Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/59a6b9-cd20-4cd7-b4a7-f0b962f52414/1/tuaXfVv6T2RYJGz0xck7bKRCaXM.roa
File:                     tuaXfVv6T2RYJGz0xck7bKRCaXM.roa (raw, json)
Hash identifier:          C7u8uB4rkqDgM0+K753ek1mOvgxp15EfrPj3HA8dt8Q=
Subject key identifier:   B6:E6:97:7D:5B:FA:4F:64:58:24:6C:F4:C5:C9:3B:6C:A4:42:69:73
Certificate issuer:       /CN=672f0e42b08aa451fc583a358ec370ffbd2dac68
Certificate serial:       018CC3B68E60E2DEC79CD31A2617722EBCC0
Authority key identifier: 67:2F:0E:42:B0:8A:A4:51:FC:58:3A:35:8E:C3:70:FF:BD:2D:AC:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zy8OQrCKpFH8WDo1jsNw_70trGg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/59a6b9-cd20-4cd7-b4a7-f0b962f52414/1/tuaXfVv6T2RYJGz0xck7bKRCaXM.roa
Signing time:             Mon 01 Jan 2024 06:29:30 +0000
ROA not before:           Mon 01 Jan 2024 06:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        87.238.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/59a6b9-cd20-4cd7-b4a7-f0b962f52414/1/Zy8OQrCKpFH8WDo1jsNw_70trGg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/59a6b9-cd20-4cd7-b4a7-f0b962f52414/1/Zy8OQrCKpFH8WDo1jsNw_70trGg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zy8OQrCKpFH8WDo1jsNw_70trGg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 03:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:8e:60:e2:de:c7:9c:d3:1a:26:17:72:2e:bc:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=672f0e42b08aa451fc583a358ec370ffbd2dac68
        Validity
            Not Before: Jan  1 06:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6e6977d5bfa4f6458246cf4c5c93b6ca4426973
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:d8:7d:c8:31:51:29:bd:ac:e1:6a:37:76:33:
                    c6:81:82:08:88:ee:5e:d8:35:c3:83:ce:e9:31:57:
                    05:c5:e6:51:3b:46:3a:61:d0:f2:e9:cd:99:4e:e5:
                    1d:43:0a:13:03:53:be:41:71:c6:77:9a:28:96:ef:
                    e7:7a:e0:b9:32:6d:57:c2:75:18:e5:40:de:29:b0:
                    3d:3e:d9:55:25:17:84:02:f1:44:27:0e:7e:e4:26:
                    a2:f9:bb:67:63:5e:6d:7a:a0:e2:0c:ff:46:df:1f:
                    b2:ce:c4:25:85:02:3f:7b:60:1f:fb:6a:3c:74:7d:
                    0a:7c:ba:dd:5d:9b:d9:9d:43:9e:b3:aa:78:3a:ab:
                    43:73:d3:d8:2b:9f:b0:55:0b:12:1d:e2:29:8c:31:
                    5e:50:33:57:53:9b:38:76:98:2c:c0:dc:90:97:6c:
                    a3:45:45:9a:f7:1c:3b:f7:18:b1:9b:0d:79:ed:e6:
                    c3:e8:fc:e6:b7:c8:e0:14:1f:9b:9f:25:cf:b3:4e:
                    bd:d5:29:b9:da:7d:58:02:eb:39:7e:4a:91:f9:98:
                    c9:0c:15:35:9a:a5:88:9e:71:74:94:67:dc:b9:15:
                    67:08:58:47:5d:b6:db:57:52:99:eb:93:48:b4:cd:
                    76:87:dd:9e:75:10:43:98:07:b6:95:7e:2f:62:e5:
                    e0:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:E6:97:7D:5B:FA:4F:64:58:24:6C:F4:C5:C9:3B:6C:A4:42:69:73
            X509v3 Authority Key Identifier:
