Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/72892a-3bc0-4f57-bc5b-75039750bd68/1/TlS8cEJ5SNM1L8pIrZGa6j9NzIk.roa
File:                     TlS8cEJ5SNM1L8pIrZGa6j9NzIk.roa (raw, json)
Hash identifier:          ubGJd0pWhkvbAO4W24LkQIqm9qWid4GanISidOYna2s=
Subject key identifier:   4E:54:BC:70:42:79:48:D3:35:2F:CA:48:AD:91:9A:EA:3F:4D:CC:89
Certificate issuer:       /CN=a73d640d90bf3d67f2498138cc371f654647ddad
Certificate serial:       018CC26D589FC2B7C52A5AF02976118732D7
Authority key identifier: A7:3D:64:0D:90:BF:3D:67:F2:49:81:38:CC:37:1F:65:46:47:DD:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pz1kDZC_PWfySYE4zDcfZUZH3a0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/72892a-3bc0-4f57-bc5b-75039750bd68/1/TlS8cEJ5SNM1L8pIrZGa6j9NzIk.roa
Signing time:             Mon 01 Jan 2024 00:29:55 +0000
ROA not before:           Mon 01 Jan 2024 00:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41970
IP address blocks:        194.60.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/72892a-3bc0-4f57-bc5b-75039750bd68/1/pz1kDZC_PWfySYE4zDcfZUZH3a0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/72892a-3bc0-4f57-bc5b-75039750bd68/1/pz1kDZC_PWfySYE4zDcfZUZH3a0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pz1kDZC_PWfySYE4zDcfZUZH3a0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:58:9f:c2:b7:c5:2a:5a:f0:29:76:11:87:32:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a73d640d90bf3d67f2498138cc371f654647ddad
        Validity
            Not Before: Jan  1 00:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e54bc70427948d3352fca48ad919aea3f4dcc89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:28:d6:ae:17:29:6e:c6:91:49:c3:b6:38:b6:
                    ae:d4:3d:8f:25:55:17:35:b2:6f:e9:a1:01:75:c3:
                    e1:cb:68:f5:1d:99:2e:7e:35:55:81:1b:b7:e3:91:
                    17:a0:cf:04:d4:24:d3:ea:b9:0a:f2:b1:08:8c:15:
                    69:5a:b8:83:75:3f:84:18:8f:a3:b1:d7:e1:8b:79:
                    31:80:b9:3e:f7:7a:16:df:22:2e:6a:ac:d6:2b:5a:
                    02:c2:6a:08:91:11:fe:bf:50:bd:d9:a1:c3:62:a8:
                    8d:6e:7e:25:67:02:fc:e1:04:bc:31:e9:6e:d3:4d:
                    12:7b:93:ca:e3:03:d6:b4:3a:80:08:6b:f9:e8:2e:
                    f6:5f:64:fb:4b:96:54:f6:2e:f0:1b:3b:76:d2:57:
                    05:ce:92:fa:a4:45:ec:35:07:4c:22:d9:f8:2c:6a:
                    e7:25:77:e4:11:fc:b9:af:0e:c8:c8:33:1b:ef:29:
                    e0:35:08:bc:24:1c:e1:51:a2:d4:92:dc:bc:50:9f:
                    56:a0:4a:1d:6e:a5:57:be:1a:6d:79:0a:c7:e6:eb:
                    ff:c5:47:3b:da:53:ee:2d:b7:ed:ee:57:a8:83:fc:
                    6b:63:ca:fa:b7:51:75:79:fd:39:80:04:e7:97:9c:
                    2f:e0:a7:e5:0b:80:1b:8e:8a:6f:ac:5e:a1:d1:83:
                    33:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:54:BC:70:42:79:48:D3:35:2F:CA:48:AD:91:9A:EA:3F:4D:CC:89
            X509v3 Authority Key Identifier:
                keyid:A7:3D:64:0D:90:BF:3D:67:F2:49:81:38:CC:37:1F:65:46:47:DD:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pz1kDZC_PWfySYE4zDcfZUZH3a0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/72892a-3bc0-4f57-bc5b-75039750bd68/1/TlS8cEJ5SNM1L8pIrZGa6j9NzIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/72892a-3bc0-4f57-bc5b-75039750bd68/1/pz1kDZC_PWfySYE4zDcfZUZH3a0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.60.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:a5:11:58:60:e7:8c:2a:9c:68:ec:fd:92:5b:e8:1f:bb:91:
         8f:3d:a6:71:ba:76:50:1e:8c:70:ff:34:27:0f:d2:4d:a8:71:
         7f:96:f2:0d:a3:f8:2d:12:5c:90:81:4e:3f:34:c7:b8:13:6b:
         ba:f8:a7:3c:58:cd:c7:0f:71:5f:98:97:25:e6:ef:ee:08:61:
         bc:a8:e1:6a:d4:d5:f6:81:88:ab:93:3a:1b:e3:83:1b:53:f1:
         58:a1:d2:0f:bf:64:e2:b2:84:c0:43:ea:c6:7a:14:9f:06:46:
         78:cf:2f:b0:ee:f1:e4:c5:62:1b:b2:85:6a:80:84:d1:8c:33:
         29:32:f9:86:b6:67:a2:e7:09:62:c4:45:5d:51:61:13:d7:32:
         de:6a:24:b8:0d:66:2e:c3:c9:da:8b:2d:21:83:d0:58:2d:b7:
         8f:fe:ba:ce:21:bc:b5:db:7e:50:a3:00:77:55:9d:e3:aa:8a:
         d9:c4:94:55:4e:60:f7:59:3c:06:fc:61:51:8d:e3:95:86:90:
         cd:92:b7:c7:e4:6f:a0:e0:63:eb:c3:0f:53:72:b1:a8:a9:e6:
         1e:7a:aa:de:47:c4:2a:c3:e2:77:a1:e0:5d:e3:0a:ec:3a:01:
         51:03:a4:49:1b:5d:72:7d:32:bc:ad:86:7a:27:e5:8c:2d:8d:
         be:6a:06:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbVifwrfFKlrwKXYRhzLXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3M2Q2NDBkOTBiZjNkNjdmMjQ5ODEzOGNjMzcxZjY1NDY0
N2RkYWQwHhcNMjQwMTAxMDAyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTU0YmM3MDQyNzk0OGQzMzUyZmNhNDhhZDkxOWFlYTNmNGRjYzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvijWrhcpbsaRScO2OLau1D2PJVUX
NbJv6aEBdcPhy2j1HZkufjVVgRu345EXoM8E1CTT6rkK8rEIjBVpWriDdT+EGI+j
sdfhi3kxgLk+93oW3yIuaqzWK1oCwmoIkRH+v1C92aHDYqiNbn4lZwL84QS8Melu
000Se5PK4wPWtDqACGv56C72X2T7S5ZU9i7wGzt20lcFzpL6pEXsNQdMItn4LGrn
JXfkEfy5rw7IyDMb7yngNQi8JBzhUaLUkty8UJ9WoEodbqVXvhpteQrH5uv/xUc7
2lPuLbft7leog/xrY8r6t1F1ef05gATnl5wv4KflC4AbjopvrF6h0YMz8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE5UvHBCeUjTNS/KSK2Rmuo/TcyJMB8GA1UdIwQY
MBaAFKc9ZA2Qvz1n8kmBOMw3H2VGR92tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHoxa0RaQ19QV2Z5U1lFNHpEY2ZaVVpIM2EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC83Mjg5MmEtM2JjMC00ZjU3LWJjNWIt
NzUwMzk3NTBiZDY4LzEvVGxTOGNFSjVTTk0xTDhwSXJaR2E2ajlOeklrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC83Mjg5MmEtM2JjMC00ZjU3LWJjNWItNzUwMzk3NTBiZDY4
LzEvcHoxa0RaQ19QV2Z5U1lFNHpEY2ZaVVpIM2EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjxKMA0G
CSqGSIb3DQEBCwUAA4IBAQB5pRFYYOeMKpxo7P2SW+gfu5GPPaZxunZQHoxw/zQn
D9JNqHF/lvINo/gtElyQgU4/NMe4E2u6+Kc8WM3HD3FfmJcl5u/uCGG8qOFq1NX2
gYirkzob44MbU/FYodIPv2TisoTAQ+rGehSfBkZ4zy+w7vHkxWIbsoVqgITRjDMp
MvmGtmei5wlixEVdUWET1zLeaiS4DWYuw8naiy0hg9BYLbeP/rrOIby1235QowB3
VZ3jqorZxJRVTmD3WTwG/GFRjeOVhpDNkrfH5G+g4GPrww9TcrGoqeYeeqreR8Qq
w+J3oeBd4wrsOgFRA6RJG11yfTK8rYZ6J+WMLY2+agYc
-----END CERTIFICATE-----