Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/ad3586-a028-4746-b3da-814856e1b1f4/1/TBs5BCnF-Kr5EkVQIIaEYLl5xN8.roa
File:                     TBs5BCnF-Kr5EkVQIIaEYLl5xN8.roa (raw, json)
Hash identifier:          a6eqJzCDkoZFoAelXIGotGKNT32lreFzbkeSgO22Ufw=
Subject key identifier:   4C:1B:39:04:29:C5:F8:AA:F9:12:45:50:20:86:84:60:B9:79:C4:DF
Certificate issuer:       /CN=924a97d912d71f80fd36b73efc0fc7969762f337
Certificate serial:       018CC3B6E631D0DBBBF0E57A0FC1DBB1368C
Authority key identifier: 92:4A:97:D9:12:D7:1F:80:FD:36:B7:3E:FC:0F:C7:96:97:62:F3:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kkqX2RLXH4D9Nrc-_A_Hlpdi8zc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/ad3586-a028-4746-b3da-814856e1b1f4/1/TBs5BCnF-Kr5EkVQIIaEYLl5xN8.roa
Signing time:             Mon 01 Jan 2024 06:29:52 +0000
ROA not before:           Mon 01 Jan 2024 06:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8455
IP address blocks:        217.194.18.0/24 maxlen: 24
                          217.194.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/ad3586-a028-4746-b3da-814856e1b1f4/1/kkqX2RLXH4D9Nrc-_A_Hlpdi8zc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/ad3586-a028-4746-b3da-814856e1b1f4/1/kkqX2RLXH4D9Nrc-_A_Hlpdi8zc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kkqX2RLXH4D9Nrc-_A_Hlpdi8zc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 06:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:e6:31:d0:db:bb:f0:e5:7a:0f:c1:db:b1:36:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=924a97d912d71f80fd36b73efc0fc7969762f337
        Validity
            Not Before: Jan  1 06:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c1b390429c5f8aaf912455020868460b979c4df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:10:13:ec:6f:19:f5:2c:eb:bb:02:aa:ac:22:
                    c7:ed:2e:2c:f7:3a:f6:fb:fd:51:e6:55:01:e5:d8:
                    18:20:cb:20:e2:fd:73:94:fa:55:d8:da:b4:c3:c2:
                    ad:51:bb:a9:35:55:7f:9f:71:d9:7e:42:25:5a:8d:
                    bd:64:4b:01:17:1d:51:66:69:ff:d3:91:6d:88:d6:
                    c2:e6:f3:dd:f4:d1:6d:ff:52:36:5d:53:6a:8c:b2:
                    b8:28:23:03:bf:f7:c9:a9:52:19:07:b8:d0:1e:d6:
                    ac:5e:c6:68:c4:25:94:70:ee:67:9f:fb:98:da:2d:
                    1c:f6:f5:86:08:12:0b:f8:1c:94:cf:9d:16:d3:7d:
                    45:1f:28:bc:da:db:ad:3a:de:4d:c4:13:52:0e:72:
                    04:c1:a4:90:51:a1:09:6a:53:97:ca:5c:b8:bc:98:
                    b8:04:de:a3:6f:62:27:fe:d6:64:dd:2c:23:f0:58:
                    ed:05:d2:9a:df:68:90:f5:f3:44:18:3e:22:a6:db:
                    3b:55:99:4f:68:22:94:25:99:ec:5c:b2:14:2b:c1:
                    49:4c:83:f0:10:53:b7:c9:63:00:31:a2:ae:0a:44:
                    0b:fa:db:56:ea:f5:72:14:68:04:f3:4e:7f:6c:81:
                    c2:d3:fe:68:b8:ee:14:26:b2:b9:14:bb:14:f7:a4:
                    54:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:1B:39:04:29:C5:F8:AA:F9:12:45:50:20:86:84:60:B9:79:C4:DF
            X509v3 Authority Key Identifier:
                keyid:92:4A:97:D9:12:D7:1F:80:FD:36:B7:3E:FC:0F:C7:96:97:62:F3:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kkqX2RLXH4D9Nrc-_A_Hlpdi8zc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/ad3586-a028-4746-b3da-814856e1b1f4/1/TBs5BCnF-Kr5EkVQIIaEYLl5xN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/ad3586-a028-4746-b3da-814856e1b1f4/1/kkqX2RLXH4D9Nrc-_A_Hlpdi8zc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.194.18.0/24
                  217.194.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:a3:c1:e6:2c:19:86:48:fa:9d:d8:42:9d:3d:10:6e:b8:d5:
         b0:4f:1f:9e:67:fb:85:aa:07:36:5f:46:76:31:23:7f:cb:ce:
         5b:83:30:67:b6:c1:20:aa:1e:61:73:28:ce:d9:23:c4:c0:08:
         29:bb:e6:6b:ce:6d:5f:1a:00:70:26:d5:1f:bc:4a:03:6e:0d:
         7e:c2:f2:d1:e1:11:62:aa:f5:42:84:13:fa:ad:f7:6e:35:e9:
         4d:a9:f0:cf:e8:95:75:6e:37:d4:fa:77:77:40:11:34:95:22:
         10:24:f2:e1:a3:a2:a3:88:d1:29:e5:38:58:5b:b4:89:c5:3c:
         8c:bd:c4:65:ba:ee:6f:67:26:f7:d1:e2:7f:0d:de:cb:fb:52:
         a9:72:67:b0:d4:1d:6b:5f:47:a1:df:9d:22:31:2c:c4:f0:64:
         15:06:96:a9:60:2f:00:66:92:99:e2:41:5b:ca:62:e6:03:e7:
         66:00:3c:94:b1:8a:74:3f:cd:2d:dd:6c:e4:c3:39:26:f4:74:
         d3:c3:b8:ff:12:f5:d6:fe:c9:96:05:b3:d6:85:76:12:5b:d9:
         81:cb:e6:2a:0b:a1:98:3b:21:1b:9a:77:4e:79:09:7b:4e:0f:
         5a:cd:e8:34:0b:1c:28:b1:76:ad:f3:16:83:09:80:90:d9:00:
         c6:28:cf:d8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtuYx0Nu78OV6D8HbsTaMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNGE5N2Q5MTJkNzFmODBmZDM2YjczZWZjMGZjNzk2OTc2
MmYzMzcwHhcNMjQwMTAxMDYyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzFiMzkwNDI5YzVmOGFhZjkxMjQ1NTAyMDg2ODQ2MGI5NzljNGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1BAT7G8Z9SzruwKqrCLH7S4s9zr2
+/1R5lUB5dgYIMsg4v1zlPpV2Nq0w8KtUbupNVV/n3HZfkIlWo29ZEsBFx1RZmn/
05FtiNbC5vPd9NFt/1I2XVNqjLK4KCMDv/fJqVIZB7jQHtasXsZoxCWUcO5nn/uY
2i0c9vWGCBIL+ByUz50W031FHyi82tutOt5NxBNSDnIEwaSQUaEJalOXyly4vJi4
BN6jb2In/tZk3Swj8FjtBdKa32iQ9fNEGD4ipts7VZlPaCKUJZnsXLIUK8FJTIPw
EFO3yWMAMaKuCkQL+ttW6vVyFGgE805/bIHC0/5ouO4UJrK5FLsU96RUEwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEwbOQQpxfiq+RJFUCCGhGC5ecTfMB8GA1UdIwQY
MBaAFJJKl9kS1x+A/Ta3PvwPx5aXYvM3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2txWDJSTFhINEQ5TnJjLV9BX0hscGRpOHpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9hZDM1ODYtYTAyOC00NzQ2LWIzZGEt
ODE0ODU2ZTFiMWY0LzEvVEJzNUJDbkYtS3I1RWtWUUlJYUVZTGw1eE44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9hZDM1ODYtYTAyOC00NzQ2LWIzZGEtODE0ODU2ZTFiMWY0
LzEva2txWDJSTFhINEQ5TnJjLV9BX0hscGRpOHpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA2cISAwQA
2cIVMA0GCSqGSIb3DQEBCwUAA4IBAQBvo8HmLBmGSPqd2EKdPRBuuNWwTx+eZ/uF
qgc2X0Z2MSN/y85bgzBntsEgqh5hcyjO2SPEwAgpu+Zrzm1fGgBwJtUfvEoDbg1+
wvLR4RFiqvVChBP6rfduNelNqfDP6JV1bjfU+nd3QBE0lSIQJPLho6KjiNEp5ThY
W7SJxTyMvcRluu5vZyb30eJ/Dd7L+1Kpcmew1B1rX0eh350iMSzE8GQVBpapYC8A
ZpKZ4kFbymLmA+dmADyUsYp0P80t3Wzkwzkm9HTTw7j/EvXW/smWBbPWhXYSW9mB
y+YqC6GYOyEbmndOeQl7Tg9azeg0CxwosXat8xaDCYCQ2QDGKM/Y
-----END CERTIFICATE-----