Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/aa3350-aa2a-4477-9fcd-a60b2cc8d080/1/TZF3V6rxJRPGv2c3gJ27BH8p2s4.roa
File:                     TZF3V6rxJRPGv2c3gJ27BH8p2s4.roa (raw, json)
Hash identifier:          NEhUEdZFKrh5u9EluRtSpMC3NaUzgqSNmInFgYrn9IU=
Subject key identifier:   4D:91:77:57:AA:F1:25:13:C6:BF:67:37:80:9D:BB:04:7F:29:DA:CE
Certificate issuer:       /CN=70748873d832022864fac90065d51d8e27b43e5d
Certificate serial:       018F1A29EEDE00046D74FE89012EE6C03FF6
Authority key identifier: 70:74:88:73:D8:32:02:28:64:FA:C9:00:65:D5:1D:8E:27:B4:3E:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cHSIc9gyAihk-skAZdUdjie0Pl0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/aa3350-aa2a-4477-9fcd-a60b2cc8d080/1/TZF3V6rxJRPGv2c3gJ27BH8p2s4.roa
Signing time:             Fri 26 Apr 2024 11:28:26 +0000
ROA not before:           Fri 26 Apr 2024 11:28:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38952
IP address blocks:        185.17.116.0/22 maxlen: 22
                          194.79.52.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/aa3350-aa2a-4477-9fcd-a60b2cc8d080/1/cHSIc9gyAihk-skAZdUdjie0Pl0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/aa3350-aa2a-4477-9fcd-a60b2cc8d080/1/cHSIc9gyAihk-skAZdUdjie0Pl0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cHSIc9gyAihk-skAZdUdjie0Pl0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 05:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:1a:29:ee:de:00:04:6d:74:fe:89:01:2e:e6:c0:3f:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70748873d832022864fac90065d51d8e27b43e5d
        Validity
            Not Before: Apr 26 11:28:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d917757aaf12513c6bf6737809dbb047f29dace
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:0c:fd:72:d2:cd:cb:72:da:3f:04:6c:a1:b6:
                    0b:8e:47:f5:fb:67:e8:9f:63:ed:a0:b6:80:67:0a:
                    c7:70:55:d3:dc:57:9a:90:cb:50:38:0d:d0:82:c9:
                    ee:14:60:8c:30:0b:09:ba:42:f6:52:f6:64:8d:6e:
                    6b:2c:56:6d:c8:75:a3:73:34:63:0e:50:22:71:91:
                    61:19:21:c6:02:6b:37:3b:30:d0:6b:0c:fa:00:dd:
                    5c:69:73:36:6e:d8:53:e0:98:40:d0:08:7b:1f:3b:
                    55:42:dc:e7:86:5f:3f:b6:2c:0a:7a:c3:0b:33:13:
                    0f:ff:64:7d:b8:15:7e:e1:4a:b5:ca:7f:f2:8f:c3:
                    a7:74:07:60:e0:29:79:a8:a8:0a:4c:f2:2b:7b:3f:
                    04:b5:d1:1c:8a:d6:d7:57:33:de:23:c4:22:33:0d:
                    08:10:7e:f6:3a:2b:65:a6:f2:55:75:15:54:3c:bb:
                    13:54:55:a1:7b:57:1c:66:5f:37:82:c3:f0:5c:53:
                    26:f5:50:86:9b:db:d3:57:4b:ce:43:40:02:42:f4:
                    6b:7a:21:59:99:26:8e:e4:36:76:a7:fe:0d:02:b0:
                    31:69:0c:14:83:db:8e:f7:07:05:fc:03:3b:5f:42:
                    f1:50:d8:d6:c8:93:f4:bf:db:10:63:12:77:c2:1b:
                    66:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:91:77:57:AA:F1:25:13:C6:BF:67:37:80:9D:BB:04:7F:29:DA:CE
            X509v3 Authority Key Identifier:
                keyid:70:74:88:73:D8:32:02:28:64:FA:C9:00:65:D5:1D:8E:27:B4:3E:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cHSIc9gyAihk-skAZdUdjie0Pl0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/aa3350-aa2a-4477-9fcd-a60b2cc8d080/1/TZF3V6rxJRPGv2c3gJ27BH8p2s4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/aa3350-aa2a-4477-9fcd-a60b2cc8d080/1/cHSIc9gyAihk-skAZdUdjie0Pl0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.17.116.0/22
                  194.79.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4c:eb:cf:8c:2d:ea:6d:dd:62:fd:17:5f:c5:d3:38:30:42:e0:
         77:aa:aa:f1:c4:80:96:46:32:2c:d7:1a:04:ca:40:3b:15:ce:
         f7:dc:24:f3:0f:16:eb:bd:68:29:94:18:2d:bb:f7:57:59:5a:
         f3:48:13:b4:a0:f1:fd:15:97:8b:ed:4f:c7:a2:f4:fc:51:5d:
         77:24:da:87:de:f3:c4:fd:ea:fc:25:7a:d9:42:5f:20:5e:fe:
         86:cd:2d:ae:c2:ef:bc:dc:4a:67:a0:ab:f0:a6:bc:b0:e2:9e:
         df:4b:91:eb:df:2b:a5:2a:a6:46:b0:02:fa:b6:d1:c3:27:31:
         34:c1:44:fe:78:08:94:29:d6:0a:f7:45:9e:85:4d:7c:03:f1:
         ea:7a:2d:20:a5:55:3d:48:ad:ce:45:87:e0:79:d7:5f:88:06:
         08:4d:cc:40:3f:54:ad:b0:84:e1:07:a8:83:97:c3:8e:b3:c3:
         8f:c7:6d:f2:a1:0e:cc:c7:05:bc:7f:27:34:89:c7:c5:e0:6c:
         b9:28:35:96:41:9f:9c:d5:0e:88:49:4a:78:14:8b:67:77:68:
         47:cf:f9:a7:16:56:23:7e:f5:93:0f:6a:dd:64:d3:8a:e3:6c:
         71:fc:da:fa:8b:9f:b1:aa:21:8d:4b:be:7f:8a:d8:9f:a6:61:
         b7:fb:cf:9e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8aKe7eAARtdP6JAS7mwD/2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNzQ4ODczZDgzMjAyMjg2NGZhYzkwMDY1ZDUxZDhlMjdi
NDNlNWQwHhcNMjQwNDI2MTEyODI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDkxNzc1N2FhZjEyNTEzYzZiZjY3Mzc4MDlkYmIwNDdmMjlkYWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9wz9ctLNy3LaPwRsobYLjkf1+2fo
n2PtoLaAZwrHcFXT3FeakMtQOA3QgsnuFGCMMAsJukL2UvZkjW5rLFZtyHWjczRj
DlAicZFhGSHGAms3OzDQawz6AN1caXM2bthT4JhA0Ah7HztVQtznhl8/tiwKesML
MxMP/2R9uBV+4Uq1yn/yj8OndAdg4Cl5qKgKTPIrez8EtdEcitbXVzPeI8QiMw0I
EH72OitlpvJVdRVUPLsTVFWhe1ccZl83gsPwXFMm9VCGm9vTV0vOQ0ACQvRreiFZ
mSaO5DZ2p/4NArAxaQwUg9uO9wcF/AM7X0LxUNjWyJP0v9sQYxJ3whtmmQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE2Rd1eq8SUTxr9nN4CduwR/KdrOMB8GA1UdIwQY
MBaAFHB0iHPYMgIoZPrJAGXVHY4ntD5dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0hTSWM5Z3lBaWhrLXNrQVpkVWRqaWUwUGwwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hYTMzNTAtYWEyYS00NDc3LTlmY2Qt
YTYwYjJjYzhkMDgwLzEvVFpGM1Y2cnhKUlBHdjJjM2dKMjdCSDhwMnM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hYTMzNTAtYWEyYS00NDc3LTlmY2QtYTYwYjJjYzhkMDgw
LzEvY0hTSWM5Z3lBaWhrLXNrQVpkVWRqaWUwUGwwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuRF0AwQC
wk80MA0GCSqGSIb3DQEBCwUAA4IBAQBM68+MLept3WL9F1/F0zgwQuB3qqrxxICW
RjIs1xoEykA7Fc733CTzDxbrvWgplBgtu/dXWVrzSBO0oPH9FZeL7U/HovT8UV13
JNqH3vPE/er8JXrZQl8gXv6GzS2uwu+83EpnoKvwpryw4p7fS5Hr3yulKqZGsAL6
ttHDJzE0wUT+eAiUKdYK90WehU18A/Hqei0gpVU9SK3ORYfgeddfiAYITcxAP1St
sIThB6iDl8OOs8OPx23yoQ7MxwW8fyc0icfF4Gy5KDWWQZ+c1Q6ISUp4FItnd2hH
z/mnFlYjfvWTD2rdZNOK42xx/Nr6i5+xqiGNS75/itifpmG3+8+e
-----END CERTIFICATE-----