Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/_TiiZziwspE9wW85WJinR8FkGZg.roa
File:                     _TiiZziwspE9wW85WJinR8FkGZg.roa (raw, json)
Hash identifier:          hIW1KJP/RC7/krR0pMm7/w5HBpT6GcnFXbusylVX3UY=
Subject key identifier:   FD:38:A2:67:38:B0:B2:91:3D:C1:6F:39:58:98:A7:47:C1:64:19:98
Certificate issuer:       /CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
Certificate serial:       018CC26CF77EF0F5185E9A1B729F8BF7CB9D
Authority key identifier: 17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/_TiiZziwspE9wW85WJinR8FkGZg.roa
Signing time:             Mon 01 Jan 2024 00:29:30 +0000
ROA not before:           Mon 01 Jan 2024 00:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203261
IP address blocks:        82.160.149.0/24 maxlen: 24
                          82.160.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f7:7e:f0:f5:18:5e:9a:1b:72:9f:8b:f7:cb:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
        Validity
            Not Before: Jan  1 00:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd38a26738b0b2913dc16f395898a747c1641998
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:3d:23:73:92:38:95:af:1f:24:ad:82:f3:de:
                    19:0d:b4:d7:4c:91:29:c2:b0:37:e4:f6:98:50:0d:
                    60:02:34:db:23:e5:e0:da:07:d7:d3:e9:c8:5b:51:
                    58:e1:ba:9a:e7:d3:09:3f:76:ca:83:ab:3d:45:ae:
                    b5:3b:ba:75:ee:f9:20:f8:9b:f0:89:2d:52:3b:87:
                    48:67:6f:dc:07:7c:a3:53:1d:d4:cf:b1:80:75:8d:
                    c4:9b:35:79:68:79:b8:70:70:b7:0c:68:7b:e8:85:
                    54:2b:72:c6:b4:99:d0:af:1d:0e:2b:6a:93:2f:17:
                    80:52:49:b7:f4:b9:5a:be:7e:e6:b2:bc:6d:0a:7f:
                    33:1f:48:fd:12:a6:4c:6e:5f:a0:e8:00:b9:a9:66:
                    b7:2f:d1:af:25:e3:3d:2f:4b:68:51:1f:f1:9c:fd:
                    de:2d:e8:60:1c:cf:dd:5f:4c:89:16:a4:e8:17:3d:
                    9e:47:18:6e:a8:78:f1:11:75:99:14:51:e1:87:ad:
                    f2:7b:4c:3a:45:03:0a:d6:2b:c7:8e:a2:72:e3:0c:
                    9e:80:2d:8c:a3:cf:c0:f7:de:41:35:ab:04:ad:1d:
                    f6:e4:76:f5:d6:4a:4a:2f:77:90:33:03:d5:63:4f:
                    e5:0c:e3:ad:73:47:8e:54:ae:6f:81:0e:1e:08:17:
                    4d:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:38:A2:67:38:B0:B2:91:3D:C1:6F:39:58:98:A7:47:C1:64:19:98
            X509v3 Authority Key Identifier:
                keyid:17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/_TiiZziwspE9wW85WJinR8FkGZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.160.149.0-82.160.150.255

    Signature Algorithm: sha256WithRSAEncryption
         91:88:24:b1:b7:bc:25:65:a2:5f:9a:ed:ef:04:06:70:f3:ca:
         de:1a:cb:aa:40:43:61:cf:e9:c1:d5:39:84:07:e9:e7:ae:4c:
         3f:5a:3e:fa:43:cd:3b:2f:75:cf:c6:d7:04:b6:1a:a4:fa:c3:
         3e:e6:83:36:73:c8:a5:ef:58:66:fe:bd:f9:28:9e:d9:7c:7a:
         83:73:67:28:4e:a9:49:4f:bd:03:ef:d3:d2:72:79:67:82:cb:
         44:d9:15:96:dc:3d:e0:81:95:e3:8c:66:5e:8c:53:9d:c3:a1:
         f6:5e:ab:b6:a3:d3:65:cf:af:ff:79:12:c4:6a:16:11:9b:d7:
         16:5b:06:8f:7f:3e:d8:89:b4:84:f2:2c:06:de:ba:35:19:c8:
         65:67:2b:af:95:54:d6:8c:e2:84:00:43:58:25:24:73:49:c4:
         e0:7b:55:8d:26:64:37:bc:bc:e3:b2:19:74:fe:0f:67:ea:dd:
         3c:84:3a:ac:02:eb:1c:d4:e1:c6:82:c7:92:fe:2e:b2:87:8b:
         cd:fb:27:4b:8f:ce:b1:a1:c3:4c:b6:fc:14:a5:d5:6c:e2:6f:
         ab:25:55:90:cf:cc:63:76:5b:1b:9c:62:34:2a:3b:38:85:05:
         f0:70:58:7c:c6:51:75:e3:d7:03:5e:d2:a4:e7:94:50:6f:91:
         5f:ef:f2:48
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzCbPd+8PUYXpobcp+L98udMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OTMwMWRjYzdmYWU0ZjdjZTAxZTQ5ODdhNzdjYjgyYTMz
NmFiZmYwHhcNMjQwMTAxMDAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDM4YTI2NzM4YjBiMjkxM2RjMTZmMzk1ODk4YTc0N2MxNjQxOTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArD0jc5I4la8fJK2C894ZDbTXTJEp
wrA35PaYUA1gAjTbI+Xg2gfX0+nIW1FY4bqa59MJP3bKg6s9Ra61O7p17vkg+Jvw
iS1SO4dIZ2/cB3yjUx3Uz7GAdY3EmzV5aHm4cHC3DGh76IVUK3LGtJnQrx0OK2qT
LxeAUkm39Llavn7msrxtCn8zH0j9EqZMbl+g6AC5qWa3L9GvJeM9L0toUR/xnP3e
LehgHM/dX0yJFqToFz2eRxhuqHjxEXWZFFHhh63ye0w6RQMK1ivHjqJy4wyegC2M
o8/A995BNasErR325Hb11kpKL3eQMwPVY0/lDOOtc0eOVK5vgQ4eCBdNgQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFP04omc4sLKRPcFvOViYp0fBZBmYMB8GA1UdIwQY
MBaAFBeTAdzH+uT3zgHkmHp3y4KjNqv/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQt
YWZmOTJjMTZkOGUzLzEvX1RpaVp6aXdzcEU5d1c4NVdKaW5SOEZrR1pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQtYWZmOTJjMTZkOGUz
LzEvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABSoJUD
BABSoJYwDQYJKoZIhvcNAQELBQADggEBAJGIJLG3vCVlol+a7e8EBnDzyt4ay6pA
Q2HP6cHVOYQH6eeuTD9aPvpDzTsvdc/G1wS2GqT6wz7mgzZzyKXvWGb+vfkontl8
eoNzZyhOqUlPvQPv09JyeWeCy0TZFZbcPeCBleOMZl6MU53DofZeq7aj02XPr/95
EsRqFhGb1xZbBo9/PtiJtITyLAbeujUZyGVnK6+VVNaM4oQAQ1glJHNJxOB7VY0m
ZDe8vOOyGXT+D2fq3TyEOqwC6xzU4caCx5L+LrKHi837J0uPzrGhw0y2/BSl1Wzi
b6slVZDPzGN2WxucYjQqOziFBfBwWHzGUXXj1wNe0qTnlFBvkV/v8kg=
-----END CERTIFICATE-----