Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/33a733-ef05-4af0-8535-196d666d2b2b/1/TGWbnELd8GF3ir1u6GIVSi06TSk.roa
File:                     TGWbnELd8GF3ir1u6GIVSi06TSk.roa (raw, json)
Hash identifier:          JFFKC7OreIdl7ZsfoFAPPwgha/2WU0Hrpvx/GTEY15s=
Subject key identifier:   4C:65:9B:9C:42:DD:F0:61:77:8A:BD:6E:E8:62:15:4A:2D:3A:4D:29
Certificate issuer:       /CN=11184fb6503a760657f90270e276a3fcb50b8e8f
Certificate serial:       018CC8DEF1C9D52294E6857C08056FF2E2AA
Authority key identifier: 11:18:4F:B6:50:3A:76:06:57:F9:02:70:E2:76:A3:FC:B5:0B:8E:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ERhPtlA6dgZX-QJw4naj_LULjo8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/33a733-ef05-4af0-8535-196d666d2b2b/1/TGWbnELd8GF3ir1u6GIVSi06TSk.roa
Signing time:             Tue 02 Jan 2024 06:31:43 +0000
ROA not before:           Tue 02 Jan 2024 06:31:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9121
IP address blocks:        193.110.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/33a733-ef05-4af0-8535-196d666d2b2b/1/ERhPtlA6dgZX-QJw4naj_LULjo8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/33a733-ef05-4af0-8535-196d666d2b2b/1/ERhPtlA6dgZX-QJw4naj_LULjo8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ERhPtlA6dgZX-QJw4naj_LULjo8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:f1:c9:d5:22:94:e6:85:7c:08:05:6f:f2:e2:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11184fb6503a760657f90270e276a3fcb50b8e8f
        Validity
            Not Before: Jan  2 06:31:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c659b9c42ddf061778abd6ee862154a2d3a4d29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d2:cd:ab:6a:5c:38:c8:93:52:c9:4f:b7:18:
                    17:74:4b:9c:34:e1:7c:6e:ea:1c:71:51:94:eb:06:
                    b2:74:4a:5d:38:4d:6c:c6:dc:f0:34:ec:b5:4d:e4:
                    65:ca:75:4c:0e:e0:ba:a6:22:cb:b4:04:7b:3d:e4:
                    0b:b1:c2:b5:6b:18:82:0d:24:84:92:7f:3f:ce:66:
                    dc:b6:e7:4e:b6:3a:43:d0:36:71:cf:1e:cb:35:41:
                    cd:54:b2:ef:e6:b3:89:70:0e:a8:42:46:30:8c:17:
                    fd:8a:fb:d9:65:cd:19:96:39:0c:b8:4a:f7:11:21:
                    64:b5:51:cc:1e:6c:c4:47:4f:57:15:06:0f:92:5f:
                    51:83:ad:e6:79:ec:42:a4:63:13:87:1f:b2:40:de:
                    0f:14:2e:79:d4:d7:41:73:6c:80:08:83:f1:d7:76:
                    77:19:20:d6:31:57:65:91:85:d0:ca:a5:44:ff:2b:
                    29:c7:ed:8c:b1:95:78:96:fc:d4:a2:20:bb:8c:be:
                    73:24:bf:44:13:00:d2:23:cf:b9:55:be:fb:af:c8:
                    d6:e0:f4:a9:18:24:7a:3c:a4:fa:cf:11:b5:a5:ca:
                    20:62:cd:b3:a8:36:8a:0c:32:be:c9:83:3a:2e:cd:
                    0f:d2:e9:1d:b6:ce:35:6e:15:d3:7b:99:b3:85:f3:
                    56:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:65:9B:9C:42:DD:F0:61:77:8A:BD:6E:E8:62:15:4A:2D:3A:4D:29
            X509v3 Authority Key Identifier:
