Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/83c00e-f414-489d-9470-c693249651d5/1/tf__vvLGm-HrIDWs_tbx1mLWFdA.roa
File:                     tf__vvLGm-HrIDWs_tbx1mLWFdA.roa (raw, json)
Hash identifier:          p7acsnvvkmIhQABFyqILWI0y6maXf7X82JHpeksGBOY=
Subject key identifier:   B5:FF:FF:BE:F2:C6:9B:E1:EB:20:35:AC:FE:D6:F1:D6:62:D6:15:D0
Certificate issuer:       /CN=e4f158effc6b3882a2590c1e6906aca108e18ec2
Certificate serial:       018CC26D8786AA916314CD46ED4F5D0B6029
Authority key identifier: E4:F1:58:EF:FC:6B:38:82:A2:59:0C:1E:69:06:AC:A1:08:E1:8E:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5PFY7_xrOIKiWQweaQasoQjhjsI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/83c00e-f414-489d-9470-c693249651d5/1/tf__vvLGm-HrIDWs_tbx1mLWFdA.roa
Signing time:             Mon 01 Jan 2024 00:30:07 +0000
ROA not before:           Mon 01 Jan 2024 00:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8405
IP address blocks:        193.188.154.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/83c00e-f414-489d-9470-c693249651d5/1/5PFY7_xrOIKiWQweaQasoQjhjsI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/83c00e-f414-489d-9470-c693249651d5/1/5PFY7_xrOIKiWQweaQasoQjhjsI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5PFY7_xrOIKiWQweaQasoQjhjsI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jul 2024 19:02:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:87:86:aa:91:63:14:cd:46:ed:4f:5d:0b:60:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4f158effc6b3882a2590c1e6906aca108e18ec2
        Validity
            Not Before: Jan  1 00:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5ffffbef2c69be1eb2035acfed6f1d662d615d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:13:53:6d:e3:c3:8b:7c:5e:e8:48:f7:97:f7:
                    82:a1:06:2a:b4:53:1b:0c:58:e8:56:44:8a:ae:e9:
                    9c:17:40:5a:d1:dc:f2:d3:07:d8:04:1e:4c:62:46:
                    8a:ca:9a:a3:df:3c:1b:66:f4:22:66:db:ef:30:fe:
                    25:b4:8c:39:ad:ce:70:c3:b3:05:3c:80:4d:69:c1:
                    00:11:53:61:66:12:43:f5:53:a7:83:10:35:43:47:
                    8d:9d:99:ed:41:10:64:ae:6b:4d:e8:78:c2:44:d2:
                    79:c9:02:b1:53:22:bc:bb:ea:74:98:36:81:a6:fb:
                    45:d6:ff:59:77:87:14:e1:35:1e:0c:da:7c:cf:57:
                    bd:2f:eb:21:cd:7b:3f:fb:d7:02:6c:27:c3:1f:13:
                    9b:0c:89:4c:28:87:fc:b2:3a:f0:00:3a:a7:6b:52:
                    56:29:0a:5e:91:e3:40:71:47:e8:18:3c:e6:52:00:
                    32:e0:ab:8f:03:fd:91:7d:58:a8:88:b0:cc:d6:4e:
                    00:b3:6f:b6:ab:28:7f:e7:19:96:5a:47:23:13:69:
                    80:dd:0b:82:eb:27:f0:9f:23:d4:93:72:8b:8f:65:
                    3a:74:e3:02:56:2c:bb:1a:ca:bc:57:33:36:1b:c6:
                    16:26:23:f3:c9:17:c3:0e:d5:66:d4:bf:78:ff:e8:
                    5f:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:FF:FF:BE:F2:C6:9B:E1:EB:20:35:AC:FE:D6:F1:D6:62:D6:15:D0
            X509v3 Authority Key Identifier:
