Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/3fa45d-61b6-4a26-8d7f-8d9d752c4f4a/1/TVeHjhVWbICpNHZP772KOh7sIXA.roa
File:                     TVeHjhVWbICpNHZP772KOh7sIXA.roa (raw, json)
Hash identifier:          /rFgWEBK5MuYOGSTb1HsjVhMUcJExp31MsA6lxna8gY=
Subject key identifier:   4D:57:87:8E:15:56:6C:80:A9:34:76:4F:EF:BD:8A:3A:1E:EC:21:70
Certificate issuer:       /CN=1f74988332069e1835246a85a1094125152b3765
Certificate serial:       018CC5DCCBF91FF39AB25E852BFEAB500FCD
Authority key identifier: 1F:74:98:83:32:06:9E:18:35:24:6A:85:A1:09:41:25:15:2B:37:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H3SYgzIGnhg1JGqFoQlBJRUrN2U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/3fa45d-61b6-4a26-8d7f-8d9d752c4f4a/1/TVeHjhVWbICpNHZP772KOh7sIXA.roa
Signing time:             Mon 01 Jan 2024 16:30:30 +0000
ROA not before:           Mon 01 Jan 2024 16:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200387
IP address blocks:        194.49.11.0/24 maxlen: 24
                          194.49.8.0/24 maxlen: 24
                          194.49.9.0/24 maxlen: 24
                          194.49.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/3fa45d-61b6-4a26-8d7f-8d9d752c4f4a/1/H3SYgzIGnhg1JGqFoQlBJRUrN2U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/3fa45d-61b6-4a26-8d7f-8d9d752c4f4a/1/H3SYgzIGnhg1JGqFoQlBJRUrN2U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H3SYgzIGnhg1JGqFoQlBJRUrN2U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:cb:f9:1f:f3:9a:b2:5e:85:2b:fe:ab:50:0f:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f74988332069e1835246a85a1094125152b3765
        Validity
            Not Before: Jan  1 16:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d57878e15566c80a934764fefbd8a3a1eec2170
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:60:83:c4:c9:27:45:70:2c:8d:a4:75:f8:36:
                    ab:b8:89:5e:ed:94:80:36:24:79:c0:81:61:75:85:
                    87:e8:b9:f9:d5:f2:db:47:83:91:6d:99:4e:fe:71:
                    5e:e3:b8:b9:59:30:1a:f1:df:6d:d3:78:d7:f5:a4:
                    65:ad:b4:c8:19:79:4d:98:ae:93:99:df:0c:87:13:
                    ca:db:4a:95:10:81:75:7c:7d:f0:06:d0:4f:33:ce:
                    bf:83:cc:a3:af:6a:74:3d:6b:18:c6:25:d3:45:a4:
                    e5:b1:d0:e0:77:9a:66:1c:8b:fb:aa:e0:90:40:85:
                    ed:79:a2:cd:a6:e0:af:b5:48:5d:06:c8:9a:d6:73:
                    d4:f0:63:8a:dd:00:27:27:2b:04:12:3c:8d:b3:73:
                    e2:c3:92:fb:0e:7b:38:53:0f:86:ea:68:18:6e:f8:
                    72:c2:b9:7d:db:00:a0:fa:ca:02:35:1f:c5:e1:c7:
                    9e:11:8e:e4:9a:f4:d8:ec:d6:7a:cf:3d:69:a3:70:
                    b5:19:b2:83:01:bf:b2:97:2b:4b:70:52:89:6d:79:
                    f6:dd:bf:5a:4c:3a:df:a1:97:1e:67:15:45:09:79:
                    65:c4:b0:ac:b6:22:2a:d2:6e:75:4c:9a:24:da:3a:
                    2f:c7:8f:7a:a1:f7:49:1a:b2:68:e5:eb:ba:a3:8c:
                    ff:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:57:87:8E:15:56:6C:80:A9:34:76:4F:EF:BD:8A:3A:1E:EC:21:70
            X509v3 Authority Key Identifier:
                keyid:1F:74:98:83:32:06:9E:18:35:24:6A:85:A1:09:41:25:15:2B:37:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H3SYgzIGnhg1JGqFoQlBJRUrN2U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/3fa45d-61b6-4a26-8d7f-8d9d752c4f4a/1/TVeHjhVWbICpNHZP772KOh7sIXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/3fa45d-61b6-4a26-8d7f-8d9d752c4f4a/1/H3SYgzIGnhg1JGqFoQlBJRUrN2U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.49.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8f:dd:6f:de:92:68:c1:f3:be:ce:75:51:da:d3:11:f8:8e:0b:
         bc:05:6e:11:54:fd:91:3c:ba:01:53:12:ae:7c:56:3c:65:d4:
         86:19:5d:ac:af:33:ee:ca:40:b2:25:f5:41:2d:47:f2:79:2f:
         9f:da:77:68:6b:22:af:8d:64:83:ee:84:c1:d4:7d:06:f1:89:
         2b:dc:46:1e:45:05:46:5f:fe:84:f2:1b:88:f5:80:83:ea:67:
         e7:c8:94:93:a7:5e:b9:f5:b8:76:a7:8d:bd:cb:ac:0e:4a:97:
         5f:ee:75:08:a6:81:65:c7:16:3f:7e:b6:8a:0d:2e:ea:7a:4d:
         85:6c:b4:51:e2:d8:87:7a:6e:a5:62:b3:21:f9:37:9a:ea:a3:
         83:d5:06:68:05:f3:1f:62:2f:b4:70:16:e1:bb:ae:4f:c1:5d:
         0f:03:95:3f:25:0b:3f:23:7c:8b:a8:fd:bb:af:5d:3e:2b:93:
         3d:1d:99:bc:e2:29:c7:d1:a4:1c:bc:f9:ca:c6:50:b8:8a:f8:
         9b:81:9f:56:32:9b:90:3a:0f:f3:b5:0b:d6:5b:66:b4:fb:0f:
         6c:e6:1a:22:25:4c:ee:a8:4b:2a:86:56:05:1b:2e:07:fc:ed:
         eb:c5:18:3f:bf:ae:c2:ac:83:2f:a3:de:8c:81:57:9a:e3:ca:
         34:57:d1:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Mv5H/Oasl6FK/6rUA/NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNzQ5ODgzMzIwNjllMTgzNTI0NmE4NWExMDk0MTI1MTUy
YjM3NjUwHhcNMjQwMTAxMTYzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDU3ODc4ZTE1NTY2YzgwYTkzNDc2NGZlZmJkOGEzYTFlZWMyMTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA32CDxMknRXAsjaR1+DaruIle7ZSA
NiR5wIFhdYWH6Ln51fLbR4ORbZlO/nFe47i5WTAa8d9t03jX9aRlrbTIGXlNmK6T
md8MhxPK20qVEIF1fH3wBtBPM86/g8yjr2p0PWsYxiXTRaTlsdDgd5pmHIv7quCQ
QIXteaLNpuCvtUhdBsia1nPU8GOK3QAnJysEEjyNs3Piw5L7Dns4Uw+G6mgYbvhy
wrl92wCg+soCNR/F4ceeEY7kmvTY7NZ6zz1po3C1GbKDAb+ylytLcFKJbXn23b9a
TDrfoZceZxVFCXllxLCstiIq0m51TJok2jovx496ofdJGrJo5eu6o4z/dQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE1Xh44VVmyAqTR2T++9ijoe7CFwMB8GA1UdIwQY
MBaAFB90mIMyBp4YNSRqhaEJQSUVKzdlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDNTWWd6SUduaGcxSkdxRm9RbEJKUlVyTjJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8zZmE0NWQtNjFiNi00YTI2LThkN2Yt
OGQ5ZDc1MmM0ZjRhLzEvVFZlSGpoVldiSUNwTkhaUDc3MktPaDdzSVhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8zZmE0NWQtNjFiNi00YTI2LThkN2YtOGQ5ZDc1MmM0ZjRh
LzEvSDNTWWd6SUduaGcxSkdxRm9RbEJKUlVyTjJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwjEIMA0G
CSqGSIb3DQEBCwUAA4IBAQCP3W/ekmjB877OdVHa0xH4jgu8BW4RVP2RPLoBUxKu
fFY8ZdSGGV2srzPuykCyJfVBLUfyeS+f2ndoayKvjWSD7oTB1H0G8Ykr3EYeRQVG
X/6E8huI9YCD6mfnyJSTp1659bh2p429y6wOSpdf7nUIpoFlxxY/fraKDS7qek2F
bLRR4tiHem6lYrMh+Tea6qOD1QZoBfMfYi+0cBbhu65PwV0PA5U/JQs/I3yLqP27
r10+K5M9HZm84inH0aQcvPnKxlC4ivibgZ9WMpuQOg/ztQvWW2a0+w9s5hoiJUzu
qEsqhlYFGy4H/O3rxRg/v67CrIMvo96MgVea48o0V9HC
-----END CERTIFICATE-----