 14 19:45:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4da9f71b11522e6c7087a95e6b04cacb54e09ea1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:aa:1a:d6:5d:a6:16:80:c8:6d:21:ce:44:cd:
                    b2:7b:b1:a0:ab:5b:5c:6a:5a:f3:10:ff:0b:ef:23:
                    05:bb:c0:25:d6:28:74:cd:57:c8:b5:1f:c7:0c:3d:
                    68:ba:69:41:95:81:6b:1d:d4:cc:40:d2:97:e6:2f:
                    b4:e7:5d:c5:2f:98:51:c5:70:f6:4b:1a:d4:58:98:
                    5c:4e:10:35:4b:3f:85:1d:e8:8f:a9:1f:13:f7:c1:
                    8f:8a:2c:70:fb:b6:83:f2:3c:59:cd:a4:d4:b7:cf:
                    a5:f6:00:8b:53:40:0a:92:e8:d2:39:80:86:98:3e:
                    bf:4c:44:f4:65:fc:3f:71:21:c4:d8:2a:83:39:22:
                    11:24:88:19:c5:ba:f3:5c:12:ed:c8:36:72:69:2a:
                    33:79:eb:15:9b:d2:13:6c:a2:0c:7c:c2:1f:49:a1:
                    43:ea:06:52:7e:46:c0:9f:61:b4:43:7a:f1:19:49:
                    48:17:63:d6:4f:fe:90:2f:eb:33:88:7f:cd:ce:44:
                    90:98:f9:61:7f:b3:0d:f0:4e:0a:b8:44:27:ec:74:
                    7c:aa:55:eb:ca:03:49:12:a7:09:ee:e0:16:92:2c:
                    cf:03:2b:03:08:4d:3a:84:40:38:7b:c5:03:9b:2a:
                    22:70:2d:0b:e8:ec:67:e9:5d:da:ae:25:29:88:0b:
                    a6:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:A9:F7:1B:11:52:2E:6C:70:87:A9:5E:6B:04:CA:CB:54:E0:9E:A1
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/Tan3GxFSLmxwh6leawTKy1TgnqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.16.76.0/24
                  37.16.79.0/24
                  91.188.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:22:8c:e0:50:be:a2:46:4f:fc:20:4f:ad:47:83:21:aa:cd:
         55:bc:ef:74:15:d3:28:48:87:d8:7c:04:9f:e4:8b:60:94:9c:
         86:4e:02:3f:13:a4:12:15:68:9f:55:83:dd:a2:0d:5f:76:8b:
         dd:df:c5:4b:9a:6d:b3:33:f8:50:ee:4c:bb:27:07:cd:1a:8d:
         22:b6:d1:61:14:f4:a9:2e:79:82:b8:08:bb:42:42:26:32:0f:
         29:a9:03:6a:f3:19:52:e1:31:0d:64:ff:0f:1e:d1:8f:5b:ba:
         1b:3d:b4:58:ca:22:6c:18:a4:54:5b:b6:cb:1e:43:95:5b:06:
         2b:9e:98:e2:0b:da:9c:47:41:46:f9:b5:85:dd:df:26:dc:b5:
         ff:b1:ab:1e:e5:af:95:39:07:a3:d0:39:03:53:75:f1:b5:1c:
         87:11:bb:9c:6e:66:34:9c:f2:cf:82:1d:36:14:25:ab:83:8f:
         8a:d6:bf:34:72:a5:23:9c:b0:f9:7f:8a:bb:79:0d:a3:6d:35:
         b2:5f:d4:e3:01:6a:fe:00:db:6b:f7:c2:26:9c:c7:55:d1:e7:
         c7:b0:48:26:bd:a9:13:f8:80:9b:08:8a:41:29:b0:2b:46:14:
         c7:86:11:e0:7b:3d:37:72:15:e6:d5:20:f3:41:b1:b3:2f:17:
         28:83:83:fe
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZFSbPyiqpCj5HY8u8TV48qkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwODE0MTk0NTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGE5ZjcxYjExNTIyZTZjNzA4N2E5NWU2YjA0Y2FjYjU0ZTA5ZWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA86oa1l2mFoDIbSHORM2ye7Ggq1tc
alrzEP8L7yMFu8Al1ih0zVfItR/HDD1oumlBlYFrHdTMQNKX5i+0513FL5hRxXD2
SxrUWJhcThA1Sz+FHeiPqR8T98GPiixw+7aD8jxZzaTUt8+l9gCLU0AKkujSOYCG
mD6/TET0Zfw/cSHE2CqDOSIRJIgZxbrzXBLtyDZyaSozeesVm9ITbKIMfMIfSaFD
6gZSfkbAn2G0Q3rxGUlIF2PWT/6QL+sziH/NzkSQmPlhf7MN8E4KuEQn7HR8qlXr
ygNJEqcJ7uAWkizPAysDCE06hEA4e8UDmyoicC0L6Oxn6V3ariUpiAum4wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFE2p9xsRUi5scIepXmsEystU4J6hMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvVGFuM0d4RlNMbXh3aDZsZWF3VEt5MVRnbnFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAJRBMAwQA
JRBPAwQCW7zsMA0GCSqGSIb3DQEBCwUAA4IBAQAKIozgUL6iRk/8IE+tR4Mhqs1V
vO90FdMoSIfYfASf5ItglJyGTgI/E6QSFWifVYPdog1fdovd38VLmm2zM/hQ7ky7
JwfNGo0ittFhFPSpLnmCuAi7QkImMg8pqQNq8xlS4TENZP8PHtGPW7obPbRYyiJs
GKRUW7bLHkOVWwYrnpjiC9qcR0FG+bWF3d8m3LX/sase5a+VOQej0DkDU3XxtRyH
EbucbmY0nPLPgh02FCWrg4+K1r80cqUjnLD5f4q7eQ2jbTWyX9TjAWr+ANtr98Im
nMdV0efHsEgmvakT+ICbCIpBKbArRhTHhhHgez03chXm1SDzQbGzLxcog4P+
-----END CERTIFICATE-----