Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/8cc506-7e71-4705-a289-b42364895083/1/tccwADvlk7kjv6boKi1KTycDkFY.roa
File:                     tccwADvlk7kjv6boKi1KTycDkFY.roa (raw, json)
Hash identifier:          3oD0CtNhK5PBFJpkZTAi4q5VxdQ/X5RQ3emZHNaTD1o=
Subject key identifier:   B5:C7:30:00:3B:E5:93:B9:23:BF:A6:E8:2A:2D:4A:4F:27:03:90:56
Certificate issuer:       /CN=d6e2694652aa298511edafbe18d2b1cdbc792638
Certificate serial:       018CCA299FD5D72D34D9A3836755FFC7C48F
Authority key identifier: D6:E2:69:46:52:AA:29:85:11:ED:AF:BE:18:D2:B1:CD:BC:79:26:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1uJpRlKqKYUR7a--GNKxzbx5Jjg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/8cc506-7e71-4705-a289-b42364895083/1/tccwADvlk7kjv6boKi1KTycDkFY.roa
Signing time:             Tue 02 Jan 2024 12:32:54 +0000
ROA not before:           Tue 02 Jan 2024 12:32:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58267
IP address blocks:        5.145.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/8cc506-7e71-4705-a289-b42364895083/1/1uJpRlKqKYUR7a--GNKxzbx5Jjg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/8cc506-7e71-4705-a289-b42364895083/1/1uJpRlKqKYUR7a--GNKxzbx5Jjg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1uJpRlKqKYUR7a--GNKxzbx5Jjg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 13:02:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:9f:d5:d7:2d:34:d9:a3:83:67:55:ff:c7:c4:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6e2694652aa298511edafbe18d2b1cdbc792638
        Validity
            Not Before: Jan  2 12:32:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5c730003be593b923bfa6e82a2d4a4f27039056
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:70:e6:07:23:63:67:81:21:0d:eb:06:7d:fc:
                    a8:f7:fa:97:f0:bd:ad:7d:b6:73:de:5c:b9:c0:9a:
                    7f:04:df:78:b8:59:22:42:ce:b4:39:ab:e7:f1:18:
                    91:4d:0e:83:ba:54:4a:d6:21:45:d8:48:2e:6c:b0:
                    fe:33:3d:8d:5b:32:d0:82:3f:a2:34:90:2f:0f:91:
                    e4:5a:35:71:f2:40:11:c2:17:73:e1:f2:b6:33:86:
                    ad:38:28:8c:e9:e3:26:90:d5:17:6c:33:85:25:ce:
                    d5:0d:38:d4:38:cf:bd:b3:cf:b7:8c:bf:d6:a5:ba:
                    39:57:61:66:6d:92:46:0d:f1:58:44:72:85:f6:fb:
                    04:81:90:fd:f1:04:db:9c:2f:4a:c9:b9:4e:42:6e:
                    79:a6:85:1a:47:1d:f7:06:33:d1:18:82:de:b1:d7:
                    70:3d:86:db:6a:7c:9c:b0:19:73:10:f8:45:1b:e0:
                    69:b9:97:bd:af:7c:f0:f3:19:6a:60:cf:5f:48:db:
                    9f:32:99:fd:8e:ef:1a:4f:7e:9c:9c:46:e0:1b:97:
                    d5:4a:01:66:22:86:e9:6a:29:98:10:7b:70:0c:87:
                    68:69:ba:b4:20:4f:f4:79:11:3b:2f:a8:82:b7:0f:
                    e8:fe:f2:68:4f:42:8c:d7:57:3e:e2:d0:02:f2:e0:
                    3c:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:C7:30:00:3B:E5:93:B9:23:BF:A6:E8:2A:2D:4A:4F:27:03:90:56
            X509v3 Authority Key Identifier:
