Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/e0f8c6-aadc-4c31-b92b-1a18738b4741/1/TtRu3IY5JyymFU-Lp4MMnJa1csc.roa
File:                     TtRu3IY5JyymFU-Lp4MMnJa1csc.roa (raw, json)
Hash identifier:          kACTHvZz8FUkRe0OgL/KFJyclfINAJaZPfX1Cu+Xa48=
Subject key identifier:   4E:D4:6E:DC:86:39:27:2C:A6:15:4F:8B:A7:83:0C:9C:96:B5:72:C7
Certificate issuer:       /CN=361adf57c8dcb7bfd34e9aecd83e36342ec3a3c9
Certificate serial:       019056BD35BBEAE191B0891B0928AB1AE98F
Authority key identifier: 36:1A:DF:57:C8:DC:B7:BF:D3:4E:9A:EC:D8:3E:36:34:2E:C3:A3:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NhrfV8jct7_TTprs2D42NC7Do8k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/e0f8c6-aadc-4c31-b92b-1a18738b4741/1/TtRu3IY5JyymFU-Lp4MMnJa1csc.roa
Signing time:             Wed 26 Jun 2024 22:49:18 +0000
ROA not before:           Wed 26 Jun 2024 22:49:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        91.239.147.0/24 maxlen: 24
                          2001:67c:1240::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/e0f8c6-aadc-4c31-b92b-1a18738b4741/1/NhrfV8jct7_TTprs2D42NC7Do8k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/e0f8c6-aadc-4c31-b92b-1a18738b4741/1/NhrfV8jct7_TTprs2D42NC7Do8k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NhrfV8jct7_TTprs2D42NC7Do8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:56:bd:35:bb:ea:e1:91:b0:89:1b:09:28:ab:1a:e9:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=361adf57c8dcb7bfd34e9aecd83e36342ec3a3c9
        Validity
            Not Before: Jun 26 22:49:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ed46edc8639272ca6154f8ba7830c9c96b572c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:18:ab:1f:26:77:8a:a7:ab:44:d8:06:d0:5c:
                    d9:66:21:8e:6f:0e:1b:71:ef:fa:61:20:03:65:c3:
                    df:98:96:2d:20:64:53:81:84:66:a8:fd:1f:b4:5a:
                    90:f9:85:f2:93:ab:f4:ce:cf:90:40:1d:74:87:9d:
                    34:cc:7f:26:c1:fa:d2:e0:3f:13:6f:56:dd:22:50:
                    49:f2:f8:cc:cb:30:e2:ec:17:de:82:af:9a:ee:37:
                    24:db:a0:6c:03:3a:41:5f:c6:67:fb:01:86:f2:1f:
                    4e:9a:b9:5a:77:38:68:83:ed:c4:c7:6c:e8:c1:e8:
                    42:7c:6c:eb:91:0f:9b:b8:c6:83:9f:00:03:a6:5b:
                    e5:5e:4a:eb:97:57:90:17:46:01:16:09:6f:86:38:
                    14:af:db:94:a9:a7:d2:aa:73:e5:4f:2a:ef:1f:55:
                    d6:d3:be:37:d3:28:4d:a3:fb:77:6f:95:03:a1:23:
                    b4:23:46:d5:fb:93:37:fd:37:8e:dc:e5:5f:00:3a:
                    d9:a3:6a:53:98:be:c8:7c:e6:84:2a:fe:65:aa:c5:
                    fc:62:49:62:18:39:89:1a:cf:55:ad:f8:c5:f7:5c:
                    0f:27:0d:1e:a2:a9:26:6f:1d:3c:bc:00:6a:52:ab:
                    f1:c1:8e:ce:d7:f3:ba:15:45:ec:94:66:2a:0d:e7:
                    86:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:D4:6E:DC:86:39:27:2C:A6:15:4F:8B:A7:83:0C:9C:96:B5:72:C7
            X509v3 Authority Key Identifier:
                keyid:36:1A:DF:57:C8:DC:B7:BF:D3:4E:9A:EC:D8:3E:36:34:2E:C3:A3:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NhrfV8jct7_TTprs2D42NC7Do8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e0f8c6-aadc-4c31-b92b-1a18738b4741/1/TtRu3IY5JyymFU-Lp4MMnJa1csc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e0f8c6-aadc-4c31-b92b-1a18738b4741/1/NhrfV8jct7_TTprs2D42NC7Do8k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.147.0/24
                IPv6:
                  2001:67c:1240::/48

    Signature Algorithm: sha256WithRSAEncryption
         48:3a:b6:4f:53:73:76:db:9f:93:cc:da:74:24:42:95:51:48:
         64:b3:4e:ab:42:c3:ca:58:03:a2:09:3a:bb:d3:7d:27:71:53:
         81:aa:ec:20:22:68:5e:2f:1a:ff:5e:d1:c6:fe:81:4b:c5:25:
         4e:f8:e0:3f:52:6b:83:37:1a:e3:88:fe:46:f3:43:75:52:17:
         45:d4:0b:9a:c0:a4:40:92:53:01:53:50:33:86:95:e4:08:aa:
         95:d7:11:1a:87:41:86:8e:a5:29:b2:9f:76:87:23:a3:6d:0b:
         12:d1:1e:2a:4e:c8:05:43:01:08:43:9f:0b:0d:f2:a6:88:97:
         5f:6c:e6:a8:a5:af:17:79:02:86:16:48:81:22:d3:0c:f2:12:
         b4:7a:86:75:90:e1:a4:09:e4:d7:1c:17:ad:02:27:04:97:a9:
         a7:80:2a:64:3e:a7:8d:ef:99:4c:32:b7:2c:d6:07:19:f4:b6:
         5d:7a:73:8d:5a:52:41:3f:1b:16:8c:d1:78:f2:b1:f0:32:91:
         1c:2e:8f:d2:ae:d7:ea:05:84:37:57:88:40:be:49:6f:ef:96:
         96:09:6b:8d:37:34:2e:1c:a3:bc:48:05:1a:5a:b5:05:de:2c:
         12:40:59:e0:10:c6:50:e5:e9:86:b6:a2:39:0e:97:57:de:21:
         41:90:d5:91
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZBWvTW76uGRsIkbCSirGumPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MWFkZjU3YzhkY2I3YmZkMzRlOWFlY2Q4M2UzNjM0MmVj
M2EzYzkwHhcNMjQwNjI2MjI0OTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWQ0NmVkYzg2MzkyNzJjYTYxNTRmOGJhNzgzMGM5Yzk2YjU3MmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxirHyZ3iqerRNgG0FzZZiGObw4b
ce/6YSADZcPfmJYtIGRTgYRmqP0ftFqQ+YXyk6v0zs+QQB10h500zH8mwfrS4D8T
b1bdIlBJ8vjMyzDi7Bfegq+a7jck26BsAzpBX8Zn+wGG8h9Omrladzhog+3Ex2zo
wehCfGzrkQ+buMaDnwADplvlXkrrl1eQF0YBFglvhjgUr9uUqafSqnPlTyrvH1XW
07430yhNo/t3b5UDoSO0I0bV+5M3/TeO3OVfADrZo2pTmL7IfOaEKv5lqsX8Ykli
GDmJGs9VrfjF91wPJw0eoqkmbx08vABqUqvxwY7O1/O6FUXslGYqDeeGxwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFE7UbtyGOScsphVPi6eDDJyWtXLHMB8GA1UdIwQY
MBaAFDYa31fI3Le/006a7Ng+NjQuw6PJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmhyZlY4amN0N19UVHByczJENDJOQzdEbzhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9lMGY4YzYtYWFkYy00YzMxLWI5MmIt
MWExODczOGI0NzQxLzEvVHRSdTNJWTVKeXltRlUtTHA0TU1uSmExY3NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9lMGY4YzYtYWFkYy00YzMxLWI5MmItMWExODczOGI0NzQx
LzEvTmhyZlY4amN0N19UVHByczJENDJOQzdEbzhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW++TMA8E
AgACMAkDBwAgAQZ8EkAwDQYJKoZIhvcNAQELBQADggEBAEg6tk9Tc3bbn5PM2nQk
QpVRSGSzTqtCw8pYA6IJOrvTfSdxU4Gq7CAiaF4vGv9e0cb+gUvFJU744D9Sa4M3
GuOI/kbzQ3VSF0XUC5rApECSUwFTUDOGleQIqpXXERqHQYaOpSmyn3aHI6NtCxLR
HipOyAVDAQhDnwsN8qaIl19s5qilrxd5AoYWSIEi0wzyErR6hnWQ4aQJ5NccF60C
JwSXqaeAKmQ+p43vmUwytyzWBxn0tl16c41aUkE/GxaM0XjysfAykRwuj9Ku1+oF
hDdXiEC+SW/vlpYJa403NC4co7xIBRpatQXeLBJAWeAQxlDl6Ya2ojkOl1feIUGQ
1ZE=
-----END CERTIFICATE-----