Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/a52ceb-c8c8-4236-a037-60a5743e6e1f/1/tFvDvjrNx-hGqJMWJ5GGjlGCjj0.roa
File:                     tFvDvjrNx-hGqJMWJ5GGjlGCjj0.roa (raw, json)
Hash identifier:          43MOWNxj1i3du6uFljH5KohoFMTLyoc7MPDaEdexui4=
Subject key identifier:   B4:5B:C3:BE:3A:CD:C7:E8:46:A8:93:16:27:91:86:8E:51:82:8E:3D
Certificate issuer:       /CN=ef4e1ea65287a24e20c663b5161c1513f00c8a8d
Certificate serial:       018E7D60CE2A3C03D27F113B0BD997503055
Authority key identifier: EF:4E:1E:A6:52:87:A2:4E:20:C6:63:B5:16:1C:15:13:F0:0C:8A:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/704eplKHok4gxmO1FhwVE_AMio0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/a52ceb-c8c8-4236-a037-60a5743e6e1f/1/tFvDvjrNx-hGqJMWJ5GGjlGCjj0.roa
Signing time:             Wed 27 Mar 2024 00:47:59 +0000
ROA not before:           Wed 27 Mar 2024 00:47:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12703
IP address blocks:        193.33.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/a52ceb-c8c8-4236-a037-60a5743e6e1f/1/704eplKHok4gxmO1FhwVE_AMio0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/a52ceb-c8c8-4236-a037-60a5743e6e1f/1/704eplKHok4gxmO1FhwVE_AMio0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/704eplKHok4gxmO1FhwVE_AMio0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7d:60:ce:2a:3c:03:d2:7f:11:3b:0b:d9:97:50:30:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef4e1ea65287a24e20c663b5161c1513f00c8a8d
        Validity
            Not Before: Mar 27 00:47:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b45bc3be3acdc7e846a893162791868e51828e3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:2e:25:29:12:e4:8d:e5:23:5a:4c:3c:5b:8e:
                    91:b5:85:aa:cb:52:59:7a:b8:f1:31:50:91:24:16:
                    2f:87:38:79:f1:1c:8c:5c:ad:99:62:27:45:fb:dd:
                    c8:23:ae:fa:b1:94:10:98:2f:2f:99:76:66:c5:91:
                    84:84:d7:01:4c:e7:21:7c:68:6b:eb:29:92:4f:c5:
                    9e:52:a9:5d:7d:eb:c3:a1:7e:f1:82:40:e7:e0:e7:
                    25:d4:68:ed:cc:95:8d:45:ee:54:9b:f7:4a:61:f0:
                    e0:fc:a7:8c:07:f6:ff:66:09:19:2c:5f:0e:35:20:
                    44:11:c5:ca:c6:60:c0:7e:54:fd:f4:90:35:a2:85:
                    3d:a7:0e:77:1b:71:98:89:e3:3d:23:cd:90:c6:aa:
                    62:44:05:1a:c4:c8:65:0d:a5:47:9f:9d:86:9f:e5:
                    79:6d:f8:5c:25:67:09:b0:74:fd:5d:d4:ed:f8:84:
                    2e:54:bd:7a:1a:ba:8a:f9:81:bd:15:31:6c:8a:18:
                    76:57:79:e9:a3:be:a7:ac:57:48:43:78:e7:14:f8:
                    0c:a2:8e:ee:82:f4:25:85:b4:01:a4:a0:43:e6:bb:
                    95:ba:18:dc:ba:a4:90:ee:33:12:e8:09:9d:a9:67:
                    ae:79:c7:87:52:a1:3b:d4:6f:5d:d8:f4:45:a6:92:
                    f0:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:5B:C3:BE:3A:CD:C7:E8:46:A8:93:16:27:91:86:8E:51:82:8E:3D
            X509v3 Authority Key Identifier:
                keyid:EF:4E:1E:A6:52:87:A2:4E:20:C6:63:B5:16:1C:15:13:F0:0C:8A:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/704eplKHok4gxmO1FhwVE_AMio0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/a52ceb-c8c8-4236-a037-60a5743e6e1f/1/tFvDvjrNx-hGqJMWJ5GGjlGCjj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/a52ceb-c8c8-4236-a037-60a5743e6e1f/1/704eplKHok4gxmO1FhwVE_AMio0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.33.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:a4:b0:3e:f3:f0:7f:01:d6:43:6b:90:e2:28:f6:b7:2b:0b:
         b5:03:dc:59:7c:1c:f3:cf:2d:8b:be:fb:81:33:0b:3c:a3:d2:
         0a:e6:58:13:30:6f:48:46:41:0c:7b:3a:0a:08:c9:22:ad:4a:
         66:4c:e3:4e:b8:d9:d8:b1:34:a9:2e:cb:4f:5d:61:a5:32:30:
         49:d7:85:85:b5:9d:6a:44:25:b3:00:7c:5d:f8:ae:d6:f0:f6:
         97:69:b8:80:48:34:ac:18:00:11:0a:47:cf:90:c7:99:4d:c0:
         72:01:0c:64:a7:8c:c8:c1:90:0a:41:79:34:bf:c1:76:28:11:
         2b:ab:ac:ab:f9:d4:05:27:fb:64:38:77:1a:41:c1:df:b5:c8:
         a3:86:8d:f4:82:97:ca:72:c9:87:f9:f7:15:c5:3d:17:6f:e4:
         bd:4b:d9:99:65:1e:ce:36:ec:b6:39:f4:8b:60:c0:38:e5:2a:
         b4:6f:ad:3a:57:41:43:ae:d5:bc:21:3f:fd:7e:a6:3c:12:43:
         fe:63:54:78:c9:8c:d7:12:01:b6:24:68:17:f9:44:ff:7a:30:
         07:9a:d6:f9:be:20:8a:fb:24:fb:af:79:f8:6f:51:1e:85:d4:
         3f:7b:9c:69:8c:6c:90:5f:e5:ad:81:ef:91:c5:49:60:79:f7:
         55:58:23:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY59YM4qPAPSfxE7C9mXUDBVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNGUxZWE2NTI4N2EyNGUyMGM2NjNiNTE2MWMxNTEzZjAw
YzhhOGQwHhcNMjQwMzI3MDA0NzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDViYzNiZTNhY2RjN2U4NDZhODkzMTYyNzkxODY4ZTUxODI4ZTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwS4lKRLkjeUjWkw8W46RtYWqy1JZ
erjxMVCRJBYvhzh58RyMXK2ZYidF+93II676sZQQmC8vmXZmxZGEhNcBTOchfGhr
6ymST8WeUqldfevDoX7xgkDn4Ocl1GjtzJWNRe5Um/dKYfDg/KeMB/b/ZgkZLF8O
NSBEEcXKxmDAflT99JA1ooU9pw53G3GYieM9I82QxqpiRAUaxMhlDaVHn52Gn+V5
bfhcJWcJsHT9XdTt+IQuVL16GrqK+YG9FTFsihh2V3npo76nrFdIQ3jnFPgMoo7u
gvQlhbQBpKBD5ruVuhjcuqSQ7jMS6AmdqWeueceHUqE71G9d2PRFppLwiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLRbw746zcfoRqiTFieRho5Rgo49MB8GA1UdIwQY
MBaAFO9OHqZSh6JOIMZjtRYcFRPwDIqNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzA0ZXBsS0hvazRneG1PMUZod1ZFX0FNaW8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9hNTJjZWItYzhjOC00MjM2LWEwMzct
NjBhNTc0M2U2ZTFmLzEvdEZ2RHZqck54LWhHcUpNV0o1R0dqbEdDamowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9hNTJjZWItYzhjOC00MjM2LWEwMzctNjBhNTc0M2U2ZTFm
LzEvNzA0ZXBsS0hvazRneG1PMUZod1ZFX0FNaW8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSFtMA0G
CSqGSIb3DQEBCwUAA4IBAQCmpLA+8/B/AdZDa5DiKPa3Kwu1A9xZfBzzzy2LvvuB
Mws8o9IK5lgTMG9IRkEMezoKCMkirUpmTONOuNnYsTSpLstPXWGlMjBJ14WFtZ1q
RCWzAHxd+K7W8PaXabiASDSsGAARCkfPkMeZTcByAQxkp4zIwZAKQXk0v8F2KBEr
q6yr+dQFJ/tkOHcaQcHftcijho30gpfKcsmH+fcVxT0Xb+S9S9mZZR7ONuy2OfSL
YMA45Sq0b606V0FDrtW8IT/9fqY8EkP+Y1R4yYzXEgG2JGgX+UT/ejAHmtb5viCK
+yT7r3n4b1EehdQ/e5xpjGyQX+Wtge+RxUlgefdVWCOB
-----END CERTIFICATE-----