Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/9fb1d7-8424-4c84-b0cb-2f51ecd1aa0e/1/TF0rf59RSKL1z8jICmvanvcAtHg.roa
File:                     TF0rf59RSKL1z8jICmvanvcAtHg.roa (raw, json)
Hash identifier:          UCOwI4Xg5tKAVe8CbR4/PSR8bwE9adWwDi6icC17xPk=
Subject key identifier:   4C:5D:2B:7F:9F:51:48:A2:F5:CF:C8:C8:0A:6B:DA:9E:F7:00:B4:78
Certificate issuer:       /CN=5134d1320645644e2eaf3685879d693f72522c76
Certificate serial:       018CC4931052A1417B0279DCBDD93155A5BD
Authority key identifier: 51:34:D1:32:06:45:64:4E:2E:AF:36:85:87:9D:69:3F:72:52:2C:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UTTRMgZFZE4urzaFh51pP3JSLHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/9fb1d7-8424-4c84-b0cb-2f51ecd1aa0e/1/TF0rf59RSKL1z8jICmvanvcAtHg.roa
Signing time:             Mon 01 Jan 2024 10:30:21 +0000
ROA not before:           Mon 01 Jan 2024 10:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203036
IP address blocks:        91.194.104.0/23 maxlen: 23
                          91.194.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/9fb1d7-8424-4c84-b0cb-2f51ecd1aa0e/1/UTTRMgZFZE4urzaFh51pP3JSLHY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/9fb1d7-8424-4c84-b0cb-2f51ecd1aa0e/1/UTTRMgZFZE4urzaFh51pP3JSLHY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UTTRMgZFZE4urzaFh51pP3JSLHY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:10:52:a1:41:7b:02:79:dc:bd:d9:31:55:a5:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5134d1320645644e2eaf3685879d693f72522c76
        Validity
            Not Before: Jan  1 10:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c5d2b7f9f5148a2f5cfc8c80a6bda9ef700b478
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:e9:f6:e0:62:84:4c:3b:ef:d6:b2:93:31:7c:
                    de:93:cf:ff:00:07:f0:f1:57:d9:11:f2:0b:e7:ed:
                    c7:d9:fd:5c:11:88:fb:e5:1a:e8:9c:c7:5b:c5:c0:
                    a3:00:3b:d1:75:bd:aa:c4:c8:f1:89:f8:6e:78:9a:
                    4a:05:00:1d:d1:a3:52:69:bf:0b:f2:30:e4:7f:7b:
                    4f:1a:c9:78:e1:21:46:47:96:97:32:fd:e1:96:60:
                    bd:e3:f0:ea:59:c3:29:a4:79:0f:f8:cc:14:55:31:
                    fa:60:7a:53:5a:6c:12:30:4b:53:f6:c1:b9:1f:ac:
                    90:5b:2f:71:15:d3:d5:fb:89:24:f6:63:63:34:fa:
                    20:8f:98:67:b7:b7:e0:55:e9:96:3b:ee:75:dc:4c:
                    fc:26:37:a4:d9:99:3f:59:ee:31:8a:62:19:99:93:
                    de:cf:a5:c2:6c:c1:00:86:7b:2d:a8:fd:36:70:5f:
                    44:45:81:fa:41:6b:25:03:27:b6:69:94:6a:db:88:
                    ae:45:1f:5c:2a:1d:6b:ec:7f:a9:a9:7a:18:d4:2b:
                    a6:f9:ab:3a:2f:ea:08:4e:f3:1e:ed:3d:a6:66:83:
                    7a:79:39:16:8c:4b:2d:dc:7d:d7:64:a3:09:05:5f:
                    65:6b:1c:b2:35:2b:66:0b:df:99:9d:8f:5d:5e:39:
                    1e:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:5D:2B:7F:9F:51:48:A2:F5:CF:C8:C8:0A:6B:DA:9E:F7:00:B4:78
            X509v3 Authority Key Identifier:
