Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/d654be-174e-41f7-9cfb-937e27ee1b5b/1/TSKXIl3B5M0kt9Mbo14NMbKNVpE.roa
File:                     TSKXIl3B5M0kt9Mbo14NMbKNVpE.roa (raw, json)
Hash identifier:          sCpjvm9AdXWMgiVU+ChgT2BrtfrjO9ma14rZIbGSgjM=
Subject key identifier:   4D:22:97:22:5D:C1:E4:CD:24:B7:D3:1B:A3:5E:0D:31:B2:8D:56:91
Certificate issuer:       /CN=2378a4a9c52325a85920809ba1a4d89e21c02f17
Certificate serial:       018F29139EBA86F10C542F739D4BDF8E4FDC
Authority key identifier: 23:78:A4:A9:C5:23:25:A8:59:20:80:9B:A1:A4:D8:9E:21:C0:2F:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I3ikqcUjJahZIICboaTYniHALxc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/d654be-174e-41f7-9cfb-937e27ee1b5b/1/TSKXIl3B5M0kt9Mbo14NMbKNVpE.roa
Signing time:             Mon 29 Apr 2024 08:58:22 +0000
ROA not before:           Mon 29 Apr 2024 08:58:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43022
IP address blocks:        212.1.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/d654be-174e-41f7-9cfb-937e27ee1b5b/1/I3ikqcUjJahZIICboaTYniHALxc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/d654be-174e-41f7-9cfb-937e27ee1b5b/1/I3ikqcUjJahZIICboaTYniHALxc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I3ikqcUjJahZIICboaTYniHALxc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:29:13:9e:ba:86:f1:0c:54:2f:73:9d:4b:df:8e:4f:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2378a4a9c52325a85920809ba1a4d89e21c02f17
        Validity
            Not Before: Apr 29 08:58:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d2297225dc1e4cd24b7d31ba35e0d31b28d5691
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:af:c9:b7:61:56:4f:63:dd:e8:84:0e:0b:8e:
                    cb:09:4f:b6:d2:d3:5e:96:3a:b5:21:4f:5c:5d:b3:
                    7a:7f:46:b5:2a:db:43:d3:7a:2c:ab:f8:89:ba:45:
                    e0:4a:b2:30:b4:15:63:d1:b4:35:9a:38:b2:2e:e8:
                    f9:02:23:d7:0d:fa:e7:c0:17:c8:b4:43:d2:4c:9e:
                    90:c3:99:19:03:35:50:80:91:1f:d1:bc:da:7b:6f:
                    b0:ca:ef:f6:26:d5:a1:ed:06:25:8a:2a:5d:8f:14:
                    68:1c:0a:c9:eb:71:1d:e2:6a:20:a4:34:39:31:4e:
                    4b:61:87:e4:8a:22:32:20:2a:a2:fe:ca:7f:3d:11:
                    24:24:ef:19:bb:9f:79:df:55:52:94:3a:bf:f9:87:
                    61:dd:8a:2f:45:a6:eb:98:33:85:e9:e9:8a:d3:7f:
                    12:51:89:5d:14:70:d7:82:80:88:0d:bf:c4:52:ce:
                    b1:fd:9b:b2:d5:44:ac:68:d8:c7:7d:37:4a:c3:41:
                    bc:5a:e0:37:d2:41:ce:26:0d:0d:c8:40:6a:3a:e0:
                    b4:0b:ad:63:82:7c:2b:11:d9:8e:c1:0b:9f:10:03:
                    bf:bd:e0:b2:c0:01:9e:d2:46:c3:4f:67:db:a0:a6:
                    29:fa:d2:e3:f1:3d:43:64:53:55:d4:fa:b2:7e:87:
                    12:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:22:97:22:5D:C1:E4:CD:24:B7:D3:1B:A3:5E:0D:31:B2:8D:56:91
            X509v3 Authority Key Identifier:
                keyid:23:78:A4:A9:C5:23:25:A8:59:20:80:9B:A1:A4:D8:9E:21:C0:2F:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I3ikqcUjJahZIICboaTYniHALxc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/d654be-174e-41f7-9cfb-937e27ee1b5b/1/TSKXIl3B5M0kt9Mbo14NMbKNVpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/d654be-174e-41f7-9cfb-937e27ee1b5b/1/I3ikqcUjJahZIICboaTYniHALxc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.1.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:fd:1f:a5:a1:4c:7a:eb:b5:86:d7:e6:e5:bf:70:de:7c:a3:
         dd:ea:70:7f:8d:d0:d3:05:45:d5:b4:e5:e4:c1:c4:1b:7b:69:
         43:62:3a:d5:dc:b1:cb:4d:6d:a0:93:5f:c3:d0:c5:f7:36:0a:
         6b:03:3e:18:91:6c:e3:2c:03:fd:44:59:72:24:01:a1:db:ff:
         70:86:c9:46:5a:ef:c3:ba:4b:c4:d1:0d:49:d2:87:54:38:e6:
         27:9a:e2:ea:55:b2:ac:7d:f5:44:f8:34:13:72:e3:ae:6b:25:
         40:c3:90:07:79:85:84:ea:7f:38:e8:a9:13:ce:85:a1:59:18:
         8a:a0:90:a3:75:84:98:63:16:75:80:3e:e1:bc:ad:71:d1:4a:
         48:44:71:33:85:98:e7:e6:1b:dd:35:6c:45:db:29:9e:97:51:
         a2:8f:01:14:3b:fd:37:43:40:38:b7:de:4f:fd:be:94:83:68:
         43:91:1d:0e:9b:47:bf:b1:83:87:13:03:6a:c7:c7:49:11:22:
         7f:0d:d6:fa:b2:a7:8f:67:1f:b4:e5:46:cc:0f:2c:61:79:27:
         6a:d2:29:16:12:43:71:a9:3a:71:ed:a1:46:43:d0:a9:67:b0:
         f5:9a:7b:7f:24:84:ba:87:8f:1b:1d:1a:1b:6b:33:5c:e8:66:
         7a:71:1e:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8pE566hvEMVC9znUvfjk/cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNzhhNGE5YzUyMzI1YTg1OTIwODA5YmExYTRkODllMjFj
MDJmMTcwHhcNMjQwNDI5MDg1ODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDIyOTcyMjVkYzFlNGNkMjRiN2QzMWJhMzVlMGQzMWIyOGQ1NjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArq/Jt2FWT2Pd6IQOC47LCU+20tNe
ljq1IU9cXbN6f0a1KttD03osq/iJukXgSrIwtBVj0bQ1mjiyLuj5AiPXDfrnwBfI
tEPSTJ6Qw5kZAzVQgJEf0bzae2+wyu/2JtWh7QYliipdjxRoHArJ63Ed4mogpDQ5
MU5LYYfkiiIyICqi/sp/PREkJO8Zu59531VSlDq/+Ydh3YovRabrmDOF6emK038S
UYldFHDXgoCIDb/EUs6x/Zuy1USsaNjHfTdKw0G8WuA30kHOJg0NyEBqOuC0C61j
gnwrEdmOwQufEAO/veCywAGe0kbDT2fboKYp+tLj8T1DZFNV1PqyfocSuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE0ilyJdweTNJLfTG6NeDTGyjVaRMB8GA1UdIwQY
MBaAFCN4pKnFIyWoWSCAm6Gk2J4hwC8XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTNpa3FjVWpKYWhaSUlDYm9hVFluaUhBTHhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9kNjU0YmUtMTc0ZS00MWY3LTljZmIt
OTM3ZTI3ZWUxYjViLzEvVFNLWElsM0I1TTBrdDlNYm8xNE5NYktOVnBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9kNjU0YmUtMTc0ZS00MWY3LTljZmItOTM3ZTI3ZWUxYjVi
LzEvSTNpa3FjVWpKYWhaSUlDYm9hVFluaUhBTHhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1AFJMA0G
CSqGSIb3DQEBCwUAA4IBAQB8/R+loUx667WG1+blv3DefKPd6nB/jdDTBUXVtOXk
wcQbe2lDYjrV3LHLTW2gk1/D0MX3NgprAz4YkWzjLAP9RFlyJAGh2/9whslGWu/D
ukvE0Q1J0odUOOYnmuLqVbKsffVE+DQTcuOuayVAw5AHeYWE6n846KkTzoWhWRiK
oJCjdYSYYxZ1gD7hvK1x0UpIRHEzhZjn5hvdNWxF2ymel1GijwEUO/03Q0A4t95P
/b6Ug2hDkR0Om0e/sYOHEwNqx8dJESJ/Ddb6sqePZx+05UbMDyxheSdq0ikWEkNx
qTpx7aFGQ9CpZ7D1mnt/JIS6h48bHRobazNc6GZ6cR4k
-----END CERTIFICATE-----