Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/6b4023-adef-4e4d-8cf6-32669737c517/1/tpcLfnSFe1LhX4JafoXime7wXxw.roa
File:                     tpcLfnSFe1LhX4JafoXime7wXxw.roa (raw, json)
Hash identifier:          5bEgNy5LIfp1SJAYM4F8oQrbGx7UDr0Zn6gyPZH4W9s=
Subject key identifier:   B6:97:0B:7E:74:85:7B:52:E1:5F:82:5A:7E:85:E2:99:EE:F0:5F:1C
Certificate issuer:       /CN=1b534d47ad8db5894a5fc9342e4558f94e4f17f1
Certificate serial:       01942143B9431594929E93D279333D594F8B
Authority key identifier: 1B:53:4D:47:AD:8D:B5:89:4A:5F:C9:34:2E:45:58:F9:4E:4F:17:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G1NNR62NtYlKX8k0LkVY-U5PF_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/6b4023-adef-4e4d-8cf6-32669737c517/1/tpcLfnSFe1LhX4JafoXime7wXxw.roa
Signing time:             Wed 01 Jan 2025 09:47:53 +0000
ROA not before:           Wed 01 Jan 2025 09:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15576
IP address blocks:        194.176.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/6b4023-adef-4e4d-8cf6-32669737c517/1/G1NNR62NtYlKX8k0LkVY-U5PF_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/6b4023-adef-4e4d-8cf6-32669737c517/1/G1NNR62NtYlKX8k0LkVY-U5PF_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G1NNR62NtYlKX8k0LkVY-U5PF_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Mar 2025 09:14:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:b9:43:15:94:92:9e:93:d2:79:33:3d:59:4f:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b534d47ad8db5894a5fc9342e4558f94e4f17f1
        Validity
            Not Before: Jan  1 09:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b6970b7e74857b52e15f825a7e85e299eef05f1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:c7:24:6e:fe:dd:d8:85:71:f6:f7:ba:fd:7a:
                    fd:49:3a:f3:52:7a:5d:58:70:03:19:15:2d:fe:02:
                    29:84:58:74:a3:e5:3b:e0:a1:e1:c5:1c:ce:9a:d7:
                    57:94:c9:72:0f:5c:23:3b:c8:90:f4:cc:da:c5:21:
                    b8:d4:19:c1:42:32:12:d0:3a:51:cb:f6:15:b8:55:
                    04:b9:4d:f7:c5:b0:ad:2e:d5:a3:f1:29:f3:3b:b4:
                    29:dd:ac:77:c3:57:c4:7f:bb:5d:2c:bf:20:dd:37:
                    45:05:8e:ad:68:85:3b:1b:85:c2:c8:9d:84:5a:69:
                    a1:96:11:21:59:0d:d9:d5:de:37:27:ea:5e:f3:e5:
                    2f:55:94:a8:eb:fd:52:7b:b8:ec:dd:f8:90:f3:fc:
                    90:18:37:a6:78:ab:80:b2:0b:b3:50:cf:db:c7:65:
                    a4:24:c2:9a:76:c2:3d:23:64:03:09:fe:eb:ff:82:
                    fa:6f:1c:98:bc:fd:de:9b:ac:5b:47:c7:09:dc:a5:
                    75:5a:4e:cb:de:ab:ff:0a:59:cd:a0:fd:26:6a:98:
                    06:17:fa:2c:4e:e2:27:04:43:a1:bb:42:23:6a:2a:
                    6b:b3:3f:5a:64:17:b6:87:98:1f:c8:9a:77:2a:81:
                    27:48:27:f5:a6:9d:73:d3:37:35:72:80:88:a5:ed:
                    f6:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:97:0B:7E:74:85:7B:52:E1:5F:82:5A:7E:85:E2:99:EE:F0:5F:1C
            X509v3 Authority Key Identifier:
                keyid:1B:53:4D:47:AD:8D:B5:89:4A:5F:C9:34:2E:45:58:F9:4E:4F:17:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G1NNR62NtYlKX8k0LkVY-U5PF_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/6b4023-adef-4e4d-8cf6-32669737c517/1/tpcLfnSFe1LhX4JafoXime7wXxw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/6b4023-adef-4e4d-8cf6-32669737c517/1/G1NNR62NtYlKX8k0LkVY-U5PF_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.176.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:13:de:2b:e3:4b:3e:b1:46:95:5c:3c:e6:6f:a8:54:be:1b:
         18:76:92:09:57:09:ad:bc:07:2e:2d:59:36:fa:f1:9a:a8:68:
         ea:35:d0:d5:8f:c4:e4:f0:f4:4e:70:8e:c8:ea:87:98:4e:f1:
         1e:ea:05:16:75:28:ff:98:34:50:fa:f5:b3:93:12:ed:ce:46:
         91:1b:95:98:32:8c:85:d7:54:28:6f:84:46:17:51:97:e0:17:
         d8:42:41:b6:66:43:aa:4b:67:8d:74:ba:13:12:70:35:7c:71:
         1b:eb:b3:6f:6f:ab:02:03:50:2a:23:08:9e:dc:6e:fa:5f:a5:
         af:ac:79:66:91:73:e9:08:26:9d:87:b5:5d:0d:ce:cd:3e:db:
         58:10:dd:17:6a:ff:02:aa:fb:71:60:61:71:45:51:53:aa:ac:
         7e:c0:44:2b:f5:8b:74:2b:4a:6f:d2:d8:73:db:36:95:b0:5f:
         f2:a6:92:c5:74:4e:1e:9c:83:1a:3d:47:00:c5:37:a3:d4:02:
         7d:85:99:b3:33:58:74:66:5e:1c:db:57:50:cc:aa:ca:08:08:
         99:93:20:8b:e3:88:66:89:ea:ec:29:51:ce:2d:6e:45:b0:d4:
         d2:df:f0:3f:41:f2:83:0d:16:ef:1b:07:f1:e5:06:ed:39:ec:
         84:87:10:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ7lDFZSSnpPSeTM9WU+LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiNTM0ZDQ3YWQ4ZGI1ODk0YTVmYzkzNDJlNDU1OGY5NGU0
ZjE3ZjEwHhcNMjUwMTAxMDk0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjk3MGI3ZTc0ODU3YjUyZTE1ZjgyNWE3ZTg1ZTI5OWVlZjA1ZjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8ckbv7d2IVx9ve6/Xr9STrzUnpd
WHADGRUt/gIphFh0o+U74KHhxRzOmtdXlMlyD1wjO8iQ9MzaxSG41BnBQjIS0DpR
y/YVuFUEuU33xbCtLtWj8SnzO7Qp3ax3w1fEf7tdLL8g3TdFBY6taIU7G4XCyJ2E
WmmhlhEhWQ3Z1d43J+pe8+UvVZSo6/1Se7js3fiQ8/yQGDemeKuAsguzUM/bx2Wk
JMKadsI9I2QDCf7r/4L6bxyYvP3em6xbR8cJ3KV1Wk7L3qv/ClnNoP0mapgGF/os
TuInBEOhu0Ijaiprsz9aZBe2h5gfyJp3KoEnSCf1pp1z0zc1coCIpe32aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLaXC350hXtS4V+CWn6F4pnu8F8cMB8GA1UdIwQY
MBaAFBtTTUetjbWJSl/JNC5FWPlOTxfxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzFOTlI2Mk50WWxLWDhrMExrVlktVTVQRl9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi82YjQwMjMtYWRlZi00ZTRkLThjZjYt
MzI2Njk3MzdjNTE3LzEvdHBjTGZuU0ZlMUxoWDRKYWZvWGltZTd3WHh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi82YjQwMjMtYWRlZi00ZTRkLThjZjYtMzI2Njk3MzdjNTE3
LzEvRzFOTlI2Mk50WWxLWDhrMExrVlktVTVQRl9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwrB0MA0G
CSqGSIb3DQEBCwUAA4IBAQBZE94r40s+sUaVXDzmb6hUvhsYdpIJVwmtvAcuLVk2
+vGaqGjqNdDVj8Tk8PROcI7I6oeYTvEe6gUWdSj/mDRQ+vWzkxLtzkaRG5WYMoyF
11Qob4RGF1GX4BfYQkG2ZkOqS2eNdLoTEnA1fHEb67Nvb6sCA1AqIwie3G76X6Wv
rHlmkXPpCCadh7VdDc7NPttYEN0Xav8CqvtxYGFxRVFTqqx+wEQr9Yt0K0pv0thz
2zaVsF/yppLFdE4enIMaPUcAxTej1AJ9hZmzM1h0Zl4c21dQzKrKCAiZkyCL44hm
iersKVHOLW5FsNTS3/A/QfKDDRbvGwfx5QbtOeyEhxAM
-----END CERTIFICATE-----