                keyid:E4:F1:58:EF:FC:6B:38:82:A2:59:0C:1E:69:06:AC:A1:08:E1:8E:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5PFY7_xrOIKiWQweaQasoQjhjsI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/83c00e-f414-489d-9470-c693249651d5/1/tf__vvLGm-HrIDWs_tbx1mLWFdA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/83c00e-f414-489d-9470-c693249651d5/1/5PFY7_xrOIKiWQweaQasoQjhjsI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.188.154.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a9:7e:da:7e:cf:0b:22:0a:4f:aa:70:a2:0e:b8:46:09:d4:1a:
         3f:10:1e:c4:ea:46:a0:5d:f1:f1:a0:91:39:b7:ec:3a:73:d6:
         d4:66:99:ad:96:c9:2a:f1:20:c0:53:dd:41:07:ea:2e:43:3d:
         0d:4b:6f:4d:b3:d5:7a:27:1e:3f:69:98:c6:1c:0a:d4:b1:ca:
         eb:99:40:7d:40:84:e3:a0:ed:80:32:d0:21:a6:20:c0:97:d7:
         35:a2:17:45:d7:7d:4b:35:99:11:b9:f1:9c:af:aa:9e:aa:cd:
         63:e9:8e:b5:a0:d4:0e:d1:83:de:ca:d6:68:60:4e:23:93:94:
         84:64:ea:62:5f:89:f2:1d:e5:e9:27:73:d2:ab:f5:45:33:f2:
         85:70:b4:de:61:c7:1d:eb:91:79:c6:cd:19:83:e0:37:85:04:
         14:9c:70:27:27:db:13:ff:5e:c7:40:cb:56:ca:5e:64:f8:53:
         c0:3e:98:ac:42:ab:5a:82:36:c0:a1:48:f0:0a:7c:54:fb:fc:
         4f:33:1e:38:b7:e4:46:9a:41:b8:e9:cf:a6:56:e1:dc:3f:23:
         57:ae:5c:2a:19:73:61:d3:1e:5d:bc:27:f2:ca:df:cc:e6:36:
         7c:ed:05:f2:e7:ae:c7:da:9f:ed:c6:c3:7f:e4:b4:18:59:25:
         5a:d6:c1:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbYeGqpFjFM1G7U9dC2ApMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0ZjE1OGVmZmM2YjM4ODJhMjU5MGMxZTY5MDZhY2ExMDhl
MThlYzIwHhcNMjQwMTAxMDAzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWZmZmZiZWYyYzY5YmUxZWIyMDM1YWNmZWQ2ZjFkNjYyZDYxNWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiRNTbePDi3xe6Ej3l/eCoQYqtFMb
DFjoVkSKrumcF0Ba0dzy0wfYBB5MYkaKypqj3zwbZvQiZtvvMP4ltIw5rc5ww7MF
PIBNacEAEVNhZhJD9VOngxA1Q0eNnZntQRBkrmtN6HjCRNJ5yQKxUyK8u+p0mDaB
pvtF1v9Zd4cU4TUeDNp8z1e9L+shzXs/+9cCbCfDHxObDIlMKIf8sjrwADqna1JW
KQpekeNAcUfoGDzmUgAy4KuPA/2RfVioiLDM1k4As2+2qyh/5xmWWkcjE2mA3QuC
6yfwnyPUk3KLj2U6dOMCViy7Gsq8VzM2G8YWJiPzyRfDDtVm1L94/+hfAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLX//77yxpvh6yA1rP7W8dZi1hXQMB8GA1UdIwQY
MBaAFOTxWO/8aziColkMHmkGrKEI4Y7CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVBGWTdfeHJPSUtpV1F3ZWFRYXNvUWpoanNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi84M2MwMGUtZjQxNC00ODlkLTk0NzAt
YzY5MzI0OTY1MWQ1LzEvdGZfX3Z2TEdtLUhySURXc190YngxbUxXRmRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi84M2MwMGUtZjQxNC00ODlkLTk0NzAtYzY5MzI0OTY1MWQ1
LzEvNVBGWTdfeHJPSUtpV1F3ZWFRYXNvUWpoanNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwbyaMA0G
CSqGSIb3DQEBCwUAA4IBAQCpftp+zwsiCk+qcKIOuEYJ1Bo/EB7E6kagXfHxoJE5
t+w6c9bUZpmtlskq8SDAU91BB+ouQz0NS29Ns9V6Jx4/aZjGHArUscrrmUB9QITj
oO2AMtAhpiDAl9c1ohdF131LNZkRufGcr6qeqs1j6Y61oNQO0YPeytZoYE4jk5SE
ZOpiX4nyHeXpJ3PSq/VFM/KFcLTeYccd65F5xs0Zg+A3hQQUnHAnJ9sT/17HQMtW
yl5k+FPAPpisQqtagjbAoUjwCnxU+/xPMx44t+RGmkG46c+mVuHcPyNXrlwqGXNh
0x5dvCfyyt/M5jZ87QXy567H2p/txsN/5LQYWSVa1sEt
-----END CERTIFICATE-----