Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/325b84-2ed4-4092-906c-100eed812c40/1/Tvgg7IDhGckS6IOIrDOKSeFdQRc.roa
File:                     Tvgg7IDhGckS6IOIrDOKSeFdQRc.roa (raw, json)
Hash identifier:          VDrgkWytudhz3tnsjE3jFjnypPU3YiV7lUzrE424GDo=
Subject key identifier:   4E:F8:20:EC:80:E1:19:C9:12:E8:83:88:AC:33:8A:49:E1:5D:41:17
Certificate issuer:       /CN=a62f2d3c269d935227690b28b7fbdd953e1e9edc
Certificate serial:       018CC3B727BAF8F72D637D85BE0710C3B953
Authority key identifier: A6:2F:2D:3C:26:9D:93:52:27:69:0B:28:B7:FB:DD:95:3E:1E:9E:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pi8tPCadk1InaQsot_vdlT4entw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/325b84-2ed4-4092-906c-100eed812c40/1/Tvgg7IDhGckS6IOIrDOKSeFdQRc.roa
Signing time:             Mon 01 Jan 2024 06:30:09 +0000
ROA not before:           Mon 01 Jan 2024 06:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15557
IP address blocks:        194.88.223.0/24 maxlen: 24
                          194.88.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/325b84-2ed4-4092-906c-100eed812c40/1/pi8tPCadk1InaQsot_vdlT4entw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/325b84-2ed4-4092-906c-100eed812c40/1/pi8tPCadk1InaQsot_vdlT4entw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pi8tPCadk1InaQsot_vdlT4entw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:27:ba:f8:f7:2d:63:7d:85:be:07:10:c3:b9:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a62f2d3c269d935227690b28b7fbdd953e1e9edc
        Validity
            Not Before: Jan  1 06:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ef820ec80e119c912e88388ac338a49e15d4117
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:9d:0f:40:39:75:d2:77:19:82:df:e6:95:99:
                    ff:60:97:04:ab:5b:89:e0:5a:c6:5a:4f:b8:0b:d4:
                    47:86:8e:6a:84:1d:17:3a:e4:b6:c3:bc:7e:f0:61:
                    fe:67:48:cf:27:4f:24:79:c1:f8:fb:5e:23:7e:dd:
                    19:78:73:ec:67:81:3d:4d:02:90:45:b9:ff:b4:c1:
                    50:eb:ca:f0:10:fe:93:b7:0f:7c:20:cd:2f:fa:f4:
                    fd:11:2e:1a:e3:f5:3f:ee:46:2f:a7:f3:bb:9e:cb:
                    22:15:1a:a3:09:33:9c:e0:57:b6:b7:ba:7c:50:81:
                    4f:d7:38:0a:fe:06:fe:5d:8f:a6:d2:be:04:e6:9c:
                    1a:28:cf:54:5c:fe:73:82:3c:76:52:7c:e2:9b:f9:
                    81:75:fb:44:40:0a:f3:07:be:4f:88:a0:c2:33:da:
                    85:57:29:3c:21:ac:75:79:2b:c8:93:9e:ea:ed:8f:
                    fe:4a:f3:74:47:ab:66:a2:b8:e0:bb:9f:a3:5f:28:
                    c9:db:fc:2d:a8:a7:61:d6:ce:94:b3:0c:0b:e3:f7:
                    09:38:8f:a5:9c:ef:b5:4d:53:0a:91:f8:86:35:a2:
                    90:6a:79:3d:f3:5c:63:46:89:12:27:31:a1:42:45:
                    f9:40:5b:38:ba:f6:59:c2:19:2f:4f:b3:48:f7:01:
                    ae:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:F8:20:EC:80:E1:19:C9:12:E8:83:88:AC:33:8A:49:E1:5D:41:17
            X509v3 Authority Key Identifier:
                keyid:A6:2F:2D:3C:26:9D:93:52:27:69:0B:28:B7:FB:DD:95:3E:1E:9E:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pi8tPCadk1InaQsot_vdlT4entw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/325b84-2ed4-4092-906c-100eed812c40/1/Tvgg7IDhGckS6IOIrDOKSeFdQRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/325b84-2ed4-4092-906c-100eed812c40/1/pi8tPCadk1InaQsot_vdlT4entw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.88.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         11:34:1a:34:26:2b:e8:31:f8:3a:d3:98:1d:8e:1a:d6:3f:f2:
         85:e4:d1:a0:bc:9c:8e:01:4a:5c:8c:cc:42:9d:3a:ec:26:07:
         fc:40:69:82:b4:02:5f:57:df:79:a1:98:5c:bc:92:fa:df:d6:
         b3:7b:c8:5b:46:47:91:85:d4:b4:09:e0:d3:7f:88:f1:1c:c2:
         ba:9b:1c:af:a4:ee:8d:b0:51:e3:6c:ff:4a:ae:01:22:e5:40:
         e3:7a:d6:96:aa:93:a6:e6:c4:4c:1a:a5:0c:98:3b:89:58:d3:
         52:eb:bd:1c:dd:23:5a:67:13:25:63:c5:d0:8a:4e:0a:8f:2f:
         ea:48:12:b5:dc:07:ac:f2:b1:17:4e:f5:73:d5:96:2d:1d:23:
         61:0a:0d:0f:ef:6c:66:86:0c:a5:c2:d3:c8:ac:7d:88:8a:90:
         79:7c:97:47:65:0a:13:86:e2:76:43:a1:12:ec:a5:cd:71:81:
         49:e7:33:46:1e:0c:9b:17:0b:a6:9b:6e:93:e0:4c:d6:e2:97:
         2d:61:92:74:70:68:77:e4:e8:b5:9d:c9:0f:8c:64:aa:33:e8:
         83:58:71:34:d4:5f:45:47:03:91:96:69:8b:3b:25:1a:c7:97:
         73:a4:9d:52:ed:94:3f:ea:06:92:bd:fa:a7:b3:c4:5b:3c:43:
         5b:10:4e:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtye6+PctY32FvgcQw7lTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MmYyZDNjMjY5ZDkzNTIyNzY5MGIyOGI3ZmJkZDk1M2Ux
ZTllZGMwHhcNMjQwMTAxMDYzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWY4MjBlYzgwZTExOWM5MTJlODgzODhhYzMzOGE0OWUxNWQ0MTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjZ0PQDl10ncZgt/mlZn/YJcEq1uJ
4FrGWk+4C9RHho5qhB0XOuS2w7x+8GH+Z0jPJ08kecH4+14jft0ZeHPsZ4E9TQKQ
Rbn/tMFQ68rwEP6Ttw98IM0v+vT9ES4a4/U/7kYvp/O7nssiFRqjCTOc4Fe2t7p8
UIFP1zgK/gb+XY+m0r4E5pwaKM9UXP5zgjx2Unzim/mBdftEQArzB75PiKDCM9qF
Vyk8Iax1eSvIk57q7Y/+SvN0R6tmorjgu5+jXyjJ2/wtqKdh1s6UswwL4/cJOI+l
nO+1TVMKkfiGNaKQank981xjRokSJzGhQkX5QFs4uvZZwhkvT7NI9wGuGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE74IOyA4RnJEuiDiKwziknhXUEXMB8GA1UdIwQY
MBaAFKYvLTwmnZNSJ2kLKLf73ZU+Hp7cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGk4dFBDYWRrMUluYVFzb3RfdmRsVDRlbnR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8zMjViODQtMmVkNC00MDkyLTkwNmMt
MTAwZWVkODEyYzQwLzEvVHZnZzdJRGhHY2tTNklPSXJET0tTZUZkUVJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8zMjViODQtMmVkNC00MDkyLTkwNmMtMTAwZWVkODEyYzQw
LzEvcGk4dFBDYWRrMUluYVFzb3RfdmRsVDRlbnR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwljeMA0G
CSqGSIb3DQEBCwUAA4IBAQARNBo0JivoMfg605gdjhrWP/KF5NGgvJyOAUpcjMxC
nTrsJgf8QGmCtAJfV995oZhcvJL639aze8hbRkeRhdS0CeDTf4jxHMK6mxyvpO6N
sFHjbP9KrgEi5UDjetaWqpOm5sRMGqUMmDuJWNNS670c3SNaZxMlY8XQik4Kjy/q
SBK13Aes8rEXTvVz1ZYtHSNhCg0P72xmhgylwtPIrH2IipB5fJdHZQoThuJ2Q6ES
7KXNcYFJ5zNGHgybFwumm26T4EzW4pctYZJ0cGh35Oi1nckPjGSqM+iDWHE01F9F
RwORlmmLOyUax5dzpJ1S7ZQ/6gaSvfqns8RbPENbEE7x
-----END CERTIFICATE-----