Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/TQIbikgqtB5yAWNqo62tcFFeeBI.roa
File:                     TQIbikgqtB5yAWNqo62tcFFeeBI.roa (raw, json)
Hash identifier:          ccLHiqG4aVoBN0X6qkHekgC2wQDxJdjNTCCPJYaGz1w=
Subject key identifier:   4D:02:1B:8A:48:2A:B4:1E:72:01:63:6A:A3:AD:AD:70:51:5E:78:12
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DFA5F44263F50A4E167D9BA603C819
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/TQIbikgqtB5yAWNqo62tcFFeeBI.roa
Signing time:             Tue 02 Jan 2024 06:32:29 +0000
ROA not before:           Tue 02 Jan 2024 06:32:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202306
IP address blocks:        2a04:5200:5977::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:a5:f4:42:63:f5:0a:4e:16:7d:9b:a6:03:c8:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d021b8a482ab41e7201636aa3adad70515e7812
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:3c:22:98:3c:dd:35:4d:dc:e3:7f:c3:e4:84:
                    57:7d:be:e3:55:42:a7:ff:6e:c1:38:fc:35:a2:cc:
                    9c:24:0c:f4:01:12:2d:d5:8b:b2:26:09:bd:8e:f3:
                    aa:aa:3f:05:99:32:3e:de:c9:30:b9:56:bf:fd:a5:
                    d0:c0:a6:65:fe:36:3f:c4:07:45:28:6a:ef:8a:76:
                    c6:d6:ee:34:86:16:e4:66:68:dc:7e:e5:10:73:c7:
                    50:f9:25:a3:ab:fb:60:9e:65:b1:45:d6:0a:81:7e:
                    f9:49:d1:6a:88:24:df:59:16:0e:9e:51:ea:b6:c8:
                    1e:ea:e4:28:ee:b7:e9:78:4c:c1:31:ca:d2:af:4a:
                    28:d8:35:89:aa:67:69:9b:e9:f8:79:07:26:72:1f:
                    c3:71:e1:66:f4:d6:25:64:ab:99:22:8c:af:4e:e1:
                    c5:a9:5e:20:e5:b4:15:f9:2a:17:81:10:31:50:54:
                    50:ad:f2:5a:29:74:9f:ee:f6:51:2b:9c:43:3d:3b:
                    bd:b8:86:ae:64:0a:e5:cf:bc:08:f7:a8:9b:0a:c9:
                    c5:51:7e:e8:2f:19:43:ed:cc:a9:d8:c8:ce:c1:68:
                    f0:06:76:88:b7:62:8d:71:68:33:d6:be:60:64:3a:
                    bd:50:48:51:4e:fe:4d:35:2c:66:95:34:b6:d8:d1:
                    05:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:02:1B:8A:48:2A:B4:1E:72:01:63:6A:A3:AD:AD:70:51:5E:78:12
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/TQIbikgqtB5yAWNqo62tcFFeeBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:5200:5977::/48

    Signature Algorithm: sha256WithRSAEncryption
         07:b5:6a:c4:77:3a:b8:6d:93:7d:01:09:94:62:35:ca:46:37:
         86:29:73:bc:42:3b:1d:0c:88:5a:2e:d0:7e:de:55:4a:ef:e7:
         3f:9d:d3:35:e5:b9:8a:3d:47:c3:0f:40:49:b4:1e:a2:68:96:
         2e:9c:28:4a:b5:f8:f1:44:ab:8f:6e:94:dd:70:37:5a:8f:54:
         25:e0:77:a3:0d:70:aa:5c:6b:b4:6e:41:3d:41:18:99:6d:93:
         b9:68:77:bd:ac:b0:1e:0b:30:ee:49:d2:87:0c:91:30:38:23:
         34:46:0e:32:50:77:b0:6e:7d:d7:af:3c:1d:24:39:92:fd:21:
         69:be:45:f8:d8:42:3f:57:dd:b2:92:fd:26:00:2b:42:92:93:
         e2:7e:93:3c:ce:76:a1:d2:06:34:7a:cd:0c:b9:8c:bc:a5:6a:
         c8:55:45:68:aa:3d:e9:c3:74:b7:7a:e1:83:91:7f:26:0c:d5:
         d7:2c:c5:3f:17:de:15:92:62:e4:2c:00:02:75:66:a4:e1:1f:
         7e:02:55:26:1b:ac:56:3a:17:24:de:7b:05:a3:e3:50:ee:4d:
         19:7e:d6:bf:79:31:38:6e:06:f9:49:0e:57:37:a3:87:27:c3:
         b3:ad:e2:45:78:0b:80:60:4a:40:f0:10:10:bb:b4:a8:96:22:
         77:1d:f1:41
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzI36X0QmP1Ck4WfZumA8gZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDAyMWI4YTQ4MmFiNDFlNzIwMTYzNmFhM2FkYWQ3MDUxNWU3ODEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgjwimDzdNU3c43/D5IRXfb7jVUKn
/27BOPw1osycJAz0ARIt1YuyJgm9jvOqqj8FmTI+3skwuVa//aXQwKZl/jY/xAdF
KGrvinbG1u40hhbkZmjcfuUQc8dQ+SWjq/tgnmWxRdYKgX75SdFqiCTfWRYOnlHq
tsge6uQo7rfpeEzBMcrSr0oo2DWJqmdpm+n4eQcmch/DceFm9NYlZKuZIoyvTuHF
qV4g5bQV+SoXgRAxUFRQrfJaKXSf7vZRK5xDPTu9uIauZArlz7wI96ibCsnFUX7o
LxlD7cyp2MjOwWjwBnaIt2KNcWgz1r5gZDq9UEhRTv5NNSxmlTS22NEFuQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE0CG4pIKrQecgFjaqOtrXBRXngSMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvVFFJYmlrZ3F0QjV5QVdOcW82MnRjRkZlZUJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgRSAFl3
MA0GCSqGSIb3DQEBCwUAA4IBAQAHtWrEdzq4bZN9AQmUYjXKRjeGKXO8QjsdDIha
LtB+3lVK7+c/ndM15bmKPUfDD0BJtB6iaJYunChKtfjxRKuPbpTdcDdaj1Ql4Hej
DXCqXGu0bkE9QRiZbZO5aHe9rLAeCzDuSdKHDJEwOCM0Rg4yUHewbn3XrzwdJDmS
/SFpvkX42EI/V92ykv0mACtCkpPifpM8znah0gY0es0MuYy8pWrIVUVoqj3pw3S3
euGDkX8mDNXXLMU/F94VkmLkLAACdWak4R9+AlUmG6xWOhck3nsFo+NQ7k0Zfta/
eTE4bgb5SQ5XN6OHJ8OzreJFeAuAYEpA8BAQu7SoliJ3HfFB
-----END CERTIFICATE-----