                keyid:D6:E2:69:46:52:AA:29:85:11:ED:AF:BE:18:D2:B1:CD:BC:79:26:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1uJpRlKqKYUR7a--GNKxzbx5Jjg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/8cc506-7e71-4705-a289-b42364895083/1/tccwADvlk7kjv6boKi1KTycDkFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/8cc506-7e71-4705-a289-b42364895083/1/1uJpRlKqKYUR7a--GNKxzbx5Jjg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.145.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:48:e1:25:6d:b5:7d:db:0f:be:ac:1e:e3:96:70:b3:ff:e0:
         0c:51:d9:7f:51:c1:52:1c:f8:71:64:e2:ed:80:6b:b8:6f:31:
         3a:a4:76:75:98:9a:5d:f2:91:c3:73:26:51:00:42:fe:b8:9b:
         3d:28:4f:68:32:77:d7:4d:e8:91:dd:0b:dc:3a:ea:6b:85:1b:
         fe:e9:39:61:0b:7e:49:a1:76:4d:c5:34:c0:59:b0:c7:ae:5a:
         f6:40:64:d2:73:a8:a5:ab:3f:1a:9c:e2:bf:fd:d2:76:71:39:
         05:ee:16:6b:46:3f:87:26:9e:9d:68:99:5e:d7:dc:93:64:29:
         de:8f:71:c5:4e:4e:b7:05:19:9c:26:de:1a:3b:4c:1f:0c:36:
         2c:7f:2b:53:0a:b4:b5:2f:3a:12:f2:52:f1:37:ca:ed:34:1f:
         0d:0a:dc:f5:99:47:db:76:e8:bf:8f:01:c3:2b:df:b4:a8:2c:
         84:b0:ec:ed:75:92:ec:15:8d:c0:37:ad:e9:83:85:bb:43:af:
         f9:d5:1b:31:1f:a4:82:80:62:3e:df:2c:f9:0c:c5:ce:39:5f:
         2c:19:9b:15:c2:f4:11:b8:97:b5:7f:b3:fb:b3:e6:09:36:c6:
         a6:91:0b:a9:13:0e:3b:9e:ee:47:9a:dd:2b:fe:f3:82:18:72:
         41:16:c0:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKZ/V1y002aODZ1X/x8SPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2ZTI2OTQ2NTJhYTI5ODUxMWVkYWZiZTE4ZDJiMWNkYmM3
OTI2MzgwHhcNMjQwMTAyMTIzMjU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWM3MzAwMDNiZTU5M2I5MjNiZmE2ZTgyYTJkNGE0ZjI3MDM5MDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgXDmByNjZ4EhDesGffyo9/qX8L2t
fbZz3ly5wJp/BN94uFkiQs60Oavn8RiRTQ6DulRK1iFF2EgubLD+Mz2NWzLQgj+i
NJAvD5HkWjVx8kARwhdz4fK2M4atOCiM6eMmkNUXbDOFJc7VDTjUOM+9s8+3jL/W
pbo5V2FmbZJGDfFYRHKF9vsEgZD98QTbnC9KyblOQm55poUaRx33BjPRGILesddw
PYbbanycsBlzEPhFG+BpuZe9r3zw8xlqYM9fSNufMpn9ju8aT36cnEbgG5fVSgFm
IobpaimYEHtwDIdoabq0IE/0eRE7L6iCtw/o/vJoT0KM11c+4tAC8uA8PwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLXHMAA75ZO5I7+m6CotSk8nA5BWMB8GA1UdIwQY
MBaAFNbiaUZSqimFEe2vvhjSsc28eSY4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXVKcFJsS3FLWVVSN2EtLUdOS3h6Yng1SmpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC84Y2M1MDYtN2U3MS00NzA1LWEyODkt
YjQyMzY0ODk1MDgzLzEvdGNjd0FEdmxrN2tqdjZib0tpMUtUeWNEa0ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC84Y2M1MDYtN2U3MS00NzA1LWEyODktYjQyMzY0ODk1MDgz
LzEvMXVKcFJsS3FLWVVSN2EtLUdOS3h6Yng1SmpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABZF0MA0G
CSqGSIb3DQEBCwUAA4IBAQA6SOElbbV92w++rB7jlnCz/+AMUdl/UcFSHPhxZOLt
gGu4bzE6pHZ1mJpd8pHDcyZRAEL+uJs9KE9oMnfXTeiR3QvcOuprhRv+6TlhC35J
oXZNxTTAWbDHrlr2QGTSc6ilqz8anOK//dJ2cTkF7hZrRj+HJp6daJle19yTZCne
j3HFTk63BRmcJt4aO0wfDDYsfytTCrS1LzoS8lLxN8rtNB8NCtz1mUfbdui/jwHD
K9+0qCyEsOztdZLsFY3AN63pg4W7Q6/51RsxH6SCgGI+3yz5DMXOOV8sGZsVwvQR
uJe1f7P7s+YJNsamkQupEw47nu5Hmt0r/vOCGHJBFsCF
-----END CERTIFICATE-----