Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/da3e5a-3002-41b0-af9a-3a73c333e7e7/1/TbTssEskHi75Es90FmLrgQo8Qws.roa
File:                     TbTssEskHi75Es90FmLrgQo8Qws.roa (raw, json)
Hash identifier:          Kx6fuUPQmJ4+NHISNQivKkzwXJBf6XM5qPChEW9wiuY=
Subject key identifier:   4D:B4:EC:B0:4B:24:1E:2E:F9:12:CF:74:16:62:EB:81:0A:3C:43:0B
Certificate issuer:       /CN=011994b1c5ae8f582bbecf67772b14b6d977baac
Certificate serial:       018EAE4FE0F7E9D7D2F8AB80B9E98132FC72
Authority key identifier: 01:19:94:B1:C5:AE:8F:58:2B:BE:CF:67:77:2B:14:B6:D9:77:BA:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ARmUscWuj1grvs9ndysUttl3uqw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/da3e5a-3002-41b0-af9a-3a73c333e7e7/1/TbTssEskHi75Es90FmLrgQo8Qws.roa
Signing time:             Fri 05 Apr 2024 12:50:54 +0000
ROA not before:           Fri 05 Apr 2024 12:50:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215928
IP address blocks:        193.57.201.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/da3e5a-3002-41b0-af9a-3a73c333e7e7/1/ARmUscWuj1grvs9ndysUttl3uqw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/da3e5a-3002-41b0-af9a-3a73c333e7e7/1/ARmUscWuj1grvs9ndysUttl3uqw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ARmUscWuj1grvs9ndysUttl3uqw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ae:4f:e0:f7:e9:d7:d2:f8:ab:80:b9:e9:81:32:fc:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=011994b1c5ae8f582bbecf67772b14b6d977baac
        Validity
            Not Before: Apr  5 12:50:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4db4ecb04b241e2ef912cf741662eb810a3c430b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:59:cc:9f:c1:67:49:b3:5f:72:03:ff:72:09:
                    6f:09:13:01:1e:01:fc:bb:ef:65:7a:72:c1:1c:33:
                    0c:95:7b:ca:69:11:36:2a:6c:de:40:4c:4c:ef:df:
                    e2:19:79:21:c0:d3:9b:f7:13:74:ea:33:2f:a7:fb:
                    9f:f1:0e:93:8d:e4:51:c0:6e:4a:16:81:f5:69:87:
                    59:d2:51:18:b5:40:8f:8e:80:31:3d:73:3f:ad:05:
                    9d:7a:f3:30:15:48:73:86:66:5f:29:d7:57:9b:08:
                    fe:cc:76:e9:eb:bd:bd:27:2b:23:1c:c8:ab:f8:d0:
                    d9:03:bf:be:4b:db:7e:b4:13:01:34:fd:09:e2:69:
                    32:68:ac:ea:94:9a:71:c1:79:2b:12:9a:32:53:38:
                    25:76:10:97:0d:21:5c:8a:e4:b4:a0:e3:3b:65:a9:
                    cb:bc:8f:83:06:c7:cc:1a:c5:1f:72:f4:25:38:13:
                    58:58:e2:39:15:2e:6c:3f:ad:f7:48:27:45:93:f1:
                    20:6a:6a:ba:22:a0:e7:5c:dd:8f:02:bb:19:71:16:
                    45:a7:19:23:d4:a3:94:12:13:cd:9d:2b:3e:71:cc:
                    a0:b8:e4:d5:8e:d7:9c:11:d6:0f:b2:1d:a5:8b:15:
                    f5:1e:74:7b:3b:89:c8:da:a2:42:d0:2c:b0:27:54:
                    3a:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:B4:EC:B0:4B:24:1E:2E:F9:12:CF:74:16:62:EB:81:0A:3C:43:0B
            X509v3 Authority Key Identifier:
                keyid:01:19:94:B1:C5:AE:8F:58:2B:BE:CF:67:77:2B:14:B6:D9:77:BA:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ARmUscWuj1grvs9ndysUttl3uqw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/da3e5a-3002-41b0-af9a-3a73c333e7e7/1/TbTssEskHi75Es90FmLrgQo8Qws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/da3e5a-3002-41b0-af9a-3a73c333e7e7/1/ARmUscWuj1grvs9ndysUttl3uqw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:64:9b:0a:12:d5:9e:32:eb:a1:9b:5a:7b:27:4a:ef:1d:46:
         dc:f5:7b:39:c8:8f:3d:e8:17:42:aa:25:cf:22:7c:18:1c:e0:
         f6:62:75:24:7c:f0:74:15:6e:ef:c3:40:f8:2a:af:97:7d:18:
         51:ad:2a:4d:3d:c8:f4:24:88:8d:97:23:9f:f1:6c:1f:99:a1:
         d4:79:ed:d7:7f:e3:79:89:a4:98:f7:82:7a:50:f7:70:0b:b7:
         47:71:17:fc:1a:2b:80:82:e3:d5:77:aa:6b:51:4f:33:30:fd:
         33:65:f5:10:59:68:7d:60:41:c6:bd:49:d9:09:49:5f:ab:74:
         f9:c0:ef:e1:1f:d2:bc:55:c0:49:0e:88:4e:26:88:32:c8:64:
         5b:27:e0:a3:5c:f9:c3:b8:e7:5a:64:91:40:fa:54:3f:06:03:
         88:c0:81:c8:b8:87:16:5d:42:d9:f8:bb:80:50:02:db:3c:3f:
         43:57:04:a4:c6:38:89:a6:b2:0a:dc:01:c5:8a:4f:f9:5d:5c:
         1f:d9:97:85:e5:d4:93:0d:99:4c:90:84:62:c3:4a:fc:85:5f:
         b2:b9:bb:eb:f3:7d:ac:77:ba:1e:d4:a4:87:b8:7d:8a:72:f4:
         3e:7f:2f:dc:74:55:cf:23:41:ec:38:e5:47:d5:15:33:1b:fa:
         67:b0:86:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6uT+D36dfS+KuAuemBMvxyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxMTk5NGIxYzVhZThmNTgyYmJlY2Y2Nzc3MmIxNGI2ZDk3
N2JhYWMwHhcNMjQwNDA1MTI1MDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGI0ZWNiMDRiMjQxZTJlZjkxMmNmNzQxNjYyZWI4MTBhM2M0MzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxlnMn8FnSbNfcgP/cglvCRMBHgH8
u+9lenLBHDMMlXvKaRE2KmzeQExM79/iGXkhwNOb9xN06jMvp/uf8Q6TjeRRwG5K
FoH1aYdZ0lEYtUCPjoAxPXM/rQWdevMwFUhzhmZfKddXmwj+zHbp6729JysjHMir
+NDZA7++S9t+tBMBNP0J4mkyaKzqlJpxwXkrEpoyUzgldhCXDSFciuS0oOM7ZanL
vI+DBsfMGsUfcvQlOBNYWOI5FS5sP633SCdFk/Egamq6IqDnXN2PArsZcRZFpxkj
1KOUEhPNnSs+ccyguOTVjtecEdYPsh2lixX1HnR7O4nI2qJC0CywJ1Q62wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE207LBLJB4u+RLPdBZi64EKPEMLMB8GA1UdIwQY
MBaAFAEZlLHFro9YK77PZ3crFLbZd7qsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVJtVXNjV3VqMWdydnM5bmR5c1V0dGwzdXF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9kYTNlNWEtMzAwMi00MWIwLWFmOWEt
M2E3M2MzMzNlN2U3LzEvVGJUc3NFc2tIaTc1RXM5MEZtTHJnUW84UXdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9kYTNlNWEtMzAwMi00MWIwLWFmOWEtM2E3M2MzMzNlN2U3
LzEvQVJtVXNjV3VqMWdydnM5bmR5c1V0dGwzdXF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTnJMA0G
CSqGSIb3DQEBCwUAA4IBAQCxZJsKEtWeMuuhm1p7J0rvHUbc9Xs5yI896BdCqiXP
InwYHOD2YnUkfPB0FW7vw0D4Kq+XfRhRrSpNPcj0JIiNlyOf8WwfmaHUee3Xf+N5
iaSY94J6UPdwC7dHcRf8GiuAguPVd6prUU8zMP0zZfUQWWh9YEHGvUnZCUlfq3T5
wO/hH9K8VcBJDohOJogyyGRbJ+CjXPnDuOdaZJFA+lQ/BgOIwIHIuIcWXULZ+LuA
UALbPD9DVwSkxjiJprIK3AHFik/5XVwf2ZeF5dSTDZlMkIRiw0r8hV+yubvr832s
d7oe1KSHuH2KcvQ+fy/cdFXPI0HsOOVH1RUzG/pnsIaG
-----END CERTIFICATE-----