Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/f46d4e-ac33-4fd1-9e69-7954ed38c8ba/1/TrZe2DW3QBp-eMclATb_JMjmDYg.roa
File:                     TrZe2DW3QBp-eMclATb_JMjmDYg.roa (raw, json)
Hash identifier:          iCdtvVN9bqk/QhTJiGpnXnihRy9/Xt19jwmbTHOKpSM=
Subject key identifier:   4E:B6:5E:D8:35:B7:40:1A:7E:78:C7:25:01:36:FF:24:C8:E6:0D:88
Certificate issuer:       /CN=5525775a706ac00c82fa29339e22e43108099e79
Certificate serial:       018CC3B6FB6F27E45C8956E76AB2AF5C101B
Authority key identifier: 55:25:77:5A:70:6A:C0:0C:82:FA:29:33:9E:22:E4:31:08:09:9E:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VSV3WnBqwAyC-ikzniLkMQgJnnk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/f46d4e-ac33-4fd1-9e69-7954ed38c8ba/1/TrZe2DW3QBp-eMclATb_JMjmDYg.roa
Signing time:             Mon 01 Jan 2024 06:29:58 +0000
ROA not before:           Mon 01 Jan 2024 06:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212694
IP address blocks:        109.233.40.0/21 maxlen: 21
                          178.17.212.0/22 maxlen: 22
                          2a04:c040::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/f46d4e-ac33-4fd1-9e69-7954ed38c8ba/1/VSV3WnBqwAyC-ikzniLkMQgJnnk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/f46d4e-ac33-4fd1-9e69-7954ed38c8ba/1/VSV3WnBqwAyC-ikzniLkMQgJnnk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VSV3WnBqwAyC-ikzniLkMQgJnnk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:fb:6f:27:e4:5c:89:56:e7:6a:b2:af:5c:10:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5525775a706ac00c82fa29339e22e43108099e79
        Validity
            Not Before: Jan  1 06:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4eb65ed835b7401a7e78c7250136ff24c8e60d88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:61:03:21:27:a9:bd:6a:a6:c6:71:65:d5:fb:
                    1e:e9:df:b4:46:52:30:b2:e3:b3:80:78:6b:c1:69:
                    39:25:8b:ef:40:eb:6c:83:a8:e5:5f:6f:24:8f:60:
                    5c:53:5a:8d:d8:1f:7e:7b:ca:ff:78:40:ab:f8:da:
                    b3:a2:07:36:97:f8:84:e0:d0:26:f3:0e:e5:84:fb:
                    35:c4:d9:f8:68:63:89:4f:1d:51:0f:52:a7:7c:75:
                    3e:65:14:77:c3:db:1c:0a:c9:d4:76:eb:9a:46:95:
                    52:02:03:18:ed:76:7f:6e:c8:20:22:f1:24:57:cf:
                    1d:77:c3:06:27:1c:59:be:c3:36:8a:de:a9:d1:64:
                    f4:10:44:03:0b:69:24:6d:7e:74:d3:0d:e6:c8:cf:
                    c8:de:45:b3:bf:d4:16:93:76:8d:24:15:80:29:1c:
                    7a:96:0a:73:4a:44:35:9d:1b:ae:ff:26:52:21:39:
                    7f:45:89:0a:de:f3:25:65:0a:12:55:1d:1e:0e:99:
                    e1:49:07:83:75:7f:da:ac:c7:1d:c1:1f:84:02:b9:
                    d5:83:da:fc:1a:4a:d9:73:c9:5f:bb:58:3b:76:63:
                    ca:f8:8c:8e:f9:50:2f:d5:8d:ca:74:c3:b7:36:3d:
                    37:5f:0f:90:33:44:cc:3d:a3:8d:c7:52:a0:f8:95:
                    a0:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:B6:5E:D8:35:B7:40:1A:7E:78:C7:25:01:36:FF:24:C8:E6:0D:88
            X509v3 Authority Key Identifier:
                keyid:55:25:77:5A:70:6A:C0:0C:82:FA:29:33:9E:22:E4:31:08:09:9E:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VSV3WnBqwAyC-ikzniLkMQgJnnk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/f46d4e-ac33-4fd1-9e69-7954ed38c8ba/1/TrZe2DW3QBp-eMclATb_JMjmDYg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/f46d4e-ac33-4fd1-9e69-7954ed38c8ba/1/VSV3WnBqwAyC-ikzniLkMQgJnnk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.233.40.0/21
                  178.17.212.0/22
                IPv6:
                  2a04:c040::/29

    Signature Algorithm: sha256WithRSAEncryption
         b3:0d:dc:c2:86:bb:ed:96:39:b7:6e:b0:70:18:c2:dc:54:9a:
         03:1c:f3:6b:fb:40:e3:59:c7:2d:03:ea:62:f2:0f:e2:a8:ba:
         63:38:58:46:52:4d:b9:bc:b7:8a:aa:8e:46:39:97:a5:bc:7a:
         e6:08:f4:20:aa:7e:ba:fe:9f:3a:c7:30:22:56:a4:49:b3:cc:
         32:2e:e7:8c:b4:41:f3:98:0e:c3:19:30:ca:d0:0c:46:a2:d7:
         f3:f5:24:f4:1f:bf:9a:7e:1f:8d:79:f0:dc:3e:e1:66:6d:ac:
         b0:f2:50:b9:13:a7:76:8b:85:07:f4:0f:cf:cf:58:48:35:e1:
         dc:02:eb:09:94:e5:4e:6a:1c:f7:9e:45:94:3a:f4:54:14:f8:
         8a:45:15:e1:37:78:44:21:21:53:ba:44:0d:5f:16:84:45:ed:
         43:48:c0:18:fa:ef:11:4c:c6:c3:6f:a7:07:27:1d:b9:ab:24:
         55:d3:22:39:5d:f4:de:6f:3c:c9:23:c1:69:8e:08:42:c6:49:
         63:de:83:0f:6a:27:13:ff:e8:a2:bf:4a:e4:d2:c8:0c:59:3c:
         d9:8b:f8:cc:0a:7f:c2:06:1d:94:92:a9:a0:db:e4:9c:68:a0:
         d1:b3:df:cd:cf:0c:96:92:b7:63:63:d7:a1:d3:47:bc:40:6a:
         c4:b0:ee:54
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzDtvtvJ+RciVbnarKvXBAbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1MjU3NzVhNzA2YWMwMGM4MmZhMjkzMzllMjJlNDMxMDgw
OTllNzkwHhcNMjQwMTAxMDYyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWI2NWVkODM1Yjc0MDFhN2U3OGM3MjUwMTM2ZmYyNGM4ZTYwZDg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWEDISepvWqmxnFl1fse6d+0RlIw
suOzgHhrwWk5JYvvQOtsg6jlX28kj2BcU1qN2B9+e8r/eECr+Nqzogc2l/iE4NAm
8w7lhPs1xNn4aGOJTx1RD1KnfHU+ZRR3w9scCsnUduuaRpVSAgMY7XZ/bsggIvEk
V88dd8MGJxxZvsM2it6p0WT0EEQDC2kkbX500w3myM/I3kWzv9QWk3aNJBWAKRx6
lgpzSkQ1nRuu/yZSITl/RYkK3vMlZQoSVR0eDpnhSQeDdX/arMcdwR+EArnVg9r8
GkrZc8lfu1g7dmPK+IyO+VAv1Y3KdMO3Nj03Xw+QM0TMPaONx1Kg+JWg8QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFE62Xtg1t0AafnjHJQE2/yTI5g2IMB8GA1UdIwQY
MBaAFFUld1pwasAMgvopM54i5DEICZ55MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlNWM1duQnF3QXlDLWlrem5pTGtNUWdKbm5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9mNDZkNGUtYWMzMy00ZmQxLTllNjkt
Nzk1NGVkMzhjOGJhLzEvVHJaZTJEVzNRQnAtZU1jbEFUYl9KTWptRFlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9mNDZkNGUtYWMzMy00ZmQxLTllNjktNzk1NGVkMzhjOGJh
LzEvVlNWM1duQnF3QXlDLWlrem5pTGtNUWdKbm5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDbekoAwQC
shHUMA0EAgACMAcDBQMqBMBAMA0GCSqGSIb3DQEBCwUAA4IBAQCzDdzChrvtljm3
brBwGMLcVJoDHPNr+0DjWcctA+pi8g/iqLpjOFhGUk25vLeKqo5GOZelvHrmCPQg
qn66/p86xzAiVqRJs8wyLueMtEHzmA7DGTDK0AxGotfz9ST0H7+afh+NefDcPuFm
bayw8lC5E6d2i4UH9A/Pz1hINeHcAusJlOVOahz3nkWUOvRUFPiKRRXhN3hEISFT
ukQNXxaERe1DSMAY+u8RTMbDb6cHJx25qyRV0yI5XfTebzzJI8FpjghCxklj3oMP
aicT/+iiv0rk0sgMWTzZi/jMCn/CBh2Ukqmg2+ScaKDRs9/NzwyWkrdjY9eh00e8
QGrEsO5U
-----END CERTIFICATE-----