Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/353282-53e2-46a2-8fc4-41d49a8ffc81/1/TRZJL2vCcLPQjPkJ3L6xjklC36U.roa
File:                     TRZJL2vCcLPQjPkJ3L6xjklC36U.roa (raw, json)
Hash identifier:          1WM8GgfozNoMMiEkaVteUZKulo60CdUZDBx7edAKGJg=
Subject key identifier:   4D:16:49:2F:6B:C2:70:B3:D0:8C:F9:09:DC:BE:B1:8E:49:42:DF:A5
Certificate issuer:       /CN=0d9e34b149477d55ef0b5962a5e5e00cdfb58489
Certificate serial:       018CC94E58210DB020BF8B3983897328C216
Authority key identifier: 0D:9E:34:B1:49:47:7D:55:EF:0B:59:62:A5:E5:E0:0C:DF:B5:84:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DZ40sUlHfVXvC1lipeXgDN-1hIk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/353282-53e2-46a2-8fc4-41d49a8ffc81/1/TRZJL2vCcLPQjPkJ3L6xjklC36U.roa
Signing time:             Tue 02 Jan 2024 08:33:23 +0000
ROA not before:           Tue 02 Jan 2024 08:33:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57167
IP address blocks:        193.0.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/353282-53e2-46a2-8fc4-41d49a8ffc81/1/DZ40sUlHfVXvC1lipeXgDN-1hIk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/353282-53e2-46a2-8fc4-41d49a8ffc81/1/DZ40sUlHfVXvC1lipeXgDN-1hIk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DZ40sUlHfVXvC1lipeXgDN-1hIk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 07:52:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:58:21:0d:b0:20:bf:8b:39:83:89:73:28:c2:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d9e34b149477d55ef0b5962a5e5e00cdfb58489
        Validity
            Not Before: Jan  2 08:33:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d16492f6bc270b3d08cf909dcbeb18e4942dfa5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:84:13:9f:93:6f:ec:08:f3:e9:b9:f7:cd:7b:
                    22:0c:57:37:35:9c:ef:75:6e:27:b2:5a:71:2f:05:
                    78:d1:39:3e:a2:f1:64:0a:62:f6:e3:e4:ba:19:5f:
                    a8:83:63:39:14:4f:a6:9f:e3:c2:f8:00:d0:65:9a:
                    ae:2c:6c:1c:74:0e:96:a5:09:61:2a:93:d6:ef:84:
                    51:57:e9:6a:3f:e5:1c:a8:8b:35:2a:95:63:a1:d2:
                    af:5e:dd:13:d6:1a:9e:7e:64:d0:d5:76:70:fb:0d:
                    93:32:a5:c4:a6:8e:aa:a6:50:21:b8:d3:97:2b:52:
                    d8:e8:4b:e4:62:72:aa:72:3f:30:1d:59:05:3d:f2:
                    40:62:05:55:73:4a:87:97:06:8b:c8:00:5a:01:b6:
                    95:0f:a7:d9:a5:b4:9f:a9:79:48:f3:6f:33:57:ca:
                    3b:12:56:48:cf:ab:ad:4d:94:da:5d:df:9c:0d:c3:
                    92:5a:94:56:91:e4:c7:f6:bc:36:59:10:43:ee:db:
                    41:c6:4d:2d:00:69:cc:09:b5:98:19:98:27:e1:38:
                    0b:13:02:f9:3f:30:b1:a7:5e:3a:b2:31:0d:8b:dd:
                    d5:f1:2a:b4:12:09:5a:ff:e5:52:f1:bb:82:c2:6e:
                    28:ce:bd:e9:b3:df:cb:bc:0e:56:89:c0:3c:26:01:
                    ff:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:16:49:2F:6B:C2:70:B3:D0:8C:F9:09:DC:BE:B1:8E:49:42:DF:A5
            X509v3 Authority Key Identifier:
                keyid:0D:9E:34:B1:49:47:7D:55:EF:0B:59:62:A5:E5:E0:0C:DF:B5:84:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DZ40sUlHfVXvC1lipeXgDN-1hIk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/353282-53e2-46a2-8fc4-41d49a8ffc81/1/TRZJL2vCcLPQjPkJ3L6xjklC36U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/353282-53e2-46a2-8fc4-41d49a8ffc81/1/DZ40sUlHfVXvC1lipeXgDN-1hIk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:cb:a2:83:48:3c:7c:36:28:97:ab:26:01:b1:73:f8:5e:52:
         c4:65:1a:fa:3a:31:3e:f6:a6:89:93:f8:5e:27:bf:42:ce:28:
         e2:f0:f5:56:4e:1b:8b:b5:0f:72:0e:ef:fa:ff:3c:26:79:e0:
         ac:91:4c:ed:57:49:a5:30:49:22:5e:78:2e:27:a7:95:b4:0c:
         21:e8:13:54:d6:70:7d:f2:fb:5e:f6:68:d6:07:2b:a9:98:24:
         54:bc:ad:9b:78:4e:94:55:1c:21:52:f4:ec:2f:cb:57:c8:96:
         78:07:78:92:2c:94:29:52:54:b2:c1:ab:0d:fc:81:bb:1c:96:
         18:dd:f0:de:3e:e9:52:2d:5b:35:cd:ed:19:4f:36:7a:7a:e6:
         d7:f3:f5:b2:39:12:7e:c8:30:b8:f8:78:e6:bc:5a:f0:ee:84:
         a0:b1:71:4e:77:fc:c5:a8:45:bd:21:d6:b1:db:70:e7:f6:a9:
         b3:24:6a:c5:2e:63:81:0e:61:aa:47:19:b0:1f:eb:45:56:fd:
         8c:97:fc:d3:49:80:50:b4:93:f7:1f:be:a4:7d:58:41:2a:38:
         8a:97:91:e9:36:73:43:1b:c8:6c:23:e0:13:e9:ed:7c:0a:5f:
         9d:36:e4:58:c6:89:5c:fe:13:a3:c8:67:d3:b4:43:9c:be:5b:
         cf:73:f2:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTlghDbAgv4s5g4lzKMIWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkOWUzNGIxNDk0NzdkNTVlZjBiNTk2MmE1ZTVlMDBjZGZi
NTg0ODkwHhcNMjQwMTAyMDgzMzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDE2NDkyZjZiYzI3MGIzZDA4Y2Y5MDlkY2JlYjE4ZTQ5NDJkZmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhYQTn5Nv7Ajz6bn3zXsiDFc3NZzv
dW4nslpxLwV40Tk+ovFkCmL24+S6GV+og2M5FE+mn+PC+ADQZZquLGwcdA6WpQlh
KpPW74RRV+lqP+UcqIs1KpVjodKvXt0T1hqefmTQ1XZw+w2TMqXEpo6qplAhuNOX
K1LY6EvkYnKqcj8wHVkFPfJAYgVVc0qHlwaLyABaAbaVD6fZpbSfqXlI828zV8o7
ElZIz6utTZTaXd+cDcOSWpRWkeTH9rw2WRBD7ttBxk0tAGnMCbWYGZgn4TgLEwL5
PzCxp146sjENi93V8Sq0Egla/+VS8buCwm4ozr3ps9/LvA5WicA8JgH/qwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE0WSS9rwnCz0Iz5Cdy+sY5JQt+lMB8GA1UdIwQY
MBaAFA2eNLFJR31V7wtZYqXl4AzftYSJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFo0MHNVbEhmVlh2QzFsaXBlWGdETi0xaElrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8zNTMyODItNTNlMi00NmEyLThmYzQt
NDFkNDlhOGZmYzgxLzEvVFJaSkwydkNjTFBRalBrSjNMNnhqa2xDMzZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8zNTMyODItNTNlMi00NmEyLThmYzQtNDFkNDlhOGZmYzgx
LzEvRFo0MHNVbEhmVlh2QzFsaXBlWGdETi0xaElrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQA9MA0G
CSqGSIb3DQEBCwUAA4IBAQCZy6KDSDx8NiiXqyYBsXP4XlLEZRr6OjE+9qaJk/he
J79Cziji8PVWThuLtQ9yDu/6/zwmeeCskUztV0mlMEkiXnguJ6eVtAwh6BNU1nB9
8vte9mjWByupmCRUvK2beE6UVRwhUvTsL8tXyJZ4B3iSLJQpUlSywasN/IG7HJYY
3fDePulSLVs1ze0ZTzZ6eubX8/WyORJ+yDC4+HjmvFrw7oSgsXFOd/zFqEW9Idax
23Dn9qmzJGrFLmOBDmGqRxmwH+tFVv2Ml/zTSYBQtJP3H76kfVhBKjiKl5HpNnND
G8hsI+AT6e18Cl+dNuRYxolc/hOjyGfTtEOcvlvPc/JW
-----END CERTIFICATE-----