Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/34ffe7-9bf4-452b-9199-1255da04d986/1/TjtIVY_2f0OxDdpEU-uRxzeGj_g.roa
File:                     TjtIVY_2f0OxDdpEU-uRxzeGj_g.roa (raw, json)
Hash identifier:          MG+iVq7CzkKP4h4sV32vZCfz7WiVMzCyXByIkROiN2Q=
Subject key identifier:   4E:3B:48:55:8F:F6:7F:43:B1:0D:DA:44:53:EB:91:C7:37:86:8F:F8
Certificate issuer:       /CN=984b690d6dd3b0faece03bf208f0030e338c2216
Certificate serial:       018CC86F1359FFE2A046D248AB7F5C2C2FB1
Authority key identifier: 98:4B:69:0D:6D:D3:B0:FA:EC:E0:3B:F2:08:F0:03:0E:33:8C:22:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mEtpDW3TsPrs4DvyCPADDjOMIhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/34ffe7-9bf4-452b-9199-1255da04d986/1/TjtIVY_2f0OxDdpEU-uRxzeGj_g.roa
Signing time:             Tue 02 Jan 2024 04:29:31 +0000
ROA not before:           Tue 02 Jan 2024 04:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        193.58.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/34ffe7-9bf4-452b-9199-1255da04d986/1/mEtpDW3TsPrs4DvyCPADDjOMIhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/34ffe7-9bf4-452b-9199-1255da04d986/1/mEtpDW3TsPrs4DvyCPADDjOMIhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mEtpDW3TsPrs4DvyCPADDjOMIhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 04:02:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:13:59:ff:e2:a0:46:d2:48:ab:7f:5c:2c:2f:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=984b690d6dd3b0faece03bf208f0030e338c2216
        Validity
            Not Before: Jan  2 04:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e3b48558ff67f43b10dda4453eb91c737868ff8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:18:0f:d1:71:aa:6d:46:a5:7d:ff:37:55:e8:
                    ce:6b:c4:29:60:27:ea:90:db:d9:15:e7:54:d9:9e:
                    80:7d:b5:a0:ac:d6:2b:fd:a1:74:ee:10:c6:1a:dc:
                    2b:0f:2c:1b:25:68:73:38:42:ef:24:dd:43:21:c0:
                    b4:27:14:e3:36:fe:04:09:af:91:8f:91:ee:2c:00:
                    bb:f6:68:e1:f1:a2:05:64:c8:39:c0:97:a6:c6:5e:
                    b8:41:b9:a5:75:14:a3:a1:08:11:9a:9a:e5:97:cc:
                    75:c3:3b:5d:86:4d:26:ce:c2:89:4f:67:33:f6:7c:
                    78:78:bc:bc:9e:d0:85:9b:e9:06:40:c7:43:71:56:
                    00:53:62:81:82:be:96:c2:a4:d9:ed:4a:d4:49:84:
                    65:e9:e4:af:f6:1f:34:0c:1c:f8:e9:2e:a9:a6:31:
                    d2:1a:84:1b:da:87:e4:e0:6e:67:64:24:da:41:54:
                    c9:df:99:99:5d:6d:40:fb:cb:45:23:df:6c:fc:7a:
                    72:ca:0f:69:35:cf:1e:0f:9a:a7:45:d8:91:3d:88:
                    8b:86:4d:49:fd:35:8c:15:50:f0:a9:09:f5:84:c2:
                    e9:1b:b6:f3:6f:c8:c9:db:a8:4d:f1:32:9c:2f:77:
                    d6:a2:da:63:a8:72:12:9a:6e:7d:35:f7:1f:4c:3f:
                    6c:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:3B:48:55:8F:F6:7F:43:B1:0D:DA:44:53:EB:91:C7:37:86:8F:F8
            X509v3 Authority Key Identifier:
                keyid:98:4B:69:0D:6D:D3:B0:FA:EC:E0:3B:F2:08:F0:03:0E:33:8C:22:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mEtpDW3TsPrs4DvyCPADDjOMIhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/34ffe7-9bf4-452b-9199-1255da04d986/1/TjtIVY_2f0OxDdpEU-uRxzeGj_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/34ffe7-9bf4-452b-9199-1255da04d986/1/mEtpDW3TsPrs4DvyCPADDjOMIhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.58.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:a8:4a:b6:04:1a:55:c5:e9:66:d2:d7:44:f5:bb:58:65:ac:
         9b:c3:80:76:98:07:1e:46:b8:02:27:b4:d5:3e:b2:73:21:ae:
         93:ca:25:8b:42:5a:bc:0f:15:d0:69:07:9e:d7:26:bd:86:df:
         9e:7e:dc:71:1c:f6:86:48:58:c0:a7:12:72:f1:f4:0a:40:de:
         46:96:12:2e:48:60:be:c4:77:fa:4c:bb:0e:71:d2:88:d4:02:
         69:67:cb:04:89:56:87:bb:a9:19:eb:97:a1:0f:e4:14:43:36:
         a6:02:2d:a2:13:92:e3:94:d2:62:94:24:e4:32:f8:b3:be:09:
         dd:2a:ba:d4:30:15:d6:aa:d2:19:f7:a4:d0:95:75:f1:20:6c:
         9f:7b:21:0a:88:8d:b3:92:25:ef:47:fe:71:fb:24:c5:77:27:
         03:ef:90:1d:0f:1d:7c:6b:43:30:9c:0c:18:bd:a9:67:16:a5:
         5a:6f:bb:f2:54:6d:4c:ef:e8:19:76:ce:a1:f9:87:5f:5c:25:
         2c:b0:59:cd:89:f9:c7:09:88:17:38:af:e8:e4:10:46:7f:b7:
         0d:89:03:e1:99:8a:15:65:ba:9d:0a:dd:6d:07:89:cb:5f:7b:
         0c:88:b8:f8:ee:56:7e:75:19:9a:2a:91:48:6c:8d:d6:44:df:
         9c:e9:c7:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbxNZ/+KgRtJIq39cLC+xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NGI2OTBkNmRkM2IwZmFlY2UwM2JmMjA4ZjAwMzBlMzM4
YzIyMTYwHhcNMjQwMTAyMDQyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTNiNDg1NThmZjY3ZjQzYjEwZGRhNDQ1M2ViOTFjNzM3ODY4ZmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzhgP0XGqbUalff83VejOa8QpYCfq
kNvZFedU2Z6AfbWgrNYr/aF07hDGGtwrDywbJWhzOELvJN1DIcC0JxTjNv4ECa+R
j5HuLAC79mjh8aIFZMg5wJemxl64QbmldRSjoQgRmprll8x1wztdhk0mzsKJT2cz
9nx4eLy8ntCFm+kGQMdDcVYAU2KBgr6WwqTZ7UrUSYRl6eSv9h80DBz46S6ppjHS
GoQb2ofk4G5nZCTaQVTJ35mZXW1A+8tFI99s/Hpyyg9pNc8eD5qnRdiRPYiLhk1J
/TWMFVDwqQn1hMLpG7bzb8jJ26hN8TKcL3fWotpjqHISmm59NfcfTD9sVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE47SFWP9n9DsQ3aRFPrkcc3ho/4MB8GA1UdIwQY
MBaAFJhLaQ1t07D67OA78gjwAw4zjCIWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUV0cERXM1RzUHJzNER2eUNQQUREak9NSWhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy8zNGZmZTctOWJmNC00NTJiLTkxOTkt
MTI1NWRhMDRkOTg2LzEvVGp0SVZZXzJmME94RGRwRVUtdVJ4emVHal9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy8zNGZmZTctOWJmNC00NTJiLTkxOTktMTI1NWRhMDRkOTg2
LzEvbUV0cERXM1RzUHJzNER2eUNQQUREak9NSWhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTryMA0G
CSqGSIb3DQEBCwUAA4IBAQB+qEq2BBpVxelm0tdE9btYZaybw4B2mAceRrgCJ7TV
PrJzIa6TyiWLQlq8DxXQaQee1ya9ht+eftxxHPaGSFjApxJy8fQKQN5GlhIuSGC+
xHf6TLsOcdKI1AJpZ8sEiVaHu6kZ65ehD+QUQzamAi2iE5LjlNJilCTkMvizvgnd
KrrUMBXWqtIZ96TQlXXxIGyfeyEKiI2zkiXvR/5x+yTFdycD75AdDx18a0MwnAwY
valnFqVab7vyVG1M7+gZds6h+YdfXCUssFnNifnHCYgXOK/o5BBGf7cNiQPhmYoV
ZbqdCt1tB4nLX3sMiLj47lZ+dRmaKpFIbI3WRN+c6cfm
-----END CERTIFICATE-----