Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/TSblDOf3nNrF-JbC5De842u-fZU.roa
File:                     TSblDOf3nNrF-JbC5De842u-fZU.roa (raw, json)
Hash identifier:          fHQVHqidh41aylxD+43+U1LkUk4zcgvuF0cKqdybrEM=
Subject key identifier:   4D:26:E5:0C:E7:F7:9C:DA:C5:F8:96:C2:E4:37:BC:E3:6B:BE:7D:95
Certificate issuer:       /CN=a4824308bc83b4ee56f1c0c1b9fbfc311b0cd44a
Certificate serial:       018CC94E2F1492180BED13DCB896D8A1329C
Authority key identifier: A4:82:43:08:BC:83:B4:EE:56:F1:C0:C1:B9:FB:FC:31:1B:0C:D4:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pIJDCLyDtO5W8cDBufv8MRsM1Eo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/TSblDOf3nNrF-JbC5De842u-fZU.roa
Signing time:             Tue 02 Jan 2024 08:33:13 +0000
ROA not before:           Tue 02 Jan 2024 08:33:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39816
IP address blocks:        84.38.16.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/pIJDCLyDtO5W8cDBufv8MRsM1Eo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/pIJDCLyDtO5W8cDBufv8MRsM1Eo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pIJDCLyDtO5W8cDBufv8MRsM1Eo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:2f:14:92:18:0b:ed:13:dc:b8:96:d8:a1:32:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4824308bc83b4ee56f1c0c1b9fbfc311b0cd44a
        Validity
            Not Before: Jan  2 08:33:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d26e50ce7f79cdac5f896c2e437bce36bbe7d95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c0:64:77:95:7f:fd:ad:09:ac:04:c7:c7:a6:
                    98:66:30:f8:f0:c6:91:49:44:e8:e7:45:5b:a2:51:
                    0e:e2:16:88:f6:fe:74:20:b4:9c:8f:54:bf:5a:85:
                    b5:bf:1e:05:b6:bd:3e:8e:60:f8:a4:22:ea:f0:c5:
                    35:e4:3a:2a:b8:fb:19:91:e1:d9:05:bf:4f:4a:72:
                    4a:6f:08:4f:9b:f0:2a:05:c7:2e:fb:07:f3:82:4f:
                    4e:b7:9a:bb:42:08:89:de:22:61:70:6b:3c:cd:42:
                    04:11:13:75:ad:42:8b:c9:f4:c7:21:9f:6c:ec:f6:
                    76:86:e5:27:d9:7d:ab:0c:27:e2:42:3d:72:9f:93:
                    30:e7:8d:78:52:5d:fb:9a:49:77:9f:2c:d1:e8:0a:
                    d6:1c:46:1a:56:f5:3a:b5:0f:aa:4f:b4:e0:b8:4e:
                    f4:77:ef:d5:0c:99:4a:b7:0d:f6:2f:34:11:fa:7a:
                    fb:49:80:0a:a8:05:de:5f:01:83:04:c5:f6:9a:6c:
                    96:6f:74:69:34:4c:91:eb:70:9b:64:e0:25:24:ce:
                    0c:4a:b2:b9:bd:f1:bf:d4:38:f7:e9:33:3d:26:7c:
                    b1:3b:96:7c:e5:2f:08:b4:43:45:72:9d:02:89:31:
                    98:36:73:e0:35:06:92:0b:1e:19:49:62:74:42:6c:
                    99:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:26:E5:0C:E7:F7:9C:DA:C5:F8:96:C2:E4:37:BC:E3:6B:BE:7D:95
            X509v3 Authority Key Identifier:
                keyid:A4:82:43:08:BC:83:B4:EE:56:F1:C0:C1:B9:FB:FC:31:1B:0C:D4:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pIJDCLyDtO5W8cDBufv8MRsM1Eo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/TSblDOf3nNrF-JbC5De842u-fZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/pIJDCLyDtO5W8cDBufv8MRsM1Eo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.38.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         3b:b8:5f:1d:6c:3e:55:3b:eb:4a:e4:f8:33:67:5a:d1:9f:6a:
         bb:8b:2a:5b:85:e3:88:95:0a:ef:cb:72:12:d1:e5:e7:59:0a:
         d3:a6:39:f8:65:d4:50:5c:a7:29:30:3c:e2:5e:22:0d:98:9d:
         58:aa:46:9e:ea:4f:2b:36:eb:49:bf:a1:2a:80:66:e6:bd:13:
         aa:e1:d0:8d:f6:62:3a:4d:73:8a:75:19:fa:cf:b7:67:52:ff:
         69:0a:b7:15:15:6e:d8:0f:e0:5f:6c:68:59:37:54:2b:1f:be:
         52:73:5a:6c:00:c7:71:0b:eb:7f:05:24:cf:c0:9c:f9:e4:96:
         ce:88:9a:91:ca:16:a2:52:44:45:7c:16:32:26:08:f6:42:ac:
         4e:72:75:eb:b1:ef:03:8c:2a:e7:92:0a:de:f7:42:4c:d9:f0:
         1b:a1:5a:bf:64:0c:62:50:10:4b:8c:66:aa:49:b8:9c:64:bc:
         01:16:33:3a:b4:c7:19:84:02:ed:55:6e:02:a2:16:fd:45:65:
         fd:54:b4:5f:54:ca:d6:2b:b4:03:f4:77:e0:1f:f5:4e:1b:83:
         5e:53:b6:af:61:3f:97:ee:69:de:2c:c5:0b:41:c2:46:ba:5d:
         2e:ba:b7:0f:1b:9e:31:cd:1f:68:fa:01:be:8d:a7:6e:16:af:
         69:31:02:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTi8UkhgL7RPcuJbYoTKcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0ODI0MzA4YmM4M2I0ZWU1NmYxYzBjMWI5ZmJmYzMxMWIw
Y2Q0NGEwHhcNMjQwMTAyMDgzMzEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDI2ZTUwY2U3Zjc5Y2RhYzVmODk2YzJlNDM3YmNlMzZiYmU3ZDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcBkd5V//a0JrATHx6aYZjD48MaR
SUTo50VbolEO4haI9v50ILScj1S/WoW1vx4Ftr0+jmD4pCLq8MU15DoquPsZkeHZ
Bb9PSnJKbwhPm/AqBccu+wfzgk9Ot5q7QgiJ3iJhcGs8zUIEERN1rUKLyfTHIZ9s
7PZ2huUn2X2rDCfiQj1yn5Mw5414Ul37mkl3nyzR6ArWHEYaVvU6tQ+qT7TguE70
d+/VDJlKtw32LzQR+nr7SYAKqAXeXwGDBMX2mmyWb3RpNEyR63CbZOAlJM4MSrK5
vfG/1Dj36TM9JnyxO5Z85S8ItENFcp0CiTGYNnPgNQaSCx4ZSWJ0QmyZfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE0m5Qzn95zaxfiWwuQ3vONrvn2VMB8GA1UdIwQY
MBaAFKSCQwi8g7TuVvHAwbn7/DEbDNRKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcElKRENMeUR0TzVXOGNEQnVmdjhNUnNNMUVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS81ZmViMTMtOWU0My00MzI1LTg1Yzkt
MTk2ZTZmMzc1ZmQ2LzEvVFNibERPZjNuTnJGLUpiQzVEZTg0MnUtZlpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS81ZmViMTMtOWU0My00MzI1LTg1YzktMTk2ZTZmMzc1ZmQ2
LzEvcElKRENMeUR0TzVXOGNEQnVmdjhNUnNNMUVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEVCYQMA0G
CSqGSIb3DQEBCwUAA4IBAQA7uF8dbD5VO+tK5PgzZ1rRn2q7iypbheOIlQrvy3IS
0eXnWQrTpjn4ZdRQXKcpMDziXiINmJ1Yqkae6k8rNutJv6EqgGbmvROq4dCN9mI6
TXOKdRn6z7dnUv9pCrcVFW7YD+BfbGhZN1QrH75Sc1psAMdxC+t/BSTPwJz55JbO
iJqRyhaiUkRFfBYyJgj2QqxOcnXrse8DjCrnkgre90JM2fAboVq/ZAxiUBBLjGaq
SbicZLwBFjM6tMcZhALtVW4Cohb9RWX9VLRfVMrWK7QD9HfgH/VOG4NeU7avYT+X
7mneLMULQcJGul0uurcPG54xzR9o+gG+jaduFq9pMQJY
-----END CERTIFICATE-----