Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/TnTezZFpbUnu88YmyEU5iswCZ6k.roa
File:                     TnTezZFpbUnu88YmyEU5iswCZ6k.roa (raw, json)
Hash identifier:          TNjgCqFPKBkkhpM4ZvuIIFduErj66l3N+3MgyYVGjHI=
Subject key identifier:   4E:74:DE:CD:91:69:6D:49:EE:F3:C6:26:C8:45:39:8A:CC:02:67:A9
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CC34967E4845C6E3E3D81563CDC9C0C7D
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/TnTezZFpbUnu88YmyEU5iswCZ6k.roa
Signing time:             Mon 01 Jan 2024 04:30:17 +0000
ROA not before:           Mon 01 Jan 2024 04:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     271842
IP address blocks:        89.213.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:67:e4:84:5c:6e:3e:3d:81:56:3c:dc:9c:0c:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 04:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e74decd91696d49eef3c626c845398acc0267a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:6c:9e:02:9c:37:23:4f:a0:6a:89:fc:7e:68:
                    b9:08:86:8b:77:86:80:6f:31:b5:08:64:5f:2d:92:
                    68:c7:a9:0c:f8:67:ea:6e:2e:5d:bd:7a:73:86:3d:
                    3b:9f:ff:bd:de:f1:37:11:07:81:13:f0:50:8c:c8:
                    39:30:72:23:25:26:b8:93:f3:94:20:7a:4e:67:a0:
                    ed:e9:b5:c9:64:af:e8:af:99:a7:47:5d:11:c6:ef:
                    66:40:c0:dc:4c:95:b1:9d:9e:16:7d:24:27:fe:89:
                    e1:0b:c7:b0:dd:16:f6:f0:fe:01:15:4c:58:2e:ee:
                    f7:87:69:83:05:38:c5:16:5d:ed:d8:4e:60:80:c5:
                    05:af:e2:05:49:26:f6:1b:85:c0:d1:87:33:8a:fa:
                    67:f7:42:3d:03:8c:e2:d7:dd:2b:61:fd:10:0a:54:
                    74:1d:3c:14:d2:95:bb:49:46:13:5e:c3:b4:e8:d2:
                    a2:a8:ca:9c:cf:82:72:89:c1:f0:b9:cd:a4:9c:2e:
                    f2:5b:a3:80:f6:11:c5:86:99:30:6a:66:9c:63:0b:
                    8e:51:7c:72:86:62:1b:34:29:a8:b7:ac:cf:b6:f9:
                    2c:6f:78:99:83:3e:94:ee:85:76:e2:47:3b:cc:a1:
                    42:4d:a3:34:04:17:7e:7b:f0:80:a1:c6:52:c9:89:
                    6d:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:74:DE:CD:91:69:6D:49:EE:F3:C6:26:C8:45:39:8A:CC:02:67:A9
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/TnTezZFpbUnu88YmyEU5iswCZ6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:c4:fd:4d:3f:0b:7e:bc:7b:d7:be:22:f9:48:fc:23:01:fa:
         5b:72:60:62:9a:a0:56:a2:1c:c3:b3:09:4d:ab:76:96:a5:4c:
         a8:cb:14:f4:1a:e5:e6:e2:b2:28:34:20:5d:4b:25:c5:07:8a:
         d7:15:02:14:96:1d:dd:98:5a:16:3f:99:dd:d2:fd:de:c0:64:
         5d:3b:aa:9c:14:07:85:c9:43:da:b4:b8:79:ad:6f:dd:92:bc:
         ad:bb:a2:55:86:f3:a5:f6:dc:ff:db:c7:9e:d1:20:80:ca:8e:
         cc:a5:49:b3:df:9b:59:d4:f7:12:29:c3:36:fc:75:4e:6e:ab:
         ed:ff:9a:1c:03:72:33:de:9e:eb:fa:9d:3d:8d:8c:07:02:74:
         15:c0:db:49:d3:f9:17:9e:4b:4b:76:23:16:53:2f:76:d5:13:
         59:9c:07:cd:7c:e4:fc:4e:9e:4e:65:ab:00:d8:19:37:ea:82:
         f8:c7:0f:ea:8c:29:9b:cc:aa:5a:3d:b0:b7:6d:bf:0e:6e:0a:
         c4:0b:ff:7c:9f:14:6f:97:3e:ee:8c:38:fd:41:a6:ff:f2:d2:
         a3:ab:92:4e:52:50:f4:75:8b:ab:cf:4e:5f:bf:d9:6a:f7:c3:
         8a:42:db:c0:ce:20:e3:c2:26:39:7c:ec:f7:03:90:20:75:a2:
         b6:b9:c5:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSWfkhFxuPj2BVjzcnAx9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTAxMDQzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTc0ZGVjZDkxNjk2ZDQ5ZWVmM2M2MjZjODQ1Mzk4YWNjMDI2N2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGyeApw3I0+gaon8fmi5CIaLd4aA
bzG1CGRfLZJox6kM+Gfqbi5dvXpzhj07n/+93vE3EQeBE/BQjMg5MHIjJSa4k/OU
IHpOZ6Dt6bXJZK/or5mnR10Rxu9mQMDcTJWxnZ4WfSQn/onhC8ew3Rb28P4BFUxY
Lu73h2mDBTjFFl3t2E5ggMUFr+IFSSb2G4XA0Yczivpn90I9A4zi190rYf0QClR0
HTwU0pW7SUYTXsO06NKiqMqcz4JyicHwuc2knC7yW6OA9hHFhpkwamacYwuOUXxy
hmIbNCmot6zPtvksb3iZgz6U7oV24kc7zKFCTaM0BBd+e/CAocZSyYltlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE503s2RaW1J7vPGJshFOYrMAmepMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVG5UZXpaRnBiVW51ODhZbXlFVTVpc3dDWjZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWfMA0G
CSqGSIb3DQEBCwUAA4IBAQA2xP1NPwt+vHvXviL5SPwjAfpbcmBimqBWohzDswlN
q3aWpUyoyxT0GuXm4rIoNCBdSyXFB4rXFQIUlh3dmFoWP5nd0v3ewGRdO6qcFAeF
yUPatLh5rW/dkrytu6JVhvOl9tz/28ee0SCAyo7MpUmz35tZ1PcSKcM2/HVObqvt
/5ocA3Iz3p7r+p09jYwHAnQVwNtJ0/kXnktLdiMWUy921RNZnAfNfOT8Tp5OZasA
2Bk36oL4xw/qjCmbzKpaPbC3bb8ObgrEC/98nxRvlz7ujDj9Qab/8tKjq5JOUlD0
dYurz05fv9lq98OKQtvAziDjwiY5fOz3A5AgdaK2ucWi
-----END CERTIFICATE-----