Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/23d525-8296-4f9c-9de4-91e32c517152/1/TatXbfw9QQ8wNOuK4aKxqejxdVo.roa
File:                     TatXbfw9QQ8wNOuK4aKxqejxdVo.roa (raw, json)
Hash identifier:          2StpZ4EHrplGHPpKXgWk4RNLcp+XmG/Q+u05KR45N8s=
Subject key identifier:   4D:AB:57:6D:FC:3D:41:0F:30:34:EB:8A:E1:A2:B1:A9:E8:F1:75:5A
Certificate issuer:       /CN=56c8a1713c7476e00ed2b77fd98fd89330365d87
Certificate serial:       018CC348FC787C9FA2FC9F87240DDBFB0BD2
Authority key identifier: 56:C8:A1:71:3C:74:76:E0:0E:D2:B7:7F:D9:8F:D8:93:30:36:5D:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VsihcTx0duAO0rd_2Y_YkzA2XYc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/23d525-8296-4f9c-9de4-91e32c517152/1/TatXbfw9QQ8wNOuK4aKxqejxdVo.roa
Signing time:             Mon 01 Jan 2024 04:29:49 +0000
ROA not before:           Mon 01 Jan 2024 04:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210672
IP address blocks:        88.80.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/23d525-8296-4f9c-9de4-91e32c517152/1/VsihcTx0duAO0rd_2Y_YkzA2XYc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/23d525-8296-4f9c-9de4-91e32c517152/1/VsihcTx0duAO0rd_2Y_YkzA2XYc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VsihcTx0duAO0rd_2Y_YkzA2XYc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:fc:78:7c:9f:a2:fc:9f:87:24:0d:db:fb:0b:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56c8a1713c7476e00ed2b77fd98fd89330365d87
        Validity
            Not Before: Jan  1 04:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4dab576dfc3d410f3034eb8ae1a2b1a9e8f1755a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:1c:a1:f2:e6:4b:07:81:5d:08:d4:a5:a3:d0:
                    81:53:5c:cc:70:00:b4:6f:6c:9c:a6:27:a3:90:17:
                    a7:76:a8:7f:75:7f:f6:73:7e:35:19:de:36:43:2b:
                    47:6a:27:68:6e:ca:6e:09:ab:64:cc:c5:22:2a:85:
                    0c:f7:aa:d2:5a:37:af:c1:18:68:7e:2a:06:3c:67:
                    27:60:82:01:4e:8d:3c:2a:14:b9:62:ad:a7:6c:fb:
                    87:37:f6:2e:ab:e6:a3:e7:cd:3f:26:93:7d:a3:ad:
                    4c:8e:4b:d1:ab:3d:9c:e8:3d:ff:fc:42:db:ad:77:
                    d6:ca:47:07:d8:d9:45:9f:07:df:f2:0b:49:c3:4c:
                    ae:05:2d:b8:af:49:5c:3f:c8:57:d1:26:23:42:35:
                    11:46:e5:ab:93:cc:0e:e5:8b:9f:91:67:65:6d:53:
                    a2:53:8e:bc:d7:70:02:ba:3c:d6:44:2f:bf:bb:ce:
                    19:32:17:05:1c:a5:2b:1a:ab:b2:5c:20:d9:7d:da:
                    10:a9:7a:a0:64:21:e4:b2:8a:59:42:3d:14:29:4e:
                    5c:83:29:62:e3:97:b1:45:47:a4:c7:9d:c6:59:da:
                    46:33:82:59:68:ef:0a:64:73:e2:e0:17:0d:9d:09:
                    3e:82:d6:f7:cf:0d:a6:ac:61:3f:18:d8:dd:c4:db:
                    c4:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:AB:57:6D:FC:3D:41:0F:30:34:EB:8A:E1:A2:B1:A9:E8:F1:75:5A
            X509v3 Authority Key Identifier:
                keyid:56:C8:A1:71:3C:74:76:E0:0E:D2:B7:7F:D9:8F:D8:93:30:36:5D:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VsihcTx0duAO0rd_2Y_YkzA2XYc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/23d525-8296-4f9c-9de4-91e32c517152/1/TatXbfw9QQ8wNOuK4aKxqejxdVo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/23d525-8296-4f9c-9de4-91e32c517152/1/VsihcTx0duAO0rd_2Y_YkzA2XYc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.80.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:c5:95:89:c3:3b:63:ca:a1:5d:13:7b:4d:93:8b:c3:89:cf:
         6e:73:88:36:bf:5f:28:b4:2d:6b:40:4a:30:7f:2c:d0:ad:c6:
         2e:3a:dc:8b:cc:bf:01:6c:b2:83:05:d0:a6:a2:1c:1c:4d:7b:
         43:77:90:74:3e:16:ca:6b:06:cf:43:52:70:10:e2:a2:4b:1c:
         35:fb:f8:bb:70:7b:f4:15:c5:08:c3:45:c2:5b:20:8c:94:2a:
         2c:fa:88:bb:d1:45:36:c6:6c:29:fd:61:c0:82:56:6a:9a:45:
         3c:f9:1b:03:83:ac:89:1e:e3:cc:d0:ed:51:d4:36:67:17:31:
         f6:b6:8d:2c:61:cb:a5:1e:07:a9:74:dd:27:07:bb:e2:c9:12:
         34:1a:12:9d:3d:55:89:f4:96:a2:63:80:5d:70:f7:3b:35:db:
         f1:56:6a:6a:28:ca:ba:d7:2a:86:52:2b:53:f6:6a:d7:ba:f3:
         38:ea:fb:88:6b:53:ae:a5:1f:29:4f:18:7a:2f:2e:0b:15:60:
         88:44:3e:ee:f5:63:ee:88:fa:24:0b:8d:95:b1:76:d8:fd:a0:
         fd:53:94:f1:2c:8b:49:e4:4b:68:61:89:ec:55:37:b3:93:2c:
         0c:50:83:ee:3c:88:e2:c9:a2:62:4a:94:1e:bc:97:db:70:1c:
         50:c2:c0:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSPx4fJ+i/J+HJA3b+wvSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2YzhhMTcxM2M3NDc2ZTAwZWQyYjc3ZmQ5OGZkODkzMzAz
NjVkODcwHhcNMjQwMTAxMDQyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGFiNTc2ZGZjM2Q0MTBmMzAzNGViOGFlMWEyYjFhOWU4ZjE3NTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Ryh8uZLB4FdCNSlo9CBU1zMcAC0
b2ycpiejkBendqh/dX/2c341Gd42QytHaidobspuCatkzMUiKoUM96rSWjevwRho
fioGPGcnYIIBTo08KhS5Yq2nbPuHN/Yuq+aj580/JpN9o61MjkvRqz2c6D3//ELb
rXfWykcH2NlFnwff8gtJw0yuBS24r0lcP8hX0SYjQjURRuWrk8wO5YufkWdlbVOi
U46813ACujzWRC+/u84ZMhcFHKUrGquyXCDZfdoQqXqgZCHksopZQj0UKU5cgyli
45exRUekx53GWdpGM4JZaO8KZHPi4BcNnQk+gtb3zw2mrGE/GNjdxNvEuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE2rV238PUEPMDTriuGisano8XVaMB8GA1UdIwQY
MBaAFFbIoXE8dHbgDtK3f9mP2JMwNl2HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnNpaGNUeDBkdUFPMHJkXzJZX1lrekEyWFljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS8yM2Q1MjUtODI5Ni00ZjljLTlkZTQt
OTFlMzJjNTE3MTUyLzEvVGF0WGJmdzlRUTh3Tk91SzRhS3hxZWp4ZFZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS8yM2Q1MjUtODI5Ni00ZjljLTlkZTQtOTFlMzJjNTE3MTUy
LzEvVnNpaGNUeDBkdUFPMHJkXzJZX1lrekEyWFljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWFCVMA0G
CSqGSIb3DQEBCwUAA4IBAQBJxZWJwztjyqFdE3tNk4vDic9uc4g2v18otC1rQEow
fyzQrcYuOtyLzL8BbLKDBdCmohwcTXtDd5B0PhbKawbPQ1JwEOKiSxw1+/i7cHv0
FcUIw0XCWyCMlCos+oi70UU2xmwp/WHAglZqmkU8+RsDg6yJHuPM0O1R1DZnFzH2
to0sYculHgepdN0nB7viyRI0GhKdPVWJ9JaiY4BdcPc7NdvxVmpqKMq61yqGUitT
9mrXuvM46vuIa1OupR8pTxh6Ly4LFWCIRD7u9WPuiPokC42VsXbY/aD9U5TxLItJ
5EtoYYnsVTezkywMUIPuPIjiyaJiSpQevJfbcBxQwsBY
-----END CERTIFICATE-----