Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/TF9CxuKIR8cn3E1ftz2UU0S0wuY.roa
File:                     TF9CxuKIR8cn3E1ftz2UU0S0wuY.roa (raw, json)
Hash identifier:          ntOyxfYMJjCMjdFAkJRQfuWTDG79xv3FlG8dZ7tvvu8=
Subject key identifier:   4C:5F:42:C6:E2:88:47:C7:27:DC:4D:5F:B7:3D:94:53:44:B4:C2:E6
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       01908251D21376CD61C0A3A91250FFDB073E
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/TF9CxuKIR8cn3E1ftz2UU0S0wuY.roa
Signing time:             Fri 05 Jul 2024 09:55:18 +0000
ROA not before:           Fri 05 Jul 2024 09:55:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        91.186.194.0/23 maxlen: 23
                          94.241.160.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:82:51:d2:13:76:cd:61:c0:a3:a9:12:50:ff:db:07:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Jul  5 09:55:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c5f42c6e28847c727dc4d5fb73d945344b4c2e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:36:35:b3:32:99:81:fa:0e:8a:55:23:ac:f0:
                    15:fb:9d:0e:dd:8f:3e:98:3d:63:08:5b:bc:0c:1f:
                    ab:6e:ad:75:5b:dd:ed:e0:83:5a:b1:56:60:73:81:
                    3b:12:9d:d4:76:82:be:72:34:74:6a:91:a9:fa:55:
                    91:15:e5:9e:16:e3:08:b7:f2:ee:df:98:af:40:93:
                    f4:2b:2a:41:a5:fc:20:3d:ab:78:3b:c3:8b:5a:41:
                    77:21:f7:e5:48:3a:5a:28:4a:c6:3e:ec:65:e7:42:
                    d0:3c:71:31:2d:cc:f9:66:f5:2f:e3:96:43:26:86:
                    5a:2f:53:74:6e:e7:dd:46:b7:86:63:d7:70:9e:58:
                    fe:8d:5f:f3:ed:42:ae:b0:61:cc:81:59:1f:9b:a9:
                    b0:b2:00:c7:71:44:36:73:8b:66:54:73:bf:c1:8c:
                    66:bc:e1:52:10:d0:fa:f8:c6:ce:4e:87:03:95:89:
                    fc:81:b5:84:24:82:f6:20:92:12:ae:16:88:b0:7b:
                    96:40:41:60:0a:36:00:c6:a3:20:66:34:6c:29:c0:
                    14:cc:4a:66:51:c6:41:76:a9:fa:ce:3d:43:cb:aa:
                    e9:1e:ce:54:9c:c4:ce:87:17:b3:52:c7:7e:38:58:
                    3b:4a:69:e8:d4:a3:5c:7c:a8:06:cf:3d:db:5f:1f:
                    07:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:5F:42:C6:E2:88:47:C7:27:DC:4D:5F:B7:3D:94:53:44:B4:C2:E6
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/TF9CxuKIR8cn3E1ftz2UU0S0wuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.186.194.0/23
                  94.241.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0d:52:9b:cb:26:ca:b4:9d:13:58:f2:dc:47:f8:5a:15:7c:16:
         f6:b3:c2:b7:cd:80:53:97:61:c8:03:56:af:34:91:c4:f0:f8:
         27:f6:38:6d:bb:05:ef:b8:50:98:6e:4c:72:7a:65:2f:6d:ff:
         b7:d2:e9:42:b1:28:5c:68:83:37:3f:e2:8e:d4:4d:9d:3f:43:
         49:84:3e:bd:2f:f6:61:32:5a:e7:67:92:a0:78:14:89:51:26:
         ea:ad:83:31:66:03:55:4f:5b:72:0f:9c:66:80:14:1c:5e:bc:
         ae:2b:bf:41:04:fb:47:37:53:ef:82:fb:55:d5:c9:13:00:47:
         74:97:f0:2e:d5:69:c8:8a:f0:98:d2:68:ce:5b:3a:39:3e:43:
         a2:e6:8c:9b:9c:bf:79:98:f2:84:35:a9:51:ec:c8:42:06:72:
         0d:4e:60:af:8c:79:0a:d3:4f:99:a8:c5:d9:6e:c2:f5:ab:72:
         fb:d9:16:43:1d:ab:3b:fe:57:11:7f:cb:37:3c:79:60:97:ec:
         fe:dd:3b:b7:5e:db:29:00:d7:73:1a:dc:a7:07:15:86:7d:79:
         c5:b0:2f:3e:c8:f9:ff:c1:3b:f1:90:4b:4b:c5:16:c4:c3:aa:
         f4:ec:00:78:58:cd:93:09:de:1e:1f:ce:78:66:5b:e0:c0:db:
         6c:e8:0b:d4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZCCUdITds1hwKOpElD/2wc+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQwNzA1MDk1NTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzVmNDJjNmUyODg0N2M3MjdkYzRkNWZiNzNkOTQ1MzQ0YjRjMmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DY1szKZgfoOilUjrPAV+50O3Y8+
mD1jCFu8DB+rbq11W93t4INasVZgc4E7Ep3UdoK+cjR0apGp+lWRFeWeFuMIt/Lu
35ivQJP0KypBpfwgPat4O8OLWkF3IfflSDpaKErGPuxl50LQPHExLcz5ZvUv45ZD
JoZaL1N0bufdRreGY9dwnlj+jV/z7UKusGHMgVkfm6mwsgDHcUQ2c4tmVHO/wYxm
vOFSEND6+MbOTocDlYn8gbWEJIL2IJISrhaIsHuWQEFgCjYAxqMgZjRsKcAUzEpm
UcZBdqn6zj1Dy6rpHs5UnMTOhxezUsd+OFg7Smno1KNcfKgGzz3bXx8HpQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFExfQsbiiEfHJ9xNX7c9lFNEtMLmMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvVEY5Q3h1S0lSOGNuM0UxZnR6MlVVMFMwd3VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW7rCAwQB
XvGgMA0GCSqGSIb3DQEBCwUAA4IBAQANUpvLJsq0nRNY8txH+FoVfBb2s8K3zYBT
l2HIA1avNJHE8Pgn9jhtuwXvuFCYbkxyemUvbf+30ulCsShcaIM3P+KO1E2dP0NJ
hD69L/ZhMlrnZ5KgeBSJUSbqrYMxZgNVT1tyD5xmgBQcXryuK79BBPtHN1PvgvtV
1ckTAEd0l/Au1WnIivCY0mjOWzo5PkOi5oybnL95mPKENalR7MhCBnINTmCvjHkK
00+ZqMXZbsL1q3L72RZDHas7/lcRf8s3PHlgl+z+3Tu3XtspANdzGtynBxWGfXnF
sC8+yPn/wTvxkEtLxRbEw6r07AB4WM2TCd4eH854ZlvgwNts6AvU
-----END CERTIFICATE-----