Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/fe6904-eb56-4493-929c-1a9df38f5901/1/TWn-0uCyuiEJ3scUOYRJhHIGmMU.roa
File:                     TWn-0uCyuiEJ3scUOYRJhHIGmMU.roa (raw, json)
Hash identifier:          DywbCWNTo/70t7B5UtRTgv5T+ongZgC6jKWNzHqeh0c=
Subject key identifier:   4D:69:FE:D2:E0:B2:BA:21:09:DE:C7:14:39:84:49:84:72:06:98:C5
Certificate issuer:       /CN=d949caba3d4315607f4a6d627ece1ecea8cbc319
Certificate serial:       018CC79408A48A9D421B7890ADF5399B7D50
Authority key identifier: D9:49:CA:BA:3D:43:15:60:7F:4A:6D:62:7E:CE:1E:CE:A8:CB:C3:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2UnKuj1DFWB_Sm1ifs4ezqjLwxk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/fe6904-eb56-4493-929c-1a9df38f5901/1/TWn-0uCyuiEJ3scUOYRJhHIGmMU.roa
Signing time:             Tue 02 Jan 2024 00:30:16 +0000
ROA not before:           Tue 02 Jan 2024 00:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208764
IP address blocks:        194.169.51.0/24 maxlen: 24
                          194.169.53.0/24 maxlen: 24
                          185.244.92.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/fe6904-eb56-4493-929c-1a9df38f5901/1/2UnKuj1DFWB_Sm1ifs4ezqjLwxk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/fe6904-eb56-4493-929c-1a9df38f5901/1/2UnKuj1DFWB_Sm1ifs4ezqjLwxk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2UnKuj1DFWB_Sm1ifs4ezqjLwxk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:08:a4:8a:9d:42:1b:78:90:ad:f5:39:9b:7d:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d949caba3d4315607f4a6d627ece1ecea8cbc319
        Validity
            Not Before: Jan  2 00:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d69fed2e0b2ba2109dec71439844984720698c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:24:1a:d6:eb:76:9f:2d:c6:63:b6:1b:13:62:
                    fb:61:a1:d0:87:2d:1e:be:8b:69:85:b3:e2:91:fb:
                    70:91:7c:06:1b:ad:a8:04:f5:79:79:7f:b3:7c:ce:
                    85:bb:63:79:98:92:5f:8a:f1:ba:22:16:7a:15:cd:
                    dc:01:48:e8:80:5e:0a:da:f7:dc:ce:40:6e:ee:c8:
                    af:8a:f9:94:0e:aa:27:ef:59:c5:d8:01:e7:74:11:
                    e5:ab:96:30:cf:5f:a9:f5:ec:48:64:73:fd:38:32:
                    4e:da:cb:37:52:3b:10:0a:dc:32:4a:8b:6b:8b:b7:
                    66:12:92:88:12:0a:ff:69:10:a1:f6:16:e0:1d:f5:
                    5e:b6:29:ca:72:38:67:83:69:01:3b:1c:37:be:f8:
                    72:a6:1f:cd:c9:24:57:af:bd:55:34:5e:0b:c8:31:
                    6b:a1:c9:19:0f:a2:4f:58:45:b7:9c:b8:ba:24:54:
                    de:45:ea:95:e3:c5:5d:5b:0b:47:71:c5:a7:6e:7e:
                    8e:28:7e:7e:da:96:dd:7b:35:84:92:92:91:bd:53:
                    aa:fe:07:1f:14:e0:cc:4e:86:7c:8e:91:fc:54:f1:
                    98:4c:f5:5c:c2:4a:4f:c8:01:cc:c4:92:3c:90:b2:
                    3f:c4:45:c8:04:7a:e0:de:ed:c6:ea:09:62:90:07:
                    e4:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:69:FE:D2:E0:B2:BA:21:09:DE:C7:14:39:84:49:84:72:06:98:C5
            X509v3 Authority Key Identifier:
                keyid:D9:49:CA:BA:3D:43:15:60:7F:4A:6D:62:7E:CE:1E:CE:A8:CB:C3:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2UnKuj1DFWB_Sm1ifs4ezqjLwxk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/fe6904-eb56-4493-929c-1a9df38f5901/1/TWn-0uCyuiEJ3scUOYRJhHIGmMU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/fe6904-eb56-4493-929c-1a9df38f5901/1/2UnKuj1DFWB_Sm1ifs4ezqjLwxk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.92.0/23
                  194.169.51.0/24
                  194.169.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:85:9b:3e:c3:f5:d2:c5:54:81:98:c4:74:18:33:5d:2e:df:
         9f:ef:4f:f6:a8:e3:50:74:15:d8:b6:34:20:46:43:70:17:05:
         dd:ef:42:83:13:ae:55:5e:a6:44:c7:c9:3f:72:6e:4e:95:13:
         5b:3e:7d:f2:a2:dc:f9:1b:ac:97:ab:4b:ee:83:30:f0:19:d2:
         93:a8:e6:c4:31:a2:77:1f:12:b5:44:e7:1f:61:a5:3e:1e:aa:
         d2:e9:67:8d:f3:e4:bb:09:1a:c0:9c:2d:44:44:36:58:69:55:
         cb:af:96:4a:72:57:36:e1:a7:6f:b5:eb:0b:8b:27:7f:38:80:
         5d:10:4d:35:c2:02:76:09:70:29:a7:14:ce:74:f5:11:c3:05:
         cf:21:df:6f:fb:41:15:60:96:80:89:ca:3c:8d:24:c6:fc:f8:
         0e:11:fc:87:3f:03:ca:4b:fe:be:f5:49:8a:1d:c5:05:b9:55:
         69:5c:e0:c2:2e:8e:71:ff:7c:b5:fc:a4:02:20:b2:1a:24:b5:
         a6:ed:1e:7d:b9:bb:e6:82:df:78:9d:10:61:3c:fa:9b:fc:ea:
         65:48:00:01:8e:73:65:f2:76:c8:ab:ac:6d:3e:58:9c:88:6c:
         d1:13:2e:37:84:16:f3:a4:f5:2e:61:78:70:ff:d4:8d:45:47:
         cf:fe:3a:07
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzHlAikip1CG3iQrfU5m31QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5NDljYWJhM2Q0MzE1NjA3ZjRhNmQ2MjdlY2UxZWNlYThj
YmMzMTkwHhcNMjQwMTAyMDAzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDY5ZmVkMmUwYjJiYTIxMDlkZWM3MTQzOTg0NDk4NDcyMDY5OGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoyQa1ut2ny3GY7YbE2L7YaHQhy0e
votphbPikftwkXwGG62oBPV5eX+zfM6Fu2N5mJJfivG6IhZ6Fc3cAUjogF4K2vfc
zkBu7sivivmUDqon71nF2AHndBHlq5Ywz1+p9exIZHP9ODJO2ss3UjsQCtwySotr
i7dmEpKIEgr/aRCh9hbgHfVetinKcjhng2kBOxw3vvhyph/NySRXr71VNF4LyDFr
ockZD6JPWEW3nLi6JFTeReqV48VdWwtHccWnbn6OKH5+2pbdezWEkpKRvVOq/gcf
FODMToZ8jpH8VPGYTPVcwkpPyAHMxJI8kLI/xEXIBHrg3u3G6glikAfkSwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFE1p/tLgsrohCd7HFDmESYRyBpjFMB8GA1UdIwQY
MBaAFNlJyro9QxVgf0ptYn7OHs6oy8MZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlVuS3VqMURGV0JfU20xaWZzNGV6cWpMd3hrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9mZTY5MDQtZWI1Ni00NDkzLTkyOWMt
MWE5ZGYzOGY1OTAxLzEvVFduLTB1Q3l1aUVKM3NjVU9ZUkpoSElHbU1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9mZTY5MDQtZWI1Ni00NDkzLTkyOWMtMWE5ZGYzOGY1OTAx
LzEvMlVuS3VqMURGV0JfU20xaWZzNGV6cWpMd3hrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBufRcAwQA
wqkzAwQAwqk1MA0GCSqGSIb3DQEBCwUAA4IBAQBShZs+w/XSxVSBmMR0GDNdLt+f
70/2qONQdBXYtjQgRkNwFwXd70KDE65VXqZEx8k/cm5OlRNbPn3yotz5G6yXq0vu
gzDwGdKTqObEMaJ3HxK1ROcfYaU+HqrS6WeN8+S7CRrAnC1ERDZYaVXLr5ZKclc2
4advtesLiyd/OIBdEE01wgJ2CXAppxTOdPURwwXPId9v+0EVYJaAico8jSTG/PgO
EfyHPwPKS/6+9UmKHcUFuVVpXODCLo5x/3y1/KQCILIaJLWm7R59ubvmgt94nRBh
PPqb/OplSAABjnNl8nbIq6xtPliciGzREy43hBbzpPUuYXhw/9SNRUfP/joH
-----END CERTIFICATE-----