Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/8686cd-1f1c-4845-812d-4ad4035fae7b/1/TA1ozmxTKeiUKMROdlEhDkY7xGw.roa
File:                     TA1ozmxTKeiUKMROdlEhDkY7xGw.roa (raw, json)
Hash identifier:          7XA0mo+owhAyL8ZkxmAv8TYSi29lVNpQP5GuSzbHmbQ=
Subject key identifier:   4C:0D:68:CE:6C:53:29:E8:94:28:C4:4E:76:51:21:0E:46:3B:C4:6C
Certificate issuer:       /CN=c49b1f76bb5bac6d0c796ba47130c768b1c73b1c
Certificate serial:       018FA96162613649341A709B40F12579826E
Authority key identifier: C4:9B:1F:76:BB:5B:AC:6D:0C:79:6B:A4:71:30:C7:68:B1:C7:3B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xJsfdrtbrG0MeWukcTDHaLHHOxw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/8686cd-1f1c-4845-812d-4ad4035fae7b/1/TA1ozmxTKeiUKMROdlEhDkY7xGw.roa
Signing time:             Fri 24 May 2024 06:54:42 +0000
ROA not before:           Fri 24 May 2024 06:54:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20546
IP address blocks:        194.147.196.0/22 maxlen: 24
                          194.147.200.0/21 maxlen: 24
                          2001:67c:2ec0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/8686cd-1f1c-4845-812d-4ad4035fae7b/1/xJsfdrtbrG0MeWukcTDHaLHHOxw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/8686cd-1f1c-4845-812d-4ad4035fae7b/1/xJsfdrtbrG0MeWukcTDHaLHHOxw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xJsfdrtbrG0MeWukcTDHaLHHOxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a9:61:62:61:36:49:34:1a:70:9b:40:f1:25:79:82:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c49b1f76bb5bac6d0c796ba47130c768b1c73b1c
        Validity
            Not Before: May 24 06:54:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c0d68ce6c5329e89428c44e7651210e463bc46c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:43:7c:48:cd:a5:57:4e:f2:df:a9:0a:7c:33:
                    74:10:7b:e3:26:26:c3:82:b6:44:13:27:5b:f9:c8:
                    fd:3f:d3:41:e1:d2:c4:20:90:08:1a:76:c1:3d:12:
                    a7:64:be:27:21:68:e9:54:0a:f7:ff:e3:5e:b2:5b:
                    7b:42:dd:1d:5d:80:9f:c1:c5:e0:ce:d1:b5:51:9d:
                    be:a1:2e:67:74:7a:d5:99:0f:22:39:ea:4a:f1:57:
                    3a:fd:9b:13:84:9a:ae:54:21:c8:c6:d2:26:13:e7:
                    fb:4a:2a:e4:31:ba:13:e7:6d:4f:dd:eb:e8:6a:f7:
                    3a:90:86:8d:71:36:b0:82:6e:c8:f7:8c:8c:bd:65:
                    01:8f:1b:1c:98:8e:7b:b0:01:d3:73:fa:8e:a7:90:
                    21:0b:60:5c:9f:fc:a9:5d:46:eb:dd:99:43:b1:20:
                    65:d2:72:04:c4:ba:cb:a9:88:73:aa:f2:00:c7:ab:
                    f0:05:fc:42:00:64:4d:9a:ee:af:04:51:2d:65:8d:
                    24:53:26:bd:30:5a:b9:b7:bb:be:42:77:be:f6:b9:
                    a3:7e:52:a9:3c:93:7d:38:d7:c5:65:d7:4c:70:a6:
                    e7:63:95:1a:7b:75:e6:9c:5d:96:c0:ce:08:52:7b:
                    ab:fb:77:c1:00:7e:e5:aa:cc:7e:c1:cf:57:b4:29:
                    c4:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:0D:68:CE:6C:53:29:E8:94:28:C4:4E:76:51:21:0E:46:3B:C4:6C
            X509v3 Authority Key Identifier:
                keyid:C4:9B:1F:76:BB:5B:AC:6D:0C:79:6B:A4:71:30:C7:68:B1:C7:3B:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xJsfdrtbrG0MeWukcTDHaLHHOxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/8686cd-1f1c-4845-812d-4ad4035fae7b/1/TA1ozmxTKeiUKMROdlEhDkY7xGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/8686cd-1f1c-4845-812d-4ad4035fae7b/1/xJsfdrtbrG0MeWukcTDHaLHHOxw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.196.0-194.147.207.255
                IPv6:
                  2001:67c:2ec0::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:5a:a8:97:09:16:4d:46:91:c9:50:c8:c6:f0:05:38:0e:72:
         1d:54:4b:fb:6f:3f:4f:5e:a5:5e:4e:99:2a:c2:dd:09:f4:2c:
         21:75:6b:2f:22:34:26:03:de:dc:22:50:46:90:c5:3e:4c:13:
         ff:c1:4e:57:e8:3b:53:da:eb:75:db:d4:93:04:08:8f:5c:12:
         f3:0a:d3:98:87:72:58:67:b1:4a:4e:1f:38:d2:02:d5:0d:7e:
         dc:43:d3:d0:d8:7b:58:c7:5c:a7:d0:11:eb:45:aa:0f:22:aa:
         a0:d4:61:1a:7a:36:ed:72:fe:a0:12:93:00:00:31:d9:30:ae:
         08:80:81:33:5b:d2:09:a7:da:cc:91:3b:20:b1:b3:45:c6:6d:
         a7:c2:1b:a4:b5:3f:82:c0:96:40:0d:ef:bf:ad:03:57:46:ad:
         4d:e0:bf:8d:23:9e:90:f6:64:00:8f:73:fc:06:a6:45:4d:b7:
         d2:f5:1d:5a:ff:93:ac:0e:55:f1:9c:ee:e1:d3:f4:5d:ee:bb:
         0b:9e:00:9c:35:63:40:13:9f:6a:f9:23:b2:db:66:93:1d:6d:
         ce:e4:97:9d:43:f2:e9:35:8c:2f:9f:63:a3:09:6d:95:56:45:
         1d:af:c2:eb:5b:cc:9e:46:ed:74:29:0f:5e:29:ae:97:08:fa:
         ac:10:bb:ba
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAY+pYWJhNkk0GnCbQPEleYJuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0OWIxZjc2YmI1YmFjNmQwYzc5NmJhNDcxMzBjNzY4YjFj
NzNiMWMwHhcNMjQwNTI0MDY1NDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzBkNjhjZTZjNTMyOWU4OTQyOGM0NGU3NjUxMjEwZTQ2M2JjNDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5kN8SM2lV07y36kKfDN0EHvjJibD
grZEEydb+cj9P9NB4dLEIJAIGnbBPRKnZL4nIWjpVAr3/+Neslt7Qt0dXYCfwcXg
ztG1UZ2+oS5ndHrVmQ8iOepK8Vc6/ZsThJquVCHIxtImE+f7SirkMboT521P3evo
avc6kIaNcTawgm7I94yMvWUBjxscmI57sAHTc/qOp5AhC2Bcn/ypXUbr3ZlDsSBl
0nIExLrLqYhzqvIAx6vwBfxCAGRNmu6vBFEtZY0kUya9MFq5t7u+Qne+9rmjflKp
PJN9ONfFZddMcKbnY5Uae3XmnF2WwM4IUnur+3fBAH7lqsx+wc9XtCnE+wIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFEwNaM5sUynolCjETnZRIQ5GO8RsMB8GA1UdIwQY
MBaAFMSbH3a7W6xtDHlrpHEwx2ixxzscMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEpzZmRydGJyRzBNZVd1a2NUREhhTEhIT3h3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi84Njg2Y2QtMWYxYy00ODQ1LTgxMmQt
NGFkNDAzNWZhZTdiLzEvVEExb3pteFRLZWlVS01ST2RsRWhEa1k3eEd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi84Njg2Y2QtMWYxYy00ODQ1LTgxMmQtNGFkNDAzNWZhZTdi
LzEveEpzZmRydGJyRzBNZVd1a2NUREhhTEhIT3h3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAUBAIAATAOMAwDBALCk8QD
BATCk8AwDwQCAAIwCQMHACABBnwuwDANBgkqhkiG9w0BAQsFAAOCAQEALVqolwkW
TUaRyVDIxvAFOA5yHVRL+28/T16lXk6ZKsLdCfQsIXVrLyI0JgPe3CJQRpDFPkwT
/8FOV+g7U9rrddvUkwQIj1wS8wrTmIdyWGexSk4fONIC1Q1+3EPT0Nh7WMdcp9AR
60WqDyKqoNRhGno27XL+oBKTAAAx2TCuCICBM1vSCafazJE7ILGzRcZtp8IbpLU/
gsCWQA3vv60DV0atTeC/jSOekPZkAI9z/AamRU230vUdWv+TrA5V8Zzu4dP0Xe67
C54AnDVjQBOfavkjsttmkx1tzuSXnUPy6TWML59jowltlVZFHa/C61vMnkbtdCkP
Ximulwj6rBC7ug==
-----END CERTIFICATE-----