                keyid:11:18:4F:B6:50:3A:76:06:57:F9:02:70:E2:76:A3:FC:B5:0B:8E:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ERhPtlA6dgZX-QJw4naj_LULjo8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/33a733-ef05-4af0-8535-196d666d2b2b/1/TGWbnELd8GF3ir1u6GIVSi06TSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/33a733-ef05-4af0-8535-196d666d2b2b/1/ERhPtlA6dgZX-QJw4naj_LULjo8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.110.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:3b:e0:4f:3a:8c:8f:fe:fc:f5:f8:c9:0d:02:29:73:cf:dd:
         ea:1b:01:9b:9d:b2:a9:14:7a:f2:7f:90:0c:1e:64:44:3a:47:
         af:d4:85:9b:6d:12:82:f0:6f:76:1e:e7:6b:0e:f0:a5:3e:47:
         fb:f7:f2:77:47:e1:98:3a:cf:b4:57:a9:26:85:f8:c7:81:d3:
         e1:eb:0f:51:9c:72:db:c1:2f:2c:46:c5:8b:17:ef:30:26:52:
         db:8c:3f:1a:07:9e:d1:aa:79:ad:40:1e:89:e2:20:42:57:3d:
         dd:61:07:8c:32:45:50:8a:41:eb:14:f5:f2:fe:e6:61:9c:4d:
         00:7b:41:46:58:98:9b:fc:a1:1a:73:af:11:5a:2e:53:5f:81:
         a3:be:52:1c:3e:1c:21:fc:7f:30:22:bf:90:7f:94:b5:9b:63:
         0a:bd:68:d1:fd:df:1e:3e:40:01:53:73:39:c6:ef:83:b9:9c:
         d5:32:e6:c1:8f:09:b1:16:0c:bd:40:05:57:d6:e5:15:53:e1:
         f0:73:12:cf:b9:fc:5c:86:a3:c0:f1:93:17:fc:ef:ad:6d:4d:
         8c:17:64:a6:6e:7d:a5:b1:14:bc:6d:31:bd:4b:97:e6:2a:fe:
         c7:d2:dc:2a:82:0a:25:a1:65:51:f5:1e:ff:c8:8c:ac:21:93:
         a3:81:ad:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3vHJ1SKU5oV8CAVv8uKqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMTg0ZmI2NTAzYTc2MDY1N2Y5MDI3MGUyNzZhM2ZjYjUw
YjhlOGYwHhcNMjQwMTAyMDYzMTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzY1OWI5YzQyZGRmMDYxNzc4YWJkNmVlODYyMTU0YTJkM2E0ZDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9LNq2pcOMiTUslPtxgXdEucNOF8
buoccVGU6waydEpdOE1sxtzwNOy1TeRlynVMDuC6piLLtAR7PeQLscK1axiCDSSE
kn8/zmbctudOtjpD0DZxzx7LNUHNVLLv5rOJcA6oQkYwjBf9ivvZZc0ZljkMuEr3
ESFktVHMHmzER09XFQYPkl9Rg63meexCpGMThx+yQN4PFC551NdBc2yACIPx13Z3
GSDWMVdlkYXQyqVE/yspx+2MsZV4lvzUoiC7jL5zJL9EEwDSI8+5Vb77r8jW4PSp
GCR6PKT6zxG1pcogYs2zqDaKDDK+yYM6Ls0P0ukdts41bhXTe5mzhfNWDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFExlm5xC3fBhd4q9buhiFUotOk0pMB8GA1UdIwQY
MBaAFBEYT7ZQOnYGV/kCcOJ2o/y1C46PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVJoUHRsQTZkZ1pYLVFKdzRuYWpfTFVMam84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8zM2E3MzMtZWYwNS00YWYwLTg1MzUt
MTk2ZDY2NmQyYjJiLzEvVEdXYm5FTGQ4R0YzaXIxdTZHSVZTaTA2VFNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8zM2E3MzMtZWYwNS00YWYwLTg1MzUtMTk2ZDY2NmQyYjJi
LzEvRVJoUHRsQTZkZ1pYLVFKdzRuYWpfTFVMam84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW7RMA0G
CSqGSIb3DQEBCwUAA4IBAQCoO+BPOoyP/vz1+MkNAilzz93qGwGbnbKpFHryf5AM
HmREOkev1IWbbRKC8G92HudrDvClPkf79/J3R+GYOs+0V6kmhfjHgdPh6w9RnHLb
wS8sRsWLF+8wJlLbjD8aB57RqnmtQB6J4iBCVz3dYQeMMkVQikHrFPXy/uZhnE0A
e0FGWJib/KEac68RWi5TX4GjvlIcPhwh/H8wIr+Qf5S1m2MKvWjR/d8ePkABU3M5
xu+DuZzVMubBjwmxFgy9QAVX1uUVU+HwcxLPufxchqPA8ZMX/O+tbU2MF2Smbn2l
sRS8bTG9S5fmKv7H0twqggoloWVR9R7/yIysIZOjga3R
-----END CERTIFICATE-----