Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/0562f8-2670-440f-8502-1ba0ebaa8a86/1/TvoZodPtDSoUL-nFmlLf9bdlJhs.roa
File:                     TvoZodPtDSoUL-nFmlLf9bdlJhs.roa (raw, json)
Hash identifier:          kzj/xe6mlmVtx+mwbvlS/bpW3oldBLWePnRlEAPGXH4=
Subject key identifier:   4E:FA:19:A1:D3:ED:0D:2A:14:2F:E9:C5:9A:52:DF:F5:B7:65:26:1B
Certificate issuer:       /CN=1b3598ebb5d1d08eb0da438d052cebaa4fdc768f
Certificate serial:       018E1D45DAD91C807BCDCA463B96EA82F430
Authority key identifier: 1B:35:98:EB:B5:D1:D0:8E:B0:DA:43:8D:05:2C:EB:AA:4F:DC:76:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GzWY67XR0I6w2kONBSzrqk_cdo8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/0562f8-2670-440f-8502-1ba0ebaa8a86/1/TvoZodPtDSoUL-nFmlLf9bdlJhs.roa
Signing time:             Fri 08 Mar 2024 08:55:01 +0000
ROA not before:           Fri 08 Mar 2024 08:55:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50305
IP address blocks:        193.104.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/0562f8-2670-440f-8502-1ba0ebaa8a86/1/GzWY67XR0I6w2kONBSzrqk_cdo8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/0562f8-2670-440f-8502-1ba0ebaa8a86/1/GzWY67XR0I6w2kONBSzrqk_cdo8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GzWY67XR0I6w2kONBSzrqk_cdo8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:1d:45:da:d9:1c:80:7b:cd:ca:46:3b:96:ea:82:f4:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b3598ebb5d1d08eb0da438d052cebaa4fdc768f
        Validity
            Not Before: Mar  8 08:55:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4efa19a1d3ed0d2a142fe9c59a52dff5b765261b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:25:8b:70:64:96:1e:91:50:eb:14:eb:a9:80:
                    1d:4b:86:d7:cb:d2:13:c8:80:01:45:78:b6:6d:67:
                    9e:b7:99:ad:50:95:59:d0:b9:4e:eb:25:1e:48:40:
                    12:c4:85:5f:e6:f6:73:10:da:72:13:88:e2:e1:dd:
                    e2:06:91:d1:42:68:92:19:b4:ec:ef:79:d8:fe:90:
                    07:e7:3f:54:af:06:d2:66:84:a2:01:12:63:a7:96:
                    57:d1:cd:be:7e:cb:73:be:5e:b6:a6:7f:b6:3d:cf:
                    55:e3:b2:34:5e:62:76:50:f6:86:c2:cc:a0:ee:9e:
                    e6:61:44:db:b5:9d:a7:3a:81:ce:17:03:51:b8:81:
                    c2:96:d9:30:b6:6c:33:c9:e3:c9:80:f0:6c:dc:cf:
                    1a:56:ee:6d:7b:25:de:3a:04:b3:cb:ad:68:6f:93:
                    de:ab:13:16:31:03:fa:c0:aa:2a:d2:cf:a6:bd:7f:
                    8d:dd:37:ee:ce:3f:f1:53:4e:2f:4f:30:db:99:08:
                    37:a7:29:85:38:82:48:b6:45:05:fd:bf:e8:81:8f:
                    1d:2f:79:e0:a2:5b:e3:6b:a8:2e:86:52:16:08:81:
                    a4:4c:ca:26:7b:85:41:5c:70:90:4e:56:24:cd:e7:
                    9b:18:70:e9:16:7c:34:31:23:11:87:6b:7d:65:b4:
                    0b:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:FA:19:A1:D3:ED:0D:2A:14:2F:E9:C5:9A:52:DF:F5:B7:65:26:1B
            X509v3 Authority Key Identifier:
