Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/TcwX_t27N_BVevZECQ_QkBqY5pU.roa
File:                     TcwX_t27N_BVevZECQ_QkBqY5pU.roa (raw, json)
Hash identifier:          k33ulawqG3qBVrGjR8aXVRiDuYWM/nfc9YF34MwruL4=
Subject key identifier:   4D:CC:17:FE:DD:BB:37:F0:55:7A:F6:44:09:0F:D0:90:1A:98:E6:95
Certificate issuer:       /CN=52a5c90ca928313bc70d2683bb0f64d632b273a1
Certificate serial:       01902AD0F0E8A94B3E17BD341F0001F2E523
Authority key identifier: 52:A5:C9:0C:A9:28:31:3B:C7:0D:26:83:BB:0F:64:D6:32:B2:73:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UqXJDKkoMTvHDSaDuw9k1jKyc6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/TcwX_t27N_BVevZECQ_QkBqY5pU.roa
Signing time:             Tue 18 Jun 2024 10:07:34 +0000
ROA not before:           Tue 18 Jun 2024 10:07:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        80.73.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/UqXJDKkoMTvHDSaDuw9k1jKyc6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/UqXJDKkoMTvHDSaDuw9k1jKyc6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UqXJDKkoMTvHDSaDuw9k1jKyc6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:2a:d0:f0:e8:a9:4b:3e:17:bd:34:1f:00:01:f2:e5:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52a5c90ca928313bc70d2683bb0f64d632b273a1
        Validity
            Not Before: Jun 18 10:07:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4dcc17feddbb37f0557af644090fd0901a98e695
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:7b:32:3e:c7:29:28:d3:fc:f3:77:e4:ff:bf:
                    da:1d:f7:69:f3:20:02:64:af:f9:80:ea:05:05:ff:
                    45:5d:7d:59:ac:70:57:2f:af:20:8c:0c:dc:67:c2:
                    13:ec:f4:82:c8:c2:d3:66:01:b5:c0:82:f5:24:40:
                    61:c9:f7:dd:22:4a:0a:28:f7:44:e8:3d:a1:da:ce:
                    f6:aa:d9:6e:2b:50:84:2f:e5:cf:47:d1:c6:89:1d:
                    f9:05:c3:5f:87:8e:c6:43:2b:a3:8d:e3:cd:1d:f2:
                    4c:4e:aa:79:9e:28:e6:5e:2e:ae:bd:fb:d1:2a:52:
                    ab:05:7c:2e:8b:9a:79:b4:a2:0e:59:cc:50:1c:1e:
                    b7:fc:60:9f:2c:ed:b1:4a:f2:b0:9e:0d:26:2a:2e:
                    39:07:6c:7f:b0:4f:c7:f5:65:c7:3f:5e:40:b9:32:
                    73:af:84:bf:26:a0:59:66:35:50:44:f2:e2:a1:43:
                    b2:df:f0:de:c6:df:e1:82:ea:19:96:00:75:8e:25:
                    59:08:66:de:8e:cc:a4:b4:63:44:0a:a7:fa:39:80:
                    95:bd:0f:92:66:61:3d:23:c2:76:45:0c:33:69:79:
                    f4:14:94:54:f0:d6:63:ac:84:67:4d:39:52:4a:65:
                    a7:fd:aa:b3:88:a5:67:a3:e4:8e:e4:34:8c:65:0d:
                    c6:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:CC:17:FE:DD:BB:37:F0:55:7A:F6:44:09:0F:D0:90:1A:98:E6:95
            X509v3 Authority Key Identifier:
                keyid:52:A5:C9:0C:A9:28:31:3B:C7:0D:26:83:BB:0F:64:D6:32:B2:73:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UqXJDKkoMTvHDSaDuw9k1jKyc6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/TcwX_t27N_BVevZECQ_QkBqY5pU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/UqXJDKkoMTvHDSaDuw9k1jKyc6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.73.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:0e:b4:7d:57:28:51:7f:43:2d:44:dd:78:c5:ef:c1:a0:ac:
         03:86:17:13:6d:e4:61:d9:bf:f2:89:94:9e:66:14:93:6f:20:
         46:4e:09:6e:a2:7b:2d:4c:63:bc:d0:63:a1:d4:bc:50:b1:e8:
         b6:9b:d7:3c:8f:83:68:3c:92:7e:43:68:85:6f:b2:e2:44:72:
         76:0e:24:19:5d:b9:18:14:30:bd:fd:fb:85:1e:23:5c:39:bc:
         0c:66:29:fd:c1:cd:59:4f:e7:fe:4b:7a:93:7a:0c:22:e6:af:
         0c:09:d0:cf:45:7f:03:89:f0:6a:73:ba:3b:fe:c1:87:71:1c:
         51:c8:7d:f6:40:f9:d9:0e:ce:4a:5d:25:64:16:63:cf:a7:2c:
         09:fd:f0:91:5a:3f:84:97:85:e2:76:da:c2:7c:6e:a4:fd:67:
         3c:5a:80:c9:bc:0d:49:11:99:2e:26:21:1e:a4:d8:65:0d:40:
         d2:4e:64:ef:20:64:c6:74:26:fc:a2:35:47:74:74:f0:11:cd:
         43:05:96:62:14:7a:e5:db:d6:08:dd:d7:44:1a:aa:bd:3f:f8:
         e1:99:0a:44:62:05:41:c1:ff:c0:9f:33:f9:1f:11:c5:eb:4d:
         48:ee:4b:c2:ad:b9:41:34:a2:98:a6:54:f8:79:c7:00:08:90:
         6a:7f:e4:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAq0PDoqUs+F700HwAB8uUjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyYTVjOTBjYTkyODMxM2JjNzBkMjY4M2JiMGY2NGQ2MzJi
MjczYTEwHhcNMjQwNjE4MTAwNzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGNjMTdmZWRkYmIzN2YwNTU3YWY2NDQwOTBmZDA5MDFhOThlNjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3syPscpKNP883fk/7/aHfdp8yAC
ZK/5gOoFBf9FXX1ZrHBXL68gjAzcZ8IT7PSCyMLTZgG1wIL1JEBhyffdIkoKKPdE
6D2h2s72qtluK1CEL+XPR9HGiR35BcNfh47GQyujjePNHfJMTqp5nijmXi6uvfvR
KlKrBXwui5p5tKIOWcxQHB63/GCfLO2xSvKwng0mKi45B2x/sE/H9WXHP15AuTJz
r4S/JqBZZjVQRPLioUOy3/Dext/hguoZlgB1jiVZCGbejsyktGNECqf6OYCVvQ+S
ZmE9I8J2RQwzaXn0FJRU8NZjrIRnTTlSSmWn/aqziKVno+SO5DSMZQ3GFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE3MF/7duzfwVXr2RAkP0JAamOaVMB8GA1UdIwQY
MBaAFFKlyQypKDE7xw0mg7sPZNYysnOhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXFYSkRLa29NVHZIRFNhRHV3OWsxakt5YzZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9jNGI3YTAtMWU1MC00MDNjLWIyNGUt
MTNlZDYzM2Y5MjJhLzEvVGN3WF90MjdOX0JWZXZaRUNRX1FrQnFZNXBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9jNGI3YTAtMWU1MC00MDNjLWIyNGUtMTNlZDYzM2Y5MjJh
LzEvVXFYSkRLa29NVHZIRFNhRHV3OWsxakt5YzZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEltMA0G
CSqGSIb3DQEBCwUAA4IBAQA3DrR9VyhRf0MtRN14xe/BoKwDhhcTbeRh2b/yiZSe
ZhSTbyBGTgluonstTGO80GOh1LxQsei2m9c8j4NoPJJ+Q2iFb7LiRHJ2DiQZXbkY
FDC9/fuFHiNcObwMZin9wc1ZT+f+S3qTegwi5q8MCdDPRX8DifBqc7o7/sGHcRxR
yH32QPnZDs5KXSVkFmPPpywJ/fCRWj+El4XidtrCfG6k/Wc8WoDJvA1JEZkuJiEe
pNhlDUDSTmTvIGTGdCb8ojVHdHTwEc1DBZZiFHrl29YI3ddEGqq9P/jhmQpEYgVB
wf/AnzP5HxHF601I7kvCrblBNKKYplT4eccACJBqf+TD
-----END CERTIFICATE-----