                keyid:67:2F:0E:42:B0:8A:A4:51:FC:58:3A:35:8E:C3:70:FF:BD:2D:AC:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zy8OQrCKpFH8WDo1jsNw_70trGg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/59a6b9-cd20-4cd7-b4a7-f0b962f52414/1/tuaXfVv6T2RYJGz0xck7bKRCaXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/59a6b9-cd20-4cd7-b4a7-f0b962f52414/1/Zy8OQrCKpFH8WDo1jsNw_70trGg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.238.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:1d:7d:2b:fb:ce:f6:24:e1:1e:76:31:9a:1c:75:5d:df:bb:
         d0:79:b6:02:e3:e4:3c:91:4f:35:b5:e8:d2:1f:f6:d5:6e:9e:
         72:3d:76:a1:96:64:66:b0:5f:0f:6c:3b:bd:e3:65:e5:a2:f9:
         1d:9e:10:55:c4:44:3a:f6:8a:5a:1b:5c:a9:70:18:c2:b7:61:
         42:6a:e1:cc:9b:bd:e7:1e:94:ec:75:97:43:84:95:64:ab:21:
         d1:8f:32:84:a1:41:02:83:c8:4b:f3:1f:ea:b5:75:e4:52:b9:
         1a:41:94:72:b5:89:9f:69:55:fb:1f:86:10:85:a7:8f:21:21:
         0f:b9:17:28:bc:27:c6:46:29:49:96:a8:47:5b:67:be:cd:7e:
         69:3f:e4:27:98:06:3a:dc:ca:ac:6d:e3:4d:4a:5e:8f:fa:28:
         98:f8:51:de:cc:72:e3:9f:60:7e:7a:e5:88:9b:da:81:c0:91:
         57:01:50:87:6a:1d:21:e5:d1:0e:bc:6a:ee:46:ec:9d:9f:bb:
         df:18:18:8e:81:c9:63:3d:72:42:2c:d7:72:36:7a:e6:37:0b:
         39:a7:66:62:9d:b7:33:81:84:5b:25:5b:a6:c9:40:17:5e:de:
         3b:c5:59:eb:70:ad:2b:1d:39:0a:88:92:fa:c4:ce:ee:a1:6d:
         a1:dd:69:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDto5g4t7HnNMaJhdyLrzAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3MmYwZTQyYjA4YWE0NTFmYzU4M2EzNThlYzM3MGZmYmQy
ZGFjNjgwHhcNMjQwMTAxMDYyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmU2OTc3ZDViZmE0ZjY0NTgyNDZjZjRjNWM5M2I2Y2E0NDI2OTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9h9yDFRKb2s4Wo3djPGgYIIiO5e
2DXDg87pMVcFxeZRO0Y6YdDy6c2ZTuUdQwoTA1O+QXHGd5oolu/neuC5Mm1XwnUY
5UDeKbA9PtlVJReEAvFEJw5+5Cai+btnY15teqDiDP9G3x+yzsQlhQI/e2Af+2o8
dH0KfLrdXZvZnUOes6p4OqtDc9PYK5+wVQsSHeIpjDFeUDNXU5s4dpgswNyQl2yj
RUWa9xw79xixmw157ebD6Pzmt8jgFB+bnyXPs0691Sm52n1YAus5fkqR+ZjJDBU1
mqWInnF0lGfcuRVnCFhHXbbbV1KZ65NItM12h92edRBDmAe2lX4vYuXgXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLbml31b+k9kWCRs9MXJO2ykQmlzMB8GA1UdIwQY
MBaAFGcvDkKwiqRR/Fg6NY7DcP+9LaxoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnk4T1FyQ0twRkg4V0RvMWpzTndfNzB0ckdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My81OWE2YjktY2QyMC00Y2Q3LWI0YTct
ZjBiOTYyZjUyNDE0LzEvdHVhWGZWdjZUMlJZSkd6MHhjazdiS1JDYVhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My81OWE2YjktY2QyMC00Y2Q3LWI0YTctZjBiOTYyZjUyNDE0
LzEvWnk4T1FyQ0twRkg4V0RvMWpzTndfNzB0ckdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+6LMA0G
CSqGSIb3DQEBCwUAA4IBAQC7HX0r+872JOEedjGaHHVd37vQebYC4+Q8kU81tejS
H/bVbp5yPXahlmRmsF8PbDu942XlovkdnhBVxEQ69opaG1ypcBjCt2FCauHMm73n
HpTsdZdDhJVkqyHRjzKEoUECg8hL8x/qtXXkUrkaQZRytYmfaVX7H4YQhaePISEP
uRcovCfGRilJlqhHW2e+zX5pP+QnmAY63MqsbeNNSl6P+iiY+FHezHLjn2B+euWI
m9qBwJFXAVCHah0h5dEOvGruRuydn7vfGBiOgcljPXJCLNdyNnrmNws5p2Zinbcz
gYRbJVumyUAXXt47xVnrcK0rHTkKiJL6xM7uoW2h3Wk/
-----END CERTIFICATE-----