Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/TkCDmaPPyHQeR_7NFWYwrkx4VwA.roa
File:                     TkCDmaPPyHQeR_7NFWYwrkx4VwA.roa (raw, json)
Hash identifier:          A7oGr1LQe8JyS22aet86OS9QPKN9AjCaNEj9AedMGfk=
Subject key identifier:   4E:40:83:99:A3:CF:C8:74:1E:47:FE:CD:15:66:30:AE:4C:78:57:00
Certificate issuer:       /CN=9da140e8028e6d537600e0888a9af5a971c5db46
Certificate serial:       018CC56EF5B7BADE56854CFC9D410D738CDE
Authority key identifier: 9D:A1:40:E8:02:8E:6D:53:76:00:E0:88:8A:9A:F5:A9:71:C5:DB:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/naFA6AKObVN2AOCIipr1qXHF20Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/TkCDmaPPyHQeR_7NFWYwrkx4VwA.roa
Signing time:             Mon 01 Jan 2024 14:30:32 +0000
ROA not before:           Mon 01 Jan 2024 14:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8837
IP address blocks:        192.58.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/naFA6AKObVN2AOCIipr1qXHF20Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/naFA6AKObVN2AOCIipr1qXHF20Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/naFA6AKObVN2AOCIipr1qXHF20Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f5:b7:ba:de:56:85:4c:fc:9d:41:0d:73:8c:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9da140e8028e6d537600e0888a9af5a971c5db46
        Validity
            Not Before: Jan  1 14:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e408399a3cfc8741e47fecd156630ae4c785700
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:5a:81:45:a7:bb:86:95:95:98:86:b5:6f:04:
                    18:53:26:4d:b3:cb:cd:a5:9f:58:7d:44:81:f8:20:
                    6a:41:8c:9e:be:55:29:2f:03:d8:9c:81:b0:37:37:
                    3f:a7:27:90:f2:b9:a0:5f:66:16:b8:dc:99:4a:c1:
                    72:56:7a:97:bd:59:97:87:4a:2f:3d:5a:69:3b:55:
                    86:76:ae:1f:c6:27:58:7b:e7:d5:51:09:51:3f:f2:
                    ec:92:f0:c8:13:b9:e8:9e:f5:10:00:12:26:70:88:
                    fe:35:09:30:c1:b7:05:be:b8:95:a0:1c:52:ac:b3:
                    bf:10:c5:24:f1:84:ab:cb:e3:1a:e9:69:a6:81:29:
                    4a:5c:78:17:16:a5:9b:33:0f:79:01:2f:3c:e4:38:
                    46:b0:bf:4f:76:ec:92:68:0d:46:0b:95:1a:c7:b7:
                    e9:7d:f7:0f:37:b9:60:a5:b7:f7:76:c3:8f:44:24:
                    81:7f:4a:68:7c:c1:7e:b9:7e:e4:0e:81:52:fd:b2:
                    a8:ed:c2:54:b2:10:48:27:7a:57:cd:7a:77:26:c0:
                    7a:f4:9e:66:0a:05:63:5b:0d:51:20:f2:0a:be:07:
                    55:d7:ae:a4:ec:23:3e:93:c0:ca:54:2c:03:86:a8:
                    11:2d:f9:92:90:25:19:c9:ef:16:f1:1c:4a:de:a4:
                    cb:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:40:83:99:A3:CF:C8:74:1E:47:FE:CD:15:66:30:AE:4C:78:57:00
            X509v3 Authority Key Identifier:
                keyid:9D:A1:40:E8:02:8E:6D:53:76:00:E0:88:8A:9A:F5:A9:71:C5:DB:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/naFA6AKObVN2AOCIipr1qXHF20Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/TkCDmaPPyHQeR_7NFWYwrkx4VwA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/naFA6AKObVN2AOCIipr1qXHF20Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.58.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:d6:53:b4:b1:dd:df:ff:bf:61:19:b4:ca:43:26:aa:b1:21:
         b7:40:88:7a:38:2d:9b:c5:1f:78:47:01:64:a2:1b:16:ab:6b:
         54:a5:0f:34:0d:cc:3d:67:a2:72:f8:90:bf:32:78:5e:17:3e:
         db:af:da:be:e8:78:d6:36:01:66:fb:86:7d:43:99:23:bc:14:
         5a:e4:d5:3c:34:89:8a:b6:b9:cf:3f:6a:ff:fa:0f:e3:93:e7:
         af:2a:94:a6:3b:6b:8e:1a:30:da:0b:3f:3e:5e:8c:65:f9:27:
         53:39:f0:78:39:8f:2c:46:dd:78:a7:68:40:e0:ed:98:56:7c:
         0b:c4:04:10:65:c4:e2:4e:d3:8d:f9:8b:c8:52:8d:6f:ce:75:
         5b:21:76:94:c7:01:be:30:ec:c8:4f:c5:b3:74:7a:22:d0:eb:
         01:16:5d:d3:33:54:10:19:64:5c:d2:3b:ad:ee:c9:96:21:78:
         4c:35:ea:16:d5:ff:62:4c:23:73:fe:29:0b:f3:e9:27:1c:a7:
         9c:97:bf:0d:b8:2b:4d:3e:72:3c:4a:da:e8:62:4e:e9:c2:70:
         7e:e5:43:a2:3e:dd:9a:1d:34:25:b3:d8:00:5c:c8:5c:4e:c6:
         fd:ee:ea:f5:9f:19:91:83:90:cb:91:93:36:16:aa:72:79:bf:
         6a:63:2b:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbvW3ut5WhUz8nUENc4zeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkYTE0MGU4MDI4ZTZkNTM3NjAwZTA4ODhhOWFmNWE5NzFj
NWRiNDYwHhcNMjQwMTAxMTQzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTQwODM5OWEzY2ZjODc0MWU0N2ZlY2QxNTY2MzBhZTRjNzg1NzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmFqBRae7hpWVmIa1bwQYUyZNs8vN
pZ9YfUSB+CBqQYyevlUpLwPYnIGwNzc/pyeQ8rmgX2YWuNyZSsFyVnqXvVmXh0ov
PVppO1WGdq4fxidYe+fVUQlRP/LskvDIE7nonvUQABImcIj+NQkwwbcFvriVoBxS
rLO/EMUk8YSry+Ma6WmmgSlKXHgXFqWbMw95AS885DhGsL9PduySaA1GC5Uax7fp
ffcPN7lgpbf3dsOPRCSBf0pofMF+uX7kDoFS/bKo7cJUshBIJ3pXzXp3JsB69J5m
CgVjWw1RIPIKvgdV166k7CM+k8DKVCwDhqgRLfmSkCUZye8W8RxK3qTLZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE5Ag5mjz8h0Hkf+zRVmMK5MeFcAMB8GA1UdIwQY
MBaAFJ2hQOgCjm1TdgDgiIqa9alxxdtGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmFGQTZBS09iVk4yQU9DSWlwcjFxWEhGMjBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8xMjY3NTUtZWVkZC00MGIxLTk1ZTgt
YTRjYThiOWMyMDViLzEvVGtDRG1hUFB5SFFlUl83TkZXWXdya3g0VndBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8xMjY3NTUtZWVkZC00MGIxLTk1ZTgtYTRjYThiOWMyMDVi
LzEvbmFGQTZBS09iVk4yQU9DSWlwcjFxWEhGMjBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwDopMA0G
CSqGSIb3DQEBCwUAA4IBAQBH1lO0sd3f/79hGbTKQyaqsSG3QIh6OC2bxR94RwFk
ohsWq2tUpQ80Dcw9Z6Jy+JC/MnheFz7br9q+6HjWNgFm+4Z9Q5kjvBRa5NU8NImK
trnPP2r/+g/jk+evKpSmO2uOGjDaCz8+Xoxl+SdTOfB4OY8sRt14p2hA4O2YVnwL
xAQQZcTiTtON+YvIUo1vznVbIXaUxwG+MOzIT8WzdHoi0OsBFl3TM1QQGWRc0jut
7smWIXhMNeoW1f9iTCNz/ikL8+knHKecl78NuCtNPnI8StroYk7pwnB+5UOiPt2a
HTQls9gAXMhcTsb97ur1nxmRg5DLkZM2Fqpyeb9qYysE
-----END CERTIFICATE-----