Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/TuT0lm9IITj6B6hOx1pAmrxFwUU.roa
File:                     TuT0lm9IITj6B6hOx1pAmrxFwUU.roa (raw, json)
Hash identifier:          XxzbEq99Wh1U7QtJ/mvilJtjYCHV84UBmxAvQ7usbUA=
Subject key identifier:   4E:E4:F4:96:6F:48:21:38:FA:07:A8:4E:C7:5A:40:9A:BC:45:C1:45
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       018EA3EDF6EB15DA652D2D17A80689394494
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/TuT0lm9IITj6B6hOx1pAmrxFwUU.roa
Signing time:             Wed 03 Apr 2024 12:27:45 +0000
ROA not before:           Wed 03 Apr 2024 12:27:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60631
IP address blocks:        178.239.151.0/24 maxlen: 24
                          178.239.158.0/24 maxlen: 24
                          185.243.48.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a3:ed:f6:eb:15:da:65:2d:2d:17:a8:06:89:39:44:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Apr  3 12:27:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ee4f4966f482138fa07a84ec75a409abc45c145
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:f7:66:ed:93:17:86:f3:dc:73:46:13:e9:ea:
                    70:73:cc:4f:88:f6:4d:84:45:8e:b6:8f:02:27:df:
                    1d:03:70:f9:04:74:b1:13:ee:31:ca:20:49:5e:76:
                    26:9a:8e:34:ac:32:c9:cd:a4:ef:25:1d:b7:c0:aa:
                    37:5f:30:60:8f:5e:26:9c:95:24:7e:b0:37:cd:68:
                    c1:d1:51:1a:60:5b:ce:1e:9d:1d:83:ce:36:68:b2:
                    35:a6:0f:f7:55:c2:c1:02:ff:33:7c:3e:78:d3:f2:
                    d7:cd:98:15:97:0d:6e:3b:cc:f0:ba:d5:9b:73:5f:
                    ed:14:cb:55:48:d6:e6:9b:e3:5c:f7:9d:55:13:0e:
                    e8:d7:d1:61:44:52:d6:32:ab:e5:62:34:d1:7a:49:
                    7e:1f:16:91:06:7d:90:ec:c3:4c:7f:40:1f:49:cc:
                    e8:de:31:b1:cb:4e:6c:dc:97:65:8a:ed:93:c3:94:
                    d7:a2:24:38:4e:87:3e:e9:bb:da:e4:81:c2:59:b2:
                    7d:be:99:cc:fb:80:54:9d:c8:52:a6:aa:16:2c:81:
                    35:5e:bc:81:c0:be:ea:37:ae:20:30:63:37:b3:54:
                    fb:b1:d7:96:48:ee:c8:58:28:78:28:a7:2c:1b:46:
                    8c:3f:ef:33:e6:34:e9:4f:d1:7a:47:3a:50:44:b6:
                    75:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:E4:F4:96:6F:48:21:38:FA:07:A8:4E:C7:5A:40:9A:BC:45:C1:45
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/TuT0lm9IITj6B6hOx1pAmrxFwUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.151.0/24
                  178.239.158.0/24
                  185.243.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:79:f6:11:54:9a:b1:f8:51:d3:38:cc:14:06:1e:5f:16:e1:
         09:fd:9e:23:61:c1:55:66:62:99:43:09:b1:c9:6d:4a:7c:85:
         9c:a2:61:26:62:9c:36:b4:b5:d4:ca:93:af:0a:5d:eb:f4:72:
         c4:d6:e6:f9:d6:bf:1c:e5:9a:7f:d9:fd:d1:4d:58:4e:51:a1:
         59:a3:37:2f:ee:d2:d1:e2:a7:0d:37:69:20:94:fc:f1:94:07:
         d9:34:c3:f7:aa:97:01:0a:83:fa:95:e1:c1:c4:79:dd:31:11:
         64:62:99:61:22:10:09:fe:52:59:e4:a0:63:70:8f:42:26:87:
         a2:49:b6:c8:61:34:95:4e:c2:93:8c:5b:10:3d:98:10:48:dd:
         e6:51:f5:c1:51:9e:f2:8e:e0:8d:ad:6b:e1:c6:76:30:24:0e:
         71:9f:f5:83:fd:f9:7c:54:b2:15:44:bb:84:0a:eb:79:ba:51:
         f0:cc:2b:13:c4:86:50:8f:59:55:b9:50:f6:14:e8:1a:19:5e:
         13:9d:37:c9:fd:33:9a:b2:38:16:63:1f:f9:8c:96:b3:e2:d8:
         1d:3c:94:8a:66:38:e4:2d:08:d1:7d:35:c3:2a:97:14:c7:66:
         f1:b1:15:21:1f:e3:2c:f3:f9:fa:e0:64:d2:85:aa:22:f8:eb:
         b4:c1:6d:61
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY6j7fbrFdplLS0XqAaJOUSUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjQwNDAzMTIyNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWU0ZjQ5NjZmNDgyMTM4ZmEwN2E4NGVjNzVhNDA5YWJjNDVjMTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjfdm7ZMXhvPcc0YT6epwc8xPiPZN
hEWOto8CJ98dA3D5BHSxE+4xyiBJXnYmmo40rDLJzaTvJR23wKo3XzBgj14mnJUk
frA3zWjB0VEaYFvOHp0dg842aLI1pg/3VcLBAv8zfD540/LXzZgVlw1uO8zwutWb
c1/tFMtVSNbmm+Nc951VEw7o19FhRFLWMqvlYjTRekl+HxaRBn2Q7MNMf0AfSczo
3jGxy05s3Jdliu2Tw5TXoiQ4Toc+6bva5IHCWbJ9vpnM+4BUnchSpqoWLIE1XryB
wL7qN64gMGM3s1T7sdeWSO7IWCh4KKcsG0aMP+8z5jTpT9F6RzpQRLZ1FwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFE7k9JZvSCE4+geoTsdaQJq8RcFFMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvVHVUMGxtOUlJVGo2QjZoT3gxcEFtcnhGd1VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAsu+XAwQA
su+eAwQAufMwMA0GCSqGSIb3DQEBCwUAA4IBAQCLefYRVJqx+FHTOMwUBh5fFuEJ
/Z4jYcFVZmKZQwmxyW1KfIWcomEmYpw2tLXUypOvCl3r9HLE1ub51r8c5Zp/2f3R
TVhOUaFZozcv7tLR4qcNN2kglPzxlAfZNMP3qpcBCoP6leHBxHndMRFkYplhIhAJ
/lJZ5KBjcI9CJoeiSbbIYTSVTsKTjFsQPZgQSN3mUfXBUZ7yjuCNrWvhxnYwJA5x
n/WD/fl8VLIVRLuECut5ulHwzCsTxIZQj1lVuVD2FOgaGV4TnTfJ/TOasjgWYx/5
jJaz4tgdPJSKZjjkLQjRfTXDKpcUx2bxsRUhH+Ms8/n64GTShaoi+Ou0wW1h
-----END CERTIFICATE-----