Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b0587c-31e8-4a9b-af69-794c9d928cdc/1/TuQthIy-yG26vd5YqBW0vF8467o.roa
File:                     TuQthIy-yG26vd5YqBW0vF8467o.roa (raw, json)
Hash identifier:          7pDHbjg1TSjk/pcExNah4XWkIVB3hbiVFv7lvjIWSfk=
Subject key identifier:   4E:E4:2D:84:8C:BE:C8:6D:BA:BD:DE:58:A8:15:B4:BC:5F:38:EB:BA
Certificate issuer:       /CN=8acd2eb2f0618b72c646d997d3c95dd836bdd006
Certificate serial:       018CC4938966ADDD58C09088469D84AB392E
Authority key identifier: 8A:CD:2E:B2:F0:61:8B:72:C6:46:D9:97:D3:C9:5D:D8:36:BD:D0:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/is0usvBhi3LGRtmX08ld2Da90AY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b0587c-31e8-4a9b-af69-794c9d928cdc/1/TuQthIy-yG26vd5YqBW0vF8467o.roa
Signing time:             Mon 01 Jan 2024 10:30:52 +0000
ROA not before:           Mon 01 Jan 2024 10:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51423
IP address blocks:        213.133.224.0/21 maxlen: 21
                          213.133.232.0/22 maxlen: 22
                          213.133.236.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b0587c-31e8-4a9b-af69-794c9d928cdc/1/is0usvBhi3LGRtmX08ld2Da90AY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b0587c-31e8-4a9b-af69-794c9d928cdc/1/is0usvBhi3LGRtmX08ld2Da90AY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/is0usvBhi3LGRtmX08ld2Da90AY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:89:66:ad:dd:58:c0:90:88:46:9d:84:ab:39:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8acd2eb2f0618b72c646d997d3c95dd836bdd006
        Validity
            Not Before: Jan  1 10:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ee42d848cbec86dbabdde58a815b4bc5f38ebba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:02:25:0a:e6:99:fe:94:f4:2f:ff:59:de:4f:
                    34:1d:0c:0e:54:eb:44:97:57:53:cd:45:51:3e:ed:
                    01:3f:39:c2:92:34:d6:59:d0:49:a5:83:b0:a9:14:
                    6e:77:4e:4d:de:17:57:d7:40:52:ea:3c:4e:63:56:
                    13:7a:6c:34:90:ce:f3:dc:72:46:70:47:23:67:bd:
                    af:69:86:26:03:97:5b:0a:0c:e2:5d:8e:f1:df:a1:
                    14:b1:5f:7b:0f:a8:ad:95:6e:c7:1f:46:f3:a5:71:
                    02:dd:af:5f:97:cc:11:6b:01:9a:13:63:3c:82:8a:
                    f1:cb:13:d1:c7:9a:d6:30:8f:ba:f6:27:d9:bd:8b:
                    c7:7b:7b:6e:82:4f:9d:68:32:db:5a:45:8d:cf:f1:
                    25:a4:f4:d0:1e:60:4b:ab:92:8a:fb:b6:98:b9:61:
                    15:7e:e0:82:fe:24:a7:69:bd:b5:22:3b:21:a8:c8:
                    d2:d8:bb:fc:01:a9:53:07:a8:ce:a3:c9:8a:0a:d6:
                    cc:ec:fb:3c:94:46:9c:ad:5b:e9:3f:75:91:6e:33:
                    fb:0c:bd:ae:33:2b:57:a5:f5:f6:10:de:96:df:1d:
                    d1:e5:b9:e7:c0:e9:18:97:3f:25:5a:c1:ff:c5:53:
                    98:75:47:8c:4c:be:93:15:b1:69:13:64:2c:ad:66:
                    e8:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:E4:2D:84:8C:BE:C8:6D:BA:BD:DE:58:A8:15:B4:BC:5F:38:EB:BA
            X509v3 Authority Key Identifier:
                keyid:8A:CD:2E:B2:F0:61:8B:72:C6:46:D9:97:D3:C9:5D:D8:36:BD:D0:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/is0usvBhi3LGRtmX08ld2Da90AY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b0587c-31e8-4a9b-af69-794c9d928cdc/1/TuQthIy-yG26vd5YqBW0vF8467o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b0587c-31e8-4a9b-af69-794c9d928cdc/1/is0usvBhi3LGRtmX08ld2Da90AY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.133.224.0/20

    Signature Algorithm: sha256WithRSAEncryption
         30:49:52:51:e7:01:04:51:12:b6:1d:92:17:29:06:08:fe:d2:
         87:7a:e5:58:73:68:b3:d6:cd:8c:cb:e8:50:8b:db:b8:94:87:
         91:63:36:5b:14:f2:a7:b3:b5:df:13:ab:67:a8:7e:5a:3a:0c:
         14:ed:7f:9b:28:f5:54:b9:74:78:9f:d0:0c:f0:e2:21:4a:73:
         f9:63:c7:e6:74:a0:54:e5:1f:50:ac:39:d8:fa:d7:11:1c:76:
         90:42:fd:75:01:ae:fc:1c:bb:f4:d0:e8:73:b1:e1:dd:45:ce:
         93:fd:66:75:9f:cb:98:ba:6f:51:41:3b:e0:a6:6f:2f:5c:ec:
         36:c1:90:c9:77:b3:79:6e:b7:45:d1:6f:80:0d:4a:47:db:58:
         4c:58:4b:fd:d4:19:11:fc:9f:a6:d0:b4:e0:f0:27:6e:99:f7:
         5a:e4:1d:19:29:56:e8:68:bf:cd:d2:d1:70:75:6e:99:11:47:
         cc:e0:0e:26:04:d1:4a:cb:39:e8:46:d3:fa:3c:10:b4:51:d6:
         be:1d:52:81:21:b6:81:ed:f1:5d:02:6f:ba:07:27:04:01:df:
         52:d5:36:97:9b:6d:bd:3b:82:2f:a4:3c:13:0e:ea:69:12:87:
         d1:c5:43:0e:f6:3d:be:c0:ee:25:27:16:a2:34:01:49:b1:72:
         ed:c7:a8:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk4lmrd1YwJCIRp2EqzkuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhY2QyZWIyZjA2MThiNzJjNjQ2ZDk5N2QzYzk1ZGQ4MzZi
ZGQwMDYwHhcNMjQwMTAxMTAzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWU0MmQ4NDhjYmVjODZkYmFiZGRlNThhODE1YjRiYzVmMzhlYmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnwIlCuaZ/pT0L/9Z3k80HQwOVOtE
l1dTzUVRPu0BPznCkjTWWdBJpYOwqRRud05N3hdX10BS6jxOY1YTemw0kM7z3HJG
cEcjZ72vaYYmA5dbCgziXY7x36EUsV97D6itlW7HH0bzpXEC3a9fl8wRawGaE2M8
gorxyxPRx5rWMI+69ifZvYvHe3tugk+daDLbWkWNz/ElpPTQHmBLq5KK+7aYuWEV
fuCC/iSnab21IjshqMjS2Lv8AalTB6jOo8mKCtbM7Ps8lEacrVvpP3WRbjP7DL2u
MytXpfX2EN6W3x3R5bnnwOkYlz8lWsH/xVOYdUeMTL6TFbFpE2QsrWbomwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE7kLYSMvshtur3eWKgVtLxfOOu6MB8GA1UdIwQY
MBaAFIrNLrLwYYtyxkbZl9PJXdg2vdAGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXMwdXN2QmhpM0xHUnRtWDA4bGQyRGE5MEFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iMDU4N2MtMzFlOC00YTliLWFmNjkt
Nzk0YzlkOTI4Y2RjLzEvVHVRdGhJeS15RzI2dmQ1WXFCVzB2Rjg0NjdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iMDU4N2MtMzFlOC00YTliLWFmNjktNzk0YzlkOTI4Y2Rj
LzEvaXMwdXN2QmhpM0xHUnRtWDA4bGQyRGE5MEFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE1YXgMA0G
CSqGSIb3DQEBCwUAA4IBAQAwSVJR5wEEURK2HZIXKQYI/tKHeuVYc2iz1s2My+hQ
i9u4lIeRYzZbFPKns7XfE6tnqH5aOgwU7X+bKPVUuXR4n9AM8OIhSnP5Y8fmdKBU
5R9QrDnY+tcRHHaQQv11Aa78HLv00OhzseHdRc6T/WZ1n8uYum9RQTvgpm8vXOw2
wZDJd7N5brdF0W+ADUpH21hMWEv91BkR/J+m0LTg8Cdumfda5B0ZKVboaL/N0tFw
dW6ZEUfM4A4mBNFKyznoRtP6PBC0Uda+HVKBIbaB7fFdAm+6BycEAd9S1TaXm229
O4IvpDwTDuppEofRxUMO9j2+wO4lJxaiNAFJsXLtx6hm
-----END CERTIFICATE-----