                keyid:51:34:D1:32:06:45:64:4E:2E:AF:36:85:87:9D:69:3F:72:52:2C:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UTTRMgZFZE4urzaFh51pP3JSLHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/9fb1d7-8424-4c84-b0cb-2f51ecd1aa0e/1/TF0rf59RSKL1z8jICmvanvcAtHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/9fb1d7-8424-4c84-b0cb-2f51ecd1aa0e/1/UTTRMgZFZE4urzaFh51pP3JSLHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.104.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5f:ad:a1:22:a2:e6:d4:ad:29:2a:27:79:5a:47:ea:7a:78:61:
         58:a5:4c:15:e9:57:22:09:bc:75:21:ce:01:fc:55:cd:18:be:
         64:97:76:51:45:21:d9:de:22:fc:b2:f8:df:6c:ac:94:13:93:
         2e:45:e5:6c:25:d6:ae:50:d2:f3:b6:d5:e1:82:c2:70:08:41:
         6b:2c:03:61:cd:33:0e:dc:55:a2:0b:e6:c5:a3:fb:db:ec:f1:
         6a:ff:15:8c:aa:d4:10:0a:59:07:0a:86:45:de:7a:4a:1e:17:
         66:4a:59:7b:ee:0e:19:79:bf:c6:69:dc:a7:bd:be:ea:07:1b:
         55:c1:b1:64:61:6e:45:43:64:90:06:85:13:02:a2:aa:40:50:
         52:8c:e4:25:f7:6d:50:cc:a3:fb:d3:29:dd:c5:0d:b6:37:e2:
         71:f0:c0:17:92:24:77:fb:29:5c:36:54:31:42:cc:4a:5b:0f:
         ed:95:48:42:34:80:17:b0:1c:aa:27:af:c1:1c:ba:08:08:6d:
         3d:80:49:fe:29:02:48:2f:ba:a4:67:70:c9:77:80:7c:d5:7d:
         f0:e9:c1:1c:d7:48:8a:c9:b6:7c:21:65:ed:82:59:3f:c1:da:
         6f:5f:d2:ec:6b:54:9c:8e:8b:f5:67:49:27:cc:92:3a:96:79:
         eb:9b:f4:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkxBSoUF7AnncvdkxVaW9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMzRkMTMyMDY0NTY0NGUyZWFmMzY4NTg3OWQ2OTNmNzI1
MjJjNzYwHhcNMjQwMTAxMTAzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzVkMmI3ZjlmNTE0OGEyZjVjZmM4YzgwYTZiZGE5ZWY3MDBiNDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgOn24GKETDvv1rKTMXzek8//AAfw
8VfZEfIL5+3H2f1cEYj75RronMdbxcCjADvRdb2qxMjxifhueJpKBQAd0aNSab8L
8jDkf3tPGsl44SFGR5aXMv3hlmC94/DqWcMppHkP+MwUVTH6YHpTWmwSMEtT9sG5
H6yQWy9xFdPV+4kk9mNjNPogj5hnt7fgVemWO+513Ez8Jjek2Zk/We4ximIZmZPe
z6XCbMEAhnstqP02cF9ERYH6QWslAye2aZRq24iuRR9cKh1r7H+pqXoY1Cum+as6
L+oITvMe7T2mZoN6eTkWjEst3H3XZKMJBV9laxyyNStmC9+ZnY9dXjkeswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFExdK3+fUUii9c/IyApr2p73ALR4MB8GA1UdIwQY
MBaAFFE00TIGRWROLq82hYedaT9yUix2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVRUUk1nWkZaRTR1cnphRmg1MXBQM0pTTEhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS85ZmIxZDctODQyNC00Yzg0LWIwY2It
MmY1MWVjZDFhYTBlLzEvVEYwcmY1OVJTS0wxejhqSUNtdmFudmNBdEhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS85ZmIxZDctODQyNC00Yzg0LWIwY2ItMmY1MWVjZDFhYTBl
LzEvVVRUUk1nWkZaRTR1cnphRmg1MXBQM0pTTEhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8JoMA0G
CSqGSIb3DQEBCwUAA4IBAQBfraEioubUrSkqJ3laR+p6eGFYpUwV6VciCbx1Ic4B
/FXNGL5kl3ZRRSHZ3iL8svjfbKyUE5MuReVsJdauUNLzttXhgsJwCEFrLANhzTMO
3FWiC+bFo/vb7PFq/xWMqtQQClkHCoZF3npKHhdmSll77g4Zeb/Gadynvb7qBxtV
wbFkYW5FQ2SQBoUTAqKqQFBSjOQl921QzKP70yndxQ22N+Jx8MAXkiR3+ylcNlQx
QsxKWw/tlUhCNIAXsByqJ6/BHLoICG09gEn+KQJIL7qkZ3DJd4B81X3w6cEc10iK
ybZ8IWXtglk/wdpvX9Lsa1Scjov1Z0knzJI6lnnrm/RT
-----END CERTIFICATE-----