                keyid:1B:35:98:EB:B5:D1:D0:8E:B0:DA:43:8D:05:2C:EB:AA:4F:DC:76:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GzWY67XR0I6w2kONBSzrqk_cdo8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/0562f8-2670-440f-8502-1ba0ebaa8a86/1/TvoZodPtDSoUL-nFmlLf9bdlJhs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/0562f8-2670-440f-8502-1ba0ebaa8a86/1/GzWY67XR0I6w2kONBSzrqk_cdo8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:66:8e:17:9b:00:c4:60:8e:91:2e:89:6f:96:40:ae:f1:53:
         f9:83:78:0a:19:71:1e:a8:d6:da:30:c5:54:66:b1:4d:3a:d2:
         af:d5:ca:29:88:79:2e:02:99:4f:6a:e2:ad:3e:0c:47:ec:cc:
         ed:b1:40:3e:ed:e4:cb:a5:46:39:e6:20:1a:69:26:3d:c9:b5:
         da:5e:08:71:8b:27:a0:ee:6c:e6:06:2d:f3:f0:c1:27:d8:86:
         c5:e2:f3:a6:e8:0d:20:67:20:2e:9f:a6:dd:b0:d6:46:0b:6d:
         f2:6c:7c:2f:73:e4:b4:45:55:ec:9c:2b:52:a1:87:19:74:df:
         9c:8b:95:07:d0:e8:14:1a:1a:f0:85:44:e8:06:31:ad:7a:30:
         32:e0:93:ba:be:f1:b5:55:bf:e1:53:70:bf:a7:fb:17:ed:74:
         cf:c3:07:91:2d:45:60:03:49:83:31:5d:31:99:98:58:80:1e:
         54:b2:2b:64:1b:43:66:4b:71:57:7d:0e:a9:16:8b:63:31:ed:
         69:aa:e4:94:0e:e4:af:b1:54:e5:bf:99:6d:ad:26:5c:b1:3c:
         8d:22:4f:7b:d7:29:6b:f5:e4:90:64:99:bb:d6:6b:67:7c:6c:
         61:f2:bb:61:7c:e7:54:ee:25:a0:57:68:ad:e4:37:d1:13:20:
         84:e5:42:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4dRdrZHIB7zcpGO5bqgvQwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMzU5OGViYjVkMWQwOGViMGRhNDM4ZDA1MmNlYmFhNGZk
Yzc2OGYwHhcNMjQwMzA4MDg1NTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWZhMTlhMWQzZWQwZDJhMTQyZmU5YzU5YTUyZGZmNWI3NjUyNjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCWLcGSWHpFQ6xTrqYAdS4bXy9IT
yIABRXi2bWeet5mtUJVZ0LlO6yUeSEASxIVf5vZzENpyE4ji4d3iBpHRQmiSGbTs
73nY/pAH5z9UrwbSZoSiARJjp5ZX0c2+fstzvl62pn+2Pc9V47I0XmJ2UPaGwsyg
7p7mYUTbtZ2nOoHOFwNRuIHCltkwtmwzyePJgPBs3M8aVu5teyXeOgSzy61ob5Pe
qxMWMQP6wKoq0s+mvX+N3Tfuzj/xU04vTzDbmQg3pymFOIJItkUF/b/ogY8dL3ng
olvja6guhlIWCIGkTMome4VBXHCQTlYkzeebGHDpFnw0MSMRh2t9ZbQLvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE76GaHT7Q0qFC/pxZpS3/W3ZSYbMB8GA1UdIwQY
MBaAFBs1mOu10dCOsNpDjQUs66pP3HaPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3pXWTY3WFIwSTZ3MmtPTkJTenJxa19jZG84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8wNTYyZjgtMjY3MC00NDBmLTg1MDIt
MWJhMGViYWE4YTg2LzEvVHZvWm9kUHREU29VTC1uRm1sTGY5YmRsSmhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8wNTYyZjgtMjY3MC00NDBmLTg1MDItMWJhMGViYWE4YTg2
LzEvR3pXWTY3WFIwSTZ3MmtPTkJTenJxa19jZG84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWjQMA0G
CSqGSIb3DQEBCwUAA4IBAQAQZo4XmwDEYI6RLolvlkCu8VP5g3gKGXEeqNbaMMVU
ZrFNOtKv1copiHkuAplPauKtPgxH7MztsUA+7eTLpUY55iAaaSY9ybXaXghxiyeg
7mzmBi3z8MEn2IbF4vOm6A0gZyAun6bdsNZGC23ybHwvc+S0RVXsnCtSoYcZdN+c
i5UH0OgUGhrwhUToBjGtejAy4JO6vvG1Vb/hU3C/p/sX7XTPwweRLUVgA0mDMV0x
mZhYgB5UsitkG0NmS3FXfQ6pFotjMe1pquSUDuSvsVTlv5ltrSZcsTyNIk971ylr
9eSQZJm71mtnfGxh8rthfOdU7iWgV2it5DfREyCE5UJ8
-----END CERTIFICATE-----