Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/0c9de8-cef2-4d8d-a920-76594a19177c/1/tv1KZWTw8P4U7Rq7jjCceTF-8iA.roa
File:                     tv1KZWTw8P4U7Rq7jjCceTF-8iA.roa (raw, json)
Hash identifier:          e0bFqRMmwIRVDnd8TlNIHASS2kNGI05UY02h5t+2Qgk=
Subject key identifier:   B6:FD:4A:65:64:F0:F0:FE:14:ED:1A:BB:8E:30:9C:79:31:7E:F2:20
Certificate issuer:       /CN=f939b03f1294ebd35a3b15d695d7e91f8cb41fa0
Certificate serial:       018CC9BBF2220DC06167A64558603D0542EA
Authority key identifier: F9:39:B0:3F:12:94:EB:D3:5A:3B:15:D6:95:D7:E9:1F:8C:B4:1F:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-TmwPxKU69NaOxXWldfpH4y0H6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/0c9de8-cef2-4d8d-a920-76594a19177c/1/tv1KZWTw8P4U7Rq7jjCceTF-8iA.roa
Signing time:             Tue 02 Jan 2024 10:33:06 +0000
ROA not before:           Tue 02 Jan 2024 10:33:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200530
IP address blocks:        194.5.40.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/0c9de8-cef2-4d8d-a920-76594a19177c/1/1-TmwPxKU69NaOxXWldfpH4y0H6A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/0c9de8-cef2-4d8d-a920-76594a19177c/1/1-TmwPxKU69NaOxXWldfpH4y0H6A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-TmwPxKU69NaOxXWldfpH4y0H6A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:f2:22:0d:c0:61:67:a6:45:58:60:3d:05:42:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f939b03f1294ebd35a3b15d695d7e91f8cb41fa0
        Validity
            Not Before: Jan  2 10:33:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6fd4a6564f0f0fe14ed1abb8e309c79317ef220
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:e3:b4:cc:a2:f5:76:34:39:d3:a9:54:32:ba:
                    5c:d8:70:fe:7c:91:2a:76:84:34:9b:9a:e3:1e:e9:
                    33:3c:a1:35:83:23:6e:6a:9d:66:74:17:69:f2:a0:
                    34:c8:38:2e:fd:40:ef:93:f2:e6:4c:80:fb:dc:cd:
                    f6:aa:66:3e:e5:15:46:9a:72:c5:ca:bf:99:a4:57:
                    40:6f:19:e9:d4:31:25:11:5a:fa:13:2b:d9:2c:70:
                    57:ac:ab:50:d2:78:67:6a:c2:f6:60:5e:b1:7c:02:
                    94:d1:32:94:2a:67:ba:20:bf:ca:9d:c5:b8:23:dd:
                    f9:bc:6d:1b:d4:f3:9c:eb:49:71:74:0d:ab:eb:6e:
                    3e:a6:bd:86:68:c7:67:b3:28:3a:35:ca:92:e1:df:
                    f6:c9:02:45:f4:1d:67:f7:03:b6:7f:17:6d:cd:ab:
                    91:23:b6:5f:61:33:6b:92:9f:10:d7:16:a1:ed:96:
                    2b:e5:f7:3b:54:f1:db:43:1a:67:38:f9:1a:2f:e2:
                    5f:17:5e:66:eb:aa:e1:78:19:45:5b:a9:11:5f:3f:
                    85:ff:52:04:a3:d0:d7:20:50:6b:29:48:10:35:59:
                    fa:e5:65:d7:16:c5:03:6f:f4:99:dc:e6:30:34:e6:
                    76:ae:22:b8:0b:be:5d:79:05:81:43:f5:18:6c:12:
                    b9:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:FD:4A:65:64:F0:F0:FE:14:ED:1A:BB:8E:30:9C:79:31:7E:F2:20
            X509v3 Authority Key Identifier:
                keyid:F9:39:B0:3F:12:94:EB:D3:5A:3B:15:D6:95:D7:E9:1F:8C:B4:1F:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-TmwPxKU69NaOxXWldfpH4y0H6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/0c9de8-cef2-4d8d-a920-76594a19177c/1/tv1KZWTw8P4U7Rq7jjCceTF-8iA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/0c9de8-cef2-4d8d-a920-76594a19177c/1/1-TmwPxKU69NaOxXWldfpH4y0H6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c9:9b:05:6b:15:8c:da:ac:53:7e:bc:ce:95:2b:5b:44:97:bb:
         0f:70:ba:d3:4a:d9:66:f5:39:cd:8b:83:04:eb:89:2d:47:b9:
         41:4f:91:4d:72:76:3a:c1:e8:9d:96:75:9e:cd:f4:6d:b1:dd:
         b0:05:25:a3:4f:23:53:02:5a:27:41:20:40:87:04:01:b3:58:
         6f:34:e9:ac:80:db:bc:11:08:b9:af:94:da:67:01:3a:60:d9:
         ed:dd:ac:64:13:25:fa:b9:a4:48:0b:15:7f:b9:e5:af:da:f2:
         3b:c2:8e:a7:87:42:e7:f5:9d:c6:15:8b:b2:c6:df:e5:40:65:
         e6:a0:22:87:49:b7:50:d1:3b:a4:9c:11:c8:1b:e1:56:83:2c:
         a9:14:bd:68:b8:cc:6f:b8:ec:37:17:6c:9e:d5:de:9e:94:8c:
         b7:d1:a5:3b:c0:d9:02:6c:8d:f1:42:71:f2:9a:18:0b:f0:45:
         02:32:66:0c:35:f6:94:42:c6:38:a2:5b:c3:1a:41:3f:a4:ff:
         95:dc:3c:d8:19:08:1b:4a:51:41:77:63:0b:b2:93:e8:59:b3:
         fc:3a:3c:fb:ce:ac:a5:7b:f8:d3:00:0b:e8:47:e0:7d:01:4d:
         1d:eb:ff:4a:47:de:a1:3c:e1:a4:44:d9:d5:03:1b:8c:e1:55:
         8d:ac:3f:48
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJu/IiDcBhZ6ZFWGA9BULqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5MzliMDNmMTI5NGViZDM1YTNiMTVkNjk1ZDdlOTFmOGNi
NDFmYTAwHhcNMjQwMTAyMTAzMzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmZkNGE2NTY0ZjBmMGZlMTRlZDFhYmI4ZTMwOWM3OTMxN2VmMjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+O0zKL1djQ506lUMrpc2HD+fJEq
doQ0m5rjHukzPKE1gyNuap1mdBdp8qA0yDgu/UDvk/LmTID73M32qmY+5RVGmnLF
yr+ZpFdAbxnp1DElEVr6EyvZLHBXrKtQ0nhnasL2YF6xfAKU0TKUKme6IL/KncW4
I935vG0b1POc60lxdA2r624+pr2GaMdnsyg6NcqS4d/2yQJF9B1n9wO2fxdtzauR
I7ZfYTNrkp8Q1xah7ZYr5fc7VPHbQxpnOPkaL+JfF15m66rheBlFW6kRXz+F/1IE
o9DXIFBrKUgQNVn65WXXFsUDb/SZ3OYwNOZ2riK4C75deQWBQ/UYbBK5HQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLb9SmVk8PD+FO0au44wnHkxfvIgMB8GA1UdIwQY
MBaAFPk5sD8SlOvTWjsV1pXX6R+MtB+gMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1UbXdQeEtVNjlOYU94WFdsZGZwSDR5MEg2QS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTcvMGM5ZGU4LWNlZjItNGQ4ZC1hOTIw
LTc2NTk0YTE5MTc3Yy8xL3R2MUtaV1R3OFA0VTdScTdqakNjZVRGLThpQS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTcvMGM5ZGU4LWNlZjItNGQ4ZC1hOTIwLTc2NTk0YTE5MTc3
Yy8xLzEtVG13UHhLVTY5TmFPeFhXbGRmcEg0eTBINkEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBALCBSgw
DQYJKoZIhvcNAQELBQADggEBAMmbBWsVjNqsU368zpUrW0SXuw9wutNK2Wb1Oc2L
gwTriS1HuUFPkU1ydjrB6J2WdZ7N9G2x3bAFJaNPI1MCWidBIECHBAGzWG806ayA
27wRCLmvlNpnATpg2e3drGQTJfq5pEgLFX+55a/a8jvCjqeHQuf1ncYVi7LG3+VA
ZeagIodJt1DRO6ScEcgb4VaDLKkUvWi4zG+47DcXbJ7V3p6UjLfRpTvA2QJsjfFC
cfKaGAvwRQIyZgw19pRCxjiiW8MaQT+k/5XcPNgZCBtKUUF3Ywuyk+hZs/w6PPvO
rKV7+NMAC+hH4H0BTR3r/0pH3qE84aRE2dUDG4zhVY2sP0g=
-----END CERTIFICATE-----